Search Certificate Database

Functional Safety


Functional Safety (FS) = Safety against hazards resulting from a faulty and disturbed functionality. Functionally safe controls and protective equipment are installed and used at all places, where persons, the environment and goods of value have to be protected. Such applications are for instance industrial machines, at which the operators and humans have to be protected against the hazards of dangerous movements and emissions of the machine, chemical plants, railway, automotive, medical devices etc.
The safety has to be ensured under normal / undisturbed conditions and must not get lost in case of abnormal conditions. That means the products have to be designed in such a way, that faults, failures and external influences must not result in an undetected loss of safety.

Objective of Functional Safety

The objective of Functional Safety is freedom from unacceptable risk of physical injury or of damage to the health of people either directly or indirectly (through damage to property or to the environment). Today the objective is sometimes extended to the protection against damage and destruction of goods of value.

Functional Safety is intrinsically end-to-end in scope in that it has to treat the function of a component or subsystem as part of the function of the whole system. This means that whilst Functional Safety standards focus on Electrical, Electronic and Programmable Systems (E/E/PS), the end-to-end scope means that in practice Functional Safety methods have to extend to the non-E/E/PS parts of the system that the E/E/PS actuates, controls or monitors.

Achieving Functional Safety

Functional Safety is achieved when every specified safety function is carried out and the level of performance required of each safety function is met. This is normally achieved by a process that includes the following steps as a minimum:

  1. Identifying what the required safety functions are. This means the hazards and safety functions have to be known. A process of function reviews and formal risk and hazard analysis are applied to identify these.
  2. Assessment of the risk-reduction required by the safety function. This will involve a Safety Integrity Level (SIL) Assessment. A Safety Integrity Level (SIL) applies to an end-to-end safety function of the safety-related system, not just to a component or part of the system.
  3. Ensuring the safety function performs to the design intent, including under conditions of incorrect operator input and failure modes. This will involve having the design and lifecycle managed by qualified and competent engineers carrying out processes to a recognized Functional Safety standard. This is today the IEC / EN 61508, which is regarded as the Mother Standard for Functional Safety, or one of the industry specific standards (sector-application standards) derived from IEC / EN 61508.
    IEC 61508 diagram

    Figure 1: IEC 61508 as the Mother Standard for Functional Safety and derived Sector-Application Standards

  4. Verification that the system meets the assigned SIL, by determining the Mean Time Between Failures (MTBF) and the Safe Failure Fraction (SFF), along with appropriate tests. The Safe Failure Fraction is the probability of the system failing in a safe state: the dangerous (or critical) state states are identified from a Failure Mode and Effects Analysis or (Failure Mode, Effects, and Criticality Analysis) of the system (FMEA or FMECA).
  5. Conduct Functional Safety audits to examine and assess the evidence that the appropriate safety lifecycle management techniques were applied consistently and thoroughly in the relevant lifecycle stages of product.

Neither safety nor Functional Safety can be determined without considering the system as a whole and the environment with which it interacts. Functional Safety is inherently end-to-end in scope.

Certifying Functional Safety

Any claim of Functional Safety for a component, subsystem or system should be independently certified to one of the recognized Functional Safety standards. A certified product can then be claimed to be Functionally Safe to a particular Safety Integrity Level or a Performance Level in a specific range of applications: the certificate is provided to the customers with a test report describing the scope and limits of performance.
It is possible to certify both products and processes that manage the lifecycle of the product.

Top of Page