From risks to requirements: Comparing the assignment of functional safety requirements

Timo Malm, Outi Venho-Ahonen, Marita Hietikko, Tor Stålhane, Charlotte de Bésche, Johan Hedberg

Research output: Book/ReportReport

Abstract

Risks are categorized, e.g. to prioritize them and to select safety systems and devices with adequate safety properties. A functional safety level that is too high causes exaggerated costs, since more components and validation resources are required to reach a higher level of safety. A functional safety level that is too low leads to inadequate safety requirements and an increase in the risk of accidents. A questionnaire was conducted of the machinery sector to find out which methods were applied in risk assessment and about the functional safety SIL/PL assignment process in the machinery sector. The ISO 13849-1 method is the most common, but the IEC 62061 method is also applied. A round robin test was conducted to compare and check how well the methods matched each other. The assessors estimated the parameters of the risks and assigned the required SIL (Safety Integrity Level) and PL (Performance Level). Nine cases related to mobile work machines and nine cases to industrial robots were used in the experiment. There were 19 assessors in the mobile work machine experiment and 17 in the robot experiment. For each mobile work machine case there was also a standard example that resembled the test case, making it possible to compare the results with the standards. The study shows that in most cases the results correspond to each other, though there are some exceptions. The IEC 62061 method rarely results in SIL 1 but instead in SIL 0 or SIL 2. The IEC 62061 and ISO 13849-1 methods both result in at least a moderate risk level if the severity parameter is high, whereas some other standards (related to the vehicles) clearly drop the risk level if the probability parameter is low or the controllability good. The next ISO 13849-1 (2016), will have also probability parameter, which enables in this case low risk level. An Excel tool was presented to fine-tune the risk levels by applying the risk matrix. The aim was to calibrate the risk levels to match the case better without changing the parameters. Thus, the new risk levels were presented immediately according to the defined risk matrix.
Original languageEnglish
Place of PublicationEspoo
PublisherVTT Technical Research Centre of Finland
Number of pages58
ISBN (Electronic)978-951-38-8384-3
Publication statusPublished - 2015
MoE publication typeNot Eligible

Publication series

SeriesVTT Technology
Number241
ISSN2242-1211

Fingerprint

Machinery
Safety devices
Industrial robots
Experiments
Controllability
Security systems
Risk assessment
Accidents
Robots
Costs

Keywords

  • functional safety
  • risk assessment
  • safety requirements
  • machinery

Cite this

Malm, T., Venho-Ahonen, O., Hietikko, M., Stålhane, T., de Bésche, C., & Hedberg, J. (2015). From risks to requirements: Comparing the assignment of functional safety requirements. Espoo: VTT Technical Research Centre of Finland. VTT Technology, No. 241
Malm, Timo ; Venho-Ahonen, Outi ; Hietikko, Marita ; Stålhane, Tor ; de Bésche, Charlotte ; Hedberg, Johan. / From risks to requirements : Comparing the assignment of functional safety requirements. Espoo : VTT Technical Research Centre of Finland, 2015. 58 p. (VTT Technology; No. 241).
@book{557bd0d946174f21a87164b3bcc80e18,
title = "From risks to requirements: Comparing the assignment of functional safety requirements",
abstract = "Risks are categorized, e.g. to prioritize them and to select safety systems and devices with adequate safety properties. A functional safety level that is too high causes exaggerated costs, since more components and validation resources are required to reach a higher level of safety. A functional safety level that is too low leads to inadequate safety requirements and an increase in the risk of accidents. A questionnaire was conducted of the machinery sector to find out which methods were applied in risk assessment and about the functional safety SIL/PL assignment process in the machinery sector. The ISO 13849-1 method is the most common, but the IEC 62061 method is also applied. A round robin test was conducted to compare and check how well the methods matched each other. The assessors estimated the parameters of the risks and assigned the required SIL (Safety Integrity Level) and PL (Performance Level). Nine cases related to mobile work machines and nine cases to industrial robots were used in the experiment. There were 19 assessors in the mobile work machine experiment and 17 in the robot experiment. For each mobile work machine case there was also a standard example that resembled the test case, making it possible to compare the results with the standards. The study shows that in most cases the results correspond to each other, though there are some exceptions. The IEC 62061 method rarely results in SIL 1 but instead in SIL 0 or SIL 2. The IEC 62061 and ISO 13849-1 methods both result in at least a moderate risk level if the severity parameter is high, whereas some other standards (related to the vehicles) clearly drop the risk level if the probability parameter is low or the controllability good. The next ISO 13849-1 (2016), will have also probability parameter, which enables in this case low risk level. An Excel tool was presented to fine-tune the risk levels by applying the risk matrix. The aim was to calibrate the risk levels to match the case better without changing the parameters. Thus, the new risk levels were presented immediately according to the defined risk matrix.",
keywords = "functional safety, risk assessment, safety requirements, machinery",
author = "Timo Malm and Outi Venho-Ahonen and Marita Hietikko and Tor St{\aa}lhane and {de B{\'e}sche}, Charlotte and Johan Hedberg",
year = "2015",
language = "English",
series = "VTT Technology",
publisher = "VTT Technical Research Centre of Finland",
number = "241",
address = "Finland",

}

Malm, T, Venho-Ahonen, O, Hietikko, M, Stålhane, T, de Bésche, C & Hedberg, J 2015, From risks to requirements: Comparing the assignment of functional safety requirements. VTT Technology, no. 241, VTT Technical Research Centre of Finland, Espoo.

