By Ellen Fussell Policastro
“Even though functional safety has been around for many years, people still don’t understand it,” said Paul Silva, business field manager at TÜV Rheinland of North America.
Silva gave an overview of functional safety at the Siemens virtual Machine Safety World event Wednesday to help suppliers better meet end-user needs when applying functional safety to a product.
When the client isn’t sure what the requirements are, they will usually go to the most conservative level of compliance. They’ll look at the standards and take the most restrictive point of view, which isn’t always the best-case scenario, he said.
Yet suppliers present themselves as experts in their field. “The client trusts the supplier/manufacturer, but the supplier never verifies what the client’s needs are and usually doesn’t understand functional safety completely,” Silva said.
As a result, projects that involve functional safety end up being late with cost overruns. The company as a whole ends up frustrated with the project cost and delayed time to market. Poor morale is also a result. In the end, the team becomes gun shy.
So how do we stop these negative outcomes? “It’s critical to understand the role and what functional safety means to that role,” Silva said.
Safety devices are becoming more complex, he said. So basic standards are not sufficient. The increased risk and danger in products rises over time. Functional safety gives you a way to review the product, deal with the products’ characteristics and functions, and to calculate the risk of the product failing dangerous and reduce that risk based on diagnostics defined in the standards.
Product designers must keep in mind that using IEC 61508 for a certification standard is insufficient for compliance with the machinery directive. “It is non-harmonized and doesn’t show compliance to any particular directive or laws to any one industry. If you do not understand those paths, your certification is not worth much,” he said.
For seamless certification, you need to have a compliance path. “When a client gives you a request, most of the time they are not sure what functional safety is,” he said. “You need to sit down and try to understand their needs. Interview them and ask them what their objective is for this product. Then you can start understanding requirements for product design. First you should find out if there is a safety function. If there isn’t a defined safety function, then functional safety is not applicable.”
Understand what the client’s product does. Is it a complete system or just a piece of a system? You also need to know what the safe state is: fail high or fail low? What is the system architecture you’re looking for? Will they use this product internationally?
Many times the critical information comes in between topics. “That’s when they really tell you what they’re looking for. Are you designing or integrating a product into a larger system? From the designer/supplier viewpoint, what is the intent of the application? What is the actual use and safety function of that product? Are you designing a safety instrumented system or safety instrumented function?”
Understand Certification Process
If you understand the requirements of the certification process you can more easily streamline your cycle and reduce your time to market. The certification process starts with a concept assessment, moves to a main assessment, and finally ends with the certification.
During the concept assessment, the client picks a point of time when they have confidence the product is fixed and defined. There is enough information for the assessment team to review the product and give you feedback. “We want to see the risk has been identified. We assess the design specs to specific requirements. We review the product and provide results,” Silva said.
During the main assessment Silva’s team reviews the whole product with all requirements as needed. “In concept assessment the design was not complete. Now the hardware design is completely fixed and software design is written,” he said.
Functional safety management review is an intense documentation review. “We’re reviewing standards so it’s extremely intrusive. Don’t hide anything. If you try to hide and we find it, the feedback is not pleasant. We review all diagnostics and failure points. Just tell us, we can work with you. The later we get it, and the more we dig into systems and find errors, the more difficult it will be to fix.”
In the integration testing review, the team reviews all internal verifications of product design. “We make sure all of what we’ve described was tested to the appropriate level and documented to show tests were performed. During the final step before certification, the assessor will perform a fault insertion test. Then we issue a certificate.”
The main thing to remember though, is to obtain certification, you must design in functional safety and not make it an afterthought. If you follow the path of designing in functional safety, Silva said, “your time to market is reduced because you have a logical path with milestones along the way.”
Ellen Fussell Policastro is a freelance writer based out of Raleigh, NC.