Functional safety Part 2 of 2

For example, in conducting a risk assessment under EN ISO 13849-1, a designer may find that Performance Level (PL) d is required. A Category 2 (zero-fault-tolerant) structure with very high mean time to dangerous failure and low diagnostic coverage may be the least costly solution. At the other end of the spectrum, a Category 3 (single fault tolerant) system with medium diagnostics may be ideal. Rather than being conservative and potentially overcompensating, this approach gives designers more flexibility to specify an optimum level of safety for individual application demands.

Standard EN (IEC) 62061 offers similar flexibility. For example, risk assessment on one design may indicate the need for a SIL 2 rating. With zero fault tolerance (single channel), 90 to 99% of failures that occur must be safe failures. If a single channel system with appropriate diagnostics is too difficult or expensive, then a single-fault-tolerant structure (dual channel) with a lower safe failure fraction can be used. The third alternative is a two-fault-tolerant system (two out of three channel) with little or no diagnostics (less than 60% safe failures). In all instances, the ability to tailor specific safety functions to the application reduces cost and complexity, improves machine sustainability, and optimizes each safety circuit and function.

This performance-based approach also makes it easier for designers to quantify the value of safety. Previously, a designer may have had difficulty understanding or explaining why a costly or seemingly sophisticated safety system was needed for a particular application; it was simply required per the standard. Now, with the ability to quantify circuit reliability through specific performance and integrity calculations, a designer can show value in terms of actual risk reduction.

Laying the groundwork

To meet the new safety standards, each component in a safety system must have an assigned probability of or mean time to dangerous failure. Historically, this type of information wasn't widely available. Now, most manufacturers are recertifying products to meet the new PL and SIL ratings. This takes time, but will improve safety system designs and make results quantifiable.

The current challenge for machine builders is twofold. First, they must understand the new Machinery Directive requirements, and how these impact design and component selection. Second, designers must understand documentation requirements and gather functional safety data from component suppliers to support safety designs with either an SIL or PL for the system.

Many electronic component manufacturers are embracing the new standards by publishing what SIL level a system can achieve with a given safety component; many also supply safety data for PL and SIL verification. This allows designers to take that information and perform the calculations to meet application requirements per the standards.

Component suppliers also are offering education and training programs, and tools to help reduce documentation complexity. Case in point: Rockwell Automation now offers a product library file for use with the SISTEMA calculation tool. SISTEMA, developed by Germany's IFA, automates calculation of the attained PL of a machine's safety-related control parts in the context of EN ISO 13849-1.

SISTEMA plus new product libraries provide machinery and control designers with comprehensive support in EN ISO 13849-1-compliant safety evaluations. Engineers are spared time-consuming consultation of tables and calculations of formulae, as software performs these tasks. The final results can be printed in a multiple-page report.

SISTEMA can be downloaded for free through the Rockwell Automation Safety Portal link at discover.rockwellautomation.com/SA_EN_Machine_SISTEMA.aspx.