Safety related functions with IEC 61850 GOOSE messaging

The international standard IEC 61508 introduces the concept of “safety related function” to achieve a satisfactory level of safety in processes that show unacceptable risks. A safety function is actuated by a safety system made up of one or more “sensors” that detect the abnormal condition, a “logic solver” that acquires the data from the sensor(s) and commands one or more “actuators” to drive the plant in safe condition. In many applications, the actuator is an electrical device, i.e. a circuit breaker that may be controlled through an IEC 61850 network. A typical architecture for industrial applications sees a PLC/DCS for controlling the process and an IEC 61850 network for controlling the electrical system. Safety related systems (SIS) are to be certified, and the availability of the system must be calculated using the procedure described in IEC 61508. Today, electrical devices with IEC 61850 are not yet certified for safety applications, so a formal issue arises. In this paper we compare the technical specifications of IEC 61850 with the requirements for safety fieldbus specified by IEC 61784-3. A complete series of tests was carried out to verify the robustness of IEC 61850 to the communication errors that may affect a network, and results are reported.