More and more industries are now adopting Functional Safety standards, such as IEC 61508, either for legislative or due-diligence reasons. As recognition widens, there is a growing demand for electronic products (“elements”) which are certified for use in 61508 systems.

As equipment designers, Mutech design “elements” or modular “subsystems” that form part of a safety instrumented system. This is mostly to the “realisation” phase of the functional safety lifecycle (box 10 of IEC 61508-1 Figure 2), although consideration has to be given to all of the other lifecycle stages. This means the design and verification of electronic equipment and associated software.

Mutech have over the years produced a process and set of tools to make intrinsic safety development as efficient as possible. The approach is highly test driven, with all tests (both hardware and software) easily repeated at the press of a button. Hence, if a small change is made in the software or hardware then every test can be re-run within a couple of minutes, thus ensuring that the change did not have an unexpected impact on seemingly unrelated parts of the software or hardware.

Software development for functional safety is at first glance highly documentation and verification heavy compared to most other software development. It is true that there is a considerable amount of up-front work required before the first line of code is written, but the detailed process produces highly reliable software first time, thus minimising the back end process of fixing software bugs.

Mutech are used to their designs being third party assessed, and hence have documentation templates designed for assessment by the most rigorous of assessors. Mutech can provide liaison with assessors to make the process as efficient as possible.

What is SIL?

The term SIL is referred to a lot within the functional safety world, but it is often miss-understood. It is the safety integrity level of an overall safety function. Since Mutech design equipment that form part of a safety function, the task is to produce equipment that is capable of meeting the overall safety function. Since there are two types of failure, that essentially requires meeting two criteria:

1. Systematic capability (SC). This is employing suitable techniques and measures suitable for the target SIL, and this is classified such that (for example) SC2 is normally suitable for SIL2.

2. Hardware failure rates. The SIL will define a required failure rate for the overall safety function, and generally a percentage of that is allocated to the element. Quite often when designing elements, the rest of the safety system is not known and hence a reasonable proportion is assigned.


