Dec 12, 2022
On the Safe Side
Get insight into the eventful history of functional safety in our interview with two industry experts.
Automation technology is one of the most important tools on the way to comprehensively digitalizing industrial plants. At the same time, the increasing degree of automation entails correspondingly high requirements in terms of functional safety. After all, a machine or plant must not only work efficiently, but safely, so that it does not pose a risk to people or the environment. This applies to overfill protection in a process technology plant and to an Auto-Guided Transport System, which shares the shop floor with actual personnel in an automotive manufacturing plant. In this interview, Stefanie Arnold (New Business Development Manager and Functional Safety Engineer) and Werner Bansemir (Manager Interface Technology) give an insight into the eventful history of functional safety and explain why Pepperl+Fuchs customers are on the proverbial safe side.
Ms. Arnold, Mr. Bansemir, the IEC 61508 standard—which has been in effect for more than 20 years—is now considered a type of "Big Bang" of the functional safety world and is certainly a familiar term to automation experts. Can this standard be described as the starting point of the field of functional safety?
Stefanie Arnold: Without wanting to diminish the undoubtedly enormous relevance of IEC 61508, I think it's fair to say that the field existed before it. In fact, the beginnings of functional safety can be traced back to the 1960s.
Werner Bansemir: That's right; functional safety officially began with standard 2180 "Securing process engineering plants," published in 1966 by the plant safety committee of the VDI/VDE regulatory engineering section. This standard sets out for the first time the basics of device technology and planning operations that must be observed when setting up safety devices. The evolutionary nature of the field of functional safety is already clear here, because parts of this standard continue to have an impact today: The MooN structure, i.e., the classification of safety-related systems based on redundancy and the selection procedure used, stems from the first version of the 2180 standard.
As one of the longest-standing automation companies, Pepperl+Fuchs has been involved in the field of functional safety for a long time now. Since the seventies actually.
Since when has Pepperl+Fuchs engaged in the field of functional safety?
Werner Bansemir: As one of the longest-standing automation companies, Pepperl+Fuchs has been involved in the field of functional safety for a long time now. Since the seventies actually. For us in-house, the initial spark came from a customer request regarding safely shutting down the main fuel supply of combustion plants. The result was the development of the first safety switch amplifier in 1973. The dynamic transmission principle of the switching signal of that era's switch amplifiers still forms the technical basis for safety devices for SIL 3 applications.
Stefanie Arnold: A short time later, this was followed by the development of the first proximity sensor for safety applications. These sensors were a further development of standard sensors, which were now able to detect a fault via two additional transistors. The additional components in the sensor were required so that the sensor could still emit a safe signal state any time a fault occurred, i.e., to implement the fail-safe principle. During this development phase, a globally relevant safety framework such as 61508 was still a long way off: At the time, the DIN 4788 standard for gas burners and VDE 0116 standard for the electrical equipment of combustion plants were used as reference.
The Seveso disaster in the seventies was another key event in the evolution of functional safety. Could you briefly outline what happened?
Werner Bansemir: In 1976, there was a dioxin leak in a chemical plant in the small village of Seveso, north of Milan, with devastating consequences for people and the environment. Automatic cooling systems and warning systems were not available back then, which meant that the plant overheated. However, Seveso was unfortunately not a unique critical event: Two years earlier, there was a similarly disastrous incident at a chemical plant in Flixborough, England, which resulted in several deaths.
Stefanie Arnold: In this context, the disaster in 1984 in the city of Bhopal, India, is certainly worth mentioning—it is still the biggest chemical accident in history. These traumatic events and the Chernobyl disaster correlate closely with the emergence of the environmental movement in the eighties. The impact of all these tragedies resulted in functional safety being seen as much more relevant by the public.
The way that we classify the risks posed by automated processes worldwide can be traced back to Germany in the eighties.
How did this shift become clear in specific terms?
Werner Bansemir: As we all know, we Germans are said to be very safety oriented. In this context, I would definitely take this as a compliment. The matter of being able to manage the risks posed by process plants was addressed early on in Germany due to the accidents mentioned and was approached in an increasingly methodical way by legislators and plant operators at the beginning of the eighties. This is evident in the publication of various national standards and preliminary standards during this period, which still have an impact today and have since been incorporated into international standards.
