Putting functional safety into context

02 September 2010

Over the past fourteen months, Dave Collier has written several articles for DPA in order to familiarise readers with the requirements of the new Safety Directive. Here, in his final article, he re-visits the subject of functional safety, but warns that there are other factors that need to be considered in control system design

In my last article (DPA April 2010 page 19 - see digital issue archive) we talked about the management of functional safety and the requirement to draw up a functional safety plan. Although functional safety is important, it is only relevant when other factors have been addressed so that the functional safety calculation is put into context. This means looking at aspects such as the basic design of the machine and its electrical equipment, as well as it’s pneumatic and hydraulic equipment.

Furthermore, the functional safety standards are only useful in the context of more fundamental standards such as BS EN ISO 14121-1 (Safety of machinery – Principles for risk assessment), BS EN 12100-1 (Safety of machinery – basic concepts, general principles), and EN 60204-1 (Safety of machinery – electrical equipment of machines).

Although BS EN ISO 13849-1 and BS EN 62061 are the preferred functional safety standards, they do not replace the need to have conducted a risk assessment and risk reduction plan prior to designing safety related control systems. Also they do not replace good engineering practice. Performance Levels (PLs) and Safety Integrity Levels (SIL) are, at the end of the day, figures of merit – not precise science, and should be used for guidance only.

Risk assessment and reduction should be carried out in accordance with BS EN ISO 14121-1 and BS EN 12100, with the main focus being on reducing the risk to as low as is reasonably practicable (ALARP). The hierarchy of risk reduction can be described in three stages.

The first stage is to completely eliminate the hazard if possible (inherently safe design), following BS EN ISO 12100 and perhaps also guidance document BS PD 5304:2005. For example, the use of a non-flammable solvent for cleaning tasks can remove the fire hazard associated with flammable solvents and redesigning moving mechanical parts to remove points where persons might be trapped or entangled.

The second stage is to safeguard against those hazards where inherently safe design is not practical. For example, implementing protective measures realised by safety related control systems. This might include guards with interlock switches, open access areas monitored by light curtains, and the use of safety relays, contactors, drives, pneumatic/hydraulic actuators, to create safety control functions.

The third stage is to use complementary protective measures such as guidance on usage, staff training, warning signs, personal protective equipment and emergency stops.

Users should be repeating this cycle of risk assessment followed by risk reduction to reduce the risks to a tolerable level and ensure no additional risks have been introduced.

The risk reduction process might demand the use of safety-related control systems designed using BS EN ISO 13849-1 and BS EN 62061, but the overall safety of a machine will also depend on the compliance with other standards such as BS EN 60204-1 for the complete electrical equipment. It may sound obvious but the PL or SIL will not matter if the machine is electrically unsafe.

Readers can access Schneider Electric’s Safe Machinery handbook by visiting the Schneider Electric website and following the links to Machine Safety Legislation from the homepage.

Dave Collier is product marketing manager at Schneider Electric