Catalogs > Safety Products Catalog > Principles, Standards and Implementation > Introduction to Safety-Related Control Systems
Introduction to Safety-Related Control Systems
Safety Function
A safety function is implemented by the safety-related parts of the machine control system to achieve or maintain the equipment under control in a safe state with respect to a specific hazard. A failure of the safety function can result in an immediate increase of the risks of using the equipment; that is, a hazardous condition.
A machine must have at least one “hazard,” otherwise, it is not a machine. A “hazardous condition” is when a person is exposed to a hazard. A hazardous condition does not imply that the person is harmed. The exposed person may be able to acknowledge the hazard and avoid injury. The exposed person may not be able to recognize the hazard, or the hazard may be initiated by unexpected startup. The main task of the safety system designer is to prevent hazardous conditions and to prevent unexpected startup.
The safety function can often be described with multi-part requirements. For example, the safety function initiated by an interlocking guard has three parts:
| 1. | The hazard protected by the guard cannot operate until the guard is closed; |
| 2. | Opening the guard will cause the hazard to stop if operational at the time of the opening; and |
| 3. | The closure of the guard does not restart the hazard protected by the guard. |
When stating the safety function for a specific application, the word “hazard” must be changed to the specific hazard. The hazard must not be confused with the results of the hazard. Crushing, cutting, and burning are results of a hazard. An example of a hazard is a motor, ram, knife, torch, pump, laser, robot, end-effector, solenoid, valve, other type of actuator, or a mechanical hazard involving gravity.
In discussing safety systems, the phrase “at or before a demand is placed on the safety function” is used. What is a demand on the safety function? Examples of demands placed on the safety function are the opening of an interlocked guard, the breaking of a light curtain, the stepping onto a safety mat, or the pressing of an e-stop. An operator is demanding that the hazard either stop or remain de-energized if it is already stopped.
The safety-related parts of the machine control system execute the safety function. The safety function is not executed by a single device, for example, just by the guard. The interlock on the guard sends a command to a logic device, which in turn, disables an actuator. The safety function starts with the command and ends with the implementation.
The safety system must be designed with a level of integrity that is commensurate with the risks of the machine. Higher risks require higher integrity levels to ensure the performance of the safety function. Machine safety systems can be classified into levels of performance of their ability to ensure the performance of their safety function or, in other words, their functional safety integrity level.