WHAT’S NEW
Safer by
design
IN THE FIRST OF HIS NEW COLUMN
SERIES SAFETY CONSULTANT ROBERTH
JONSSON EXPLAINS EXACTLY WHAT
FUNCTIONAL SAFETY IS AND WHY IT IS
IMPORTANT TO INDUSTRIAL DESIGNERS
Functional safety protects millions of people from hazards
every day, from machinery in general and perhaps especially
from off-highway machinery.
But what is it exactly? I’ll borrow a defi nition from IEC: “Functional
safety is the detection of a potentially dangerous condition resulting in
the activation of a protective or corrective device or mechanism to
prevent hazardous events arising or providing mitigation to reduce the
consequence of the hazardous event.”
OK… so what does that mean? Well, it means that one can trust the
system to do what is intended of it up to a certain level of probability.
Probability? Yes, it all comes down to that.
It doesn’t matter whether you adhere to IEC 61508 (SIL) or to EN 13849
(PL) – both standards use probability to measure the level of safety. So
basically, if your system has an average probability of dangerous failure
per hour of between 10^-6 and 10^-7 hours, you have a PL=d
(PL=Performance level, which is a discrete safety level according to EN
13849). So functional safety is all one needs? Well, no. If you haven’t done
the groundwork (i.e. risk assessment), then having very high levels of
safety makes no difference if you don’t handle the correct hazards.
Let’s look at an example in which a control system is used to steer a
wheeled excavator. The risk assessment highlights that one would need
to reduce the risk with a control system. Next, a risk assessment is
performed according the chosen standard (let’s use EN13849) and we
arrive at a PLr =d (PLr = required performance level). In other words, we
would need to reach a 1/1,000,000 hours’ proven probability that the
machine won’t suddenly turn off the road without driver input.
What about 100% safe? Sorry, that won’t happen. No system is ever
100% safe but at PL d you at least do not need to be afraid…
So is functional safety only about electronics? No, you are looking at
a complete safety function from input to output. Again, let’s take the
example of wheel steering where you have the roller in the joystick
(Input), the control system (Logic) and the hydraulics (Output). With PL d,
the requirements on all parts of the system will be quite high when it
comes to monitoring and failure resistance, and there are several other
procedures and methods that need to be applied. For instance, in some
cases you will need an extra safety valve in conjunction with the control
valves to be able to cope with the requirements.
Functional safety is what all machinery bases a lot of its safety
standards on, and the difference between a system that one thinks is
safe and one that one knows is safe is what we call functional safety. And
functional safety is just that, a proven level of safety. So, think of
functional safety as your silent friend, working patiently in the
background looking after you and your surroundings making sure that
your machine is safe. Probably.
iVTInternational.com November 2019 11
NEW COLUMN!
A Safe Pair of Hands
by Roberth Jonsson
“THE DIFFERENCE BETWEEN
A SYSTEM THAT ONE THINKS IS
SAFE AND ONE THAT ONE KNOWS
IS SAFE IS WHAT WE CALL
FUNCTIONAL SAFETY”
About the author
Roberth Jonsson is an expert in functional safety for mobile
machinery, and runs the Zatisfy consultancy in Sweden
Contact: Roberth.jonsson@zatisfy.se or +46 705790027. www.zatisfy.se/ivt
Sources and further readings
EN13849-1/-2 and IEC 61508
ILLUSTRATION: IAN PARRATT, THECARICATUREARTIST.CO.UK
/iVTInternational.com
/ivt
link