In the machinery industry, a safety function is a control function that reduces the risk of injury, exposure to hazards, or harm to the operator. To classify a safeguard identified in the risk assessment as a safety function, refer to the aeSolutions blog post "Machinery Safety – Is it a Safety Function?". Functional safety is a methodology used to design, specify, implement, validate, and maintain safety functions. Conformity to functional safety standards helps analyze safety function failure rates and provides assurance that the design and integration of safety functions are reliable and effective for the life of the safety function. The two most commonly used standards in the machinery safety realm of functional safety are ISO 13849-1 and -2, which are a sector-specific versions of the broader functional safety standard IEC 61511.
ISO 13849-1 describes Performance Levels (PLs) that are analogous to Safety Integrity Levels (SIL) in process safety. Each safety function identified in the risk assessment and the Safety Related Parts of the Control System (SRP/CS) is assigned a required PL depending on the risk assessment and risk ranking structure. PLs use discrete levels to represent the range of the Probability of Dangerous Failure per Hour (PFHd) of the safety function. In practical terms, the PL signifies the reliability of the function and probability that a safety function will fail (i.e., not perform when needed).
There are five (5) performance levels (a, b, c, d, e). PLa is assigned to safety functions required for low-risk hazards and has the least stringent design requirements, whereas PLe is assigned for high-risk hazards and requires a high performance level of the safety function. PLs are dependent on the hardware and structure of the circuit, and the circuit components are characterized by the circuit categories (B, 1, 2, 3, 4) and failure data such as the Mean Time to Dangerous Failure (MTTFd), Diagnostic Coverage (DC), and Common Cause Failure (CCF). The chart below from the ISO 13849-1 standard illustrates the relationships between these factors.
Each circuit category requirement (x-axis on chart) is associated with specific performance level(s) (y-axis on chart). Category B is the most basic circuit category, with a single channel, low and medium MTTFd, and non-applicable DC. The resulting PL is either a PLa or PLb. Category 1 achieves higher reliability than Category B, and each circuit category progressively increases its requirements. Category 4 corresponds to a PLe and has the most safety function requirements, as it is a dual-channel circuit with high MTTFd and high DC.
Once the actual PL of the designed safety function has been determined, it needs to be verified that it meets the required PL per the risk assessment. There are also software tools available that assist in PL calculation. If a gap exists between the safety function PL and required PL, the design needs to be reiterated to increase the PL, such as increasing diagnostic coverage or re-evaluating the circuit categories. Design factors, including process, operating stress, environmental conditions, and operating procedures, should also be considered.
The next step is the most common mistake made in machinery functional safety – skipping the validation. Validation occurs after the safety function is designed, verified, installed, and programmed. A validation procedure analyzes and tests the safety function and can include a simulation of faults and verification that the safety function responds as expected under all scenarios. It is critical for those responsible for functional safety to validate that the function is acting as intended, as there is still potential for error at the end. The second part of the standard, ISO 13849-2, provides guidance on the validation procedure to ensure the category and performance level is achieved by the SRP/CS in accordance with the function’s design criteria established in ISO 13849-1.
Following validation, maintaining these systems and applying regular preventative and corrective maintenance plans is also very important to keep the safety functions working in a safe and effective manner.
Functional safety is necessary in the manufacturing and machinery industry to have assurance that the design and integration of safety functions are reliable and effective when called upon to reduce the risk of human injury or risk of exposure to hazards. PLs are a benchmark for performance that the safety function is required to meet; without benchmarks, it would be challenging to understand whether safety functions are achieving their purpose. The ISO 13849-1 and -2 standards must be applied to ensure that a safety function is both designed properly and validated to test that its intended performance is being achieved (do not make the mistake of skipping this step!) and maintained throughout its life.
Comments