Machinery sensor example (ISO 13849, IEC 61508)
We receive many enquiries from organisations that need to develop control systems for machinery in compliance with international safety standard ISO 13849.
On this page, we present- in outline – an example of a ‘Time Triggered‘ (TT) design that can meet such requirements.
The design employs two low-cost microcontrollers.
[This page was last updated 2018-03-06]
Key system and safety requirements
In this example, the aim is to ensure that the operator of a piece of equipment is alert: if (for example) the operator falls asleep, becomes ill or leaves his or her position for some other reason, the equipment that the operator is responsible for must be shut down safely.
Such an ‘Operator in Place’ (OiP) monitoring facility has many potential applications: some of these are considered at the end of this example.
It will be assumed that the OiP system is to be applied in the piece of machinery illustrated below.
Relevant international safety standards
ISO 13849 applies to the development of control systems for a very wide range of machinery.
More specifically, ISO 13849-1 provides safety requirements and guidance on the principles for the design and integration of safety-related parts of control systems (SRP/CS), including the design of software.
ISO 13849-1 provides specific requirements for SRP/CS using programmable electronic system(s).
ISO 13849-1 includes a set of 5 ‘designated architectures’ (DAs): using one of these DAs may help to make it easier to demonstrate compliance with the standard. As an example, the figure below represents a Category 4 designated architecture.
In our experience, the ‘TT Platforms’ presented in ‘ERES2‘ provide an effective way of meeting the requirements for the various DAs in ISO 13849-1: please see the table below.
In addition to supporting the implementation of ‘designated architectures’, use of TT architectures can also simplify the process of meeting other key requirements in the ISO 13849 standard, such as those for “response-time” [ISO 13849-1 (2015), Section 5.2.6]
The figure below illustrates an outline design for an OiP system that is intended to meet both ISO 13849 (Category 4 / PL e) and IEC 61508 (‘SIL 3’) requirements.
Building on a DuplicaTTor software framework (summarised in the figure below), this design employs two low-cost camera modules and appropriate processing to ensure that the machine can only move if there is an alert operator in the cab.
To achieve this, some of the following operations might need to be performed: [i] the images of the cab would be checked against stored examples to ensure that the operator was sitting in the correct seat position; [ii] images taken in sequence would be checked to ensure that the driver was moving about (a little), as would be expected from an alert person.
If required, this design could be prototyped on a DuplicaTTor Evaluation Board.
Related design examples
It might be argued that an OiP system similar to that presented here should be included in all heavy vehicles that operate on public roads, and particularly to vehicles – such as passenger coaches and school buses – that carry passengers. Similarly, rail vehicles – including both trains and trams – may benefit from such a system (see figure below).
Learn more about TT software architectures
The Second Edition of ‘The Engineering of Reliable Embedded Systems’ (ERES2), documents an industry-proven approach to the development of software for reliable, real-time embedded systems, based on the use of ‘Time Triggered’ (TT) architectures.
What distinguishes TT approaches is that it is possible to model the expected system behaviour precisely. This means that: [i] during the development process, we can demonstrate that all of the requirements have been met; and [ii] at run time, we can detect problems very quickly.
The end result is that we can have a high level of confidence that a TT system will either: [i] operate precisely as required; or [ii] move into an appropriate state if a problem occurs.
The above characteristics mean that appropriately-implemented TT systems provide a particularly effective means of meeting the requirements of various international safety standards.
In order to illustrate how the TT techniques presented in ERES2 can be employed in practical designs, five detailed case studies are included. These studies describe the development of embedded control and monitoring systems for the following products:
- an industrial alarm sounder unit (IEC 61508, SIL 2);
- a domestic washing machine (IEC 60730, Class B);
- a hospital radiotherapy machine (IEC 62304, Class C);
- a steering-column lock for a passenger car (ISO 26262, ASIL D);
- an aircraft jet engine (DO-178C, Level A).
Complete your cost-effective ISO 13849 design successfully using a SafeTTy Solutions™ package
Our SafeTTy Solutions™ packages are designed to help your development team produce a safety-related embedded system quickly and cost-effectively, in compliance with one or more international safety standards (IEC 61508, ISO 13849, ISO 26262, DO-178C, IEC 62304, IEC 60730 …).
SafeTTy Solutions packages are based on TT designs and include carefully-selected combinations of our various products and services.
SafeTTy Solutions packages include an appropriate ReliabiliTTy® Technology Licence.
Learn more about SafeTTy Solutions packages …