How to Determine Machine Performance Levels
In this installment of our series on functional safety, we’re exploring machine performance levels, which specify the ability of safety circuits to execute a safety function under foreseeable conditions. Based on the risk assessment, which we covered in our last blog post, either a Safety Integrated Level (SIL) or a Performance Level (PL) is assigned to each part of the machine. Performance levels are specified as discrete levels—PLa, PLb, PLc, PLd and PLe—and are only determined for complete safety circuits or safety devices.
Here are some of the quantitative and qualitative parameters that determine PL:
Circuit Structure. The structure of a safety circuit depends on the arrangement of the components and diagnostics. These structures are divided into categories B to 4, which classify the safety circuits in terms of their resistance to faults and behavior when a fault occurs.
Mean Time to Dangerous Failure. The Mean Time to Dangerous Failure (MTTFD) takes into account the reliability of the components in the safety circuits. It also specifies the portion of failure modes that poses a hazard to personnel, environment or equipment.
Diagnostic Coverage (DC) and Common Cause Failures (CCF). DC measures the effectiveness of the diagnostics and also specifies the proportion of identifiable and unidentifiable dangerous failures. The higher the risk, the higher the effectiveness of these diagnostics. CCF refers to the failures of different components due to a single event.
Fault Behavior. For category 2 safety circuits, you can assess fault behavior with a failure mode and effects analysis (FMEA) or fault tree analysis (FTA). Depending on your application and selected components, you may need to take additional measures to meet ISO 13849 requirements.
Safety-Related User Software. The product life cycle of safety-related user software must take into account the prevention of faults. The software’s primary objective must be readable, understandable, testable, maintainable—and preferably fault-free.
Systematic Failures—and More. These are the failures that can be traced back to a specific cause and can only be eliminated by changing the design, manufacturing process, operating behavior and documentation. Other parameters for determining PL include the ambient conditions, requirement rate and any substances affecting the materials.
The following figure depicts a simplified procedure for determining the PL of a safety function. While the PL can be assigned to a specific SIL level, it is not possible to infer the PL from the SIL.
Be on the lookout for our next blog post on functional safety. In the meantime, sign up for our newsletter.