Functional integrity certification exida

Functional Integrity Certification
Functional Integrity Certification ™
The First Combined Certification for Functional Safety and Functional Security

Shanghai, 16 March 2011
Koen Leekens

Exida Contacts
Singapore +65 6222 5160 Canada +1 403 475 1943
Shanghai +86 21 5171 7250 United Kingdom +44 2476 456 195
Hong Kong
g g +852 2633 7727 Netherlands +31 318 414 505
Germany +49 89 4900 0547 Australia / NZL +64 3 472 7707
USA +1 215 453 1720 Mexico +52 55 5611 9858
Switzerland +41 22 364 14 34 South Africa +27 31 267 1564

Copyright exida LLC ® 2000-2011

“SAFETY” is not “SECURITY”

Piper Alpha 1988
Piper Alpha 1988
“Lessons learned” improve Safety


“Disabled” Safety is not SAFE!

Incident with “Certified” Boiler
Anti‐Virus Software
Prevents Safety Shutdown
Source www.securityincidents.org
y g


“Disabled” Safety is not SAFE!

Advanced Technology
introduces
introduces
new THREATS?

Explosion of “Certified” Boiler
p
Anti‐Virus Software
Prevents Safety Shutdown
Source www.security incidents.org
y g


exida Functional Integrity Certification™

Functional Integrity Certification™

Functional Safety Certification ™
+
Functional Security Certification
Functional Security Certification ™

“Integrity is doing the right thing,
“I i i d i h i h hi
even if nobody is watching.”
(Anonymous)


Who we are

Founded in 1999 by experts from Manufacturers, End Users,
g g p
Engineering Companies and TÜV Product Services
Today: LARGEST Functional Safety and Cyber Security
consultancy and certification body worldwide

“Provide independent services and tools to help customers
comply to any industry standards for Functional Safety, Cyber
py y y f f y, y
Security and Alarm Management”
Rainer Faller Dr. William Goble
Former Head of TÜV Product Services
Ü Former Director Moore Industries
Chairman German IEC 61508 Developed FMEDA Technique (PhD)
Global Intervener ISO 26262 / IEC 61508 Author of several Safety Books
Author of several Safety Books Author of several Reliability Books
Author of IEC 61508 parts


Where we are


What we do

EXIDA SCOPE
Functional SERVICES
INDUSTRIES
Safety Tools CUSTOMERS
Process
Industry End Users
End Users
Cyber Training Equipment
Automotive
y
Security Manufacturer
Consultancy
C lt Machine
M hi
Industry Engineering
Companies
Reliability Certification Power
Industry
I d System
S t
Integrators
Alarm Reference Rail
Management Materials


The exida Library

exida publishes analysis
q
techniques for functional
safety
exida authors ISA
best‐ sellers for automation
best sellers for a tomation
safety and reliability
exida authors
industry data
handbook on
equipment failure
equipment failure
data

www.exida.com
www exida com


exida Customers (extract from 2000+)


What is…?

Functional Safety:


What is…?

Functional Safety:
f f y p g y
“Part of overall safety to protect against incidents caused by
incorrect functioning of components/systems”


Why Functional Safety?

To provide a safer working environment for people, that is to
save lives and protect the environment
save lives and protect the environment
To demonstrate compliance with regulatory requirements,
that is to avoid fines
To protect investments in plant and equipment and insure
continuous operations, that is to save money


What is…?

SIL: “The Safety Integrity Level is a measure for the
ff f f y
effectiveness of the risk reduction that each individual Safety
Function is expected to provide”


History of Functional Safety Standards
1960 1990 1995 2000 2005 2010 2015

RELAY
Predictable
Failures
F il


1960 1990 1995 2000 2005 2010 2015

PLC
Failure
Modes?

DIN 31000

1960 1990 1995 2000 2005 2010 2015

Safety PLC
“AK‐Classes”

S84.01 1996
DIN V 19250
DIN 31000

1960 1990 1995 2000 2005 2010 2015

Safety Loop
“Functional”

ISO 26262
IEC 62061
S84.01 2004
IEC 61511
IEC 61513
IEC 61508
S84.01 1996
DIN V 19250
DIN 31000

1960 1990 1995 2000 2005 2010 2015

Safety Loop
“Functional”

Also Secure? ISO 26262
IEC 62061
S84.01 2004
IEC 61511
IEC 61513
IEC 61508
S84.01 1996
DIN V 19250
DIN 31000

Which Standard?

IEC 61508
6 08
Functional Safety for E/E/PES Safety Related Systems


Which Standard?

IEC 61508
6 08

IEC 61513
IEC 61513 IEC 62061
IEC 62061 IEC 61511
IEC 61511 ISO 26262
ISO 26262
Nuclear Machinery Process Industry Road Vehicles


Which Standard?

Device Manufacturers or Sector Specific Not Available

IEC 61508

IEC 61513
IEC 61513 IEC 62061
IEC 62061 IEC 61511
IEC 61511 ISO 26262
ISO 26262


Which Standard?

Device Manufacturers - Sector Specific Not Available

IEC 61508

IEC 61513
IEC 61513 IEC 62061
IEC 62061 IEC 61511
IEC 61511 ISO 26262
ISO 26262

End Users - Systems Integrators


What do accidents teach us?

Seveso 1976 Buncefield 2005

Bhopal 1984 Flixborough 1974

Primary Cause of Failures?

