What is Functional Safety (IEC 61508)
In complex modern industrial facilities, great importance must be attached to safety aspects, whether they relate to people, the environment or the infrastructure itself. The risks associated with the operation of any system must be mitigated to achieve an acceptable level of safety. If this is not possible with the control system alone or other mitigating measures, you will enter the scope of application of the safety systems, indicated in the international reference standard IEC 61508 as SIS (Safety Instrumented System).
An example could be the temperature control system of a boiler, from the temperature probe to the boiler burner shutdown system. The SIS is associated with one or more safety functions, or SIF (Safety Instrumented Function), whose task is to maintain or achieve the safe state for the EUC (Equipment Under Control). The safety function can be evaluated through SIL (Safety Integrity Level), a discrete level that is a measure of the reliability of the function itself. The standard defines SIL as the measure of safety integrity, i.e., the probability that the safety system is capable of performing the specific safety function at the time it is needed. SIL levels range from 1 (lowest level) to 4 (highest level).
Returning to the example of the safety function mentioned above, each of the individual components of the safety system, from the temperature to the logic solver to the implementation system, will be characterized by a SIL level; the concept can in fact be applied not only to complete systems, but also to the individual components. In this case we speak of the SIL capability of the component; for example, saying that a temperature probe is SIL 3 capable means that the component can be used in safety functions with a maximum SIL of 3. The overall SIL of the SF will then be given by the minimum SIL of the individual elements.
The assessment of the achievable SIL level involves all phases of a product’s life cycle, from the definition of safety requirements to design, production and use. IEC 61508 sets out functional safety requirements to be met for each phase of the life cycle, and only full compliance with the requirements allows a product to be defined as SIL capable, and consequently to assign a SIL level to the overall SIF.
IEC 61508 is the basic international technical-legislative reference for Functional Safety and is composed of 7 parts:
- IEC 61508-1 Generic requirements: defines the activities, documentation, management and validation related to each phase of the safety lifecycle;
- IEC 61508-2 Requirements for E/E/PE systems: specifies how to define the specification of the safety requirements and the activities to be carried out during the design and implementation of the product;
- IEC 61508-3 Software Requirements: Same as Part 2 but applied to software;
- IEC 61508-4 Definitions and abbreviations: provides definitions and abbreviations of terms used in the standard;
- IEC 61508-5 Examples of methods for the determination of SIL: provides methods for the calculation of SIL levels for E/E/PE safety systems;
- IEC 61508-6 Guidelines for the application of Parts 2 and 3: provides mainly a guideline for quantitative analysis;
- IEC 61508-7 Overview of techniques and measurements: provides descriptions of techniques used in safety engineering and software.
One of the SIL requirements that a safety system must meet concerns PFDavg or PFH, i.e. the probability of hazardous random failures, whether on demand or on an hourly basis. Based on the values obtained, the standard contains two tables for the determination of the corresponding SIL level.
|Safety Integrity Level (SIL)||Average probability of a dangerous failure on demand of the safety function (PFDavg)|
|4||≥ 10⁻⁵ to < 10⁻⁴|
|3||≥ 10⁻⁴ to < 10⁻³|
|2||≥ 10⁻³ to < 10⁻²|
|1||≥ 10⁻² to < 10⁻¹|
|Safety Integrity Level (SIL)||Average frequence of a dangerous failure of the safety function [h-1] (PFH)|
|4||≥ 10⁻⁹ to < 10⁻⁸|
|3||≥ 10⁻⁸ to < 10⁻⁷|
|2||≥ 10⁻⁷ to < 10⁻⁶|
|1||≥ 10⁻⁶ to < 10⁻⁵|