1.9 Safety-related parts of control systems
Parts of machine control systems performing safety tasks are described by those who set standards as safety-related parts of control systems. These parts can consist of either hardware or software and stand-alone or integrated components of the machine control system. Safety-related control components incorporate the entire effective chain of a safety function provided by sensor, control unit and actuator. Each can be complexly set up in different ways, and, for example, consist of a Safety Switch and a Safety Relay, or they can also be implemented as a safety related PLC of an entire system.
The general objective is to design these control components so that the safety of the control function and the behavior of the control unit in case of a fault corresponds with the level of risk reduction determined in the risk assessment. Specific control-related measures for fault prevention in systems used in low-risk applications may not be sufficient for applications with a higher risk. For these applications, for example, additional measures for fault tolerance or fault detection would then be required.
The higher the risk reduction to be provided by the safety-related control component, the higher the required safety level or the safety-related performance level of the control component. The standards described in the following use different classification systems and definitions for these safety levels.
Performance Level and SIL Level:
Perfor-
mance level
(EN ISO
13849-1) |
PFHd
Average probability
of a failure to
danger [1/h] |
SILCL Level
IEC/EN 62061 |
| a |
10-5 ≤ PFHd < 10-4
|
-- |
| b |
3 · 10-6 ≤ PFHd < 10-5 |
SIL 1 |
| c |
10-6 ≤ PFHd < 3 · 10-6 |
SIL 1 |
| d |
10-7 ≤ PFHd < 10-6 |
SIL 2 |
| e |
10-8 ≤ PFHd < 10-7 |
SIL 3 |
(source: ZVEI Flyer Safety of machinery)
|
