Concepts of Functional Safety

Functional safety (FS) is a critical safety concept that is applicable across all Global industry sectors. It is fundamental to the enabling of complex technical systems used for safety related systems. FS is a secondary safety feature that guarantees a safe and orderly shutdown of processing units in the event of a plant’s unexpected condition.

FS is relevant across a wide spectrum of industries, including oil and gas, chemicals, power generation, food and beverage, pharmaceuticals, metals and mining, water and wastewater treatment and  many other sectors.

Functional safety is the aspect of the overall safety of a system or piece of equipment that relates to the machines or products operating correctly in response to their inputs, including the safe management of possible operator errors, hardware failures and environmental changes.

FS is different for different industries and products but the overall global governing standard is IEC 61508.This standard is published by the International Electro-technical Commission consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems (E/E/PE, or E/E/PES).

IEC 61508 is a basic functional safety standard applicable to all industries. It defines functional safety as: “part of the overall safety relating to the EUC (Equipment Under Control) and the EUC control system which depends on the correct functioning of the E/E/PE safety-related systems, other technology safety-related systems and external risk reduction facilities.” The fundamental concept is that any safety-related system must work correctly or fail in a predictable (safe) way.

The IEC 61508 standard has two fundamental principles:

An engineering process called the safety life cycle is defined based on best practices in order to discover and eliminate design errors and omissions. A typical safety life cycle has 16 phases which roughly can be divided into three groups as follows:
• Phases 1–5 address analysis.
• Phases 6–13 address realization
• Phases 14–16 address operation.
All phases are concerned with the safety function of the system.

The IEC 61508 standard has seven parts:

Parts 1–3 contain the requirements of the standard (normative); Part 4 contains definitions.
Parts 5–7 are guidelines and examples for development.

Functional Safety market segregation:

By devices: The global functional safety sector is segmented into actuators, safety sensors, final control elements, safety controllers/modules/relays, programmable safety systems, emergency stop devices, safety switches, valves, and others.

By Systems: Includes Safety instrumented systems, turbo machinery control (TMC), supervisory control system, burner management systems (BMS), emergency shutdown systems (ESD), fire & gas monitoring control, industrial control systems, high-integrity pressure protection systems (HIPPS), distributed control systems (DCS), and others.

By end-user applications: Includes oil & gas, metal and mining, pharmaceuticals and biotech, retail and wholesale, manufacturing, power generation, and others.

Standards under the IEC 61508 umbrella:

For Railways:

IEC 62279 provides a specific interpretation of IEC 61508 for railway application covering the development of software for railway control and protection including communications, signalling and processing systems.

For Process industries:

The process industry sector includes many types of manufacturing processes, such as refineries, petrochemical, chemical, pharmaceutical, pulp and paper, and power. IEC 61511 is the technical standard which stipulates practices in the engineering of systems that ensure the safety of an industrial process through instrumentation.

For Power plants:

IEC 61513 provides requirements and recommendations for the instrumentation and control for systems important to safety of nuclear power plants. It indicates the general requirements for systems that contain conventional hardwired equipment, computer-based equipment or a combination of both types of equipment. An overview list of safety norms specific for nuclear power plants is published by ISO.

For Machinery:

IEC 62061 is the machinery-specific implementation of IEC 61508. It provides requirements that are applicable to the system level design of all types of machinery safety-related electrical control systems.

For Buildings: EN81/EN 115 for Lifts

For the Energy sector: IEC 62109-Energy Delivery, IEC 50156-Furnaces, IEC 61511-Industrial processes, IEC 61513-Nuclear Power

For Households:

IEC 60335-Household appliances, IEC 60730-Motor Control
Industrial related: IEC 61496-1-Electro-sensitive protective equipment/light barrier, IEC 61131-6-Programmable controllers, IEC 13849-Safety control systems, ISO 13450-Emergency stop, IEC 62061-Machinery, ISO 10218-Robots, ISO 61800-5-2-Electrical power drive systems, IEC 61131-6-Programmable controllers

Medical related:

IEC-60601-Medical devices, IEC 62304-Medical device software

Transportation related:

ISO 15998-Earth moving machinery, EN5012x-Railways, ISO 26262-Road Vehicles, ISO 25119-Tractors and machinery for agriculture and forestry,

ANSI/ISA S84 -functional safety of safety instrumented systems for the process industry sector

EN 50402 –fixed gas-detection systems– defence standard 00-56 Issue 2 – accident consequence

All the above standards are considered state-of-the-art and the same will be enforceable in a court of law.

Some key definitions:

Safety Instrumented Function (SIF)

SIF is a protection layer whose objective is to achieve or maintain a safe state of the process when a specific dangerous event occurs. The SIF is implemented in the SIS (Safety Instrumented System) which is normally composed of several Safety Functions.

Safety Integrity Level (SIL)

It is the level of safety assigned to a single SIF (SIL1, 2, 3, 4). Involves technical and non-technical requirements, higher the level, stricter the requirements. In a safety system a SIF is a single safety loop (or system) made up of a number of sub-systems, typically a sensor, a controller and an end element.

Defining the SIF’s and assigning SIL’s

In order to define individual SIF’s the end user must first complete a number of activities to assess both the possible hazards involved with the process and then the risks these hazards may have. Hazard analysis techniques can include fault tree analysis, event tree analysis, cause/consequence techniques etc.

Risk Reduction Assessment (RRA) methods include FMEA, HAZOPS, LOPA, risk matrix/graphs.

From the above activities, a SIF can be identified and a SIL can be applied.

IEC 61508 certification

IEC 61508 certification programs have been established by several global Certification Bodies (CBs). Each has defined their own scheme based upon IEC 61508 and other functional safety standards. The scheme lists the referenced standards and specifies procedures which describes their test methods, surveillance audit policy, public documentation policies, and other specific aspects of their program. IEC 61508 certification programs are being offered globally by several recognized CBs including Intertek, SGS-TÜV Saar, TÜV Nord, TÜV Rhineland, TÜV SÜD and UL.



more insights

Understanding Accreditation

Based on insightful answers by Peter Unger Co-Founder – Executive Director of International Quality Excellence in Infrastructure Systems, LLP and Former CEO-A2LA / ILAC Chair

Read more →