- Published on Monday, 24 March 2014 10:00
- Written by Loren Stewart
While many people might recognize the term “functional safety” and assume they know what it means, for the purposes of standards, the term itself needs explanation. Finding an understanding and complying with functional safety standards play a vital role in everyone’s safety. Breaking down what it is and why it matters are the first steps to full comprehension of functional safety and, ultimately, a safer world.
What is Functional Safety and the IEC 61508 Standard?
The goal of Functional Safety is to have an automatic protection function that will perform the system’s intended function correctly, or, when that cannot happen because of a failure, the system will fail in a predictable (safe) manner.
Working groups and national standards bodies from around the globe have been involved in the process of bringing together the IEC61508 standard. IEC 61508 is the International Performance Based Standard for All Industries. It applies to suppliers and is known as the “umbrella standard.”
IEC 61508 applies to Automatic Protection Systems—electrical, electronic, programmable electronic and mechanical devices. It provides measures of protection against random hardware failures and “systematic” design failures. IEC 61508 can be applied to project level work—bespoke (turnkey) systems, or it can be applied to product level work—off-the-shelf products applied in many applications. The standard targets suppliers; its requirements are for the suppliers of process control and instrumentation for component/element or sub-system safety. End users are encouraged to seek suppliers with products certified to this standard by a reputable, accredited certification body.
IEC 61508 is enforced in some countries by governments with the force of law, but in most situations, the standard typically is cited as best practice (accepted engineering practices) and is often required by end-user customers as part of project contracts (such as OSHA or insurance companies). When accidents do happen, the standard can be, and has been, cited in civil cases as a commonly accepted standard of performance.
While IEC 61508 is the umbrella, there is a derived standard—IEC 61511: Process Industry Sector. This is essentially the equivalent to ISA 84.00.01-2004 and is used in the U.S. in the same manner. It targets end users, engineering contractors and integrators in process industries. IEC 61511 covers the entire SIS (Safety Instrumented System) lifecycle, including risk analysis, performance based design and operations and maintenance. It is broken up into three sections: requirements, guidelines and SIL selection, and it is a performance, not prescriptive-based standard. This means that it does not evaluate a system on what it is said to do, but rather on its performance.
Unlike Pressure Equipment Directive (PED), electrical standards or other standards that have a direct objective, functional safety identifies that every application could be different, so it has a different view for each situation. An example of this would be NFPA 85, which treats every boiler system the same. If the boiler is in a corn field miles away from any person or building or if the boiler system is in the basement of a children’s hospital in the city’s center, they have the same required risk reduction. Functional safety and IEC 61511 allows every situation to be evaluated with performance requirements established to match the situation.
Why is There a Need?
You might now be asking yourself: “Is this just another hoop to jump through or is there more to it?” What is the problem it is meant to solve?
The intent of IEC 61511 is to save lives, save money and help avoid fines. At www.CSB.gov, you will see records of accidents happening daily in which people are seriously hurt or killed. Some of these accidents make national news if only a few people are injured or killed; many of the accidents make international news if the injury report is greater. When it comes to accidents, no news is good news, so if a company decides there is a need for risk reduction, any ordinary product or part is insufficient. They will have to use parts determined to be safer than the normal. Lives could be at stake, and a safety instrumented system is more likely to protect them.
What is a SIS?
IEC 61511 defines a Safety Instrumented System (SIS) as an “instrumented system used to implement one or more safety instrumented functions. A SIS is composed of any combination of sensor(s), logic solver(s), and final element(s).” (IEC 61511 Part 1: 3.2.72)
Practitioners often prefer a more functional definition of SIS such as (shown in yellow):
An SIS is defined as a system composed of sensors, logic solvers and final elements designed for the purpose of:
- Automatically taking an industrial process to a safe state when specified conditions are violated
- Permitting a process to move forward in a safe manner when specified conditions allow (permissive functions);
- Taking action to mitigate the consequences of an industrial hazard.
Certifications and SILs
A Safety Integrity Level (SIL) is an order of magnitude set of “discrete levels (one out of four) for specifying the safety integrity requirements of the safety instrumented functions to be allocated to the safety instrumented systems. SIL 4 has the highest safety integrity and SIL 1 the lowest.” (IEC 61511 Part 1: 3.2.74). An SIL is established at a systems level by risk analysis and documentation in a safety requirement specification. Most products used in safety instrumented function design are certified to a specified SIL.
The end result of the certification process includes a certificate listing the SIL level for which a product is qualified and the standards that were used for the certification. A good certification assessment will demonstrate high design quality for hardware and software, and high manufacturing quality.
Using the SIL process, suppliers can advertise their safety integrity level and attract new business while showing their customers and the industry they are serious about safety. End users can mandate SIL products to ensure they are receiving safer products. With educated suppliers and end users working together to maintain functional safety, manufacturing, industrial and petrochemical workplaces are safer places.