Introduction to SIL Certification:
Regulation requirements: According to the requirements of "Guidelines on Strengthening the Management of Safety Instrumentation System for Processing" of State Administration of Security and Supervision No. 116, as of January 1, 2018, the local Safety and Supervision Bureau gradually requires SIL grading and verification of new projects for "two key and one major project". For active devices, the assessment work of safety instrument system should be completed and rectified before the end of 2019.
It is also based on the functional safety standard "IEC61508 - E/E/PE safety related system functional safety" promulgated by IEC.The corresponding national standard of this standard is "GB/T20438" for safety testing of related products. The certification requirement of the basic core of this standard is that risk-based methods are used to achieve risk reduction goals step by step.The products that usually need to be SIL certified are used in situations that may cause high harm to people, environment or property;
For this reason, SIL certification arises at the historic moment. In fact, the failure of the device happens at all stages of the product life cycle, but the probability is different.SIL certification is to intervene at the beginning of product design, to control the whole life cycle of the product according to certain standards and mature specifications, so as to minimize the possibility of failure. So as to control the risk;
SIL certification is a third-party evaluation, validation and certification based on IEC 61508 (GB/T 20438), IEC 61511 (GB/T 21109), IEC 61513, IEC 13849-1, IEC 62061, IEC 61800-5-2, ISO26262 and other standards to evaluate and validate the safety integrity level (SIL)/performance level (PL)/automotive safety integrity level ASIL of safety devices. Functional security certification mainly involves document management (FSM) evaluation, hardware reliability calculation and evaluation, software evaluation, environmental test, EMC electromagnetic compatibility test, etc. for the development process of security devices.The full name of English is: (Safety Integrity Level)
SIL certification is divided into four levels, SIL1, SIL2, SIL3, SIL4, including two levels of product and system. Among them, SIL4 is the most required.
Two representations of the SIL level are shown in the figure:
SIL Level | Low Requirement Operation Mode | High Requirement or Continuous Operation Mode |
4 | ≥10-5至<10-4 | ≥10-9至<10-8 |
3 | ≥10-4至<10-3 | ≥10-8至<10-7 |
2 | ≥10-3至<10-2 | ≥10-7至<10-6 |
1 | ≥10-2至<10-1 | ≥10-6至<10-5 |
The IEC61508 standard is the basic standard of the whole functional security standard cluster. It defines the three security life cycles of security-related systems, including the whole, hardware and software, and puts forward two requirements for the security integrity and random security integrity of security-related systems.These requirements cover the entire process of security systems from project initiation, research, risk analysis, development, commissioning to scrap. The overall security life cycle mainly puts forward the requirements for security-related systems from the system level, while the goal of hardware and software security life cycle is to avoid system failures in the design process, and to control random hardware failures through technical means.
The main objectives of the IEC61508 standard are:
■ A systematic approach to providing security supervision over the life cycle of all components of a security-related system, including software and hardware;
■ Provides methods for determining the security functional requirements of security-related systems;
■ Establish basic standards for direct application in all industrial fields. At the same time, it can guide standards in other fields so that the drafting of these standards is consistent (such as basic concepts, technical terms, requirements for prescribed safety functions, etc.).
IEC61511 is a functional safety standard for safety instrumentation systems in the process industry. It is a professional field standard introduced by IEC after IEC61508, the basic standard of functional safety. The coordinated standard of IEC61511 in China is GB/T 21109.In the process industry, instrumentation safety systems are used to perform instrumentation safety functions. The IEC61511 standard solves the problem of how to achieve the safety integrity and performance level of instrumentation.
For the validation of safety-related device safety functions, SIL level is a widely accepted method for defining safety integrity worldwide.For the process control industry, the related international standards are mainly IEC 61508 (the basis for designing and operating safety instrumentation systems). IEC 61511 focuses on process control application systems. Device designers follow IEC 61511 standards and complete the design according to IEC 61508 standards.
