This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Functional safety in process applications

Author : Roger Highton, Eaton MTL

16 March 2021

In this article, Roger Highton, Product Line Manager at Eaton for MTL Process Connectivity Products, provides some insights into designing for functional safety in hazardous applications.

(Click here to view article in digital edition)

Safety is a key consideration in the design and specification of equipment for use in any industrial application. In environments where potentially flammable gasses and dust are constantly present, it is particularly important to understand how to design out risk as far as possible.

The way we consider safety and respond to risk has changed over time, influenced in no small part by incidents like Buncefield. While there are clear regulations which require compliance, there is also recognition that functional safety – a ‘best practice’ approach which considers how safety is managed as a whole – can be most effective in reducing risk. Demonstrating compliance with both the engineering and management aspects of functional safety standards provides auditable evidence that due measures are in place.

Defining terms

Functional Safety relates to the part of overall safety that depends upon the correct operation of an electrical, electronic, or programmable electronic safety instrumented system (SIS). The requirements for such a SIS are defined in the IEC 61508 group of standards. These include an umbrella standard as well as separate standards for different industries, including processing.

Essentially, functional safety applies wherever electrical & electronic products are used in safety and protection systems, where overall safety depends on equipment or a system operating correctly in response to its inputs. For example, using a thermal sensor in the windings of an electric motor to de-energise the motor before they can overheat is an instance of functional safety.

Functional safety cannot be determined without considering systems as a whole and the environment with which they interact. As such, functional safety standards have much in common with quality standards, in that they require compliant companies to specify and adopt a systematic and auditable approach that regulates the full lifecycle of the SIS.

Buncefield - Image: Flickr/User: Stuart Axe
Buncefield - Image: Flickr/User: Stuart Axe

Risk management

IEC 61508:2010 defines safety as “freedom from unacceptable risk”. Compliance requires a systematic appraisal of risk within process operations and to define criteria for the acceptability of these risks. Risk levels can be mitigated by either reducing the frequency of a hazardous event occurring, or by minimising the consequences.

Measures of controlling risk, including Good Engineering Practice (GEP) and Layer of Protection Analysis (LOPA), are recognised reduction measures. Once existing protection layers have been taken into account, further reductions in risk may be achieved through the implementation of safety instrumented systems. The emphasis here is on “the correct functioning of a safety instrumented system”.

Safety instrumented systems are distinct from process control systems. They are designed to provide a final protection layer to prevent harm if a hazardous event occurs. Whereas a process control system is designed to operate continually, a SIS is required to operate infrequently, with a high and predictable probability of success. Accurate specification at the outset and regular testing throughout its lifetime are key to ensuring that a SIS will fulfil its function. Key questions to ask include: what is the SIS protecting against? What would the consequences be should the SIS fail?

Roles and responsibilities

In functional safety terms, it is the end user’s responsibility to ensure that any SIS are fit for purpose, have the correct performance characteristics, and are maintained and managed correctly. Equipment suppliers also have responsibilities to ensure their equipment is assessed according to the functional safety standards and provide the Functional Safety Manual providing all the data required by the user to determine if it is suitable for the application.

Roger Highton, Eaton MTL
Roger Highton, Eaton MTL

Also, many functional safety applications are used in processes where there is a risk of hazardous gases or dust being present, requiring suitable certification of the installed equipment. One way of doing so is to use products that are intrinsically safe (IS): designed and certified to be incapable of releasing sufficient electrical or thermal energy – under normal or abnormal conditions – to cause ignition. Whilst IS equipment is widely used in process applications, the requirement for both IS and functional safety approvals is limited to the signals used for safety and fire & gas systems.


Functional safety standards are here to stay and provide an important framework to developing a holistic approach to risk assessment and management in process applications. Incorporating products made by a certified FSM company is a contributing factor in ensuring that safety instrumented systems are fully compliant.

For more information about Functional Safety, including a free poster to download, visit:

About the author:

Roger Highton is Product Line Manager for MTL Process Connectivity Products for Eaton. Roger has worked in the automation industry for more than 25 years, with a special interest in working with end users on the development and adoption of new connectivity and digitisation technology.

Contact Details and Archive...

Print this page | E-mail this page