Functional Safety

Functional Safety

The safety of products, systems and installations can be split into two parts:

i) ‘Basic’ safety: electric shock, excessive temperatures, excessive radiation, fire, explosion, implosion, bruising, pinching, crushing, cutting, emissions of toxic fumes, etc.

ii) ‘Functional’ safety: when things being controlled don’t function correctly and this can cause increased risks to health.

Functional Safety has always existed in mechanical, pneumatic and hydraulic control systems, and also in electro-mechanical, electro-pneumatic, and electro-hydraulic control systems. But it only became a topic worthy of its own IEC and ISO standards when microprocessors started to be used to control things.

This is because there is no way of testing all possible ways that a microprocessor (or microcontroller or FPGA etc., etc) and/or its software can fail. There simply isn’t enough time available, for example, some modern ‘computerized’ control systems, e.g. for self-driving cars, would require longer than the age of the universe (about 15 billion years) to perform a single test on each of their possible digital states, even at 1 microsecond per test!

This is a problem because digital systems are inherently non-linear – which means that even if we could test 99% of their possible states ( which we can’t), the results we got would tell us nothing whatsoever about the 1% of states that had not been tested.

This was realized in the early 1970s, after which a large international effort on how to ensure that ‘programmable electronic systems’ could be proven to be safe enough resulted in IEC 61508 in 2000

the IEC’s Basic Safety Standard on the Functional Safety of programmable electronic systems.

IEC Basic Safety standards are created by experts and can be used on their own, but are mainly intended to guide standards teams creating generic or product-family standards.

Standards that have been developed from IEC 61508 include:

· IEC 61511, Safety Instrumented Systems for the Process Industry Sector (in USA: ANSI/ISA S84)

· IEC 62061, Safety of Machinery

· IEC 62278 / EN 50126, Railways – Specification and Demonstration of Reliability, Availability, Maintainability and Safety

· IEC/EN 50128, Software, Railway Control and Protection

· IEC/EN 50129, Railway Signalling

· IEC 61513, Nuclear Power Plant Control Systems

· RTCA DO-178B, North American Avionics Software

· RTCA DO-254, North American Avionics Hardware

· EUROCAE ED-12B, European Flight Safety Systems

· ISO 26262, Automobile Functional Safety

· IEC 62304, Medical Device Software

· IEC/EN 50402, Fixed Gas Detection Systems

· DEF STAN 00-56, Accident Consequence (UK military)

How does Risk Management fit in?

IEC 61508 employs a Risk Management approach.

Risk Management is a general methodology based on statistical analysis, quite unlike any standards for dealing with basic safety. It can be used for controlling exposure to any kinds of risks that can be quantified, e.g. financial risks, mission risks, security risks, etc., and of course in IEC 61508 it is used to control functional safety risks.