FUNCTIONAL SAFETY CERTIFICATE

This is to certify that the

ICO3S, ICO4S, ICO4D, ICO4N and SOV 1 to 6

Manufactured by

Thompson Valves Ltd

17 Balena Close,
Creekmoor,
Poole, Dorset,
BH17 7EF
UK

Have been assessed by Sira Certification Service with reference to the CASS
methodologies and found to meet the requirements of

IEC 61508-2:2010
As an element/subsystem suitable for use in safety related systems performing safety
functions up to and including;

Hardware Safety Integrity 1oo1 = SIL 2*

Hardware Safety Integrity 1oo2 = SIL 3*
Hardware Safety Integrity 2oo3 = SIL 3*

When used in accordance with the scope and conditions of this certificate.

*This certificate does not waive the need for further functional safety verification to
establish the achieved Safety Integrity Level (SIL) of the safety related system.

Certification Manager: Wayne Thomas

Initial Certification: 26/07/2004

This certificate issued: 16/12/2018
Renewal date: 15/12/2023

This certificate may only be reproduced in its entirety, without any change.

Sira Certification Service

Part of CSA Group UK
Unit 6 Hawarden Industrial Park,
Certificate No.: Sira FSP 04001/08 Hawarden, CH5 3US, United Kingdom.
Form 7016 issue 3 Tel: +44 (0) 1244 670900
Page 1 of 5 Email: [email protected]
Web: www.csagroupuk.org
 Product description and scope of certification

The ICO3 and ICO4 and SOV 1 to 6 valves are solenoid valves that are used to control a
pressurised media (liquid or gas). These valves are considered of the same type as they are
designed and manufactured basing on the same methods, techniques and procedures. The
differences in shape and in size have no effect on the analysis. The solenoid valves are able to
operate in the following temperature range: -40 deg C to +90 deg C.

Use in safety function(s)

The element safety function for the ICO3, ICO4 and SOV 1-6 solenoid valves is common to all
models and defined as follows:

‘To return the valve spool to its safe position upon de-energising its solenoid.’

Certified data in support of use in safety functions

The assessment has been carried out with reference to the Conformity Assessment of Safety-
related Systems (CASS) methodology using the Route 2H approach.

A proven in use analysis (Route 2H approach) to clause 7.4.10 of the edition 2 of the
IEC61508:2010 has established the dangerous failure rate of the products assessed as show in
Table 1 below. The following results in Table 1 summarize the ICO3S, ICO4S, ICO4D, ICO4N
and SOV 1 to 6 solenoid valves.

Table 1: Summary of assessment for the ICO3S, ICO4S, ICO4D, ICO4N and SOV 1 to 6 in
single mode configurations
Parameter name Symbol Equation / source Single Mode Single Mode

Hardware Fault Tolerance HFT Architecture of the valve 0 0

Proof Test Interval T Proof test in hours 8760 (1 yr) 52560 (6 yrs)

Mean Time To Repair MTTR Mean time to repair in hours 3 3

Type A/B Type A Product classification Type A Type A

Dangerous undiagnosed failures DU  From return data (Route 2 H) 5.04E-09 5.04E-09
DU (T / 2+MTTR)  2.21E-05 1.33E-04
PFD AVG PFD AVG
 SIL 2** SIL 2**
SIL capability (Low demand mode)

Table 2: Summary of assessment for the ICO3S, ICO4S, ICO4D, ICO4N and SOV 1 to 6 in
redundant mode configurations
Redundant Redundant Redundant Redundant
Parameter name Symbol Equation / source Mode – Mode – Mode – Mode –
1oo2 1oo2 2oo3 2oo3
Hardware Fault
1 1 1 1
Tolerance HFT Architecture of the valve
Proof Test
8760 (1 yr) 52560 (6 yr) 8760 (1 yr) 52560 (6 yr)
Interval T Proof test in hours
Mean Time To
3 3 3 3
Repair MTTR Mean time to repair in hours
Type A/B Type A Product classification Type A Type A Type A Type A
Dangerous
undiagnosed DU  From return data (Route 2 H) 3.71E-10 3.71E-10 7.42E-10 7.42E-10
failures
DU (T / 2+MTTR)  1.63E-06 9.75E-06 4.42E-05 2.65E-04
PFD AVG PFD AVG
SIL capability 
(Low demand SIL 3** SIL 3** SIL 3** SIL 3**
mode)

Sira Certification Service

Part of CSA Group UK
Unit 6 Hawarden Industrial Park,
Certificate No.: Sira FSP 04001/08 Hawarden, CH5 3US, United Kingdom.
Form 7016 issue 3 Tel: +44 (0) 1244 670900
Page 2 of 5 Email: [email protected]
Web: www.csagroupuk.org
 Note 1: The failure data:
1) The PFDAVG figure shown is for illustration only assuming proof test interval examples of
8760 and 52560 hours and MTTR of 3 hours. Refer to IEC 61508-6 for guidance on PFDAVG
calculations from the failure data.

