Application & Extension of EN13980
in the field of Product Certification
to the IEC 61508 Series of Standards
(P016)
___________________________________________________________
Introduction
EN 13980 was developed to augment ISO 9001:2000 in the context of Quality Management Systems applicable to the manufacture of equipment, protective systems and components intended for installation in potentially explosive atmospheres.
Specifically, EN 13980 implements Module IV “Production Quality Assurance” and Module VII “Product Quality Assurance” of European Union Directive 94/9/EC “The ATEX Directive”.
Certain parallels can be drawn between the degree of confidence required in the performance of ATEX Equipment (in respect of not initiating an explosion) and the performance requirements for equipment that is intended to form part of a Safety Related System as defined in IEC 61508.
It should be noted that many products that may be used in a safety related system (particularly sensors and final elements) are also installed in potentially explosive atmospheres and are therefore already subject to the requirements of EN 13980 if manufactured or imported into the European Economic Area.
The IECEx product certification scheme has also adopted the “Production Quality Assurance” requirements from EN 13980 as the basis for the QA requirements for the issue of an international Certificate of Conformity for equipment intended for use in potentially explosive atmospheres.
The purpose of this document is to provide a framework for the use of EN 13980 in the context of Product Certification to IEC 61508 and to provide a set of relevant technical requirements that can be substituted for those given in Annex A of EN 13980.
Product Certification in the context of IEC61508
ISO/IEC Guide 2 recognises a number of Product Certification Systems that may be used in different circumstances (including, e.g. random purchase of product from the market place). For most industrial products, it is generally recognised that a “Type 5” scheme is appropriate. Such a scheme comprises two elements: Type Examination of the product (test and assessment based on a sample or prototype plus a study of the design); Production Quality Assurance (assessment of the manufacturing Quality Management System plus random product audit).
IEC 61508 is not written in the conventional form of a standard intended for use for the purposes of product certification, but as a conceptual document, which describes the processes that need to be followed, in order to achieve a safety-related system of defined integrity. However, Part 2 of the standard lists a set of information at clause 7.4.7.3 that can form the “Certified Data Set” for a particular product that will be used as a sub-system within an overall safety-related system.
The derivation of the Certified Data Set for the product, and the definition of the product, relate to the Type Examination phase of certification. This process is further amplified in the “CASS Type 1 Template”, which formalises the way in which the data is presented.
If a manufacturer has been issued with a certificate relating to Functional Capability Assessment (FSCA) and operates an appropriate ISO 9001:2000 Quality Management System, it may be presumed that there is adequate control over the quality of manufactured product. Note. The requirements on which the FSCA is based are given in clause 6 of part 1 of the standard
If the manufacturer has not been issued with a FSCA certificate, the control of the manufactured product shall be established in accordance with EN 13980 (“Production Quality Assurance”) as amplified by this document.
Note. Some of this material is derived from clause 6 of part 1 of the standard.
Either the EN 13980 or FSCA route may be adopted in addition to Type Examination in order to justify the issuing of a Product Certificate.
Note. Although the principles of Product Certification can be applied to an overall safety-related system, it is foreseen that it will generally be applied at the product/sub-system level.
Application of EN 13980 to the Product Certification of products/sub-systems intended to form part of a safety-related system in accordance with IEC 61508.
The text of EN 13980 in respect of “Production Quality Assurance” applies except as modified below.
General
All references to equipment intended for use in potentially explosive atmospheres shall be taken to refer to products/sub-systems intended for use within safety-related systems.
All references to type examination certificates and reports shall be taken to refer to such documents in the context of products/sub-systems intended for use within safety-related systems.
References to forms of protection shall be taken to refer to the ability of the product/sub-system to fulfil its role within a safety-related system.
7.2 Customer-related processes
The manufacturer shall have a process of contract review that clearly allows both manufacturer and customer to identify expectation and fulfilment of a data set as outlined in 7.4.7.3 of part 2 of the standard.
7.5.5 Preservation of product
Additionally, the manufacturer’s instructions shall include reference to how any failures in service are to be reported, so that the manufacturer can gain meaningful information to update “Proven in use” information for the product/sub-system.
Annex A
A2 and A3 are not applicable.
A4 is applicable to all electronic circuits and components. Note. The concept of safety components as used in the protection concept “Intrinsic Safety” does not apply to products/sub-systems for use in safety-related systems, but a study of the FMEA of the product may highlight that some individual electronic components are more critical than others and should be treated with additional care.
A5 is not generally applicable but may be of use in relation to some final-element products such as solenoid actuators or valves.
A6 to A9 are not applicable.
Annex B
Annex B is not applicable.
Requirements additional to those outlined in EN 13980
1. The manufacturer shall have procedures for receiving information from users of the product/sub-system to enable a meaningful analysis of operations and maintenance performance. In particular, the procedures shall enable
- the recognition of systematic faults which could jeopardise functional safety, including where recurring faults are detected during routine maintenance;
- the assessment of whether the demand rates and failure rates during operation and maintenance are in accordance with the certified data set for the product as agreed with the purchaser.
Should the analysis indicate that there may be a reduction in the integrity of the safety-related function, the manufacturer shall instigate action in accordance with 8.3, even though the product may conform to the certified design.
2. Where a product may be subject to modification or development throughout its life, there shall be a strict regime of configuration control that enables the configuration of every product delivered to a customer to be determined. This applies both to hardware and software.
3. Each change of configuration shall be referred to the certification body for confirmation that it will not invalidate the certified data set for the product, unless the certification body has previously agreed a range of modifications that may be undertaken without such referral.
