FUNCTIONAL SAFETY CERTIFICATE

This is to certify that the

Maxseal ranges of solenoid valves:

ICO3S, ICO4S, ICO4D, IC04N and SOV 1 to 6
manufactured by

Thompson Valves Ltd

17 Balena Close,
Creekmoor,
Poole, Dorset,
BH17 7EF
UK

Have been assessed by Sira Certification Service with reference to the CASS
methodologies and found to meet the requirements of

IEC 61508-2:2010
as an element/subsystem suitable for use in safety related systems performing safety
functions up to and including;

Hardware Safety Integrity 1oo1 = SIL 2*

Hardware Safety Integrity 1oo2 = SIL 3*
When used in accordance with the scope and conditions of this certificate.
*This certificate does not waive the need for further functional safety verification to
establish the achieved Safety Integrity Level (SIL) of the safety related system.

Certification Manager:
Wayne Thomas
Initial Certification:
This certificate issued:
Renewal date:

26/07/2004
29/01/2014
28/01/2019

This certificate may only be reproduced in its entirety, without any change.

Sira Certification Service

Certificate No.: Sira FSP 04001/05
Form 7016 issue 3
Page 1 of 5

Rake Lane, Eccleston, Chester, CH4 9JN, England

Tel: +44 (0) 1244 670900
Fax: +44 (0) 1244 681330
Email: info@siracertification.com
Web: www.siracertification.com
http://www.siracertification.com/certificates.aspx

Product description and scope of certification

The ICO3 and ICO4 and SOV 1 to 6 valves are solenoid valves that are used to control a
pressurised media (liquid or gas). These valves are considered of the same type as they are
designed and manufactured basing on the same methods, techniques and procedures. The
differences in shape and in size have no effect on the analysis. The solenoid valves are able to
operate in the following temperature range: -40 deg C to +90 deg C.

Use in safety function(s)

The element safety function for the ICO3, ICO4 and SOV 1-6 solenoid valves is common to all
models and defined as follows:
To return the valve spool to its safe position upon de-energising its solenoid.

Certified data in support of use in safety functions

The assessment has been carried out with reference to the Conformity Assessment of Safetyrelated Systems (CASS) methodology using the Route 2H approach.
A proven in use analysis (Route 2H approach) to clause 7.4.10 of the edition 2 of the
IEC61508:2010 has established the dangerous failure rate of the products assessed as show in
Table 1 below.
The following results in Table 1 summarize the ICO3S, ICO4S, ICO4D, ICO4N and SOV 1 to 6
solenoid valves.
Table 1: Summary of assessment for the ICO3S, ICO4S, ICO4D, ICO4N and SOV 1 to 6

Hardware Fault Tolerance

HFT

Architecture of the valve

ICO3S, ICO4S,
ICO4D, ICO4N,
SOV1 - 6
0

Proof Test Interval

Proof test in hours

8760 (1 yr)

MTTR

Mean time to repair in hours 3

Type A
Product classification

From return data (Route 2H)

5.04E-09

5.04E-09

DU (T / 2+MTTR)

2.21E-05

1.33E-04

SIL 2**

SIL 2**

Parameter name

Mean Time To Repair

Symbol

Type A/B
Type A
Dangerous undiagnosed failures DU
PFDAVG
SIL capability (Low demand
mode)

PFDAVG

Equation / source

ICO3S, ICO4S,
ICO4D, ICO4N,
SOV1 - 6
0
52560 (6 yrs)
Type A

Note 1: The failure data:

1) The PFDAVG figure shown is for illustration only assuming proof test interval examples of
8760 and 52560 hours and MTTR of 3 hours. Refer to IEC 61508-6 for guidance on PFDAVG
calculations from the failure data.
2) The internal architecture is of 1oo1 (no redundancy).
3) As per Route 2H clause 7.4.4.3.1 of IEC61508-2; a hardware fault tolerance of 1 for a
specified safety function for SIL 3 unless the conditions in clause 7.4.4.3.2 are met, must
apply. Clause 7.4.4.3.2 indicates that the hardware fault tolerance can be reduced if the