The new version of ISO13849-1 standard will come into effect at the end of 2011, which is a new milestone in the field of mechanical functional safety.In the past, the certainty of the system was required, and some evaluation of the system failure probability was added, so that a comprehensive safety assessment from components to the system could be achieved.At the same time, this standard also provides more quantifiable design implementation methods for designers, such as adding parameters such as system security level (PLr), system average time to failure (MTTFd), system diagnostic detection range (DC), common cause failure prevention (CCF), etc., which effectively solves the problem that the original EN954-1 Standard cannot quantify the system security.
The new ISO13849-1 standard provides more effective security assessment solutions for some new control methods.It improves the safety level of the more and more complex mechanical equipment in the control system, ensures production safety and efficiency, and combines new technologies and design experience to help enterprises improve overall efficiency, productivity and flexibility, ensure continuous production, reduce unexpected downtime, and reduce development, operation and maintenance costs. Implementing this standard as soon as possible will ensure that the machine manufacturer will have a market opportunity in the fierce competition.
Both IEC 62061 and ISO 13849-1:2008 standards contain safety-related electrical control systems.With these two standards, the same level of security performance and integrity can be achieved.The methods used by each standard vary, but are appropriate for their respective readers.EN ISO 13849-1:2008 gives a limitation in Table 1 of its description section.When complex programmable techniques are used, the maximum PL performance level should be defined as PLd.
The IEC/EN 62061 standard provides methods for implementing complex security functions that can be performed by previously unconventional system structures.The EN ISO 13849-1:2008 standard also provides methods to provide a more direct and simple path for performing more traditional security functions using traditional system structures.An important difference between the two standards is that they apply to different technical areas.The IEC/EN 62061 standard is limited to the field of electrical systems.EN ISO 13849-1:2008 applies to start-up, hydraulic, mechanical and electrical systems.The main parameters defined are PFH, MTTF, DC, SFF, etc.
IEC 61326-3-1 and IEC 61326-3-2 standards have been published, which specify additional requirements for the immunity level of security-related equipment, including extreme situations where very low probability may occur anywhere.Tests the severe electromagnetic phenomena under the working conditions of analog devices, such as instantaneous pulses, which are transient states of analog digital circuits or digital signal transmission.In order to increase the confidence level of the electromagnetic immunity of the Safety Integrity Level (SIL), more pulses or lengthening the test time and increasing the test level are applied to the anti-electromagnetic phenomena performance test compared with the basic standards.For example, for devices used in SIL3, the level of electrical fast transient test is 4kV, and the duration of the test should be five times the time specified by the basic standard.
The purpose of ISO 26262 standards is to provide a better understanding of security-related functions and to explain them as clearly as possible.ISO 26262 is derived from IEC61508, which is the basic standard for functional safety of electronic, electrical and programmable devices. It mainly locates specific electrical devices, electronic devices, programmable electronic devices and other components specially used in automotive field in the automotive industry, and aims to improve the international standards for functional safety of automotive electronics and electrical products.As soon as this standard was proposed, it has been highly valued by major automotive manufacturers and automotive parts manufacturers, and actively promotes its implementation in product development.Based on IEC 61508 standard, ISO 26262 standard defines the use safety of electrical and electronic systems.One of the difficulties in automotive design is how to pre-evaluate potential hazards and risks and take appropriate measures to reduce them.In order to facilitate this process, ISO stipulates that "hazard and risk analysis" must be conducted at the beginning of development.The automotive industry uses high-performance electronic devices for vehicle safety control. The ISO 26262 functional safety standard, which is jointly formulated and approved by major global automotive manufacturers, specifies the requirements for the design of automotive electronic parts, software and hardware products.With the promulgation and implementation of ISO 26262, in the future, it will also be able to reduce the potential risk of vehicles and the extent of hazards in the event of accidents, which will near promote the domestic vehicle industry to improve the international future adaptability and competitiveness.
IEC61800-5-2 defines the security features of integrated safety drives, which define a series of parking functions (Stops):
§ Safe Disconnect Torque/Safe Disconnect Torque Off;
§ Safety Stop 1/SS1/Safety Stop 2/SS2;
§ Safety Operation Halt;
IEC61800-5-2 also defines some monitoring functions, such as acceleration safety limits; Step safety restrictions; Safety restrictions on movement direction; Speed safety limits; Moment/force safety limits; Location security restrictions; Motor temperature safety limits.
