I am interested in SIL and Functional Safety
Contact me about Functional Safety
Introduction to Functional Safety
Functional safety is a property of an active safety function, carried out by a safety system. An active safety function detects some kind of undesired situation and then takes action. Some functions that detect undesired situations do not need to be functionally safe – some will, some won’t.
Typical functions that need to be functionally safe:
- Height Detection System that detect whether the vehicles driving over a road are too high to enter a tunnel.
- The airbag in a car which needs to activate when the car detects a collision.
- An overfill prevention system of an oil tank, where a level measurement is used to decide whether the inlet flow needs to be stopped, or not.
- The emergency stop of a machine.
SIL measures functional safety
SIL, or Safety Integrity Level, is how functional safety is measured. Today, most standards define four SIL levels, i.e., SIL 1, 2, 3 or 4. SIL means different things to different parties.
If you are a user of safety functions you want to know which safety functions you need, how much SIL they should have and how you maintain SIL over the life of the safety system. If you are a designer of safety functions or safety devices you should know how to design a safety function or device that is SIL X compliant.
Many industries have their on SIL requirements. Typical industries that apply SIL today are: Aerospace, Automation, Automotive, Chemical, Infrastructure, Machinery, Nuclear, Offshore, Oil & Gas, Petrochemical, Power, Railway, Subsea, etc.
When is functional safety achieved
Several definitions of functional safety exist, mainly written in standards. These definitions are usually not very practical. The following definition is a practical one. This shows what needs to be done in practice to achieve functional safety with a safety function.
Define Functional Safety
A safety function is one hundred percent functionally safe if all its random, common cause and systematic failures are one hundred percent under control and therefore cannot lead to malfunction of the safety function.
Unfortunately 100% functional safety does not exist. But there are standards that explain and give us the requirements how to achieve SIL 1, 2, 3 or 4 functional safety. We just need to follow the rules of these standards to achieve it.
Functional safety requirements
If you want to achieve functional safety for a safety system that carries out safety functions, then you normally need to address requirements related to:
- Functional safety management
- Reliability (PFDavg, PFH)
- Basic safety: electrical safety, environmental issues, etc
- User documentation
Parties involved in functional safety
Typically the following parties can be involved:
- End users – The parties that actually use the real safety system
- Engineering companies – Often the parties that identify the need for and design the safety system, for example EPCs
- System integrators – The parties that integrate the hardware and software of the safety system
- Product developers – The parties that deliver the individual devices that will make up the safety system (sensors, logic solvers, actuators, etc.)
- Third parties – Parties involved in the assessment, approval and certification of safety systems – for example governments, insurance companies and certifiers
Existing functional safety standards
Today, there are many standards dealing with functional safety:
History of functional safety
Functional safety is nothing new. It all started in the sixties when Germany and Italy were building an oil pipeline between their two countries. On this pipeline the Germans decided to use electrical and electronic devices to measure safety related parameters. In those days nobody knew if the electrical devices themselves where safe, so they decided to research how safe the electrical safety devices where themselves. The party hired to do the job was TUV. And that is how it all started with functional safety certification.
Functional Safety FAQ
Functional safety always starts with the end user. In practice it means that the end user, or their engineering partner, carries a hazard and risk analysis. The purpose of the hazard and risk analysis is to identify which safety functions are needed and which SIL level should be assigned to the safety function.
We wrote SIL and Functional Safety in a Nutshell for this purpose.
Yes, actually this is the only way to make a safety function SIL compliant. A safety function needs to consist of SIL compliant devices. Just remember, in the end the only thing that matters is that the complete safety function is SIL compliant.
Yes, actually we can certify products, systems, sites, organisations, and professionals. See the Risknowlogy Certification Program