Sira Certification Service

Certificate No.: Sira FSP 04001/05
Form 7016 issue 3
Page 2 of 5

Rake Lane, Eccleston, Chester, CH4 9JN, England

Tel: +44 (0) 1244 670900
Fax: +44 (0) 1244 681330
Email: info@siracertification.com
Web: www.siracertification.com
http://www.siracertification.com/certificates.aspx

sum of all dangerous failures does not exceed 1% of the target failure measure. This
requires for the PFD value to be <1.00E-05, therefore for a proof test interval of 1 year the
ICO3S, ICO4S, ICO4D, ICO4N, SOV1 to 6 Maxseal Solenoid Valves are limited to SIL 2 with
HFT=0.
The failure data above is supported by the base information given in Table 2 below.

Table 2: Conditions for maintaining safety integrity capability

1
2

Product identification:
Functional specification:

3-5

Random hardware failure rates:

Environment limits:

Lifetime/replacement limits:

Proof Test requirements:

9
10
11

Maintenance requirements:
Diagnostic coverage:
Diagnostic test interval:

12

Repair constraints:

13

Safe Failure Fraction:

14
15
16

Hardware fault tolerance (HFT):

Highest SIL (architecture/type A/B):
Systematic failure constraints:

17

Evidence of similar conditions in previous

use:

18
19
20
21

Evidence supporting the application

under different conditions of use:
Evidence of period of operational use:
Statement of restrictions on functionality:
Systematic capability (SC1, SC2, SC3)

22

Systematic fault avoidance measures:

23
24

Systematic fault tolerance measures:

Validation records:

ICO3S, ICO4S, ICO4D, ICO4N and SOV 1 to 6 solenoid valves.

Returning the valve spool to its safe position upon de-energising
its solenoid.
Refer to table 1 on page 2 of this certificate, or page 10 of
hardware report R56A30228A addA rev1.0.
The ICO3/4 are capable of operating at a temperate range of 60 deg C to +90 deg C, however this is dependent on the seal
material used refer to the manufacturers specification for
further details, with standard components all variants included
in this certificate can operate at temperature of -40 deg C to
+90 deg C.
Lifetime expectancy is estimated to exceed 20 years as long as
regular maintenance is carried out as recommended by the
manufacturer in the safety manual MI0560.
For proof test intervals table 1 of this certificate shows a PTI of
1 year and 6 years as an example. For all proof test intervals
from 6 months 6 Years achieve SIL 2 (HFT=0) and SIL 3
(HFT=1).
Refer to safety manual MI0560.
0% diagnostic coverage.
No diagnostic test interval is required as no form of diagnostics
is available in the products supported by this certificate.
None, other than compliance with the safety manual
instructions
Assessment is based on route 2H. Safe failure fraction not
required.
HFT=0, (1oo1) & HFT=1, (1oo2).
Type A, HFT=0, SIL 2 & Type A, HFT=1, SIL 3.
None, other than compliance with the safety manual
instructions.
The ICO3S, ICO4S, ICO4D, ICO4N and SOV 1 to 6 solenoid
valves have documentary evidence to support prior use in a
similar condition for more than 10 years. For further details
see table 4 of hardware report R56A30228A AddA rev1.0.
See 17 above.
See 17 above.
See 17 above.
Systematic assessment under proven in use, see report
R56A30228B
Systematic assessment under proven in use, see report
R56A30228B.
Compliance with techniques and measures from IEC 61508-2.
Documentation that has been validated for proven in use data
is stated in table 4 in report R56A30228A AddA v1.0.

