Back to the book's homepage
A SIL certificate for a SIS element may be issued by the manufacturer (self-certification), or an independent certification agency. The certificate must be related to a specified functional safety standard (e.g., IEC 61508). The certificate documents that appropriate calculations and analyses have been performed and that the product is compatible for use within a SIS that performs a SIF with a given SIL. The certificate does not guarantee that the SIL is achieved by using the element, but rather that the element is certified for use as part of, for example, a SIL 3 environment. A SIL is only applicable for a whole SIF and the whole loop must, therefore, be analyzed to document that the requirements are met.
A Failure Mode Effects and Diagnostic Analysis (FMEDA) is sometimes used to determine the safe/unsafe and detected/undetected failure modes of the product and is a key aspect of ultimately calculating the Safe Failure Fraction (SFF) and PFD of the SIS.
Athorough discussion on the benefits and limitations of SIL certificates is given in the article "Understanding 'SIL' Certificates" by Paul Reeve, Sira Certification.