2) The internal architecture is of 1oo1 (no redundancy).

3) As per Route 2H clause 7.4.4.3.1 of IEC61508-2; a hardware fault tolerance of 1 for a

specified safety function for SIL 3 unless the conditions in clause 7.4.4.3.2 are met, must
apply. Clause 7.4.4.3.2 indicates that the hardware fault tolerance can be reduced if the
sum of all dangerous failures does not exceed 1% of the target failure measure. This
requires for the PFD value to be <1.00E-05, therefore for a proof test interval of 1 year the
ICO3S, ICO4S, ICO4D, ICO4N, SOV1 to 6 Solenoid Valves are limited to SIL 2 with HFT=0.
The failure data above is supported by the base information given in Table 2 below.

Table 2: Conditions for maintaining safety integrity capability

1 Product identification: ICO3S, ICO4S, ICO4D, ICO4N and SOV 1 to 6 solenoid valves.
2 Functional specification: Returning the valve spool to its safe position upon de-energising
its solenoid.
3-5 Random hardware failure rates: Refer to table 1 on page 2 of this certificate, or page 10 of
hardware report R56A30228A addA rev1.0.
6 Environment limits: The ICO3/4 are capable of operating at a temperature range
of -60 deg C to +90 deg C, however this is dependent on the
seal material used – refer to the manufacturers datasheet.
7 Lifetime/replacement limits: Lifetime expectancy is estimated to exceed 20 years as long as
regular maintenance is carried out as recommended by the
manufacturer in the safety manual MI0560.
8 Proof Test requirements: For proof test intervals table 1 of this certificate shows a PTI of
1 year and 6 years as an example. For all proof test intervals
from 6 months – 6 Years achieve SIL 2 (HFT=0) and SIL 3
(HFT=1).
9 Maintenance requirements: Refer to safety manual MI0560.
10 Diagnostic coverage: 0% diagnostic coverage.
11 Diagnostic test interval: No diagnostic test interval is required as no form of diagnostics
is available in the products supported by this certificate.
12 Repair constraints: None, other than compliance with the safety manual
instructions
13 Safe Failure Fraction: Assessment is based on route 2H. Safe failure fraction not
required.
14 Hardware fault tolerance (HFT): HFT=0, (1oo1) & HFT=1, (1oo2).
15 Highest SIL (architecture/type A/B): Type A, HFT=0, SIL 2 & Type A, HFT=1 (1oo2, 2oo3), SIL 3.
16 Systematic failure constraints: None, other than compliance with the safety manual
instructions.
17 Evidence of similar conditions in previous The ICO3S, ICO4S, ICO4D, ICO4N and SOV 1 to 6 solenoid
use: valves have documentary evidence to support prior use in a
similar condition for more than 10 years. For further details,
see table 4 of hardware report R56A30228A AddA rev1.0.
18 Evidence supporting the application See 17 above.
under different conditions of use:
19 Evidence of period of operational use: See 17 above.
20 Statement of restrictions on functionality: See 17 above.
21 Systematic capability (SC1, SC2, SC3) SC3 see report R56A30228B.
22 Systematic fault avoidance measures: Systematic assessment under proven in use, see report

Sira Certification Service

Part of CSA Group UK
Unit 6 Hawarden Industrial Park,
Certificate No.: Sira FSP 04001/08 Hawarden, CH5 3US, United Kingdom.
Form 7016 issue 3 Tel: +44 (0) 1244 670900
Page 3 of 5 Email: [email protected]
Web: www.csagroupuk.org
 R56A30228B.
23 Systematic fault tolerance measures: Compliance with techniques and measures from IEC 61508-2.
24 Validation records: Documentation that has been validated for proven in use data
is stated in table 4 in report R56A30228A AddA v1.0.
Failure to observe the above conditions will invalidate the certified data and may compromise
the integrity of the safety function performed by the solenoid valves.

