In general, a safety-related system uses a safety apparatus that includes duplexed sensors for producing an ON output in a safe state and enables an operation when the two sensors produce ON outputs (for example, see Patent Literature 1). Moreover, ISO 13849-1 Category 4 requirements include designs such that (1) a single fault does not lead to the loss of a safety function, and (2) a single fault can be detected when or before a next safety function operates.
In order to make the foregoing safety apparatus comply with ISO 13849-1 Category 4, means for detecting a fault of either of the duplexed sensors before the occurrence of a next fault need to be implemented. Among conventional fault detecting means of a safety apparatus include ones that determine that either one of two sensors is failed if a state where input signals from the sensors are in an inconsistent state lasts for a predetermined time or more.