The primary objective of Functional Safety is to protect both people and the environment. As a rule, they are to be protected from hazardous malfunctions, e.g., resulting from automation systems in machines.
Functional Safety is also essential in order to comply with the regulations of the Machinery Directive. Further, Functional Safety can absolve liability under the German Product Liability Act ("Produkthaftungsgesetz") in the event of damage.
Functional Safety Management (FSM)
All activities related to Functional Safety are encompassed by the term Functional Safety Management (FSM). FSM ensures the responsibilities of individuals in the safety process are well-defined and that all planned safety measures are executed accurately and comprehensively.
The activities include, for example:
The aim of Functional Safety is to reduce the risk of harm to individuals and/or property to a socially acceptable level.
The first step involves identifying the specific risks associated with the machine in question. This is the only way to minimize the identified risks through appropriate measures. Every product that may pose a potential hazard must be taken into account. In the following, they are summarized under the term "machine".
Consequently, the first step involves preparing a risk assessment/analysis. The objective of this analysis is to identify all potential risks prior to placing the machine on the market. This risk assessment is mandatory as specified under various laws and directives, such as the German Product Safety Act ("Produktsicherheitsgesetz") or the Machinery Directive.
If a machine is subject to a safety standard like EN ISO 13849 or ISO 25119, the recommended risk graphs outlined therein can be applied. Alternatively, DIN EN ISO 12100 or a combination of various standards can be used.
All potential hazards must be taken into account, e.g.:
Measures to minimize risks
If the risk assessment reveals a high probability of a hazardous event, significant consequences and no means for affected parties to evade the risk, appropriate measures for risk reduction must be defined and implemented. Subsequently, a new assessment and additional measures are formulated, if deemed necessary. This is an iterative process that must be repeated until the level of risk is acceptably low or effectively controlled through the measures implemented.
The first step towards risk reduction is to implement design-engineering measures; e.g.:
The second step towards risk reduction is to utilize safety equipment. If an operator requires access to a hazardous area, e.g. to perform maintenance or adjustment activities, it must be possible without compromising the protective properties. A viable solution in this situation could be a safety door equipped with a door protection switch. This solution would then have to be implemented in line with the safety level corresponding to the risk graph of the associated standard.
The aim should be to employ as many design-engineering measures as possible to ensure risk reduction. Only after minimizing residual safety functions to the fullest extent possible, should you consider augmenting them with electrical/electronic and programmable safety equipment.
The reliability of safety functions is evaluated based on the safety or performance level of electrical/electronic and programmable safety equipment.
Depending on the applicable standards, there are two systems: Technical safety based on the performance level (PL) or the safety integrity level (SIL). The SIL-based standards are, e.g., IEC 61508 (SIL) and DIN EN 62061 (SIL CL). The PL-based standards are, e.g., EN ISO 13849 (PL) or ISO 25119 (AgPL).
The level necessary is determined by referencing the risk graphs of the applicable standard.
This is an example of the ISO 13849 risk graph and its parameters:
The combination of these three parameters results in the required safety level.
If you now consider a safety function, e.g. a safety door, designed to protect against a hazard with the following specifications:
This would result in the following parameters: S2, F1, P2.
With these parameters, the required PLr = d. The entire safety function, i.e. the door contact switch, safety relay, drive, etc., would have to achieve at least Performance Level d.
Initially, check whether your machine is subject to a directive, e.g. the Machinery Directive.
The Machinery Directive demands that fundamental health and safety requirements specified in Annex I are met. It is necessary to demonstrate compliance with these requirements. Create a checklist containing all the requirements and identify which points apply to your machine and which do not. These checklists are also available free of charge online.
If the directive includes harmonized standards with safety specifications appropriate for your machine, compliance with these harmonized standards and a corresponding declaration of conformity may serve as evidence of conformity with the essential health and safety requirements for the relevant parts or the entirety of the machine.
Note that by issuing a declaration of conformity you are declaring full compliance with all the requirements of the relevant standard. If the signatory is aware of non-compliance with certain safety requirements, whether knowingly or negligently, it represents a liability risk.
If no harmonized standards are available for the relevant parts of your machine, you must devise alternative solutions to ensure the requirements are satisfied.
In the absence of a directive, the German Product Safety Act ("Produktsicherheitsgesetz") mandates that a product can only be placed on the market if it does not pose a health and safety risk to individuals when utilized in a foreseeable or intended manner. You are then basically in the same situation as specified by the Machinery Directive.