functional safety

Over time, the standards that represent functional safety have evolved into various product-specific variants and primarily serve the purpose of preventing damage to to avoid people and material assets. However, there are overlaps and inconsistencies. For example, there are two equally important standards for mechanical engineering, IEC 62061 and ISO 13849. The system integrator can choose one of the two standards. For the component manufacturers, however, both standards are quasi compulsory for commercial reasons.

Some additional requirements result from ISO 13849 to product development. The most obvious fact is that ISO 13849 defines a so-called performance level instead of the safety integrity level.

In principle, the most basic drive safety function Safe Torque Off (STO) can be implemented purely hardware-based. EN 61800-5-2 provides good assistance in this respect. On the other hand, it becomes interesting when more complex drive safety functions are required. In practice such functions are realized in software. For software, the drive standard refers to IEC 61508-3. As the Safety Integrity Level (SIL) increases, very high demands are placed on software development - such as the methods used and the verification's to be performed, including the tools used.

Safety Requirement Specification

An essential phase of any development in the field of functional safety is the requirement engineering, i.e. the phase of establishing the requirements. The planning is usually based on a verification and validation plan.

Development process and the Product Lifecycle Management to IEC 61508

The traceability from the requirement to the performed test and the verifiable statistical statements result from the integration of the instruments. The toolchain is a combination of the processes with these tools. The processes alone can hardly generate proof and traceability with considerable effort. Even the ToolChain - without integration and defined processes - cannot achieve this. An intelligent integration of the individual tools combined with intelligent processes, which are adapted to the required Safety Integrity Level (from standard development without SIL requirements to SIL 3 requirements), is the means of choice.

Failure mode and effect analysis

The aim of the investigation of Failure Mode and Effects Analysis (FMEA) is first of all the preventive recognition of the connections between potential failures, causes and consequences as well as the prioritisation of the cause-effect chains with regard to their risk. On the other hand, it is the preventive initiation of preventive measures for eliminating cause-effect chains with high risk.

Functional safety management as part of Quality Management

Functional safety does not work without the support of top management. After all, IEC 61508 is not just another standard to be complied with by the development department. It affects the entire company. IEC 61508 defines in detail the management of functional safety as an extension of an ISO 9001 quality management system.