With the advent of electronics in safety-related installations, it is necessary to monitor safety-relevant elements due to the increasing complexity of equipment. For this reason, German safety standard DIN EN 61508 requires provision of an appropriate level of diagnostic coverage for various safety integrity levels SIL1 through SIL4. In terms of implementation, under these requirements independent diagnostic units which allow system tests to be carried out during operation must be employed with regard to the safety-relevant elements and/or channels. It is problematic that the particular diagnostic and test units may inadvertently influence the safety-relevant elements or channels, and that detection of the absence of reactions requires a very high level of effort. In addition, diagnosis of the test units is limited, so that the elements to be tested cannot be checked for all defects. The diagnostic units typically operate using test pulses which, however, may interfere with or delay the particular process due to the influencing of time responses and sequences, so that the actual processing of the safety function may be impaired for this period of time.
Furthermore, the channels to be checked are not operational during the tests, so that the safety function is suppressed for the test period, and the redundancy must be suspended.