Since the beginning of industrialization, the basic concepts of functional safety have been in place in one form or another. However, with the current evolution of technologies for example artificial intelligence, fast and high-end computing hardware, and software platforms, whether it’s preventing systematic failures or anticipating and mitigating future risk, functional safety has changed the way engineers think about designing systems. The scope of functional wellbeing is wide and varied across several industrial operations where a large number of machinery/ devices are either operated individually or collectively in semi or fully automated ways. All such systems have aspects of their operation that could create potential hazards resulting in injury or harm.
Irrespective of use cases, functional safety is very important for the safety lifecycle of all arenas whether it’s related to the industry or day-to-day solutions. A brief impression about the same along with failure categories is given below.
IEC 61508, the umbrella safety standard (refer to Figure 2), provides proper insight into the functional safety standard for electrical, electronic, and other programmable electronics safety-related systems. It has specific principles for the application of similar equipment for sector-specific use cases. This standard ensures risk reduction through Safety Integrity Levels (SILs 1–4).
The current market practices where the demand for industry 4.0 is high for automation purposes through various technologies such as industrial IoT, sensor networks, distributed control systems, artificial intelligence, etc. require safety-related mechanisms towards an unidentified piece of an incident.
With the increasing emphasis on industrial operational effectiveness improvement through initiatives such as Industry 4.0, smart factories, and the Industrial Internet of Things (IIoT), automated systems and machinery form a significant part of any industrial manufacturing process. Despite these have significantly increased the chances of failure at the unexpected level of operation throughout the process. Especially, since the automation is primarily led by the embedded solutions along with software platforms, the chances of device-level malfunction can shut down or cut off the entire system or maybe the plant operation. In this case, following functional safety not only protects workers from equipment hazards by using a formal, comprehensive, and holistic approach to identifying and analyzing dangerous conditions but also reduces operation downtime. Through safety function, all related parts, including the sensors, control system, and actuators, are collectively examined to determine the probability and frequency of failure. It involves any action or operation required to ensure the safe running of the equipment which typically involves some form of sensor/actuators, a control circuit, some electromechanical devices such as motors, etc., and a mechanism to maintain safety integrity. The actions performed at that instance define the primary safety function; however, the timing between these interrelated actions is crucial, particularly if separate controllers are used for the sensing and the control actions.
Functional safety is part of the overall safety of the system or piece of equipment, which depends on automatic protection. Functional safety systems are composed of electrical and electronic elements that are used for the fulfilment of safety functions in most of the related sectors, with applications in various industries where there is a high risk of related system failure injuries. The market leaders, who offer various system levels solutions, such as BMS, TMC, HIPPS, ESD, and SCADA, as well as devices level such as safety valves, actuators, sensors, etc. usually try to minimize the related risk involved through various functional safety exercise governed under IEC 61508.
Device Level | System Level | End-industry Level |
---|---|---|
|
|
|
Table 1. Scope of functional safety implementation
Various organizations, including manufacturers, have provided specific guidelines for the usage of autonomous and semi-autonomous appliances. Likewise, in the functional safety standards based on the IEC 61508, four SILs are defined, with SIL 4 being the most dependable and SIL 1 being the least. It defines SIL using requirements grouped into hardware and systematic categories. The applicable SIL is determined based on several quantitative factors in combination with qualitative factors such as the development process and safety life cycle management. The SIL requirements for hardware safety integrity are based on a probabilistic analysis of the device. To achieve a given SIL, the device must meet targets for the maximum probability of dangerous failure and a minimum safe failure fraction.
The characteristics values of different modes are described below to define the SIL:
SIL | Low demand mode: average probability of failure on demand | High demand or continuous mode: probability of dangerous failure per hours |
---|---|---|
1 | ≥ 10-2 to <10-1 | ≥ 10-6 to <10-5 |
2 | ≥ 10-3 to <10-2 | ≥ 10-7 to <10-6 |
3 | ≥ 10-4 to <10--3 | ≥ 10-8 to <10-7 (1 dangerous failure in 1140 years) |
4 | ≥ 10-5 to <10-4 | ≥ 10-9 to <10-8 |
Hazards of an industrial system must be identified and analyzed through risk analysis where mitigation measures continue till the overall contribution to the hazard is considered acceptable. The tolerable level of these risks is specified as a safety requirement in the form of a target 'probability of a dangerous failure' in a given period, stated as a discrete SIL. Usually, certification schemes are used to establish whether a device meets a particular SIL. Industrial devices need to be certified for use in functional safety applications according to IEC 61508, providing developers show the evidence required to demonstrate that the application including the device is also compliant.
