Functional Safety Standards
July 2, 2020
The causes of hazards and the technical measures applied to avoid them can vary widely. As a result, different types of safety are differentiated by the cause of potential hazards, for example.
We talk about “functional safety” when safety depends on the correct function of an electrical (E), electronic (E) and programmable electronic (PE) system (abbreviated to: E/E/PE system).
The risk assessment plays a key role with regard to functional safety requirements. The steps you need to consider in the risk assessment and risk reduction of machines and the way in which safety functions can be evaluated and verified are taken from the standards EN ISO 12100, 13849-1/-2 and EN 62061. The safety integrity requirements (PL, SIL) are derived from the risk estimation.
New concept on fault tolerance in machinery safety developed at ZVEI with the collaboration of Pilz
A working group within the ZVEI (German Electrical and Electronic Manufacturers’ Association), working in collaboration with Pilz and the IFA (Institute for Occupational Safety and Health), has developed a white paper, which describes the basic principles of fault-tolerant devices and systems in functional safety on plant and machinery. The white paper is available for download free of charge.
It is primarily aimed at machine builders and system integrators, who design and implement safety functions and subsystems for the machine controller. This information can also be applied for the design of safety-related devices and systems in product development. The procedure and the requirements to be met have been published by ZVEI in a white paper.
What is a fault-tolerant system?
Fault-tolerant systems can enable continued operation, even though a potentially hazardous failure has been detected. A fault-tolerant system requires not just fault detection but also fault evaluation. This makes it possible to decide whether the detected fault can be tolerated or is serious. If the latter is the case, an immediate stop (shutdown) is mandatory.
This type of fault evaluation is not usual in current implementations of “classic factory automation systems”. However, fault tolerance is impossible without fault evaluation. It is clear that decision-making for a graduated fault reaction is only possible on devices or systems with a suitable design. The developer and also the user of a fault-tolerant device or system must also define the length of the period Δtdeg for continued operation (in a degraded state). Additional risk reduction measures must also be specified if necessary, which then become part of the information for use. This may be used to bring a processing step to an end, to give a practical example.