Functional Safety - Amazon Web Services

Functional safetyEssential to overall safety

What is Functional safety?In public spaces, factories, offices or homes; we are surrounded by an increasing numberof electric and electronic devices and systems. Many of them could cause harm to humans,animals or the environment if they didn’t have built-in safety mechanisms that activateexactly when needed to reduce potential risks down to a tolerable level.Safe function of a device orsystem—Functional safety is part of the overallTolerable risk—The aim of Functional safety is to bring riskdown to a tolerable level and to reducesafety of a system or piece of equipmentand generally focuses on electronicsand related software. It looks at aspectsof safety that relate to the function ofa device or system and ensures that itworks correctly in response to commandsit receives. In a systemic approachFunctional safety identifies potentiallydangerous conditions, situations or eventsthat could result in an accident that couldharm somebody or destroy something. Itenables corrective or preventive actions toavoid or reduce the impact of an accident.its negative impact; however, there is nosuch thing as zero risk. Functional safetymeasures risk by how likely it is that agiven event will occur and how severe itwould be; in other words: how much harmit could cause.For example, when you enter a shop youwant the automatic doors to open fastenough and close safely behind you. If youwalk slower than the programmed time,built-in sensors will make certain thatthe door doesn’t close on you, avoidingthat you get hurt. The same is true, whenyou slip off your water-scooter or tip overwith your lawn-mower; built-in safetymechanisms will shut them off in time toavoid that you get run over and injured.2

Fact—Identify dangerous conditions to prevent accidents3

Functional safety iseverywhereThe concept applies to everyday life and every industry you can think of. It is fundamental for most safety-related systems. The oil and gasindustry, nuclear plants, the manufacturing sector, your car, medical devices, transportation all rely heavily on Functional safety to achievesafety in areas where the operation of equipment can give rise to hazards.Automotive—In your car, Functional safety ensures thatairbags instantly deploy during impactto protect you and your loved ones,but absolutely not when you are simplydriving. It controls the fuel injector toensure that your car doesn’t acceleratewhen you didn’t give the command;it makes certain that your ABS brakesactivate when needed. When your childhas her hands on the electric rear-windowyou are closing, Functional safetyprotocols ensure that this resistancestops the window from cutting her fingersoff. Functional safety ensures the correctoperation of all automotive electronicsand its control software.Transportation—When you board a train, the subway ora cable car, Functional safety ensuresthat the doors close before the vehicledeparts and that they don’t open while itis in movement. They also ensure that therailway signalling system helps avoid thatan oncoming train crosses your train’spath.Aviation is among the safest industries inthe world and it applies Functional safetyin many areas, including for examplethe automated flight control system. Thetwo-axis autopilot system controls thepitch and roll of the aircraft and controlsheading and altitude, all of which areprogrammed to respect certain Functionalsafety parameters, activating alarms andother measures when they are breached.4Medical—In healthcare the presence or absenceof Functional safety protocols can meanthe difference between life and deathof a patient. In addition to electric ormechanical aspects that impact safety,Functional safety ensures that a givenapparatus functions correctly in responseto inputs. For example, if an infusionpump malfunctions, Functional safetyprotocols will ensure that alarms areactivated to signal the malfunction andif relevant that the pump is deactivatedto protect the patient from harm throughover-dosing. A different set of safetyprotocols ensures that a patient whoundergoes cancer radiation therapy onlyreceives exactly the programmed dose ofgamma radiation, no more.

Manufacturing—Functional safety is the best way ofreducing inherent risks in hazardousindustrial processes both within a factoryor chemical plant and out in the field. Anautomatic valve closure mechanism willensure that dangerous chemicals aremixed in exactly the required quantities.A crane safe load indicator will avoid thatoverloading will collapse the crane and killworkers or innocent bystanders. Sensors orlaser barriers will automatically shut-downa robot, when a human or object entersits activity range, preventing injuries oravoiding potentially costly damage tomachinery. A pressure valve will open orclose precisely when it is electronicallygiven the instruction to do so. When suchsecurity-devices fail to operate as theyshould, for example during deep-sea oildrilling or during the filling of a chemicaltank, major disasters can ensue.Fact—Reduce inherent risksin hazardous industrial processes5

