Introduction to Functional Safety of Control Systems
|Introduction||What is Functional Safety?||IEC/EN 62061 and EN ISO 13849-1:2008||Joint Technical Report on IEC/EN 62061 and EN ISO 13849-1||SIL and IEC/EN 62061||PL and EN ISO 13849-1||Comparison of PL and SIL|
Functional safety is the part of the overall safety that depends on the correct functioning of the process or equipment in response to its inputs. IEC TR 61508-0 provides the following example to help clarify the meaning of functional safety. For example, an over-temperature protection device, using a thermal sensor in the windings of an electric motor to de-energize the motor before they can overheat, is an instance of functional safety. But providing specialized insulation to withstand high temperatures is not an instance of functional safety (although it is still an instance of safety and could protect against exactly the same hazard). As another example, compare hard guarding to an interlocked guard. The hard guarding is not considered functional safety although it may protect against access to the same hazard as an interlocked door. The interlocked door is an instance of functional safety. When the guard is opened, the interlock serves as an input to a system that achieves a safe state. Similarly, personal protective equipment (PPE) is used as a protective measure to help increase safety of personnel. PPE is not considered functional safety.
Functional safety was a term introduced in IEC 61508:1998. Since then, the term has sometimes been associated with only programmable safety systems. This is a misconception. Functional safety covers a broad range of devices that are used to create safety systems. Devices like interlocks, light curtains, safety relays, safety PLCs, safety contactors, and safety drives are interconnected to form a safety system, which performs a specific safety-related function. This is functional safety. Therefore the functional safety of an electrical control system is highly relevant to the control of hazards arising from moving parts of machinery.
Two types of requirements are necessary to achieve functional safety:
- The safety function
- The safety integrity
Risk assessment plays a key role in developing the functional safety requirements. Task and hazard analysis leads to the function requirements for safety (i.e. the safety function). The risk quantification yields the safety integrity requirements (i.e. the safety integrity or performance level).
Four of the most significant control system functional safety standards for machinery are:
|1.||IEC/EN 61508 Functional safety of electrical, electronic and programmable electronic control systems
This standard contains the requirements and provisions that are applicable to the design of complex electronic and programmable systems and subsystems. The standard is generic so it can be applicable to all industrial sectors.
|2.||IEC/EN 62061 "Safety of machinery — Functional safety of safety-related electrical, electronic and programmable electronic control systems"
This standard is the machinery specific implementation of IEC/EN 61508. It provides requirements that are applicable to the system level design of all types of machinery safety-related electrical control systems and also for the design of non-complex subsystems or devices. It requires that complex or programmable subsystems should satisfy IEC/EN 61508.
|3.||EN ISO 13849-1 "Safety of machinery — Safety-related parts of control systems"
This standard is intended to provide a direct transition path from the categories of the previous EN 954-1.
|4.||IEC 61511 "Functional safety — Safety instrumented systems for the process industry sector"
This standard is the process sector specific implementation of IEC/EN 61508.
The functional safety standards represent a significant step beyond the familiar existing requirements such as Control Reliable and the Categories system of the previous ISO 13849-1:1999 (EN 954-1:1996).
Note: Recent to the time of publication of this text, CEN (European Committee for Standardization) announced that the final date for presumption of conformity of EN 954-1 will be extended to the end of 2011 to facilitate transition to the later standards. This replaces the original date of December 29, 2009.
For the latest information on the use and status of EN 954-1 visit: http://discover.rockwellautomation.com/EN_Safety_Solutions.aspx. In the meantime, it is advised that the extension of the transition period is used to move over to the use of the later standards (EN ISO 13849-1 or IEC/EN 62061) in a timely manner.
Categories will not disappear completely; they are also used in current EN ISO 13849-1 which uses the functional safety concept and has introduced new terminology and requirements. It has significant additions and differences to the old EN 954-1 (ISO 13849-1:1999). In this section we will refer to the current version as EN ISO 13849-1. (EN ISO 13849-1:2008 has the same text as ISO 13849-1:2006).