Safety Integrity Level (SIL) and Performance Level (PL)
The first concern of the designer or OEM must be to ensure the safety of the user of their machine. This is achieved initially through intrinsically safe design, followed by the use of safety components and control systems, and finally by establishing the proper procedures for commissioning, use, maintenance and ultimately, disposal of the machine.
Safety components provide functionalities such as ensuring that the machine stops when a body part gets caught in it, or that a robot adopts a safe speed when a person enters the hazardous zone, or any number of other ‘if…then’ situations. Safety components can therefore be seen as products that respond to an incident in a predefined way.
For every new machine (including existing machines ‘substantially modified’ by maintenance), a risk assessment must be performed to determine where and what kinds of safety components are required. Every specific hazardous situation is examined: what are the consequences, how often and for how long can this situation occur, and what are the options to prevent the danger? Those hazards that have the severest consequences, highest probability of occurring and fewest options for prevention, will require the most reliable safety functionality.
Reliability of the safety component or machine
The reliability of a single component or assembly of components (i.e. the machine) is designated as either its Safety Integrity Level (SIL) or Performance Level (PL). In both cases, the corresponding SIL or PL value is determined based on the calculated ‘statistical probability of failure’.
Machine builders often prefer to state the PL because its methodology is easier to understand than SIL, and its formulas are less complex. Moreover, it can be applied equally well to electric, pneumatic and hydraulic drive and control technology. This quantification of the risk mitigation is based on NEN EN ISO standard 13849-1:2006 ‘Safety of machinery - Safety-related parts of control systems’, which has been harmonized under the Machine Directive.
The Performance Level is divided into five categories designated a to e, where a represents the lowest reliability, and e the highest reliability. In other words: the worse the risk, the higher the necessary PL category.
At most companies, SIL is generally seen as solely for the process industry, but this is far from the truth. Although the safety rating method based on NEN EN IEC standard 62061 ‘Safety of machinery - Functional safety of safety-related electrical, electronic and programmable electronic control systems’ is indeed widely-used within this sector, it nevertheless has advantages for a typical machine builder. For example, as the NEN states on its website: ‘SIL is more comprehensive than PL, especially in the area of documentation and data collection; important aspects when you consider the management aspects and the drawing-up of a functional safety plan. More and more customers are requesting this information and the related reports.’
The safety capabilities of sensors from DIS Sensors are provided by features such as redundant (dual) functionality, communication via the CANopen Safety Protocol EN50325-5 (CiA304), and continuous verification of correct operation of all components.