Functional safety is a critical aspect of off-highway vehicles and they help keep operators safe in the cabs and around the vehicle, as well. In a podcast, Michael Schankin from EAO Corporation discussed the importance of functional safety and offered some best practices for original equipment manufacturers (OEMs) to consider. He also provided some written responses on the topic.
Question: Functional safety: What is it? What do you need to know?
Schankin: Functional safety is the absence of unreasonable risk due to hazards caused by malfunctioning behavior of electrical and electronic systems. That means Functional safety is needed wherever electronic devices The main objective of functional safety is to reduce possible risk of personal injury from electrical and electronic systems. This is achieved by working in accordance with functional safety standards.
It is crucial to understand that property damage falls outside the scope of functional safety. When a system is designed in compliance with functional safety standards, it is programmed to enter a safe state in the event of an error, which may involve an emergency stop or providing information to the user, depending on the severity of the risk posed by the error. Thus, functional safety focuses on the overall system, such as a machine, rather than solely on individual components.
Question: What are some of the pros and cons of data buses used within HD applications and how this relates to functional safety.
Schankin: Traditional electromechanical systems are gradually replaced by complex electronic systems. The reason for that is the increasing demand on functionality of the system and its components.
In a conventional hardwired setup, connecting all the HMIs to the machine necessitates the use of numerous wires. For instance, a keypad featuring 6 buttons and 6 LEDs would require a minimum of 13 wires. In contrast, a CAN-bus system allows for the connection of up to 128 components through a single data bus for information exchange, utilizing only four wires for the connections. This significantly reduces the amount of wiring which saves money, weight and time. Additionally, these data buses enhance the technical capabilities of the systems, which is benefiting customers and operators alike.
The growing complexity of these systems is likely to result in new forms of malfunctions. In conventional wired systems, a signal is disrupted only when a wire is broken. However, in contemporary bus systems, even electromagnetic interference, such as that from a radio device, can cause interruptions in data transmission. This may lead to the application functioning in an unintended manner.
For this reason, it is essential to implement methods that either prevent or identify such errors. This is where the concept of functional safety becomes crucial.
Question: What type of applications and functions benefit from functional safety practices?
Schankin: All applications that may pose a potential risk of personal injury or even fatality due to electrical and electronic systems. This includes, for instance, brake systems, transmission controls, and lifting mechanisms like what can be found on garbage trucks.
Question: Why is functional safety required?
Schankin: It is essential for all manufacturers to place a strong emphasis on functional safety, as each manufacturer is accountable for minimizing the risks their products may pose to individuals. As a result, product manufacturers must comply with established standards. Fundamentally, this involves operating in accordance with the latest advancements in science and technology. This responsibility encompasses the principle of functional safety.
Various standards exist for distinct markets, each addressing specific requirements related to those sectors. For instance, ISO 26262 pertains to the automotive industry, EN 50128 is relevant to railways, ISO 25119 applies to agriculture, and ISO 13849 is designed for machinery and mobile machinery.
Question: What development processes prevent systematic errors? How does functional safety reduce potential risks?
Schankin: While functional safety cannot completely prevent malfunction, it plays a crucial role in mitigating the potential harm they can inflict.
Functional safety fundamentally seeks to minimize risk to an acceptable level. To achieve this goal, various standards outline the necessary processes for development and production, govern the oversight of electronic systems, and set criteria for ensuring a safe operational state. In the context of functional safety, several methods and processes are used to mitigate risk effectively.
- Risk analysis: At the beginning of the development process, potential risks are identified and assessed. Methods such as failure mode and effects analysis (FMEA) or fault tree analysis (FTA) help to understand possible sources of error and their effects.
- Requirements management: Clear and precise safety requirements are defined. These requirements must be considered and reviewed throughout the development process to ensure that the system meets the required safety standards.
- Safety architecture: Developing a robust safety architecture is critical. This includes implementing redundancies, error detection and recovery mechanisms, and separating safety-critical functions from less critical ones.
- Documentation: Comprehensive documentation of all safety processes, requirements and tests is important to ensure transparency and enable traceability.
- Training and awareness: Training employees on safety standards and practices is critical to ensure that all stakeholders understand the importance of functional safety and incorporate it into their work processes.
Question: What is a safety state?
Schankin: In the context of functional safety, the term "safe state" refers to a condition in which a system or component does not present a risk to human safety. This condition is attained when the system can operate safely or transition to a state that reduces the likelihood of harm or hazards, particularly during instances of faults or malfunctions.
The following requirements apply to the safe state:
- Minimization of risks: The safe state should be designed to minimize or eliminate potential risks and hazards that could arise from malfunctions or unexpected events.
- Predictability: The transition to the safe state must be predictable and controllable. This means that the system should be able to enter this state in a defined way when a fault or error occurs.
- Accessibility: The safe state should be easily recognizable and accessible to all users and systems so that a quick response can be made in the event of an emergency.
- Stability: The safe state should be stable and not lead to further hazards. The system should remain in this state until it can safely return to normal operating status.
- Compliance with safety requirements: The safe state must comply with the specified safety requirements and standards relevant to the specific system or application.
- Documentation and traceability: The safe state and the conditions under which it is achieved should be documented and traceable to ensure that all parties involved understand and adhere to safety protocols.
Question: What is safety integrity level (SIL) and what is a risk classification process?
Schankin: The safety integrity level (SIL) is a measure of the safety of safety-related systems. It indicates how reliably a system can carry out safety-relevant functions in order to minimize risks. SIL is categorized into four distinct levels, ranging from SIL 1 to SIL 4, with SIL 4 representing the highest safety level and placing the strictest demands on the reliability and availability of a system.
Risks are typically classified through a risk analysis that take into account various factors, such as the likelihood of an undesirable event occurring and the potential consequences of that event. This analysis helps determine the required safety integrity level (SIL) for a system to ensure that it meets specific safety requirements. Classification can also be done through methods such as hazard and risk analysis (HARA) or fault tree analysis (FTA).
In the heavy-duty sector, the focus is on performance levels instead of SIL levels. Essentially, the underlying principles and processes are like those associated with SIL levels.
Question: EAO has now launched the first certified Keypad onto the market, What specific benefits does this offer to customers?
Schankin: The PREMIUM variant of the S09 Keypad offers customers the advantage of utilizing a CAN-Keypad in applications that require functional safety. Its existing certification for functional safety significantly reduces the development and certification effort for the customer.
Question: What role does the keypad play in the application?
Schankin: The keypad serves as the primary interface for interaction between the operator and the machine. It enables the operator to input requests while simultaneously facilitating intuitive and straightforward communication from the machine back to the operator. For instance, the keypad can indicate that a component of the machine is in motion by illuminating a yellow halo ring in a rotating manner. Additionally, it can alert the operator to a hazardous situation by causing all halo rings to flash red.
Question: Which product features are particularly helpful for the user?
Schankin: Our S09 outdoor keypads are designed for exceptional durability and an extended lifespan. They can withstand over 1 million operations within a temperature range of -40 to 85°C. Additionally, the keypads can be safely cleaned using a high-pressure cleaner without any risk of damage. Furthermore, these keypads offer a wide array of illumination options that facilitate intuitive interaction with the user. This includes various illumination colors, as well as effects such as rotating, flashing, fading, and four distinct segments in the halo ring.