However, there are various challenges with the implementation of functional safety in Industries. Since industries are increasingly focusing on adopting new technologies, and for that, they require a workforce who can understand/debug/assess the risk factors involved at various levels. Related to the technology point of view, industrial automation is still in the growing phase and there is an absence of uniform standards and related policies for technologies underuse. Cyber security and privacy are other factors that have their challenges. Also, whatever the idea may be, whether it contributes to automated driving in the industries or the internet of things throughout all industries - when it comes to realizing ideas engineers/manufacturers face huge challenges for their requirements concerning feasibility, reliability, usability, lower power consumption, robustness, flexibility, functional safety including certifications and many more are complex.
It is no coincidence that Renesas is recognized to meet exactly all of the crucial demands from a realization point of view with absolute commitment through our microcontrollers, SoC solutions, a broad range of analog and power devices, and ever-growing software and service offers. At Renesas, we present Functional Safety Solution including, TÜV Rheinland certified software kits and reference solutions for various segments required for industrial automation.
- With Renesas’ SIL3-certified Self-Test Software Kit, customers can leverage IEC61508 certifications for the MCU’s CPU, ROM, and RAM when certifying the overall system. Renesas Self-test Software kit currently supports most RX Family as well as RA Family, an Arm Cortex-M4, -M23, and -M33-based RA2, RA4, and RA6 series MCUs. For example, in the case of MCUs: Diagnostic coverage > 90% is certified by TUV. The diagnostic software included in this kit, certificate issued by TÜV Rheinland for functional safety, is increasingly adopted in industrial automation. Verifying diagnostic software takes time, and the certified Renesas diagnostic software can increase the efficiency of customers’ functional safety product development.
- In addition to Self-Test Software, to support redundant dual-MCU configuration, Functional Safety solution for RX Family offers simplified yet robust safety verification and highly efficient software named SIL3 System Software Kit. This software kit performs MCU self-diagnostics and cross monitoring to vastly reduce the development time and burden when building redundant, dual safety MCU system. What’s more, this Kit can perform software partitioning function between safety and non-safety application inside RX MCU for simplified re-certification and enabling coexistence of safety software and non-safety software. This solution eliminates the need for users to develop device specific functional safety software when using Renesas MCUs and allows them to focus on their application software development enabling easier system certification and quicker time to market.
Renesas Functional Safety solution provides all the core technology components needed for IEC61508 SIL certification. The certified software kits and related reference solutions helps to construct a certified functional safety system. This solution significantly reduces the development burden on customers and contributes to the implementation of a safe working environment in factories with the ability to handle hazards even when the system functions fail.
- Furthermore, safe network communication is a critical functional safety consideration for applications that are connected via network. Especially in this Industrial 4.0 era where machines are connected and running 24/7 to realize the automation of the whole process. Renesas addresses this need with the FSoE Application Software Kit and the new PROFIsafe Application Software Kit, strengthening its safety network offerings. The new SIL3-certified PROFIsafe Application Software Kit realizes PROFIsafe functionalities on PROFINET slave devices and eliminates the certification step for network communications.
By providing end-to-end support across the broad range of 32-bit MCU families, from concept to commercialization, Renesas experts help customers get to market faster. Renesas offers comprehensive training and facilitates easy, complimentary evaluation of software solutions. During development, Renesas’ certified solutions help accelerate customers' time to market and reduce the total cost of ownership. Commercial licensing is available for certified software solutions and technical support is provided throughout the entire product development process as shown in Figure 4.
Overall, functional safety is the driving force for the success of current industry trends for example industry 4.0 or industrial automation which have huge potential to unlock the new paradigm of related cost, optimizing process, resource utilization, human safety, quality of the product or services, and many more. Functional safety applies to all industries today, and it is increasing in demand as manufacturers and end-users look to mitigate risk further. With the growing use of automated equipment for manufacturing, testing, and process control, the need to avoid equipment damage, injuries, and environmental damage is more critical than ever. Growing demands and expectations from governments and workers have led manufacturers and suppliers to use predictable ways to achieve and design equipment to meet certain safety requirements.
Renesas Electronics Corporation delivers trusted innovative solutions with complete semiconductor and related software frameworks that enable billions of connected, factory devices to enhance the way people work and live with utmost safety and security in idea realization on the path of Industry 4.0.