In logistics, in the energy sector and in industry in general, machinery and plants are used which, for all of their advantages, can cause a great deal of damage. People, the environment and the plants themselves must be protected from these dangers.
This is done by safety systems which, depending on the hazard level, have to work very reliably and securely. Typical safety functions are emergency shutdowns for overpressure or too high temperatures, shutdown for overload or also the monitoring of dangerous movements. Safety systems usually consist of a sensor, a controller and an actuator.
A risk assessment of a plant or machine determines the safety integrity level. Depending on the required safety function, suitable components are selected and combined to form a safety system. The higher the hazard (e.g. danger to human life), the higher the required level of the system.
Safety systems are also becoming increasingly important and complex since machinery and plants are carrying out more and more and, with higher productivity, the hazards are generally also increasing.
Guidelines and standards have been created to help every plant operator to operate his or her plant to the highest levels of safety. Failure analyses and risk assessments serve as a basis for decision-making. The aim is to reduce the risk presented by a technical system to an acceptable risk by means of safety measures.
The machinery directive 2006/42/EC and the technical standards of individual applications demand the minimisation of risks. Functional safety is a legal obligation in many areas.
The more complex an electronic system is, the more diverse the error possibilities are. For this reason, the IEC 61508 series of standards demands the avoidance of systematic faults during development, monitoring during operation and the safe control and elimination of detected errors.
The machinery directive 2006/42/EC is the most important guideline for functional safety. The most important standards are:
The last two standards are harmonised, so the presumption of conformity applies here, but not to DIN EN/IEC 61508.
Both the Performance Level (PL) and the Safety Integrity Level (SIL) define the reliability of safety functions in machinery and plants. Each safety-related component of a control system has its specific PL or SIL, which represents the ability to reduce a risk.
Each safety function has a specific target level that must be maintained in order to reduce the risk of a malfunction. When evaluating safety functions, the combination of all components results in a PL or SIL, which may differ from the level of the individual components.
The DIN EN ISO 13849 standard defines the term ‘performance level’. It describes the ability of a control system to perform a safety function.
A required risk minimisation is defined for each individual safety function of a machine. This specifies the value PL r (required). The basis for this value is basically the probability of a dangerous failure per hour.
The performance level of the safety function must be greater than or equal to PL r. The scale ranges from PL a (lowest level) up to PL e. Up to level PL c, manufacturers may make the assessment themselves, for PL d and PL e the equipment must be tested by an independent third party.
This value system originates from DIN EN/IEC 61508 and DIN EN/IEC 61511. The SIL is used to assess the reliability of the safety functions of electrical, electronic and/or programmable electronic systems.
Here, too, a SIL r (required) is defined, which the application must comply with, i.e. it must be greater than or equal to it. The scale ranges from SIL 1 as the lowest level to the highest level SIL 4. SIL 1 and SIL 2 can be assessed by the manufacturers themselves. SIL 3 and SIL 4 require an assessment by an independent third party.
.