From risks to requirements : Comparing the assignment of functional safety requirements. / Malm, Timo; Venho-Ahonen, Outi; Hietikko, Marita; Stålhane, Tor; de Bésche, Charlotte; Hedberg, Johan.

Espoo : VTT Technical Research Centre of Finland, 2015. 58 p. (VTT Technology; No. 241).

Research output: Book/ReportReport

TY - BOOK

T1 - From risks to requirements

T2 - Comparing the assignment of functional safety requirements

AU - Malm, Timo

AU - Venho-Ahonen, Outi

AU - Hietikko, Marita

AU - Stålhane, Tor

AU - de Bésche, Charlotte

AU - Hedberg, Johan

PY - 2015

Y1 - 2015

N2 - Risks are categorized, e.g. to prioritize them and to select safety systems and devices with adequate safety properties. A functional safety level that is too high causes exaggerated costs, since more components and validation resources are required to reach a higher level of safety. A functional safety level that is too low leads to inadequate safety requirements and an increase in the risk of accidents. A questionnaire was conducted of the machinery sector to find out which methods were applied in risk assessment and about the functional safety SIL/PL assignment process in the machinery sector. The ISO 13849-1 method is the most common, but the IEC 62061 method is also applied. A round robin test was conducted to compare and check how well the methods matched each other. The assessors estimated the parameters of the risks and assigned the required SIL (Safety Integrity Level) and PL (Performance Level). Nine cases related to mobile work machines and nine cases to industrial robots were used in the experiment. There were 19 assessors in the mobile work machine experiment and 17 in the robot experiment. For each mobile work machine case there was also a standard example that resembled the test case, making it possible to compare the results with the standards. The study shows that in most cases the results correspond to each other, though there are some exceptions. The IEC 62061 method rarely results in SIL 1 but instead in SIL 0 or SIL 2. The IEC 62061 and ISO 13849-1 methods both result in at least a moderate risk level if the severity parameter is high, whereas some other standards (related to the vehicles) clearly drop the risk level if the probability parameter is low or the controllability good. The next ISO 13849-1 (2016), will have also probability parameter, which enables in this case low risk level. An Excel tool was presented to fine-tune the risk levels by applying the risk matrix. The aim was to calibrate the risk levels to match the case better without changing the parameters. Thus, the new risk levels were presented immediately according to the defined risk matrix.

AB - Risks are categorized, e.g. to prioritize them and to select safety systems and devices with adequate safety properties. A functional safety level that is too high causes exaggerated costs, since more components and validation resources are required to reach a higher level of safety. A functional safety level that is too low leads to inadequate safety requirements and an increase in the risk of accidents. A questionnaire was conducted of the machinery sector to find out which methods were applied in risk assessment and about the functional safety SIL/PL assignment process in the machinery sector. The ISO 13849-1 method is the most common, but the IEC 62061 method is also applied. A round robin test was conducted to compare and check how well the methods matched each other. The assessors estimated the parameters of the risks and assigned the required SIL (Safety Integrity Level) and PL (Performance Level). Nine cases related to mobile work machines and nine cases to industrial robots were used in the experiment. There were 19 assessors in the mobile work machine experiment and 17 in the robot experiment. For each mobile work machine case there was also a standard example that resembled the test case, making it possible to compare the results with the standards. The study shows that in most cases the results correspond to each other, though there are some exceptions. The IEC 62061 method rarely results in SIL 1 but instead in SIL 0 or SIL 2. The IEC 62061 and ISO 13849-1 methods both result in at least a moderate risk level if the severity parameter is high, whereas some other standards (related to the vehicles) clearly drop the risk level if the probability parameter is low or the controllability good. The next ISO 13849-1 (2016), will have also probability parameter, which enables in this case low risk level. An Excel tool was presented to fine-tune the risk levels by applying the risk matrix. The aim was to calibrate the risk levels to match the case better without changing the parameters. Thus, the new risk levels were presented immediately according to the defined risk matrix.

KW - functional safety

KW - risk assessment

KW - safety requirements

KW - machinery

M3 - Report

T3 - VTT Technology

BT - From risks to requirements

PB - VTT Technical Research Centre of Finland

CY - Espoo

ER -

Malm T, Venho-Ahonen O, Hietikko M, Stålhane T, de Bésche C, Hedberg J. From risks to requirements: Comparing the assignment of functional safety requirements. Espoo: VTT Technical Research Centre of Finland, 2015. 58 p. (VTT Technology; No. 241).