How the needed functional safety level can be achieved?



On a general level, safety functions and their capability are classified with respect to the level of safety provided. In some standards, the classification refers to Safety Integrity Levels (SIL), in some others to Performance Levels (PL) and in some others to Levels or Criticality Categories. For example with respect to IEC 61508, the mother standard of functional safety, the highest level of protection is provided with SIL 4 functions. For a SIL 4 function, the frequency of dangerous failures is allowed to be in range from 10-8 to 10-9 per hour. That means on average one failure within 100 000 000 hours of operation, or one failure within 11 400 years of operation. These numbers probably also provide the answer to the question, what makes the development of safety systems challenging.

How it is possible to achieve such impressive numbers cannot be answered in a blog text, but perhaps with several hundred pages of standard texts. And to prove the achievement of such numbers, both quantitative and qualitative analyses and evidence are typically needed. However, some of the key characteristics in achieving safety, according to our experience, include the following.

  • System architecture supporting detection of failures and to support maintaining safety even in presence of failures,
  • Thorough verification process during design that assures that a mistake made by one designer is detected by someone else and will not end up in the result,
  • Rigorous development process with suitable overall lifecycle as well as specification, design, analysis and traceability techniques,
  • Use of good quality components which are reliable, and for which the failure modes are known and can be analyzed upfront,
  • Thorough testing and validation campaign confirming the implementation of correct requirements.

These characteristics, by the way, appear in practically all of the referred standards in previous blog. Thus, it can be concluded with confidence that the basic approach to developing critical systems is to a large extent the same regardless of the application area.

Text: Timo Vepsäläinen