How do you future-proof your safety systems?

Looking through machine safety standards there is plenty of guidance for the early phases of machine safety system life cycles, by this I mean you can find good guidance to explain the following activities:
  • Select the required integrity level; CAT/PL/SIL
  • Design the safety system
  • Verify the system design
  • Validate the safety system
But what guidance is available for the operation phase of the safety system? Safety systems can be operational for 10 to 20 years, sometimes even longer! Is it reasonable to expect application parameters won't change the requirements of the safety system over that extended period of time?

Requirements can change dramatically over the life of a safety system for example here are some parameters that could affect the suitability of the current safety system:
  • The uses of the machine 
  • Speed of throughput
  • Frequency/duration of safety demands on the system
  • Stopping times of the equipment
The need to design systems to take consideration of the above changes is becoming more prevalent. Functional safety standards such as AS 62061 mention these factors as prompters for safety system modification, but how can you reliably identify these parameter changes?

Relying on manual monitoring of the safety system parameters causes extra work and is susceptible to human complacency/error.

With the ability to have high levels of data sharing from modern safety systems to standard control systems, it is possible to create this parameter checking as an automated function of the control system. Thus if the use of the machine is changed in a way that effects the safety system's suitability, this will be flagged by the control system and initiate the appropriate modification process.

The most common example of the above concept is Stopping Performance Monitoring (SPM), which is a requirement out of IEC/TS 62046. SPM should be performed when presence sensing systems such as light curtains, safety mats or laser scanners are used as a trip device and the stopping performance of the machine can be subject to deterioration, due to wear of brakes, valves, etc. SPM could be achieved by the machine control system monitoring the stopping performance of the machine and comparing this result to the calculated stopping time used for the safety distance calculation of the presence sensing system. Once the calculated stopping time is exceeded the control system could initiate a safety stop, provide information to the operator of this condition and not allow operation until the system is restored to its acceptable state.

Preventative warnings could be provided by the control system as the stopping performance approaches the calculated stopping time, thus the braking system can be repaired in upcoming scheduled maintenance. Downtime is then avoided and the level of safety is maintained.

Require more information about how modern safety systems with increased integration can assist? 

Craig may be able to assist you with the above mentioned issues, so please reach out via email -

Craig has been a Safety Specialist with NHP Electrical Engineering Products since 2007. He is also a committee member at Standards Australia and is a TUV Rheinland certified Functional Safety engineer.
Craig Imrie

Published: 6 July 2016