Functional safety’s technological progress
Author : Stewart Robinson, TÜV SÜD
04 March 2022
In the machinery industry, the significance of functional safety has increased continuously and the focus of interest has always been the safety of operating and maintenance staff. The other goal has been to minimise the costs of operation and servicing or maintenance. Consequently, machine manufacturing and operation are subject to a host of regulations and requirements.
(Click here to view article in digital edition)
In the past, dangerous machinery movements could be reliably stopped by opening one of the monitored doors in the safety guarding. However, the increasing connectivity of systems and plants, plus the growing possibilities of remote control, has seen a paradigm shift away from the prevention of access and the reliable shutdown of machines to the reliable identification of people and continued operation, which minimises disruption to the production line. With such high levels of automated safety, the safety related parts of control systems will become more complex. This will of course escalate with Industry 4.0/smart manufacturing.
Due to this trend, both possible damage events and the safety-related parts of control systems have become more complex. One example is the introduction of collaborative operation with robots, where people and machines work more closely together and which offers enormous potential for improving efficiency.
As digitalisation, automation and connectivity progress, so safety requirements for machines and machine systems have grown more comprehensive and complex. A safety related control function is one of the measures that makes a contribution to the overall reduction of risk with machinery. Consequently, electrical, electronic or programmable electronic systems (E/E/PES) are used increasingly in the field of safety applications.
However, as state-of-the-art moves on at a dramatic pace, with innovations such as Industry 4.0’s smart factories, new components and systems frequently become available which are too technologically advanced for current standard requirements.
Machinery manufacturers must show compliance with the European Machinery Directive 2006/42/EC or the UK Supply regulations. To demonstrate compliance with legislation, machine builders can choose to work to the harmonised/designated standards EN ISO 13849 (Safety of machinery - Safety-related parts of control systems - General principles for design) or EN IEC 62061 (Safety of machinery - Functional safety of safety-related control systems). These can be used to achieve compliance in the field of functional safety and as neither is technology specific, they can both be applied for safety systems using any technology.
Over the years, both ISO 13849-1 and IEC 62061 have seen revisions. EN IEC 62061 edition 2 was published in 2021 and its scope includes the design of ‘low complexity’ subsystems and the integration of other subsystems. The design of complex programmable electronic subsystems or subsystem elements is not within the scope of the standard, but in the scope of IEC 61508 or standards linked to it.
EN ISO 13849-1 is in the later stages of being revised and will also have a scope statement that it “…does not give specific requirements for the design of products/components that are parts of SRP/CS. Specific requirements for the design of components of SPR/CS are covered by applicable ISO and IEC-standards”. The new version will however still include some information that is directly relevant to the design of electronic subsystems and measures for Safety Related Embedded Software (SRESW). So, there may be some confusion about which requirements apply to a particular situation, resulting in machine builders perhaps misinterpreting how they should apply the standard.
Stepping up a gear
The increasing connectivity of systems, plus the growing possibilities of remote control, further requires suitable approaches to protect systems. In order to minimise disruption to the production line and enable continuous machine operation, some safety applications are moving away from access prevention and the reliable shutdown of machines to the automated identification of people. With such high levels of automated safety, the safety related parts of control systems will become more complex.
An analysis by the Health and Safety Executive (HSE) of incidents connected with safety related parts of control systems revealed that poor design and implementation, together with incorrect specification, accounted for 59 per cent of the primary causes identified. These are exactly the types of problem that a full validation process could have uncovered before the control systems went into service.
The new version of EN ISO 13849-1 will include requirements for the verification and validation of Safety Related Parts of Control Systems that is currently in EN ISO 13849-2.
EN ISO 13849-2 spells out the basic validation requirements very clearly in Section 4.1, Validation Principles. It states that: “The validation shall demonstrate that each safety-related part meets the requirements of ISO 13849-1, in particular (for example):
- The specified safety characteristics of the safety functions provided by that part, as set out in the design rationale, and
- The requirements of the specified performance level (see ISO 13849-1:2006, 4.5)”
Stewart Robinson, TÜV SÜD
It also says that “Validation should be carried out by persons who are independent of the design of the safety-related part(s).”
Carrying out the calculations required by EN ISO 13849-1 and EN IEC 62061 remains a complex task. While there are software packages that help to guide users through the compliance process, the growing complexities caused by ever greater technology innovations and integration means ensuring compliance with these standards is becoming a more complex and resource hungry task.
Innovative technologies have contributed significantly to greater efficiency and a higher degree of automation, improving operability and profitability. Alongside this, the importance of machinery functional safety has increased continuously, as the safety system contributes significantly to risk reduction and must therefore be aligned to these more versatile and complex applications.
To mitigate against systematic faults, the effectiveness of safety measures must also be fully verified. This will confirm the robustness of components, as well as the complete life cycle, and the development process must also be considered during such an assessment. A holistic approach to functional safety is therefore required, which requires expertise in various application fields across all project phases, from design and development to manufacturing and installation, testing, certification, placing into service, and decommissioning.
About the author:
Stewart Robinson MIET MInstMC, Principal Engineer and Functional Safety Expert at TÜV SÜD, is a member of the Institution of Engineering and Technology and a member of the Institute of Measurement and Control. He was a member of the Safety Panel of the InstMC from 2007 and chaired that Panel for many years. He is an active member of the British Standards Institution (BSI) committees that deal with machinery safeguarding (MCE/3) and Measurement and Control (GEL/65). He is the nominated UK expert for: IEC TC44 MT 62061 (Safety of machinery – Functional safety of safety-related control systems); IEC TC65 WG16 (Digital Factories); IEC TC65 JWG 21 (Unified Reference Model for Smart Automation); IEC TC65 WG24 (Asset Administration Shell for Industrial Applications).
Contact Details and Archive...