Converting Existing Products to Functional Safety
Systems comprised of electrical and/or electronic elements have been used for many years to perform safety functions in most application sectors. Computer-based systems (i.e., programmable electronic systems) are being used in all application sectors to perform non-safety functions and, increasingly, safety functions. As these technologies proliferate in product and systems design, the rise of concern for functional safety by manufacturers and systems integrators is a natural outcome.
"I see a trend where manufacturers are starting to realize that functional safety is becoming increasingly important, and that they will need to have functional safety products in their product offerings," says Kevin Connelly, business development manager, power and controls, at Underwriters Laboratories (UL).
Functional safety, a concept applicable across all industry sectors, is fundamental to enable the complex technology used for safety-related systems. It provides the assurance that the safety-related systems will offer the necessary risk reduction required to achieve safety for the components and systems being built.
The principal standard in this area-and the main driver of functional safety development-is IEC 61508: Functional Safety of Electrical/Electronic/ Programmable Electronic Safety-Related Systems from the International Electrotechnical Commission. While this standard is generic and not specific to any industry, it has already spun off numerous industry-specific standards, and can be applied to any industry that does not have its own standard in place. The importance of IEC 61508 and its derivative standards is rising as new products and technologies emerge. "Manufacturers and integrators are being approached by their customers in regards to customer safety," continues Connelly. "They're either inquiring about it or demanding it."
How to Move Forward
In terms of having an existing product converted to meet functional safety standards, the first thing a manufacturer can do is simply to provide reliability data for the product so it can be used as part of a safety-related installation. The next steps would be to determine the Safety Integrity Level (SIL) as outlined in IEC 61508.
"You could start with SIL 1, and in some cases it would be possible to provide a ‘proven in use' argument," says Thomas Maier, principal engineer, functional safety, at UL. "If a product has been used for many years under specific, well-defined operating conditions, and if there are good follow-up reports from the field, it could be possible to achieve SIL1 based on that."
If the "proven in use" approach is not applicable, the developmental processes used to create the part in question become critical. "Functional safety has strong requirements on the developmental processes," says Maier. "If a customer wants to convert a product that was developed earlier to meet functional safety standards, and wants to use it in a safety context for, say, SIL 2 or SIL 3, good development processes for that part are important."
Moving apart from the case of "proven in use" to calculating a SIL, might involve the manufacturer looking at a particular application or using a combination of several products (for example coupling of two non-safety related PLCs) to create a two-channel system. "This approach could make it possible for a manufacturer to provide some safety-related functionality with existing products. Also such application or product configuration based concepts can qualify for the functional safety mark," says Maier. "However, moving up to SIL 2 or SIL 3 will usually involve something more fundamental in terms of design changes to the component."
Anura Fernando, research engineer, predictive modeling and risk analysis, at UL, notes the importance of considering different perspectives on how re-design would have to be approached. "For example," he says, "if you have a component manufacturer that did not design for a certain SIL, the component could have some design elements that could be leveraged from the system design perspective. In this way, a system could be designed around that particular non-compliant component to satisfy a given Safety Integrity Level for the system."
The tools applied in converting an existing product to a functional safety product are well-established methods and processes, the most important of which is the V-model-based approach to product development. The V-model approach is common good practice in the development of complex systems. On the left side of the V is the development path; on the right side is the verification path. For every step of development, corresponding verification or validation must take place.
Who Should Move Forward, and with Whom
The market will drive manufacturers toward making functional safety a more basic practice, but certain existing products are likely to be driven more rapidly towards conversion to functional safety. "If products can have added modules for compatibility with, say, Fieldbus or some type of wireless communication, this type of modular design might be good to enhance with functional safety," says Maier. He adds that frequently the existing, normal, non-safety-related part of the modular product could be used as a diagnostic channel and enhanced with a safety channel to give the product functional safety features.
UL's experience at all levels of functional safety, from its active role in standards development to its highly flexible approach to helping customers meet their functional safety needs, makes it an ideal partner and facilitator to convert and/or extend product lines into functional safety.
For more information on how to begin the process of converting existing products for functional safety use, please contact Kai Christiani at Kai.Christiani@ul.com.