Functional Safety Engineering
Technical systems (e.g. machines) whose malfunction can cause material damage, natural disaster, personal injury, or death are referred to as safety-related or safety-critical systems. Many systems applied in the automotive, industrial, aerospace, medical, nuclear, railway, or even in the consumer sectors can be classified as safety-related or safety-critical. Some of them whose proper operation is indispensable for accomplishing a particular mission (e.g. flight control systems, defense systems, etc.) are called mission-critical systems.
The design, verification, validation, commission, operation, maintenance, and decommission of safety-related, safety-critical, and mission-critical systems are supported by international standards. Some of the most important safety standards are shown in the following figure.
Manufacturers and operators of these systems are obliged – in many cases by law – to meet uniform safety requirements from different safety standards to protect people, equipment, and the operating environment from injury or damages. For instance, in the European Union the European Machinery Directive (2006/42/EG), together with harmonized standards (e.g. ISO 13849, IEC 62061), sets the framework for functional safety of machines. The implementation of this directive at the national level takes place through national laws and regulations.
Although compliance with safety standards is not always required by law (e.g. like in the case of ISO 26262), it is mandatory to understand that a safety standard represents the state of the art safety guideline for a particular industry sector and consequently the processes and quality assurance measures defined in such a standard must be part of the quality management system of a company working in this sector. Please note that ignoring safety standards might have serious legal consequences if in case of an accident it turns out – e.g. in court – that the quality management system including the product development process was not in compliance with the existing safety standards.
What is the difference between safety and functional safety?
Safety is a property of the overall system and consequently, it must always be assessed at the system level. Functional safety, however, can be treated as a part of the whole system safety concept. The term functional safety means by definition the freedom from unacceptable risk of injuries or damages by the proper implementation of one or more automatic protection functions which are often referred to as safety functions.
The goal of functional safety is to ensure that the automatic safety function will be performed correctly when requested, or that the system will fail (e.g. in case of a failure) in a predictable or controlled manner into its safe state.
Functional safety focuses also on the components of the safety system that can, for instance, be a sensor, actuator, controller, and similar devices. These components can be divided further into hardware and very frequently software parts. In general, Functional Safety Engineering (FSE) focuses on the hardware and software components of safety systems that are responsible for the execution of the safety functions.
What can go wrong?
Safety standards distinguish between random and systematic errors, and some standards (e.g. IEC 61511) considers also human error as a possible cause of failure. Random errors are related to hardware components, while systematic errors are design errors and are related to both hardware and software components. By following a suitable development process and applying appropriate failure mitigation measures, the number of systematic errors can be minimized. On the other hand, random errors cannot be avoided, however, with proper hardware design techniques, their impact can be mitigated.
How to achieve functional safety?
Achieving functional safety is not always a straightforward process. First of all, organizations developing safety components or manufacturing safety systems have to identify and follow the relevant safety standards.
Assuming that a company is intended to develop a safety component for machines that should be placed on the European market. In this situation, the design team has to deal with basic safety standards (e.g. IEC 61508, ISO 12100, e.g.), generic safety standards (e.g. IEC 62061, ISO 13849, etc.), and eventually with product specific safety standards (e.g. IEC 61800-5-2, etc.). These standards are often called Type-A, Type-B, as well as Type-C standards.
At first glance, this does not seem to be complicated, but things might become overwhelming very quickly as somebody starts to dive into the details of safety standards. To get to the point without wasting too much time, here is a list of the most important tasks your organization has to deal with if you want to develop safe products:
- Establish a safety culture at your organization
- Hire experienced and qualified safety people (It won’t be easy or cheap.)
- Train your colleagues (engineers, managers, and sales personal) in the field of functional safety (It is going to take a lot of time.)
- Assign roles and responsibilities (Functional Safety Manager, Safety Plan)
- Elaboration of a suitable product development process in compliance with the relevant safety standards
- Chose a product development methodology (Waterfall, V, Agile, etc.)
- Specify the phases of the development process (g. Specification, Design, Implementation, Test) including input and output documents as well as products (e.g. safety requirement specification, review report, schematic documents, design specification, simulation data, program code, test specification, test report, layout data, manufacturing data, etc.)
- Specify the activities and the related quality assurance measures (planning for verification and validation)
- Product development in compliance with the relevant safety standards
- Specify the product including safety targets
- Design of hardware, software, and mechanical components
- Apply proper design techniques
- Get everything documented
- Get everything verified and tested
- Project management
- To ensure that the development is running according to the plans
- Requirements management
- To ensure that the product meets all of the requirements
- Change management
- To ensure that modifications find their way into your product in a controlled manner
- Configuration management
- To keep the stuff that belongs together always up to date
- To keep track of everything even on the component level
- Certification by an independent (and accredited) organization
- Not always mandatory, however, it is highly recommended
- Establish a safety culture at your organization
Many points of the above list might be familiar to you if your organization has already experience in non-safety product development. In most cases, existing processes and workflows can be adapted to safety-related product development.
Please feel free to contact us if you require professional guidance in safety standards.