Functional safety
Functional safety (FuSa) refers to a part of system safety that depends on the smooth functioning of the safety-related subsystem. Its purpose is to protect people and the environment from the dangers posed by the system. Fire and radiation protection as well as electrical safety are not part of functional safety. These must be considered separately from FuSa.
Why is functional safety important?
Legislators impose certain safety requirements on manufacturers and distributors of products to eliminate hazards to people and the environment as far as possible. In this context, particular mention should be made of the general regulations on product safety in EU Directive 2001/95/EC, which was transposed into national law by the Federal Republic of Germany with the Product Safety Act (ProdSG). Furthermore, manufacturers can be held liable for damage caused by the inadequate safety of their products (see Product Liability Act (ProdHaftG)). For manufacturers of AGVs, VDI 2510 Part 2 “Safety of AGVs” is an important reference in this context.
Ensuring compliance with all relevant legal requirements is therefore of considerable importance for manufacturers. But how can this be ensured?
Functional safety is essential for complex systems
Traditionally, the safety of a device, machine or even a process is tested by identifying potential safety risks and checking them individually. What happens if the product falls, becomes too hot or is operated incorrectly?
Today, however, many machines, assembly lines and processes are so complex that it is no longer possible to identify and test all potential risks for every system component. In such cases, the functional safety of the entire system must be considered. Let's look at an example: a self-driving transport vehicle has many circuits, relays and so on. Logically, it is not possible to test every component individually for all practical safety risks. That is why the behaviour of the system is considered. There are basically two different system characteristics.
Fail-Operational and Fail-Safe
When it comes to safety-critical systems in complex machines, a distinction is made between fail-operational and fail-safe systems. Fail-operational systems are essentially designed to maintain the safe, intended function of a system. A fail-safe system, on the other hand, inhibits the intended function if a safety risk is detected. The latter, of course, has the disadvantage that the system is then no longer available.
How is functional safety implemented in practice?
The role of safety levels in functional safety
How functional safety is implemented depends on the system itself and, at least to the same extent, on the circumstances. For example, it is common for driverless transport systems (DTS) to stop automatically if they detect an obstacle in their path. In a self-driving car, for example, or in an automated guided vehicle system, abrupt braking is absolutely essential. Here, too, there are clear definitions regarding deceleration in order to protect people from harm. In order to guarantee optimum functional safety for every system, safety objectives are defined in practice so that the appropriate safety functions can be implemented. In practice, functional safety is monitored using electrical, electronic or programmable electronic components (E/E/EP components for short).
Digression: Functional safety and cyber security
As mentioned at the outset, functional safety is intended to protect people from machines. Conversely, however, machines must also be protected from human manipulation, otherwise measures designed to guarantee functional safety could be undermined. Protection against such attacks is referred to as (cyber) security.
In English, a distinction is made between the functional safety and the security of a machine. Both are translated as ‘sicherheit’ in German, but refer to fundamentally different things. Security refers to the security of a system against external attacks, i.e. cyber security. Nevertheless, there are connections between the two areas. Basically, any system that can communicate with the outside world is exposed to the risk of cyber attacks. If such an attack is successful, the attacker can manipulate or disable the system, thereby jeopardising functional safety. A system that does not have adequate cyber security cannot achieve sufficient functional safety. In view of this, both aspects are always considered when assessing the risk of a system.
Functional safety – an outlook
In future, the importance of functional safety will continue to grow. With the development of increasingly complex machines and systems, conventional methods of ensuring product safety will increasingly reach their limits. Functional safety will also become increasingly important in the context of Industry 4.0 and further developments in the field of artificial intelligence.
When it becomes the norm for humans and robots to interact with each other at work, a high level of safety reliability and a guarantee that these systems function correctly will be of crucial importance. Functional safety therefore plays a key role in the further development of these future technologies.
