Certifying FuSa


Any claim of functional safety for a component, subsystem or system should be independently certified to one of the recognized functional safety standards. A certified product can then be claimed to be Functionally Safe to a particular Safety Integrity Level or a Performance Level in a specific range of applications: the certificate is provided to the customers with a test report describing the scope and limits of performance.

An important element of functional safety certification is on-going surveillance by the certification agency. This follow-up surveillance ensures that that product, sub-system, or system is still being manufactured in accordance with what was originally certified for functional safety. Follow-up surveillance may occur as various frequencies depending on the certification agency, but will typically look at the product’s hardware, software, as well as the manufacturer’s ongoing compliance of functional safety management systems.

The principles underpinning functional safety were developed in the military, nuclear and aerospace industries, and then taken up by rail transport, process and control industries developing sector specific standards. Functional safety standards are applied across all industry sectors dealing with safety critical requirements. Thousands of products and processes meet the standards based on IEC 61508: from bathroom showers, automotive safety products, medical devices, sensors, actuators, diving equipment, Process Controllers and their integration to ships, aircraft and major plant.

In Europe, functional safety certification is supported by a well-developed infrastructure. The CASS Scheme is the primary method by which products are certified to IEC EN 61508 and related standards, through accredited quality auditors. It is possible to certify both products and processes that manage the life-cycle of the product, (in which case, the company certified would then issue a certificate of conformity to that certification in respect of its relevant products).

The US FAA have similar functional safety certification processes, in the form of US RTCA DO-178B for software and DO-254 for hardware, which is applied throughout the aerospace industry.

In the USA, NASA developed an infrastructure for safety critical systems adopted widely by industry, both in North America and elsewhere, with a standard, supported by guidelines. The NASA standard and guidelines are built on ISO 12207, which is a software practice standard rather than a safety critical standard, hence the extensive nature of the documentation NASA has been obliged to add, compared to using a purpose designed standard such as EN 61508 with the CASS Templates. A certification process for systems developed in accord with the NASA guidelines exists.

Modern E/E/PS medical devices are being certified to 510(k) on the basis of the industry sector specific IEC EN 62304 standard, based on IEC EN 61508 concepts.

The automotive industry, has developed ISO 26262 Road Vehicles Functional Safety Standard based on IEC 61508.  The certification of those systems ensures the compliance with the relevant regulations and helps to protect the public. The ATEX Directive has also adopted a functional safety standard, it is BS EN 50495:2010 ‘Safety devices required for the safe functioning of equipment with respect to explosion risks’ covers safety related devices such as purge controllers and Ex e motor circuit breakers. It is applied by Notified Bodies under the ATEX Directive. The standard ISO 26262 particularly addresses the automotive development cycle. It is a multi-part standard defining requirements and providing guidelines for achieving functional safety in E/E systems installed in series production passenger cars. The standard ISO 26262 is considered a best practice framework for achieving automotive functional safety.  The compliance process usually takes time as employees need to be trained in order to develop the expected competences.