Functional Safety is the part of the overall safety of a system or piece of equipment that depends on the system or equipment operating correctly in response to its inputs, including the safe management of likely operator errors, hardware and software failures and environmental changes. It is an additional step beyond the traditional product safety assessment and tackles our ever increasingly complex world of interoperating technologies and the hazards they cause.
IEC 61508, the generic functional safety standard considers the whole lifecycle of electrical, electronic or programmable electronic (E/E/PE) systems and products. Other standards as i.e. EN ISO 13849-1 address also mechanical and pneumatic products.
Specific steps must be carried out by manufacturers to ensure the absence of unacceptable risk due to hazards caused by the mal-functional behaviour of their products and systems.
To design safe hardware and software means that product manufacturers should implement specific techniques such as redundancy, diversity, internal self tests to increase the product robustness against random and systematic failures.
TÜV SÜD provides a broad range of functional safety services for manufacturers in many industries including Automation, Aerospace, Automotive , Rail, Medical, Machinery, Nuclear, Process Automation and Consumer Products. We provide a functional safety assessment of the product including the assessment of the prevention of random failure of the product and its components and systematic failures inadvertently designed into the product. We conduct training programs and workshops to educate product manufacturers on the IEC 61508 series of standards and certify to the full range of international functional safety standards such as ISO 26262, EN 50129, EN ISO 13849-1, IEC 62061 and IEC 60601. Consultancy is a key element of our services to support our customers to meet functional safety requirements in their design.
A risk assessment process, carried out according to accepted principles of risk assessment, is essential to define if functional safety is necessary. A risk assessment defines what actions of a product will be safety relevant and what actions will not be safety relevant. In addition, the risk assessment will define how safety critical the ability to perform particular actions might be. From the risk assessment, the product will be defined as having a list of safety functions and the safety consequence of failure will be estimated. This list of safety functions and the criticality of each is the fundamental engineering input to a functional safety assessment. The goal of the entire functional safety assessment is to ensure that each function defined as safety relevant carries out the intended function with a reliability level that is appropriate to the criticality of the function should it fail to perform.
The Safety Integrity Level (SIL) of a Safety Function defines the required reliability level for a safety function in the product. SIL is defined in four classes, from SIL 1 (the lowest required reliability level for a safety function) to SIL 4 (the highest required reliability level for a safety function). For safety functions with a relatively low criticality, SIL 1 may be appropriate. Safety functions with a high degree of criticality may require a SIL 3 or SIL 4 designation.
While lower level SIL targets allow a company to “self assess”, this should only be done when the company has internally a certified expert for functional safety. Higher level SIL targets require a third party assessor.
A functional safety assessment normally is broken down into several checkpoint assessments. The checkpoints may be repeated iteratively if the requirements for that checkpoint are not met. At each checkpoint, the life cycle documents up to that checkpoint are assessed – failure to have the required life cycle activity output documents means the checkpoint must be repeated. The normal set of checkpoints in an assessment will look something like this.