Functional Safety
Functional Safety
Functional Safety
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
White Paper<br />
Tino Vande Capelle, Dr. M.J.M. Houtermans<br />
<strong>Functional</strong> <strong>Safety</strong>: A Practical Approach<br />
for End-Users and System Integrators<br />
Needless to say this costs a more time during specification which is saved during actual<br />
design and testing and the often required modifications after words.<br />
3.2 Architectural Design <strong>Safety</strong> Function<br />
When the safety requirements specification is clear and agreed upon the system integrator<br />
can start with the architectural design of the safety function and system. Figure 1 shows how<br />
a safety function definition can be implemented in hardware. The safety function is divided<br />
into three subsystems, i.e., sensing, logic solving, and actuating. The designer of the safety<br />
function can decide how to divide the safety function into subsystem and to what level or<br />
detail. In practice subsystems are determined by redundancy aspects or whether the<br />
component can still be repaired or not by the end-user.<br />
T1 TM 1<br />
T2 TM 2<br />
Measure the temperature in the reactor and if the temperature exceeds 65 C<br />
then open the drain valve and stop the supply pumps to the reactor. This function<br />
needs to be carried out within 3 seconds and with safety integrity SIL 3<br />
Sensing Logic Solving Actuating<br />
I1<br />
I2<br />
I3<br />
I4<br />
I5<br />
I6<br />
I7<br />
I8<br />
Common Circuitry<br />
CPU<br />
HIMA <strong>Functional</strong> <strong>Safety</strong> Consulting Services Page 9<br />
Common Circuitry<br />
O1<br />
O2<br />
O3<br />
O4<br />
O5<br />
O6<br />
O7<br />
O8<br />
R1- Pump A<br />
R2- Pump B<br />
SOV Drain V<br />
Fig. 1. From specification to hardware design of the safety instrumented system<br />
The IEC 61508 and IEC 61511 standard have set limitations on the architecture of the<br />
hardware. The concepts of the architectural constraints are the same for both standards<br />
although the IEC 61508 standard requires some more detail. The architectural constraints of<br />
the IEC 61508 standard are shown in Table 1 and 2 and are based on the following aspects<br />
per subsystem:<br />
� SIL level safety function<br />
� Type A or B<br />
� Hardware fault tolerance<br />
� Safe failure fraction