Functional safety - Which standard and what are their scopes?

Question

I'm struggling to grasp the application of the concept of functional safety 
 I think that I understand the basic concept - Where we are relying upon an electrical circuit/system we need to be able to rely upon the safety function proportionally to the risk 
 However this is pretty much my limit, I want to understand the scope of the standards and which standard applies, the BS scope sections aren't making things much clearer - A simple example that I have came across is with a ventilation systems, if a fan is ventilating an area due to prevent a build up of nasty chemicals, or explosive gasses. 
 Is anything preventing a system having two independent fans with users monitoring? 
 Is this required to be a functional safety system? If so, is this under the 13849 standard or another? What should the system look like? 
 Thanks

Andy Millar · Accepted Answer

Oh gosh what a huge subject! But a really good question. 
 The basic standard is IEC 61508. There are a whole heap of industry specific standards that come off this one, but that's where they all start. But I'll warn you, 61508 is HUGE. It does tell you how to work out the answer to your fan question for example, but in pages and pages of stuff even when you've found the right part (it has seven parts). ISO 13849 is one of these standards, and yes probably is the right one in your case (unfortunately I don't have a copy of it). 
 However the basic principles are pretty simple, and you've nailed it with "we need to be able to rely upon the safety function proportionally to the risk". And the risk depends on what other mitigations you have in place, so yes if you have two fans and you can demonstrate that you can detect and repair a failure of the first fan before the second fan will credibly fail then that's a perfectly good mitigation - provided you can show that the detection itself is sufficiently reliable. And that it's not likely (within the level of risk that your prepared to accept) that both fans will fail, for example due to a power supply failure. 
 I should mention at this point that I was the independent safety assessor for the tunnel ventilation system on Crossrail (Elizabeth Line) which was a rather extreme case of exactly this problem! In that case the contractor and Crossrail decided that the consequences of ventilation failure occurring at the same time as a tunnel fire were so high that a high integrity fan control and monitoring system was required. But that was unusual. 
 So back to your question, IEC 61508, or any other related standard such as ISO 13849 , won't give you a direct answer to your problem, what they will say is that you need to assess all the possible failure modes and consequences and then determine all potential mitigations. UK law (HASAWA) then says that you must put these mitigations in unless you can show they are not reasonably practicable (i.e. the cost of putting the measure in, e.g. by using a high integrity system, would be disproportionate to the risk). 61508 does give guidance as to how to consider duplication, and more complex systems such as 3 out of 5 and so on. But if you're going there you probably want someone to guide you. 
 You basically only have to use a high integrity system where you're working on a system where failures cannot be mitigated by another system (very simplistically). For example in railway signalling, if the control system sets the signal to green when it should be red there's not much that can be done to stop trains crashing, so we make them very high integrity systems. But it seems in your case that you may well be able to achieve the effect (ensuring that if a fan fails there isn't an explosive gas build up) by suitable duplication and monitoring. Just don't forget those pesky common mode failures like power supplies, or both fans freezing up in winter... 
 Cheers, 
 Andy

Functional safety - Which standard and what are their scopes?

Join us to get the best from IET EngX.

Community Rules & Guidelines