FI-DV 07 Funktionale Sicherheit (Safety) (EN)

FI-DV 07 Functional Safety (Safety)

Functional safety is a critical aspect in the development and operation of industrial plants and automation systems. In this module, you will learn the basics of safety integrity levels according to IEC 61508, distinguish between Safety and Security, and understand concepts like Failsafe Design and Watchdog Mechanisms. You will be enabled to analyze safety requirements and implement them in practical system solutions.

Functional safety ensures that control systems safely transition to a defined state in case of failure. This is particularly essential in safety-critical applications such as the process industry or in the railway sector to avoid personal, environmental, and material damage.

Concepts and Background

IEC 61508

The fundamental standard for functional safety of electrical/electronic/programmable electronic safety-related systems. It defines lifecycle requirements, risk methods, and safety integrity levels (SIL).

SIL Levels (Safety Integrity Level)

Four levels (SIL 1-4) for classifying the required safety integrity. SIL 4 represents the highest safety requirement with the lowest probability of dangerous failures (10^-9 to 10^-7 per year).

Safety vs. Security

Safety refers to the prevention of uncontrolled hazards through system failures. Security protects against deliberate attacks. While Safety aims for system reliability, Security focuses on confidentiality, integrity, and availability.

Failsafe Concepts

Design principles that ensure a safe state is automatically assumed when a system component fails. These include redundancy, fail-silent behavior, and defined fallback states.

Watchdogs

Monitoring devices that check the correct function of a system. A watchdog detects system hangs or blockages and initiates defined emergency measures such as restarts or state changes.

Architecture Diagram

flowchart TD
    A[Sensor] --> B[Safety-PLC]
    B --> C[Aktuator]
    B --> D[Watchdog]
    D -->|Prüfung| B
    D -->|Alarm| E[Notaus-System]
    F[Bedienerpanel] -->|Sicherheitsbefehl| B
    B -->|Sicherheitszustand| G[Statusmonitor]

Practical Steps

1. Define safety requirements according to IEC 61508 and determine the SIL level. This forms the basis for all further safety measures.
2. Select and install a Safety-PLC according to the SIL requirements. Pay attention to the certification of the device for the required SIL level.
3. Implement Watchdog Timers in the PLC programming that check system integrity and trigger a defined emergency state in case of failure.
4. Wire redundant sensors and actuators according to the fail-safe principle to detect and compensate for single-point failures.
5. Implement safety functions in a separate, cyclically monitored program section that operates independently of the main logic.
6. Create and document a regular testing procedure for safety functions to ensure their effectiveness.
7. Have the entire safety architecture validated by an independent testing authority to demonstrate compliance with IEC 61508.

Common Pitfalls

Further Resources

• IEC 61508 Series - Functional Safety of E/E/PE safety-related systems
• TÜV Guide - IEC 61508 Implementation in Practice
• Safety Users Group - Practical Applications and Case Studies
• Plant Engineering - Understanding Safety Integrity Levels (SIL)
• IEC 61513 - Nuclear power plants - Instrumentation and control systems for safety - Requirements for systems

Knowledge Check

Four questions for self-assessment. Click on each question to see the correct answer and explanation.

What is the main difference between Safety and Security in the context of industrial plants?

• A) Safety refers to physical security, while Security focuses on digital security.
• B) Safety aims to prevent uncontrolled hazards through system failures, while Security protects against deliberate attacks.
• C) Safety is only relevant for electrical systems, while Security also includes mechanical components.
• D) Safety refers to system availability, while Security ensures data confidentiality.

Correct Answer: B. Safety focuses on preventing hazards from unintended system failures, while Security aims to protect against deliberate attacks. Option A is incorrect because Safety also includes digital aspects. Option C is incorrect as both safety concepts apply to various system types. Option D describes only partial aspects of both concepts.

What characterizes a system with SIL 4 classification according to IEC 61508?

• A) It requires annual safety audits and has a failure probability of 10^-2 to 10^-3 per year.
• B) It is intended for applications with low risk and has a failure probability of 10^-1 to 10^-2 per year.
• C) It represents the highest safety requirement with a probability of dangerous failures of 10^-9 to 10^-7 per year.
• D) It requires only basic safety measures and has a failure probability of 10^-4 to 10^-3 per year.

Correct Answer: C. SIL 4 is the highest safety integrity level with a very low probability of dangerous failures (10^-9 to 10^-7 per year). Option A describes SIL 2, Option B describes SIL 1, and Option D describes SIL 3.