The challengeElectrical, electronic or programmableelectronic systems (E/E/PE) carry outa multitude of safety functions. Thechallenge is to design safety-systemsin such a way as to prevent dangerousfailures or to control them when theyPower generation—Wherever there is electricity, Functionalsafety isn’t far away. When gale-forcewinds hit, a wind turbine must be able toturn its blades out of the wind to avoiddamage or destruction of the wholeinstallation from overspinning.arise. These systems are usually complex,making it impossible in practice to fullydetermine every potential failure, buttesting is nevertheless essential to rule outas many as possible.When vibration levels in a gas turbineexceed a certain maximum, an automaticshut-down mechanism will preventits disintegration and avoid injuries tosurrounding workers.6

Fact—Protect wind turbine investment during storms7

A systems approachMany systems today are designed to automatically prevent dangerous failures or to controlthem when they arise.Such failures can arise for example from:random or systematic failures ofhardware or softwarehuman errorenvironmental circumstances suchas for example temperature, weather,electro-magnetic interference ormechanical phenomenaloss of electricity supply or otherdisturbancesincorrect specifications of the system;both hardware or software;omissions in the specifications ofsafety requirements (e.g. failureto put in place all relevant safetyfunctions in line with different modesof operation).So called electrical, electronic orprogrammable safety-related systems(E/E/PE) cover all the parts of a deviceor system that carry out automatedsafety functions. This includes everythingfrom sensors, through control logic andcommunication systems, to final actuators,including any critical actions of a humanoperator as well as environmentalconditions.8Many technologies—Many safety-related systems thatwould have used electro-mechanicaltechnology or solid-state electronicsnow use programmable electronicsinstead. Devices such as programmablecontrollers, programmable logic controllers(PLCs) and digital communication systems(e.g. bus systems) are part of this trend.Furthermore, enabling technologies, suchas application specific integrated circuits(ASICs), micro-processors, and intelligentsensors, transmitters and actuators, areincreasingly being integrated into productsand systems.

Fact—Protect man and machine9

IEC work inFunctional safetyThe IEC 61508 series are the International Standards for electrical, electronic and programmable electronic safety related systems.It supports the assessment of risks to minimize these failures in all E/E/PE safety-related systems, irrespective of where and how theyare used.IEC 61508 sets out the requirements for ensuring that systems are designed, implemented, operated and maintained to provide therequired safety integrity level (SIL). Four SILs are defined according to the risks involved in the system application, with SIL4 being usedto protect against the highest risks.Parts framework of IEC 61508—The International Standards consist ofseven parts:IEC 61508-1, General requirements;IEC 61508-2, Requirements forelectrical/electronic/programmableelectronic safety-related systems;IEC 61508-3, Software requirements;IEC 61508-4, Definitions andabbreviations;IEC 61508-5, Examples of methodsfor the determination of safetyintegrity levels;The International Standard is used bya wide range of manufacturers, systembuilders, designers and suppliers ofcomponents and subsystems and servesas the basis for conformity assessmentand certification services. Safety systemmanagers use it as a basis for carrying outassessments of safety lifecycle activities.The Standard is also used by many IEC TCs(Technical Committees) while preparingtheir own sector or product specificInternational Standards that have E/E/PEsafety-related systems within their scope.Those include for example InternationalStandards for the nuclear sector, formachinery and for power drive systems tomention just a few.Further information—You can find further information onIEC 61508 and Functional safety, includingdetails on how to obtain the InternationalStandard, in the Functional safety zone ofthe IEC web site:www.iec.ch/functionalsafetyIEC 61508-6, Guidelines on theapplication of IEC 61508-2 andIEC 61508-3;IEC 61508-7, Overview of techniquesand measures.Fact—Control the opening andclosing protocols of doors10

11

3 rue de VarembéPO Box 131CH-1211 Geneva 20SwitzerlandT 41 22 919 0211info@iec.chwww.iec.ch Registered trademark of the International Electrotechnical Commission. Copyright IEC, Geneva, Switzerland. 2015.IEC Functional mission

IEC 61508-3, Software requirements; IEC 61508-4, Definitions and abbreviations; IEC 61508-5, Examples of methods for the determination of safety integrity levels; IEC 61508-6, Guidelines on the application of IEC 61508-2 and IEC 61508-3; IEC 61508-7, Overview of techniques and measures. F