Roberth Jonsson runs Sweden consultancy Zatisfy. Zatisfy are experts in CE marking, especially mobile machinery (off-highway) and functional safety. Roberth is a member of TK282 in SIS.se where machinery safety standards are developed.
Why functional safety?
Functional safety is a term one does not hear about very often. And yet, it protects millions of people from hazards every day, from machinery in general and perhaps especially from off-highway machinery.
What is it then?
I’ll borrow a definition from IEC: “Functional safety is the detection of a potentially dangerous condition resulting in the activation of a protective or corrective device or mechanism to prevent hazardous events arising or providing mitigation to reduce the consequence of the hazardous event.”
Okay, so what does that mean? Well, it means that one can trust the system to do what is intended of it up to a certain level of probability. Probability? Yes, it all comes down to that.
Probability in safety
It doesn’t matter whether you adhere to EN 61508 (SIL) or to EN 13849 (PL) – both standards use probability to measure the level of safety. So basically, if you have an average probability of dangerous failure per hour of between 10^-6 and 10^-7 hours, you have a PL=d (EN 13849).
So functional safety is all one needs? Well, no. If you haven’t done the groundwork (i.e. risk assessment), then having very high levels of safety makes no difference if you don’t handle the correct hazards.
What about in real life?
Let’s look at an example in which a control system is used to steer a wheeled excavator. The risk assessment highlights that one would need to reduce the risk with a control system. Next a risk assessment is performed according the chosen standard (let’s use EN13849) and we arrive at a PLr =d (PLr = required performance level). In other words, we would need to reach a 1/1,000,000 hours’ proven probability that the machine won’t suddenly turn off the road without driver input.
What about 100% safe? Sorry, that won’t happen. No system is ever 100% safe but at PL d you at least do not need to be afraid to be on the road with it…
Is functional safety only about electronics?
No, you are looking at a complete safety function from input to output. Again, let’s take the example of wheel steering where you have the roller in the joystick (Input = I), the control system (Logic = L) and the hydraulics (Output = O). With PL d, the requirements on all parts of the system will be quite high when it comes to monitoring and failure resistance, and there are several other procedures and methods that need to be applied. For instance, in some cases you will need an extra safety valve in conjunction with the control valves to be able to cope with the requirements.
Functional safety is what all machinery (stationary and off-highway alike) bases a lot of its safety on, and the difference between a system that one thinks is safe and one that you know is safe is what we call functional safety. And functional safety is just that, a proven level of safety. So, think of functional safety as your silent friend, working patiently in the background looking after you and your surroundings making sure that your machine is safe. Probably.