FAQs Temp

Functional safety is part of the overall safety that depends on a control system or equipment operating correctly in response to its inputs. Functional safety is achieved when every specified safety function is carried out and the level of performance required of each safety function is met.

Functional safety relies on active systems. The system is continuously monitoring the equipment and takes an executive action to prevent a hazardous event from occurring. An example of such is the temperature monitoring of a chemical reactor which takes appropriate action to stop the feed upon the detection of a runaway reaction, or addition of cooling whichever is defined as the appropriate action.

Passive systems such as fire protection doors, bunds / dykes and protective insulation are not part of the scope of functional safety.

In order to establish if there are any functional safety requirements on your process or system then a hazard analysis should be conducted. This will identify whether functional safety systems are required to ensure that adequate protection is provided for each hazardous event which is present. The outcome of the work will establish the requirements for the functional safety systems.

IEC 61508 applies to ’safety-related control systems’ when one or more of such systems incorporate electrical and/or electronic and/or programmable electronic (E/E/PE) devices. It covers possible hazards due to failure of the E/E/PE safety-related systems to correct perform the safety functions, rather than safety hazards which the equipment could present such as electric shock, stored energy etc.

The Health & Safety Executive (HSE) are one of the bodies which make up the competent authority within the United Kingdom (UK) with responsibility to regulate and enforce health and safety within the workplace.

The HSE will use IEC 61508 as a reference standard for determining whether a reasonably practicable level of safety has been achieved when E/E/PE systems are used to carry out safety functions.

The extent to which HSE will use IEC 61508 will depend on individual circumstances; whether any sector standards based on IEC61508 have been developed and whether there are existing specific industry standards or guidelines.

A Safety Integrity Level (SIL) is a discrete level (one out of a possible four), each corresponding to a range of target likelihood of probability of failure on demand, for specifying the safety integrity requirements of the safety functions to be allocated to the E/E/PE safety-related systems, where SIL 4 has the highest level of safety integrity and SIL 1 has the lowest.

It is important to note that SIL is a characteristic of the full safety function rather than a logic system or individual component.

A Safety Instrumented Function (SIF) is an E/E/PE safety function with a specified SIL which is necessary to achieve functional safety. The objective of a SIF is that, when functioning in the correct manner, it will place the process or system under control into a safe state in the event of a potentially hazardous deviation occurring.

A SIF must be defined in two parts. (1) Required functionality in order to achieve the safe state (the actions the SIF takes to ensure the specified hazardous event does not take place) and (2) The required performance requirements quoted as integrity level (the likelihood of the safety function operating correctly – SIL).

A SIF can only be claimed as being effective by demonstration that its functionality and its integrity are both achieved.

IEC 61508 is applicable to all E/E/PE safety-related systems irrespective of the industry sector or application, including the following systems:

• emergency shut-down systems,
• fire and gas systems,
• turbine control,
• gas burner management,
• crane automatic safe-load indicators,
• guard interlocking and emergency stopping systems for machinery,
• medical devices,
• dynamic positioning (control of a ship’s movement when in proximity to an offshore installation),
• railway signalling systems (including moving block train signalling),
• variable speed motor drives used to restrict speed as a means of protection,
• remote monitoring, operation or programming of a network-enabled process plant,
• an information-based decision support tool where erroneous results affect safety.

Implementation of SIFs may include electro-mechanical relays (i.e. electrical), non-programmable solid-state electronics (i.e. electronic) and programmable electronics. IEC 61508 applies to the entire safety function including sensors, control logic systems and final actuators, considered as a whole.

SIL is a characteristic of the safety function, it is not applicable to individual subsystems, elements or components. IEC 61508 covers all the individual components of the E/E/PE safety-related system, and these subsystems, elements and components are combined to implement the safety function which has an applicable SIL target.

Supplied subsystems and components which are quoted as suitable for a given SIL target will have to be assessed within the design and associated information to determine if the subsystems and components are in fact suitable.

Suppliers of products intended for use in E/E/PE safety-related systems should provide sufficient information to allow the entire E/E/PE safety-related system to be assessed for its integration and ensure it complies with IEC 61508 for the whole function.

Section 3.1 of IEC61508-4 defines safety as “freedom from unacceptable risk of physical injury or damage to the health of people, either directly or indirectly as a result of damage to property to the environment”. In cases where a failure will involve serious economic or environment implications, IEC 61508 can be used to specify any E/E/PE system used for protection.

