Ensuring system integrity with SFFs

Safety Integrity Levels (SILs) are defined by the International Electrotechnical Commission (IEC) and other organizations to specify the number of allowable failures in electrical or electronic safety devices. Four SIL levels are possible, with SIL 4 being the most dependable and SIL 1 being the least. The SIL level depends on the average Probability of Failure on Demand (PFD), as shown in Table 1.

21
Table 1: To achieve a specified SIL level, devices must have less than the prescribed probability of dangerous failure.

SIL is defined and calculated according to IEC 61508, IEC 61511, IEC 62061, and other standards such as Instrument Society of America (ISA) S84.01. Electric and electronic devices certified for use in SIL applications provide a degree of confidence in their safety performance.

Programmable protection

Jokab Safety is a global supplier of safety devices and systems. The Swedish company’s Pluto product line consists of several small form factor modules mountable on DIN rails. Each module is a fanless, completely enclosed small form factor board. SIL 4 can be achieved with one channel and one input by using up to three different dynamic signals and static voltage (+24 V) to supply the inputs. The inputs only need one of the signal types to detect a short circuit between the channels. The sensor’s output is detected at the Pluto input.

Pluto devices are approved to various safety standards, including EN 954-1, EN ISO 13849-1, and EN 61508. All Plutos are master devices, meaning they can see each other’s I/O and local/global memories. Safety systems can be programmed with the Pluto Manager, a program- ming tool based on Windows with TÜV-approved safety function blocks.

Two examples illustrate how Pluto devices can ensure safety in embedded control applications. The first is Stockholm’s local traffic train repair shop, which uses 24 Pluto Programmable Logic Controllers (PLCs) to manage 40 electrically locked sliding doors and 225 meters of safety fences, preventing maintenance personnel from accessing the train roof when high voltage is switched on. The Pluto system communicates with the train’s signal system, making it easy to maneuver the train roof’s bridges, safety booms, and key lock switches.

The second application involves a system jointly developed by Switzerland firms Martin Brunner GmbH and HELOG Heliswiss for monitoring loads transported by helicopters (see Figure 1). A Pluto safety PLC installed in a helicopter monitors a load hook lock, which must be completely closed within five seconds, and checks for broken cables.

21
Figure 1: Heliswiss helicopters use the Pluto safety system to monitor loads and verify mechanical reliability.
(Click graphic to zoom by 1.7x)

While traditional machine safety is based on individual risk analysis conducted on each machine, regulations for aircraft components are based on rigorous standards and leave little room for variation. As an “All-Masters” safety PLC concept, Pluto small form factor modules offer simplified design and maximum reliability in a redundant, self-checking system that complies with the most stringent requirements.

For more information, contact Hermann at hstrass@opensystemsmedia.com.