Functional safety, definition

The detailed functional safety requirements specification should include all necessary functions during all modes of operation of the process being protected. Additionally, the periodic testing of all the safety instrumented functions should be provided. This typically requires the definition of maintenance override capabilities so the sensors and final elements can be tested without shutting down the process. The same methodology described in the paragraph above can be used to document these requirements. 

Many never consider a person to be part of a safety instrumented function. When reviewing the definitions used in functional safety standards, there is little indication that this was ever intended. A process operator takes action when normal process operating conditions are violated. The operator normally responds to these violations from alarms. The operator action is, therefore, normally considered as being part of the alarm layer of protection, not the SIS. 

The concept of the "well designed system" was also presented in Chapter 3. A simplistic definition of such a system would be one where aU the techniques and measures presented in our functional safety standards to prevent systematic failures are followed. These techniques and measures are planned to significantly reduce the chance of a systematic fault to a tolerable level. Therefore, systematic failure rates caused by human error including failures due to installation errors, failures due to calibration errors and failures due to choosing equipment not suited for purpose are not included in the calculation. 

Functional safety—safety instrumented systems for the process industry sector—Part 1 Framework, definitions, system, hardware and software requirements (lEC 61511-1 2003 + Corrigendum 2004) German version EN 61511-1 2004... 

This paper discusses a number of examples from the transport industry where systematic failures have featured. It is not intended to be a definitive discussion on functional safety. However certain key concepts need to be outlined. 

To determine the risk reduction by E/E/PE safety-related systems means that some part of the safety function (per definition, a safety function is built up by a combination of sensor, logic and final element) includes Electrical/Electronic or Programmable electronic components. 

Functional Safety Safety Instrumented Systems for the Process Industry Sector - Part 1 Framework, Definitions, System, Hardware and Software Requirements... 

The derivation of safety goals in the EEA tool PREEvision is presented in [16]. The functional safety concept phase will be performed by the role of the safety expert at the original equipment manufacturer (OEM). However, the role of the safety expert at the OEM may consult the EE architect during item definition, the preliminary architectural assumption or the allocation of FSRs to elements of this architectural assumption. 

Management of functional safety requirements Less definitive... 

Definition of hazard, risk discussions on likelihood, consequence risk — register, matrix, ranking. Consequence ranking, preliminary hazard analysis tolerance point—ALARP refreshing on mathematics, fault tolerance, plant ageing, and basic functional safety fail safe operations in plants. 

According to ISA, the ability of SIS or other means of risk reduction to carry out the actions necessary to achieve or to maintain a safe state for the process and its associated equipment." Also, functional safety in SIS highly depends on proper functioning of sensors, logic solver, and FCE so that reduced risk level could be achieved. In that sense, it also means proper functioning of these components also (see Clause 8.1 also, for definition as per various standards). 

IFC 61508 Originally functional safety was defined as part of the overall safety relating to the equipment under control (FUC, see Clause 8.1.2), and the EUC control system which depends on the correct functioning of the E/E/PE safely-related systems, other technology safety-related systems and external risk reduction facilities. Later came the generalized definition of functional safety, which is part of the overall safety that depends on a system or equipment operating correctly in response to its inputs. Functional safety is achieved when every specified safety... 

Safety function requirements, definition of the safe state and how it is achieved System documents (e.g., P EDS, cause and effect matrices, logic diagrams, process data sheets, equipment layouts)... 

The first task of people transportation equipment is to move people. The second task and equally important is to do this safely. The first and the second task cannot exist separately. Safety is one of the most important property of any device that used by a human. There are many safety standards that regulate norms of construction, exploitation and functional safety of equipment in different engineering fields. These standards have requirements, recommendations, methods and tools for reliability analysis. Although safety and reliability are different properties and a system can be reliable but unsafe and vice versa (Leveson 2011), surely, safety and reliability are closely related. For moving walks it is assumed in this study that unreliable subsystems cannot be safe. That is why the system has to be reliable and to meet requirements of related standards and norms. Reliability is defined as ability of a functional unit to perform a required function under given conditions for a given time interval . The term used in lEV 191-02-06 is reliability performance and the definition is the same with ditional notes (ISO/IEC 2382-14 1997). Prediction of the reliability value not only for a specified time period, but dso for all the exploitation period of a system is called reliability prognosis. 

The base standard of Functional Safety (lEC 61508) defines the PFH-value as the average frequency of a dangerous failure per hour as a comparable value in part four (lEC 61508-4). Under remark two to this definition the lEC 61508 states that the PFH is the mean value of the failure density function. This definition also fits to the definition of the EN ISO 13849-1, because the density function is a probability value. Consequently, the failure density is also useable to perform a proven in use approach. 

Management of functional safety Incorporation of our SLCM into the FSMplan, i.e. SLCM is part of the FSM plan. Our SLCM also supports definition of inputs and outputs, selection of failure avoidance measures, and selection of the documentation approaches... 

In this paper, we propose a structured method based on UML environment models supported by a tool. We assume that an item definition, hazard analysis, risk assessment and safety goals according to ISO 26262 are given (see e.g. [2]). In this paper, we focus on the next step the creation of a functional safety concept (FSC) in which we show how the functional safety requirements are systematically derived. In the FSC, additionally, requirements may be decomposed in order to lower the ASIL. Furthermore, the functional safety requirements are allocated to elements of a preliminary architecture. These aspects are appropriately described in the ISO 26262 and need no further explanation and improvement and are, therefore, not part of this paper. The contribution of our paper can be summarized as follows ... 

The term is not used in ISO 26262, but does not mean any contradiction Those ideas and terms are illustrated in ISO 26262 in a different or similar context. For example coexistence of software of different criticality (different ASIL) doesn t see a risk if functions are similar but if these functions can influence each other negatively. Furthermore, it is important to mention that ISO 26262 uses and defines the terms validate, verify, analyze, audit, assessment and review in context of functional safety for road vehicles differentiy. These examples also show that requirements, terms or definitions within ISO 26262, depending from which activity or context they are used, can lead to different interpretations or meanings. 

The addressed interpretations above also show all aspects, which play a role for functional safety. However, through the multifaceted nature of the term it is difficult to find a definition of the general term validation . Therefore, this term has a rather restricted meaning in ISO 26262. All other validation aspects are paraphrased with verification or analysis. 

Why the definition of the item, the functional safety concept, the component integration and their tests, the safety validation and the qualifications of hardware and software components do not undergo a confirmation review is unclear. However, some of these work results need to be verified. 

This case study is based on a typical electric vehicle architecture (technology-specific details have been abstracted for reasons of commercial sensitivity), in which a basic Item Definition and hazardous event are considered. The purpose of the case study is to examine the product-based safety rationale arguments, discussed in Section 2, for the corresponding Safety Goal and Functional Safety Concept. 

Title Functional safety instrumented systems for the process industry sector Description This standard is an adaptation of lEC 61508 for the process industry and provides details on a general framework, definitions and system software and hardware requirements. 

Equipment used to detect and extinguish fires can be classified as active safety systems and thus may fall within the scope of functional safety. If we look again at the definition of functional safety we can see that failure to operate a fire and gas detection system would definitely pose a danger to people and equipment. It begins to look as if the requirements laid down in lEC 61508 are applicable to fire and gas detection systems. 

---