Management of functional safety

The assessment has demonstrated that the certified products are supported by an appropriate
functional safety management system that meets the relevant requirements of IEC 61508-
1:2010 clause 6. See report R56A30228B for further information.

Identification of certified equipment

A full list of certified equipment documents and specific product models is defined below:

Table 3: Supporting Documents

Document no. Issue Date Document description
ER0533 App1 7 -- Quick reference guide “Code sheet”
SP0522 4 07-08-13 Functional Safety System Procedure
MI0560 1 07/08/2013 Safety Manual

Table 4: Certified Equipment

Valve description Model Certified Variants
Instrument Changeover ICO3S Code sheet ER0533 App 1A issue 7.
and Process Control ICO4D ¼"
Valve for Hazardous ICO4D ½"
Areas ICO4S ¼"
Code sheet ER0533 App 1B issue 7.
ICO4S ¾"
ICO4S ½"
ICO4N ¼"
Direct Solenoid-Operated
Control Valve for SOV sizes 1-6 (¼" - 4") Code sheet ER0533 App 1C issue 7.
Hazardous Areas

Conditions of Certification
The validity of the certified failure data is conditional on the manufacturer complying with the
following conditions:

1. The manufacturer shall analyse failure data from returned products on an on-going basis.
Sira Certification Service shall be informed in the event of any indication that the actual
failure rates are worse than the certified failure rates. (A process to rate the validity of field
data should be used. To this end, the manufacturer should co-operate with users to operate
a formal field-experience feedback programme).
2. Sira shall be notified in advance (with an impact analysis report) before any modifications to
the certified equipment or the functional safety information in the user documentation is
carried out. Sira may need to perform a re-assessment if modifications are judged to affect
the product’s certified functional safety.

Sira Certification Service

Part of CSA Group UK
Unit 6 Hawarden Industrial Park,
Certificate No.: Sira FSP 04001/08 Hawarden, CH5 3US, United Kingdom.
Form 7016 issue 3 Tel: +44 (0) 1244 670900
Page 4 of 5 Email: [email protected]
Web: www.csagroupuk.org
3. On-going lifecycle activities associated with this product (e.g., modifications, corrective
actions, field failure analysis) shall be subject to surveillance by Sira in accordance with
‘Regulations Applicable to the Holders of Sira Certificates’.

Conditions of Safe Use

The validity of the certified failure data in any specific user application is conditional on the user
complying with the following conditions:
1. The user shall comply with the conditions given in Table 2 above and the requirements
given in the manufacturer’s user instructions in regard to all relevant functional safety
aspects such as application of use, installation, operation, maintenance, proof tests,
maximum ratings, environmental conditions, repair, etc.
2. Selection of this equipment for use in safety functions and the installation, configuration,
overall validation, maintenance and repair shall only be carried out by competent personnel,
observing all the manufacturer’s conditions and recommendations in the user
documentation.
3. All information associated with any field failures of this product should be collected under a
dependability management process (e.g., IEC 60300-3-2) and reported to the
manufacturer.

General Conditions and Notes

1. This certificate is based upon a functional safety assessment of the product described in
Sira Test & Certification Assessment Reports R56A30228A Add_Cv1.0, R56A30228B and
R70206289A.
2. If certified product is found not to comply, Sira Certification Service should be notified
immediately at the address shown on this certificate.
3. The use of this Certificate and the Sira Certification Mark that can be applied to the product
or used in publicity material are subject to the ‘Regulations Applicable to the Holders of Sira
Certificates’ and ‘Supplementary Regulations Specific to Functional Safety Certification’.
4. This document remains the property of Sira and shall be returned when requested by the
issuer.

Certificate History

Issue Date Report no. Comment

R56A30228A Updated to remove the word ‘Maxseal’.
07 27/07/2016
R56A30228B
Certificate renewed following successful
08 16/12/2018 R70206289A
recertification audit.

Sira Certification Service

Part of CSA Group UK
Unit 6 Hawarden Industrial Park,
Certificate No.: Sira FSP 04001/08 Hawarden, CH5 3US, United Kingdom.
Form 7016 issue 3 Tel: +44 (0) 1244 670900
Page 5 of 5 Email: [email protected]
Web: www.csagroupuk.org