Field returns for IEC 61511

Reading time: 3 minutes - Difficulty: advanced
We often hear about field returns in functional safety, but there is often confusion between Prior Use, Proven in Use and Route 2H. But what are the differences between these terms?

Difference between Prior Use, Proven in Use and Route 2H

Here are the differences between the three types of field returns:

  • Proven in Use (“PIU”) is a way to demonstrate a device’s ability to avoid systematic failures. This concerns IEC 61508 and so this mode of analysis is used by manufacturers
  • Route 2H is used to quantify device failures by field return analysis. This still concerns IEC 61508, and so this methodology is also used by manufacturers
  • Instead, Prior Use is used by system integrators.

 

The concept of Prior Use according to IEC 61511

Looking more closely at Prior Use, its main intent is to gather evidence that dangerous systematic failures have been reduced to a sufficiently low level compared to the required safety integrity.

IEC 61511 focuses mainly on system integration, but also provides restrictions on device selection. Prior Use is applied to devices that have not demonstrated their compliance with IEC 61508.

Prior Use demonstration involves the end user developing proof of eligibility that includes the following information:

  1. Identification of the manufacturer’s quality, management and configuration management systems
  2. Accurate and specific identification of devices
  3. Data identifying device performance for similar operational profiles (e.g., failure rates, demand rates)
  4. An evaluation of the volume of operating experience in light of statistical confidence

 

Connection between IEC 61511 and IEC 61508

IEC 61511 does not provide specific requirements for the volume of operating experience. In the absence of specific requirements for the volume of operating experience, reference is often made to the requirements for field experience suggested in the standard IEC 61508-7, cl. B.5.4:

  • Unchanged specifications
  • 10 systems in various applications
  • 000 hours of operation and at least one year of service history

In addition to the above, however, additional analytical work (e.g., FMEDA) and/or other documentation is required to develop the suitability tests, such as information provided by the manufacturer, the Safety Manual or SAR, an assessment of failure data, and an analysis of operating environments.

 

More information:

 

In fact, the operating experience must be considered within a narrow operating range (e.g., considering temperature, humidity, vibration).

 

Prior Use Recommendations

It is important to note that the observation period recommendations for systems operating low demand mode assumes regular testing and/or actual requests to confirm the devices’ ability to operate on demand.

An observation period that does not include an adequate number of activations is not considered valid to prove the absence of failures.

It is therefore quite difficult to apply Prior Use, as it requires quite relevant operational experience on the product under comparable environmental conditions and detailed knowledge of the product that might be in the hands of the manufacturer alone.

This is why it is generally preferred to use IEC 61508-compliant products.

 

Do you want to learn more about IEC 61511?

The brand new ICSA Certification by ISASecure for IIoT devices

What is the ICSA Certificate The IIoT Component Security Assurance (ICSA) certification was inspired by recommendations published in the joint ISA Global Security Alliance (ISAGCA) and ISA Security Compliance Institute (ISCI) study. The ISASecure IIoT Component Security Assurance (ICSA) is a security certification program for IIoT devices and IIoT gateways. ICSA certification applies to IACS (Industrial Automation […]

Read more
Byhon Logo bianco

Subscribe to our newsletter to stay up to date on Functional Safety and Industrial Cyber Security news and events

ISCRIVITI
close-link
Send this to a friend