Implementing Functional Safety Requirements

November 5, 2024

The Safety Functional Requirements Specification (SFRS; sometimes referred to as SRS or Safety Requirements Specification) is the plan for the safety controls on a machine and is the second step of the safety lifecycle. The SFRS document serves as a framework for the safety control system design, is informed by prior work done in the risk assessment, and directly impacts the design and validation of the control system.

A critical step of the safety lifecycle, the SFRS defines how you should use guards or control elements to mitigate hazards that have been identified. Before working on machine design, the criteria for the control system must be documented and defined. In step one of the safety lifecycle, the risk assessment evaluated the relevant machine hazards and determined a Performance Level required (PLr) for any safety controls used to mitigate those hazards; this PLr is a direct input to the SFRS which dictates the design of each relevant safety function.

safety lifecycle

What Goes Into an SFRS?

An SFRS may include any number of design elements that are used to reduce risk from the strategies defined in ISO 12100, Safety of Machinery:

  • Inherently Safe Design Measures (“Design it out”)
  • Safeguarding and Complementary Protective Measures (“Engineered Controls”: Guards, Safety Functions)
  • Information for Use (“Administrative Controls”)

Inherently Safe Design Measures

Eliminating a hazard “by design” is always the safest option. When you apply risk reduction measures through the removal of a hazard or by changing the design of the machine, the SFRS captures the strategy used to accomplish this. Safe design is applied within the risk assessment and is often applied early in the design process. Early identification of machine hazards that can be mitigated through a design change is critical to avoid design changes later.

Otherwise, correcting unmitigated risks identified during validation could add to a project timeline. Identifying machine hazards early also lessens the demand for Safeguarding/Controls and Information for Use. As an example, replacing a chain and gear conveyor with a belt-top conveyor that prevents reach-through may be a path to “design out” the original hazard. Inherently Safe Design Measures should ALWAYS be considered first and are the highest priority risk-reduction measure you can take.

Safeguarding and Complementary Protective Measures

When a hazard cannot be “designed out,” the second-priority risk reduction measure includes Safeguarding and the use of safety control functions, or what some might consider “Engineered Controls.” Safety functions may be applied as risk reduction measures when it is appropriate for the machine and related operator interaction, as well as when it meets the constraints of the risk assessment.

The use of safety functions initiated by light curtains, interlocked guards, area scanners, and so forth, are considered “Alternative Protective Measures” (APM), which must be designed and applied to meet the PLr for the specific application. APM can only be applied as risk reduction techniques when the users are exposed to machine hazards because of tasks that are routine, repetitive and integral to the process.

Safety Control Functions

The SFRS document shall make it clear what Safety Functions are in use for the machine control system and Risk Mitigation plan, and what Performance Level (or PLr) each Safety Function must meet. The details of each Safety Function spelled out within the SFRS should include at a minimum:

  • Which specific input devices trigger the Safety Function?
  • How is the Safety Function logic evaluated?
    • Are there any special considerations or requirements for the safety device/function, machine type, or logic?
  • Which specific output devices are used to put the related machine hazards in a safe state, and what is the “safe state” for each device?
    • Are multiple output devices used (2-channel design)?
  • How is the safety control system achieving the safe state, and what Stop Category applies?
  • How is the Safety Function going to be reset by the user?

The definition of each Safety Function employed by the risk reduction measures of the machine shall clearly indicate the Safety-Related Parts of the Control System (SRP/CS), how they are to be used and how each hazardous output is controlled. Each Safety Function specified shall also document any specific requirements from the applicable consensus standards.

For example, when applying a light curtain as a safeguard, you must consider ISO 13855 to determine the appropriate placement of that input device to satisfy the stated requirements for safe distance based on the machine stopping performance. Each specific device type/function may have its own applicable standard (that is ISO 13850, for Emergency Stop), and may also need to meet requirements stated by broader standards like ANSI B11.19.

Fixed and Movable Guarding

When recommending fixed and/or movable guarding to reduce risk, the guards must be designed to adequately restrict or limit access to the related machine hazard. Within the SFRS, each guarding measure identified within the risk reduction process needs to be defined in some manner. Guarding may have specific design requirements to meet the intent of the risk assessment which we can discern from Safety Consensus Standards.

For example, when designing a guard to help prevent a user from reaching over, under or through the safeguard, the SFRS can refer to ANSI B11.19 or ISO 13857 for specific criteria around upper and lower limits of the physical guard, as well as the aperture sizing (or guarded tunnel lengths). Any specific design criteria for a fixed or movable guard shall be defined within the SFRS so it is clear what is required of the safeguards installed when it is time to perform a validation.

