Functional Safety Update
The AEF as pacemaker for ISOBUS Functional Safety
Right, Functional Safety is important, but what’s that again and how does it relate to the ISOBUS?
Per ISO25119, a functionally safe system performs in a way that does not present unreasonable risk of injury to operators or bystanders. For that reason, the ISO25119 describes an approach to assess the risk of malfunctioning behavior and then provides a risk-based set of requirements for product design, production, operation and maintenance.
Today, designing a safety-related control system which is distributed over two or more ISOBUS participants is a huge challenge and often only possible with restrictions (such as requiring the operator’s presence to monitor system behavior or limiting the operation to a known and trusted partner). When formal ISO25119 compliance is a requirement, relying on ISOBUS information is in most cases not acceptable and results in the addition of local sensors or actuators.
The goal of the AEF Functional Safety Expert Team is to define rules (functional safety requirements) for ISOBUS participants in alignment with ISO25119 that allow them to offer a function with a certain functional safety guarantee. Those rules cover key aspects such as architecture (e.g. redundancy), component reliability, diagnostic coverage and software development for a general input and output system and are additionally enriched with dedicated requirements for sufficient protection of the communication interface. The basic idea behind this approach it to enable functionally safe and ISO25119 compliant plug and play between any implementing participants. This will allow manufacturers in the future to drive down cost while providing increased functionality. Formal application of ISO25119 for distributed ISOBUS functions should also be a convincing argument for legal bodies and in case of product liability lawsuits.