Hazard and risk analysis will determine particular safety functions and the required levels of performance for the function. The safety parameters defining the consequences for the hazard and risk analysis can be replaced with environmental or financial parameters to determine the risk of environmental or financial hazards.

A Functional Safety Assessment (FSA) is performed to investigate the adequacy of the functional safety achieved by the E/E/PE safety-related system(s) or compliant items (such as components/subsystems) based on compliance with the relevant clauses of IEC 61508.

The standard defines multiple stages at which an FSA should be considered. An FSA must be conducted prior to the introduction of hazards. The project should be reviewed as to when this could be. There may be multiple periods of time in which hazards are present (they may also be different too), in which case numerous FSA’s would be required.

Those carrying out a FSA shall be competent in the conducting of FSA, have adequate independence and shall consider the activities carried out, the outputs obtained during each phase of the lifecycles and judge the extent to which the objectives and requirements of IEC 61508 have been met.

A Hazard and Operability study (HAZOP study) is a structured brainstorming session, set up to identify and evaluate the potential undesirable events that may create hazards or operability problems (i.e. risk to personnel and potential damage to assets, the environment and the reputation) of the plant / site.

The output from the study can be utilised in different further risk analysis processes.

A SIL Determination study is a form of risk assessment, required to determine whether there are any SIL requirements for SIFs. This involves determining the necessary risk reduction required to meet the tolerable risk for specific hazardous scenarios. This typically involves:

• Determining the potential frequency and consequence of an undesired event which causes a specific hazard;
• Determining the risk reduction provided by other protection measures and the resulting risk gap;

Assignment of SIL requirements for SIFs based on any resulting risk gaps in accordance with IEC 61508 (or sector specific standard e.g. IEC 61511).

SIL Verification (Safety Integrity Level Verification) is the common term utilised to express the activity of confirming whether the required risk reduction determined within the SIL Determination study has been achieved.  Typically, the work involves evaluating the proposed equipment from a Random Hardware Reliability and Architectural assessment perspective.

A Quantitative Risk Assessment (QRA) is a formal and systematic risk analysis approach to quantifying the risks associated with the operation of a process or system. A QRA is an essential tool to support the understanding of exposure of risk to employees, the environment, company assets and its reputation. A QRA also helps to make cost effective decisions and manages the risks for the entire asset lifecycle.

IEC 61511 is the sector specific standard for electrical and/or electronic and/or programmable electronic (E/E/PE) systems within the process sector. The series of documents have been developed following the basic safety publication IEC 61508 for application within the process sector.

The standard covers the following aspects of functional safety within the process sector (excluding nuclear):

• Framework for requirements (hardware, software and integration as a system)
• Management requirements
• Competence and assurance requirements.

The standard utilises different terminology which is more aligned to the industries which it serves. A safety related system becomes a Safety Instrumented System for instance.

IEC 62061 is the sector specific standard for electrical and/or electronic and/or programmable electronic (E/E/PE) systems within machinery safety. The series of documents have been developed following the basic safety publication IEC 61508 for application within machinery safety.

The standard covers the following aspects of functional safety within machinery safety:

• Functional Requirements specification
• Safety Integrity Requirements

As machinery can be used with often access to hazardous zones and potential harm to people the standard provides specific guidance on the handling of these ‘High Demand / Continuous Demand’ safety systems.

The standard utilises different terminology which is more aligned to the industries which it serves. A safety related system becomes a Safety Related Control System for instance.

The application of IEC 62061 supports the technical file within the EU with regards to the successful application of the CE mark to the equipment, which it protects, and the Provision of Work Equipment Regulations (PUWER) 1998 assessments within the United Kingdom

ISO 13849 is a machinery safety standard and provides safety requirements and guidance of the principles for the design and integration of safety-related parts into control systems, including software. The standard deals with control systems irrespective of the implementation techniques / technology: electronic, pneumatic, hydraulic, mechanical.

The standard utilises the Protection Level Rating (PLr) concept from PLa to PLe where PLe has the highest safety impact in the event of no protection being in place and PLa being the lowest impact.

As machinery can be used with often access to hazardous zones and potential harm to people the standard provides specific guidance on the handling of these ‘High Demand / Continuous Demand’ safety systems.

The application of ISO 13849 supports the technical file within the EU with regards to the successful application of the CE mark to the equipment, which it protects, and the Provision of Work Equipment Regulations (PUWER) 1998 assessments within the United Kingdom.