Installation and
Commission
Design and
Implementation

Specification
Operation and
Maintenance

More than Changes after
80% of Failures Commission
Source Health, Safety & Environmental Agency
Before Startup

The majority of accidents are:
… Preventable if a systematic
Risk Based Approach is adopted…
Risk‐Based Approach is adopted


IEC 61508/61511 Key Aspects

Safety Integrity Levels to protect against Random Failures
Physical or Hardware Failures
Safety Lifecycle to protect against Systematic Failures
Insufficient Processes and Procedures

Both protection
measures are
measures are
Important

“Having incomplete safety is worse than no safety at
“H i i l t f t i th f t t
all because people are lulled into complacency
thinking that safety is managed
thinking that safety is managed”


Product Certification

Functional safety certification for devices is accomplished
p
per IEC 61508
Products are certified to a Safety Integrity Level (SIL)
The result is typically a certificate and a certification report

SIL Certification
SIL Certification
Vendor showed
sufficient protection
against Random and
Systematic Failures


Certification versus Prior Use?

Certificate Prior Use

Certificate Justification
by Vendor
by Vendor by User
by User


How to certify a device?



1. Analyze Hardware Reliability



2. Analyze Gaps between existing processes and IEC 61508
Analyze Gaps between existing processes and IEC 61508




Fix Product and
Process Gaps
Process Gaps



Process Gaps
Process Gaps
Fix Product and
Fix Product and
Fix Product and
Fix Product and
Fix Product and
Process Gaps
Process Gaps

3. Safety Justification Report listing how the requirements
are met

Exida Tools
for 1,2 and 3
,



Process Gaps
Process Gaps
Fix Product and
Fix Product and
Fix Product and
Fix Product and
Fix Product and
Process Gaps
Process Gaps

are met for Product and Process
f P d dP
4. Final Assessment by Independent 3rd Party



Process Gaps
Process Gaps
Fix Product and
Fix Product and
Fix Product and
Fix Product and
Fix Product and
Process Gaps
Process Gaps

f P d dP
5. Certificate and Certification Report
5 Certificate and Certification Report


So what about Functional Security?

Security vulnerabilities impact the operation of the Safety
y
System

Safety ONLY
is not
enough

Disgruntled Contractor
i l d
“Hacks” Pipeline Leak
Detection System
Source www.securityncidents.org


What is…?

Functional Security:
g f
“Protection against intentional or unintentional interference
with the proper operation of systems/components”


Which Standards?

ISA 99
ISA‐99

IEC 62443

SP800‐82

CSA Z246.1



1. Analyze Hardware Reliability (ISCI)
2. Analyze Gaps between existing processes and ISA‐99
Analyze Gaps between existing processes and ISA 99
Process Gaps
Process Gaps
Fix Product and
Fix Product and
Fix Product and
Fix Product and
Fix Product and
Process Gaps
Process Gaps

3. Security Justification Report listing how the requirements
tf P d t dP



1. Analyze Hardware Reliability (ISCI)
2. Analyze Gaps between existing processes and ISA‐99
Analyze Gaps between existing processes and ISA 99
Process Gaps
Process Gaps
Security is Fix Product and
Fix Product and
Fix Product and
Fix Product and
Fix Product and
Process Gaps
Process Gaps
patterned to Safety
d f
3. Security Justification Report listing how the requirements
tf P d t dP


Who can certify Safety and Security?

Verify Market Recognition: Competency defined by Customers

Other 25.9% Nobody Certifies
Other 8.3%
the CERTIFIER
h CERTIFIER
Wurldtech 0.9%
Wurldtech 0.0%

TUV Sud 1.7%
TUV Sud 3.1%

TUV Rhineland 6.9%
TUV Rhineland 12.2%

TUV Nord 1.7%
TUV Nord 1.7%
Yellow – International list
Blue ‐ North America list
exida 17.2%
exida 60.7%
Other includes: SIRA, CSA, FM, UL, BASEEFA, INERIS, DNV and many


Who can certify Safety and Security?

y g p y y
Verify Experience: Number of Certifications
Fast
Time‐to‐Market

Number of Certificates - Currently Marketed Products
Certification Agency Sensors
g y Logic Solvers Final Element Total
g
TUV X 5 2 4 11
TUV Y 4 3 0 7
TUV Z 4 14 9 27
exida 32 6 55 93

9/17/2010


How to select the certifier?
NOBODY CERTIFIES THE CERTIFIER

Verify Experience: Number of Certifications
Verify Excellence / Competency: Involvement of the company with the
IEC and ISA standards for Safety and Security
y y
Verify availability of 3rd party Assessment of Certifier
Market Support Data: Provision of Failure Rate Databases, Books,
Whitepapers, Templates…
Whitepapers Templates
Broad Capabilities: Functional safety and Functional Security Certification


“Bypassed” Safety is not SAFE!

Disgruntled Contractor Piper Alpha 1988
“Hacks” Pipeline Leak “Lessons learned” improve
Detection System Safety



The Best Safety is
Useless when
DISABLED




Both
SAFETY and SECURITY
Matter



Security Certified Control Systems


exida Functional Integrity Certification™

Functional Integrity Certification™

Functional Safety Certification ™
+
y

“Integrity is doing the right thing,
“I i i d i h i h hi
even if nobody is watching.”
(Anonymous)


Functional integrity certification exida

More Related Content

What's hot

Viewers also liked

Similar to Functional integrity certification exida

Recently uploaded

Functional integrity certification exida