IEC61800-5-2 standard mainly addresses functional safety requirements for security encoders, security decoders, AC servo systems, servo drivers, servo motors and other systems.For example, motor controllers that meet functional safety technical requirements will support safety functions such as Safe Torque Stop (STO) and Safe Stop 1 (SS1) to prevent accidental start-up. Product design must meet the requirements of IEC61800-5-2.The IEC61800-5-2 standard has been converted into the national standard, the standard number is GB/T 12668.5.2, and the national standard committee is the National Committee for Standardization of Power Electronics Semiconductor Power Converter Subcommittee for Speed-Speed Electrical Drive System (TC60/SC1).
This standard mainly defines the following:
Implements the basic principles of IEC 61508 security-related data communication requirements, including potential error transmission, response measures and regulations affecting data integrity, common content for various technical implementations, and independent descriptions of functional security rules for various communication rule clusters. Several security communication layers are defined as part of the communication service rules in IEC 61784-1 and IEC 61158 series standards.
The standard defines the RAMS (reliability, availability, maintainability and safety) of a system, which is reliability, availability, maintainability and security. It also defines the management and requirements of RAMS at all stages of the security life cycle. RAMS, as an important feature of system quality of service measurement, is obtained through design concepts and technical methods at all stages of the whole system security life cycle.
The software of railway control and protection system is classified into safety perfection level (SIL), and corresponding standards are formulated for different safety requirements. The whole software development, evaluation and testing process includes software requirement specification, test specification, software structure, software design and development, software inspection and testing, software and hardware integration, software validation evaluation, quality assurance, life cycle, etc. Documents and other related procedures to formulate the initial corresponding specifications and requirements.
For security management, the concept of security life cycle proposed by IEC61508 is introduced, that is, the security components of security-related systems are designed according to this step at design time and need to be evaluated and validated in the whole process, in order to further reduce the human errors related to security and thereby reduce the risk of system failure.
SIL authentication process:
Detailed process, please consult our engineers and technicians.
Introduction to SIL Certification:
Regulation requirements: According to the requirements of "Guidelines on Strengthening the Management of Safety Instrumentation System for Processing" of State Administration of Security and Supervision No. 116, as of January 1, 2018, the local Safety and Supervision Bureau gradually requires SIL grading and verification of new projects for "two key and one major project". For active devices, the assessment work of safety instrument system should be completed and rectified before the end of 2019.
It is also based on the functional safety standard "IEC61508 - E/E/PE safety related system functional safety" promulgated by IEC.The corresponding national standard of this standard is "GB/T20438" for safety testing of related products. The certification requirement of the basic core of this standard is that risk-based methods are used to achieve risk reduction goals step by step.The products that usually need to be SIL certified are used in situations that may cause high harm to people, environment or property;
For this reason, SIL certification arises at the historic moment. In fact, the failure of the device happens at all stages of the product life cycle, but the probability is different.SIL certification is to intervene at the beginning of product design, to control the whole life cycle of the product according to certain standards and mature specifications, so as to minimize the possibility of failure. So as to control the risk;
SIL certification is a third-party evaluation, validation and certification based on IEC 61508 (GB/T 20438), IEC 61511 (GB/T 21109), IEC 61513, IEC 13849-1, IEC 62061, IEC 61800-5-2, ISO26262 and other standards to evaluate and validate the safety integrity level (SIL)/performance level (PL)/automotive safety integrity level ASIL of safety devices. Functional security certification mainly involves document management (FSM) evaluation, hardware reliability calculation and evaluation, software evaluation, environmental test, EMC electromagnetic compatibility test, etc. for the development process of security devices.The full name of English is: (Safety Integrity Level)
SIL certification is divided into four levels, SIL1, SIL2, SIL3, SIL4, including two levels of product and system. Among them, SIL4 is the most required.
