At a Glance:
- During the design process, failure modes and effects analysis (FMEA) is typically used to assess how equipment and machinery might fail.
- Recent functional safety design legislation in the EU has introduced a statistical component to the analysis, making it more rigorous and in-depth than FMEA.
- The author writes that FMEA and functional safety are fundamentally different in their governance.
The use of functional safety methods in the design of equipment and vehicles for the aerospace and automotive sectors is already mandatory in North America. This requirement is driven by federal legislation and in some cases by sector consortium organizations. Statistics always drive the move to functional safety. The question is, when will functional safety become mandatory for construction, road building, agricultural and mining equipment manufacturers? Furthermore, should manufacturers consider implementing machine functional safety now, rather than waiting until legislation requires it? And is there a significant competitive advantage to be gained from doing so?
Approaches to Safety—a Brief Introduction
When machinery used in construction, mining and other industries is operated correctly and runs smoothly and efficiently, everyone wins. OEM designers and suppliers, operators and end customers all benefit from a job well done thanks to equipment that is safe, reliable and fit for purpose. Risk, however, can never be eliminated entirely. Poorly maintained or incorrectly operated equipment can lead to malfunctions or faults, potentially resulting in costly machinery downtime and damage to property or the environment.
Equipment failure can also lead to more serious outcomes: injury to users of the equipment or other personnel nearby. This can set off an alarming chain reaction, such as legal liability and damage to the reputation of companies involved. It is therefore critical that robust safety best practices are implemented at every stage of machinery design and development, so that even in the event of malfunction or failure, personnel are kept safe from potential harm.
OEMs in North America are fully aware of the importance of equipment reliability and safety. During the design process, failure modes and effects analysis (FMEA) is typically used to assess how equipment and machinery might fail. This method looks at what could go wrong, why a failure could potentially occur and what the consequences could be of each type of malfunction.
In the EU, OEMs have their own method of assessing risk of failure, known as functional safety. Through recognized and standardized procedures, functional safety—such as FMEA—can help detect potentially dangerous conditions at an early stage, subsequently activating a protective or corrective device or mechanism to prevent hazardous events from arising, or mitigating the consequences of a hazardous event that has already occurred.
Functional Safety Design—Statistical Component
U.S. safety systems can rely on intensive operator training and simulation—an approach that retains the potential for human error. In contrast, functional safety looks to remove this from the equation through the use of physical guardrails, so that even in the event of a lapse of concentration, operators cannot cause serious harm.
Recent functional safety design legislation in the EU has introduced a statistical component to the analysis, making it more rigorous and in-depth than FMEA. As part of the legislation, implementation of functional safety now includes an analysis of hazard and risk, leading to a required performance level (PL). The sum of the components employed within the chosen system architecture must then meet the minimum mean time to failure (MTTF) and the level of diagnostic coverage (DC). Performance level dictates a system architecture or a choice of architectures with different diagnostic coverages.
Since functional safety is the more rigorous methodology, it would be advisable for U.S.-based OEMs to consider adopting it. Doing so fundamentally improves system safety. In addition, there is an increasing likelihood that functional safety could become the legal requirement in the U.S. in the not-too-distant future. Embracing functional safety at an early stage could give U.S. OEMs of all sizes a powerful competitive advantage and strong point of differentiation.
Furthermore, machines or systems designed for the U.S. marketplace need to be substantially redesigned if they are to be sold in the EU. With a single, unified strategy in place, OEMs could design machines only once, reducing overall design costs and streamlining training and equipment service programs.
Functional Safety and FMEA—Differences in Governance
While there are practical similarities between FMEA and functional safety, their governance is quite different. Machine safety laws in the EU place the responsibility on the supplier of the equipment. It is thus the responsibility of the machine manufacturer to conform to functional safety legislation.
By comparison, U.S. industrial safety is, in general, governed by OSHA. This places the responsibility for workplace safety on the shoulders of the employer, employee or equipment operator, making them liable in the event of potential accidents. In the U.S., a supplier can sell a machine without any safeguarding, with the user being responsible for making the machine situationally safe.
Regardless of which approach is used, the outcome should be the same: that employees are kept safe in the workplace. This makes the consideration of effective safety protections paramount at all stages of equipment design.
Hazard analysis is a key aspect of achieving a functionally safe design. Primarily, functional safety sets out to determine a machine’s design limits. Equipment where this applies includes everything from mobile truck-mounted cranes, to slews, hoists, winches, booms and stabilizers. For each type of machine, potential hazards are identified, such as unintended function movement, a falling load, tipping or personnel in proximity of moving parts.
Electrohydraulic functional safety procedure maps a potential harm sequence. For example, as shown in Figure 1, filters that are not changed periodically can cause spools to stick, or crane and stabilizer functions might be operated at the same time. In crane or hoist applications, an operator might be too aggressive in lifting and lowering loads or might lift too heavy a load with the boom extended.
Once the potential hazardous outcomes have been established, an evaluation of what to do in the event of an injury or injuries is then made, such as hospitalizing operators and other injured individuals. In this case the system is rated to PLc / SIL1, which is a very operator-dependent safety design (Figure 2).
Risk Reduction—Incorporating Safeguards into the Design of the Machine
From hazard analysis, functional safety design then moves to the process of risk reduction. It stipulates that, from the outset, machinery should be designed in such a way that risks do not appear. Functional safety then looks at avoiding risk by safeguard, recommending that safety guards are incorporated within the design of the machine to minimize risks.
Avoiding risk by information is next in the sequence. The information in question could include warning labels, a user manual and training. This strategy seeks to counter risk by applying multiple layers of safety simultaneously. In the event one layer fails or is overridden, other layers can still provide adequate protection. Figure 3 upgrades the PLc / SIL1 to PLd / SIL 2 by adding lock-out hydraulic circuits.
The Role of Control Systems
Functional safety also considers safety-related parts of controls systems (SRP/CS). There are many functional safety features that can be achieved when using, for example, modular load-sensing valve systems and electrically controlled actuators. These include compensator flow cutoff, full-flow downstream cutoff, electrohydraulic pilot shutoff, electrohydraulic fault monitoring, electrohydraulic direction indication monitoring and electrohydraulic SIL-rated CAN components (figure 4).
Work with a Functional Safety Partner
Complying with stringent functional safety standards can be a complicated, time-consuming and costly process for mobile equipment OEMs. As such, it may be prudent to seek out an expert partner to help implement its requirements. Many manufacturers and integrators offer not only knowledge, but also components and subsystems to ease the development process. For example, the Danfoss Functional Safety Solution is a complete package of components, software, processes and training that streamlines and simplifies the safety certification of machines.
The goal of both FMEA and functional safety is to ensure equipment and system design is as robust and safe as possible. Although the two methods are similar, they differ in detail; functional safety arguably provides a competitive and liability edge in terms of improved reliability and reduced equipment downtime.
Considering the benefits and incentives, and with the methods surrounding functional safety as a requirement, maybe it is now time for OEMs to investigate functional safety further with a view to being ahead of the failure mode and safety curve when it comes to machine and system design.
Randall Bobbitt is sales development manager, Spool Valve Solutions, Danfoss Power Solutions.