How does Your Product meet the Standards of Functional Safety? On Little Space, with Little Weight and for Little Money?

The Standard Design Platform for Functional Safety

Developments for functional safety are expensive and take a long time, especially when they start with a white sheet of paper. Our standard design for functional safety helps you reduce project duration, development and certification cost, plus technical risk and certification risk.

Functional safety is essential for more and more products. All electrical, electronic or programmable electronic components (E/ E/ PES) that in case of failure pose a significant risk to people and the environment must comply with the relevant laws, regulations and standards. If you develop control systems for e.g. ISO 13849, IEC 62061 or IEC 61508, you can benefit from our platform. It is suitable for motion control, IO modules, sensors and actuators and connection to secure fieldbuses, among other things. Reduce the space and power requirements of your solution.

The functions that are possible with the standard design are similar to those of an integrated and cost-optimized safety PLC. Except that the safety controller can be part of your PCB or added as a mezzanine module to your (existing) hardware. In addition, the platform can be used for logic in sensor or actuator nodes and as a connection to a safe fieldbus. The platform is adapted to your individual requirements, regarding input signals, outputs, functions and form factor.

Compared to a solution with a commercial standard component, the solution based on our platform is worthwhile from approx. 2'000 units (incl. development, certification and manufacturing costs).

Benefit from our many years of expert knowledge in the field of functional security and information security by using the standard design. We evolve it into your tailor-made product including all necessary documentation for certification, which you can produce yourself or which we can produce for you with our partners.

Since you get the sources, schemas and documentation (FMEDA, design, test, traceability ...) of the whole project, there is no dependency, no "vendor lock-in".

Fields of Application

Industrial automation (personal protection, secure real-time communication ...)
Process measurement (pressure sensors, level sensors...)
Robotics (motor control, motion control, emergency stop function...)
Energy management (inverters, battery management system...)
Medical technology (device control, monitoring of vital parameters...)
Rail
Avionics

Hardware

The standard design for functional safety is based on microcontrollers with the main monitoring features (memory, watchdog...) already on the processor. As required, two redundant parallel channels with inputs (sensors/ analog/ digital) and outputs (analog/ digital) are used. Depending on the desired safety level, additional external watchdogs and voltage monitors are used.

In a two-channel solution, basically the voting between the channels is implemented in software, with few additional logic elements on the hardware side. The safe bus/ safe fieldbus is decoded by both processors and the transmitted information is checked for consistency before being sent.

Software

In the case of the two-channel architecture, fundametally similar programs run synchronized on both processors. All input data (buses, sensors...) are read in, processed and then output again (actuators, safety shutdown, buses...). At each step the data is compared and the system can react in case of differences, by e.g. switching to safe state, of course including the controlled actuators.

Safety mechanisms like watchdog and program flow monitoring can be implemented and certified in the parallel software structure with little effort.

Graphical representation (block diagram) of the structure of the Solcept Platform for Functional Safety

Functionality of the Standard Design

The platform offers these options (see also the drawing above: blue part):

Secure inputs
- redundant digital or analog inputs
- redundant I2C or SPI
Safe bus connection
- to safety fieldbuses
- to proprietary solutions or communication with your microcontroller
Any safety functions
Safe outputs
- redundant shutdown
- readback of the output state

The non-functional requirements that the design fulfills are also important. These are often the larger limitation than the functional aspects:

Safety architecture (1oo1 or 1oo2 (non-diverse redundant))
- ISO 13849 PL a..e
- IEC 62061 SIL 1..3
- IEC 61508 SIL 1..3
- or other standards of your industry
Safety mechanisms
- hardware monitoring (power supply, clock sources, interfaces ...)
- fault monitoring (single failure, common cause failure, program flow monitoring ...)
- watchdog timer/ clock monitoring
- power supply monitoring
Data security
- Secure Boot
- secure certificate and key storage
- encryption
- identification
Industrial quality
- temperature range -40..+85 °C
- long product life (long-term availability)
- EMC and radio certification
- developed according to Solcept processes (CMMI for Development (Maturity Level 3), ISO 9001)

Your Application

The specific application (developed in C) can include, but is not limited to:

Monitoring
Shutdown of drives
Safe indications (operating status...)
Any other safety functions

Technology Base

This Standard System Design is based on the following technologies:

Microcontroller
- Renesas RX or Arm Cortex
Operating system
- none (bare-metal) (on request SAFERTOS (FreeRTOS))
Safety
- ECC-RAM, ECC
Security
- unique ID
- cryptography unit
Interfaces & Protocols
- safe fieldbuses
  - Safety over EtherCAT (FSoE)
  - PROFIsafe
  - openSAFETY
- proprietary safe communication (Black-Channel)
  - I2C/ SPI
  - UART
  - LIN, CAN, IO-Link
- to sensors/ actuators...
  - USB, UART
  - SPI, I2C
  - ADC, DAC
  - current/ voltage interfaces