Information for Use

“Administrative Controls,” or Information for Use, may come in many forms. This could include but is not limited to: Operating instructions from the OEM, hazard warning signage to alert a user to a hazard, audio/visual warning beacons, floor markings, training and standard operating procedures (SOPs). Risk reduction by information for use is the least effective risk-reduction method and is the lowest priority as specified in ISO 12100.

Typically, hazards are not considered “fully mitigated” when only administrative measures are employed, as this measure fully relies on the user paying attention and always avoiding risk themselves. When called out by the risk assessment, the SFRS should identify which “Information for Use” measures are required and define the requirements for how they are used.

For example, when hazard warning signage is identified as a risk-reduction measure, the SFRS shall identify any specific signage placement criteria or requirements for the sign itself. Heated metal fixtures within a machine may be a relevant burn hazard to the operator. Adding the appropriate pictogram warning on or near the heated parts in visible locations may help alert the operator to the hazard, but it does not prevent harm from occurring.

Putting It All Together

The SFRS document can be treated as a framework for the safety control system design, be used to define requirements to a machine builder/integrator, and also serve as an input to future machine validation so that the tester knows exactly how the system is meant to perform. The SFRS shall identify the relationship between Input, Logic and Output devices that are used to perform Safety Functions, as well as define requirements for safeguards and other risk-reduction measures. The SFRS shall indicate how each relevant standard is being applied to appropriately meet the intent of the risk-reduction measures identified in the risk assessment process.

Again, it is critical that you perform the SFRS thoughtfully and thoroughly so that the machine design is fully inclusive of the necessary safety controls before fabrication, and so that the validation is conducted in an informed manner. Hazardous components missing from the SFRS may not be accounted for in the final design or validation and result in an unidentified increased risk. Additionally, missing items may be identified during the validation, requiring rework to change the machine controls and adequately mitigate risk.

Important_Links_Bar.jpg

https://www.rockwellautomation.com/en-us/company/news/blogs/functional-safety-plan.html

Related Articles

Network Infrastructure Featured Product Spotlight

PBUS 14 Panduit logo 400

This webinar presented by Beth Lessard and Keith Cordero will be highlighting three Panduit solutions that will optimize network equipment and cabling to ensure that your spaces are efficiently and properly managed to support ever-evolving business needs of today and beyond. Products that will be featured include PanZone TrueEdge Wall Mount Enclsoure, Cable Managers, and Adjustable Depth 4-Post Rack.

REGISTER HERE


Editor’s Pick: Featured Product News

Siemens: SIMOVAC Non-Arc-Resistant and SIMOVAC-AR Arc-Resistant Motor Controllers

The Siemens SIMOVAC medium-voltage non-arc-resistant and SIMOVAC-AR arc-resistant controllers have a modular design incorporating up to two 12SVC400 (400 A) controllers, housed in a freestanding sheet steel enclosure. Each controller is UL 347 class E2, equipped with three current-limiting fuses, a non-load-break isolating switch, and a fixed-mounted vacuum contactor (plug-in type optional for 12SVC400). The enclosure is designed for front access, allowing the equipment to be located with the rear of the equipment close to a non-combustible wall.

Read More


Sponsored Content
Electrify Your Enterprise

Power is vital to production, and well-designed control cabinets are key. Allied Electronics & Automation offers a comprehensive collection of control cabinet solutions including PLCs, HMIs, contactors, miniature circuit breakers, terminal block connectors, DIN-rail power supplies, pushbutton switches, motor starters, overloads, power relays, industrial Ethernet switches and AC drives engineered to keep your operations running safely, reliably and efficiently.

Learn more HERE.


Products for Panel Builders

  • WAGO: Power Supply Base

    WAGO: Power Supply Base

    The WAGO Power Supply Base with the industry-proven Push-in CAGE CLAMP connection provides essential functionality during operation and stands out for its cost-effectiveness. The new devices offer quick, reliable and tool-free connections, along with good efficiency. Read More…

  • Weidmuller: u-control M3000/M4000 High-Performance Series IT & OT PAC Controllers Achieve True Convergence

    Weidmuller: u-control M3000/M4000 High-Performance Series IT & OT PAC Controllers Achieve True Convergence

    Weidmuller USA has recently unveiled the innovative M3000 and M4000 series of PAC Controllers for the perfect pairing of IT and OT for a wide array of industrial settings. This highly advanced Programmable Automation Controller (PAC) series integrates the functionality of a PLC and a PC with a control and edge system – in one device. “With… Read More…