Evaluation of an industrial sensor for safety use according to ISO 13849 / IEC 62061 standards

Categorizing an industrial sensor for use in critical safety systems requires a comprehensive approach that begins with a global risk analysis and encompasses hardware, software, and mechanical components.

Risk Analysis

Risk analysis is the foundation of any safety assessment. This initial approach must adopt a global perspective, focusing on how the component might fail in ways that could harm individuals. The process starts with identifying hazards, meaning dangerous scenarios involving the sensor, considering both its operational environment and the end user. Next, evaluate the risks, analyzing the likelihood and severity of each hazard.

Define the critical failure(s), which are those whose effects compromise user safety. Based on this, establish Safety Requirements, which are the measures needed to mitigate risks and ensure compliance with applicable standards. Critical failure modes will impact the implementation of software, hardware, and mechanics.

After identifying the system’s critical chain—the parts susceptible to critical risks—evaluate how the physical implementation responds to failures and whether safety can be guaranteed under such conditions.

The physical analysis begins with the hardware. Components are assessed to calculate the MTTF (Mean Time to Failure). This metric determines the sensor’s reliability and its ability to operate throughout its expected lifecycle, based on statistical models outlined in standards such as IEC 62380 or the widely known MIL-217 HBK.

Using these data, a quantitative FMEA (Failure Modes and Effects Analysis) is conducted. This analysis identifies hardware failure modes and prioritizes preventive actions. In addition, a safety study is performed to determine whether a specific failure mode compromises safety. This bottom-up analysis ensures that component failures threatening safety are thoroughly understood.

The next step involves a top-down approach using a Quantitative Fault Tree Analysis (FTA) to determine the MTTFd. Among the key metrics, Diagnostic Coverage stands out: ensuring the sensor effectively detects and reports failures, optimizing functional safety and establishing the appropriate metrics.

Software

Software plays a critical role in safety systems. If the sensor incorporates intelligence, compliance with IEC 62061 requires the following:

Analysis and Documentation of Requirements, clearly outlining the expected safety functionalities to ensure traceability from design to implementation. The standard mandates this for all safety-critical requirements.

Validation and Verification, involving software testing to confirm compliance with defined safety requirements and alignment with architectural and integration plans as specified in IEC 62061.

Though it is beyond this scope to determine whether software failures are random (they are not) or systematic (they are), a higher-level architectural perspective facilitates discussion of failure modes and their effects. For consistency with the global analysis, a FMEA should also be applied to the software’s Critical Chain.

Mechanical Reliability

Mechanical components are equally crucial to functional safety, as their failures can compromise critical failure modes. The process includes an FMEA to evaluate mechanical failure modes and their impact on overall system safety.

These failure modes are managed through two strategies:

Quality Control in Design and Production, implementing quality assurance processes to detect and mitigate mechanical failures during manufacturing, thus minimizing their impact on the safety chain. This aligns with efforts to address systematic failures.

Mechanical design principles, such as fatigue and fracture calculations, lifecycle analyses, and, where available, market durability data, demonstrate mechanical robustness under real-world conditions. This approach ensures reliability rates are substantiated through specific models and simulations.

Sensor Utilization in Safety Environments

The analysis informs conclusions regarding the sensor’s use, generally encompassing:

  • Utilization Margins, such as operational times and measurements.
  • Safety Criteria, including failure information for the processor.

Failure Rates, diagnostic coverage, and safety levels.

An integral approach, starting with global risk analysis and continuing with hardware, software, and mechanical assessments, confirms that the sensor complies with ISO 13849 and IEC 62061 standards. This approach also defines metrics enabling its use in components requiring a specified Performance Level.

Looking to simplify this process? Our advanced software streamlines risk analysis, automated calculations, FMEA, FTA, and manages hardware, software, and mechanical requirements within a unified platform.

Have questions or need guidance on your projects? Share them in the comments or contact us for a personalized demo!