Sira Certification Service

Certificate No.: Sira FSP 04001/05
Form 7016 issue 3
Page 3 of 5

Rake Lane, Eccleston, Chester, CH4 9JN, England

Tel: +44 (0) 1244 670900
Fax: +44 (0) 1244 681330
Email: info@siracertification.com
Web: www.siracertification.com
http://www.siracertification.com/certificates.aspx

Failure to observe the above conditions will invalidate the certified data and may compromise
the integrity of the safety function performed by the solenoid valves.
Management of functional safety
The assessment has demonstrated that the certified products are supported by an appropriate
functional safety management system that meets the relevant requirements of IEC 615081:2010 clause 6. See report R56A30228B for further information.
Identification of certified equipment
A full list of certified equipment documents and specific product models is defined below:
Document no.
ER0533 App1
SP0522
MI0560

Issue
7
4
1

Valve description
Maxseal Instrument
Changeover and Process
Control Valve for
Hazardous Areas

Maxseal Direct SolenoidOperated Control Valve

for Hazardous Areas

Date
-07-08-13
07/08/2013

Document description
Quick reference guide Code sheet
Functional Safety System Procedure
Safety Manual

Model
ICO3S
ICO4D "
ICO4D "
ICO4S "
ICO4S "
ICO4N "
SOV sizes 1&2 (" - ")
SOV sizes 3-6 (1" to 3")
SOV sizes 1-6 (1" to 4")

Certified Variants
Code sheet ER0533 App 1A issue 7.
Code sheet ER0533 App 1B issue 7.

Code sheet ER0533 App 1C issue 7.

Conditions of Certification
The validity of the certified failure data is conditional on the manufacturer complying with the
following conditions:
1. The manufacturer shall analyse failure data from returned products on an on-going basis.
Sira Certification Service shall be informed in the event of any indication that the actual
failure rates are worse than the certified failure rates. (A process to rate the validity of field
data should be used. To this end, the manufacturer should co-operate with users to operate
a formal field-experience feedback programme).
2. Sira shall be notified in advance (with an impact analysis report) before any modifications to
the certified equipment or the functional safety information in the user documentation is
carried out. Sira may need to perform a re-assessment if modifications are judged to affect
the products certified functional safety.
3. On-going lifecycle activities associated with this product (e.g., modifications, corrective
actions, field failure analysis) shall be subject to surveillance by Sira in accordance with
Regulations Applicable to the Holders of Sira Certificates.

Sira Certification Service

Certificate No.: Sira FSP 04001/05
Form 7016 issue 3
Page 4 of 5

Rake Lane, Eccleston, Chester, CH4 9JN, England

Tel: +44 (0) 1244 670900
Fax: +44 (0) 1244 681330
Email: info@siracertification.com
Web: www.siracertification.com
http://www.siracertification.com/certificates.aspx

Conditions of Safe Use

The validity of the certified failure data in any specific user application is conditional on the user
complying with the following conditions:
1. The user shall comply with the conditions given in Table 2 above and the requirements
given in the manufacturers user instructions in regard to all relevant functional safety
aspects such as application of use, installation, operation, maintenance, proof tests,
maximum ratings, environmental conditions, repair, etc.
2. Selection of this equipment for use in safety functions and the installation, configuration,
overall validation, maintenance and repair shall only be carried out by competent personnel,
observing all the manufacturers conditions and recommendations in the user
documentation.
3. All information associated with any field failures of this product should be collected under a
dependability management process (e.g., IEC 60300-3-2) and reported to the
manufacturer.
General Conditions and Notes
1. This certificate is based upon a functional safety assessment of the product described in
Sira Test & Certification Assessment Reports R56A30228A Add_Cv1.0 and R56A30228B.
2. If certified product is found not to comply, Sira Certification Service should be notified
immediately at the address shown on this certificate.
3. The use of this Certificate and the Sira Certification Mark that can be applied to the product
or used in publicity material are subject to the Regulations Applicable to the Holders of Sira
Certificates and Supplementary Regulations Specific to Functional Safety Certification.
4. This document remains the property of Sira and shall be returned when requested by the
issuer.

Sira Certification Service

Certificate No.: Sira FSP 04001/05
Form 7016 issue 3
Page 5 of 5

Rake Lane, Eccleston, Chester, CH4 9JN, England

Tel: +44 (0) 1244 670900
Fax: +44 (0) 1244 681330
Email: info@siracertification.com
Web: www.siracertification.com
http://www.siracertification.com/certificates.aspx