Two representations of the SIL level are shown in the figure:
SIL Level | Low Requirement Operation Mode | High Requirement or Continuous Operation Mode |
4 | ≥10-5至<10-4 | ≥10-9至<10-8 |
3 | ≥10-4至<10-3 | ≥10-8至<10-7 |
2 | ≥10-3至<10-2 | ≥10-7至<10-6 |
1 | ≥10-2至<10-1 | ≥10-6至<10-5 |
The IEC61508 standard is the basic standard of the whole functional security standard cluster. It defines the three security life cycles of security-related systems, including the whole, hardware and software, and puts forward two requirements for the security integrity and random security integrity of security-related systems.These requirements cover the entire process of security systems from project initiation, research, risk analysis, development, commissioning to scrap. The overall security life cycle mainly puts forward the requirements for security-related systems from the system level, while the goal of hardware and software security life cycle is to avoid system failures in the design process, and to control random hardware failures through technical means.
The main objectives of the IEC61508 standard are:
■ A systematic approach to providing security supervision over the life cycle of all components of a security-related system, including software and hardware;
■ Provides methods for determining the security functional requirements of security-related systems;
■ Establish basic standards for direct application in all industrial fields. At the same time, it can guide standards in other fields so that the drafting of these standards is consistent (such as basic concepts, technical terms, requirements for prescribed safety functions, etc.).
IEC61511 is a functional safety standard for safety instrumentation systems in the process industry. It is a professional field standard introduced by IEC after IEC61508, the basic standard of functional safety. The coordinated standard of IEC61511 in China is GB/T 21109.In the process industry, instrumentation safety systems are used to perform instrumentation safety functions. The IEC61511 standard solves the problem of how to achieve the safety integrity and performance level of instrumentation.
For the validation of safety-related device safety functions, SIL level is a widely accepted method for defining safety integrity worldwide.For the process control industry, the related international standards are mainly IEC 61508 (the basis for designing and operating safety instrumentation systems). IEC 61511 focuses on process control application systems. Device designers follow IEC 61511 standards and complete the design according to IEC 61508 standards.
The new version of ISO13849-1 standard will come into effect at the end of 2011, which is a new milestone in the field of mechanical functional safety.In the past, the certainty of the system was required, and some evaluation of the system failure probability was added, so that a comprehensive safety assessment from components to the system could be achieved.At the same time, this standard also provides more quantifiable design implementation methods for designers, such as adding parameters such as system security level (PLr), system average time to failure (MTTFd), system diagnostic detection range (DC), common cause failure prevention (CCF), etc., which effectively solves the problem that the original EN954-1 Standard cannot quantify the system security.
The new ISO13849-1 standard provides more effective security assessment solutions for some new control methods.It improves the safety level of the more and more complex mechanical equipment in the control system, ensures production safety and efficiency, and combines new technologies and design experience to help enterprises improve overall efficiency, productivity and flexibility, ensure continuous production, reduce unexpected downtime, and reduce development, operation and maintenance costs. Implementing this standard as soon as possible will ensure that the machine manufacturer will have a market opportunity in the fierce competition.
Both IEC 62061 and ISO 13849-1:2008 standards contain safety-related electrical control systems.With these two standards, the same level of security performance and integrity can be achieved.The methods used by each standard vary, but are appropriate for their respective readers.EN ISO 13849-1:2008 gives a limitation in Table 1 of its description section.When complex programmable techniques are used, the maximum PL performance level should be defined as PLd.
The IEC/EN 62061 standard provides methods for implementing complex security functions that can be performed by previously unconventional system structures.The EN ISO 13849-1:2008 standard also provides methods to provide a more direct and simple path for performing more traditional security functions using traditional system structures.An important difference between the two standards is that they apply to different technical areas.The IEC/EN 62061 standard is limited to the field of electrical systems.EN ISO 13849-1:2008 applies to start-up, hydraulic, mechanical and electrical systems.The main parameters defined are PFH, MTTF, DC, SFF, etc.
IEC 61326-3-1 and IEC 61326-3-2 standards have been published, which specify additional requirements for the immunity level of security-related equipment, including extreme situations where very low probability may occur anywhere.Tests the severe electromagnetic phenomena under the working conditions of analog devices, such as instantaneous pulses, which are transient states of analog digital circuits or digital signal transmission.In order to increase the confidence level of the electromagnetic immunity of the Safety Integrity Level (SIL), more pulses or lengthening the test time and increasing the test level are applied to the anti-electromagnetic phenomena performance test compared with the basic standards.For example, for devices used in SIL3, the level of electrical fast transient test is 4kV, and the duration of the test should be five times the time specified by the basic standard.