Stefanie Arnold: I have to mention DIN V 19250 here, even though it never moved on from being a preliminary standard, because it brought about some progressive changes: A hazard is described qualitatively using a risk graph for the first time in the standard. The eight requirement classes specified led to the four now generally acknowledged safety integrity levels: SIL 1 to SIL 4. The performance levels described in EN ISO 13849 are based on these. No matter whether in process plants, discrete manufacturing environments, or rides at amusement parks, the way that we classify the risks posed by automated processes worldwide can be traced back to Germany in the eighties.
You just mentioned the keyword "worldwide"—at the beginning of the 2000s, the IEC 61508 standard, which was mentioned earlier, led to a global paradigm shift in functional safety. What was the situation at Pepperl+Fuchs?
Werner Bansemir: I still clearly remember the challenges we faced back then: At the beginning of this phase, there were no appropriately certified products, of course. Instead, return statistics were used for selected and suitable stock products to confirm the validity of previously calculated safety values. However, we still recognized at an early stage the opportunity for us as a manufacturer to address the issue. After IEC 61508 became the global standard and replaced all previous national standards, the global market for safety-related devices automatically expanded.
Stefanie Arnold: In addition, our extensive training programs in the field of functional safety began with the publication and distribution of IEC 61508. Because we followed the development of functional safety closely over the decades and were already experienced in imparting key information from standards and regulations through our training sessions on electrical explosion protection, this was a logical step for Pepperl+Fuchs. Today we offer a wide range of training formats so that as many user groups as possible have a port of call for questions regarding functional safety. The seminars not only cover IEC 61508, but the resulting sector standards such as EN 61511, and the EN 62061 and ISO 13849 standards, which are relevant to machine builders.
Since you were talking about machine building in particular, how can Pepperl+Fuchs support customers in complying with the Machinery Directive?
Stefanie Arnold: The training courses mentioned above are an important building block in being able to identify potential pitfalls in compliance with the Directive. However, because the need for training in the field of the Machinery Directive is huge, we decided to provide interested parties with an additional tool that can be accessed at any time: We made a comprehensive PDF white paper available free of charge on our website a few months ago now. This gives step-by-step instructions for ensuring safe machinery. This is a useful addition to our "Functional Safety Compendium," which has been available for a long time, and focuses more on process technology than on factory automation. Anyone looking for support beyond the scope of the white paper in implementing specific applications in accordance with the Machinery Directive can always contact us: Our certified functional safety experts can help operators calculate the required SIL or performance level or develop the overall safety concept of an application.
This will surely involve the company's own portfolio of safety components. So let's finish by looking at what's on offer in this regard. Where is Pepperl+Fuchs positioned today?
Stefanie Arnold: First, I would like to add that safety concepts are created independently: Our primary goal is to identify the optimal solution for the respective application. We do not bind ourselves to certain technology, products, or suppliers. But, of course, the fact that we can use our in-house portfolio of sensors is incredibly valuable: We not only have automatic access to all safety values but can use technology that is unique on the market. With the USi®-safety, we offer the only ultrasonic sensor system deemed safe up to category 3 PL d. This sensor is ideal for monitoring Auto-Guided Transport Systems and is unrivaled in its resistance to dirt, temperature fluctuations, and humidity. However, standard sensors can be intelligently combined to create compliant and safe solutions for applications.
What are personnel involved with process automation at Pepperl+Fuchs working on at the moment?
Werner Bansemir: With a series of new SIL 3 current drivers, we recently closed the last "gap" in our broad portfolio of SIL 3-rated isolated barriers. This means that we are now the only manufacturer worldwide to offer intrinsically safe SIL 3 components for all signal types. At the same time, this milestone is a nice way to round off my long career at Pepperl+Fuchs—I retire at the end of the year. Over the decades, functional safety has helped shape my work and we have made important technological developments. The field will continue to be a high priority for the company after I leave—I am absolutely sure of that. Pepperl+Fuchs customers will always be on the safe side.
Our white paper offers you practical assistance when it comes to machine safety. Get an overview of the current legal and standard situation and find out, based on an example, which steps have to be taken on the way to a safe machine.
Get your free PDF now and learn more about terms like:
- Risk Assessment
- Performance Level
- Diagnostic Coverage
- and much more