Safety architectures, amongst other things, are addressed in the IEC 61508 Standard. The second edition of this standard was published in 2010. It relates to the functional safety of electrical/electronic/programmable safety-related systems.
The Standards EN13611—safety, regulating and control devices for gas burners and gas appliances—from 2011 and EN 60730—automatic electrical regulating and control devices for household and similar use—also from 2011 describe minimum requirements for safety systems.
Safety-related control systems are known from the fields of burner systems, automation technology, medical technology and vehicle technology, amongst others.
It is known in the prior art that, in systems for safety-critical tasks, measures have to be taken to protect against malfunctions. For example, this includes the monitoring of function blocks of a safety device by means of test signals. Also known is the multi-channel embodiment of a safety architecture with results comparison.
Randomly occurring (and also optionally systematically occurring) faults are intended to be identified using these measures. A safe state of a (burner) system or a process may be achieved by using a monitoring unit.
In the context of safety architectures and the corresponding safety circuits, a differentiation is made between fault-tolerant and failsafe architectures. Fault-tolerant architectures are characterized in that, after the occurrence of one or more faults, it also is possible for control tasks and monitoring tasks to be carried out further. In order to be able to achieve such tolerance relative to randomly occurring faults, the architectures frequently have to be constructed with a multi-channel redundancy.
In contrast to a fault-tolerant architecture, a failsafe system has to achieve a safe system state after the occurrence of a first fault. The same applies to further faults which occur. Even in such cases, the system has to achieve a safe system state. Therefore, first and second faults in the safety device have to lead to a safe system state.
In particular, the requirement for managing multiple faults often leads to multiple redundancy and thus increases the complexity of the architecture. Additionally, the multi-channel construction increases the costs of such systems. Finally, the significant complexity of the software and hardware associated with the multi-channel construction frequently does not contribute to the actual fulfillment of the control task and/or regulating task of a system.