The purpose of ISO 26262 standards is to provide a better understanding of security-related functions and to explain them as clearly as possible.ISO 26262 is derived from IEC61508, which is the basic standard for functional safety of electronic, electrical and programmable devices. It mainly locates specific electrical devices, electronic devices, programmable electronic devices and other components specially used in automotive field in the automotive industry, and aims to improve the international standards for functional safety of automotive electronics and electrical products.As soon as this standard was proposed, it has been highly valued by major automotive manufacturers and automotive parts manufacturers, and actively promotes its implementation in product development.Based on IEC 61508 standard, ISO 26262 standard defines the use safety of electrical and electronic systems.One of the difficulties in automotive design is how to pre-evaluate potential hazards and risks and take appropriate measures to reduce them.In order to facilitate this process, ISO stipulates that "hazard and risk analysis" must be conducted at the beginning of development.The automotive industry uses high-performance electronic devices for vehicle safety control. The ISO 26262 functional safety standard, which is jointly formulated and approved by major global automotive manufacturers, specifies the requirements for the design of automotive electronic parts, software and hardware products.With the promulgation and implementation of ISO 26262, in the future, it will also be able to reduce the potential risk of vehicles and the extent of hazards in the event of accidents, which will near promote the domestic vehicle industry to improve the international future adaptability and competitiveness.
IEC61800-5-2 defines the security features of integrated safety drives, which define a series of parking functions (Stops):
§ Safe Disconnect Torque/Safe Disconnect Torque Off;
§ Safety Stop 1/SS1/Safety Stop 2/SS2;
§ Safety Operation Halt;
IEC61800-5-2 also defines some monitoring functions, such as acceleration safety limits; Step safety restrictions; Safety restrictions on movement direction; Speed safety limits; Moment/force safety limits; Location security restrictions; Motor temperature safety limits.
IEC61800-5-2 standard mainly addresses functional safety requirements for security encoders, security decoders, AC servo systems, servo drivers, servo motors and other systems.For example, motor controllers that meet functional safety technical requirements will support safety functions such as Safe Torque Stop (STO) and Safe Stop 1 (SS1) to prevent accidental start-up. Product design must meet the requirements of IEC61800-5-2.The IEC61800-5-2 standard has been converted into the national standard, the standard number is GB/T 12668.5.2, and the national standard committee is the National Committee for Standardization of Power Electronics Semiconductor Power Converter Subcommittee for Speed-Speed Electrical Drive System (TC60/SC1).
This standard mainly defines the following:
Implements the basic principles of IEC 61508 security-related data communication requirements, including potential error transmission, response measures and regulations affecting data integrity, common content for various technical implementations, and independent descriptions of functional security rules for various communication rule clusters. Several security communication layers are defined as part of the communication service rules in IEC 61784-1 and IEC 61158 series standards.
The standard defines the RAMS (reliability, availability, maintainability and safety) of a system, which is reliability, availability, maintainability and security. It also defines the management and requirements of RAMS at all stages of the security life cycle. RAMS, as an important feature of system quality of service measurement, is obtained through design concepts and technical methods at all stages of the whole system security life cycle.
The software of railway control and protection system is classified into safety perfection level (SIL), and corresponding standards are formulated for different safety requirements. The whole software development, evaluation and testing process includes software requirement specification, test specification, software structure, software design and development, software inspection and testing, software and hardware integration, software validation evaluation, quality assurance, life cycle, etc. Documents and other related procedures to formulate the initial corresponding specifications and requirements.
For security management, the concept of security life cycle proposed by IEC61508 is introduced, that is, the security components of security-related systems are designed according to this step at design time and need to be evaluated and validated in the whole process, in order to further reduce the human errors related to security and thereby reduce the risk of system failure.
SIL authentication process:
Detailed process, please consult our engineers and technicians.
