Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
IEC 15415-13:2017: Safety Integrity in Industrial Wireless Networks
A Comprehensive Guide to Functional Safety Communication Over Wireless Fieldbuses
1. Scope and Introduction
IEC 15415-13:2017 is a pivotal addition to the IEC 15415 series on industrial communication networks. This part specifically addresses the critical area of functional safety communication over wireless networks in industrial environments. As factories increasingly adopt flexible, cable-free architectures for sensor networks and machine control, ensuring deterministic and reliable safety communication becomes paramount. This standard provides the framework for achieving Safety Integrity Levels (SIL) up to SIL 3 in wireless domains, which traditionally face challenges such as radio interference, path loss, and variable latency not present in wired fieldbuses.
The standard is built upon the well-established “Black Channel” principle derived from IEC 61784-3, extending it specifically for wireless physical layers. It defines a safety communication layer that operates independently of the underlying wireless transport technology, allowing it to be applied to various protocols such as WirelessHART (IEC 62591), ISA100.11a (IEC 62734), and emerging 5G-based deterministic networks. The primary goal is to prevent dangerous failures arising from communication errors, including repetition, deletion, insertion, re-sequence, corruption, delay, and masquerade.
Note on Integration: IEC 15415-13 does not replace existing fieldbus safety profiles. Instead, it provides a wireless-specific supplement that addresses the unique failure modes of radio communication, such as unanticipated disconnection and electromagnetic interference.
2. Key Technical Requirements
2.1 Safety Communication Layer Model
The standard specifies a strict partitioning between the safety communication layer (SCL) and the non-safety wireless transport layer. The SCL is responsible for adding safety-related information to the payload, including sequence numbers, time stamps, source and destination identifiers, and a Cyclic Redundancy Check (CRC) tailored for wireless blocks. The transport layer is treated as a “black channel,” meaning the safety protocol must detect and manage all possible transmission faults introduced by the wireless path.
2.2 Diagnostic Coverage and Timing Requirements
IEC 15415-13 defines significantly tighter communication error rates (CER) and safety reaction times (SRT) compared to wired standards due to the less predictable nature of wireless media. For SIL 2 and SIL 3, the probability of a dangerous undetected communication failure per hour must remain below the thresholds defined in IEC 61508. The standard mandates a “Failsafe Timer” watchdog mechanism that triggers a safe state if a valid safety data unit is not received within a specified, configurable interval.
A critical technical requirement is the “Radio Resource Management” (RRM) diagnostic. The system must continuously monitor channel quality indicators (CQI), signal-to-noise ratios (SNR), and packet error rates (PER). If these metrics degrade beyond defined boundaries, the system must actively switch to a redundant channel or initiate a graceful shutdown sequence to maintain the safety state.
| Parameter | IEC 15415-13 Requirement (SIL 3) | Typical Wired Fieldbus Requirement |
|---|---|---|
| Maximum Safety Reaction Time | < 100 ms (with dual-path diversity) | < 20 ms |
| Probability of Dangerous Failure (/h) | < 1.0 x 10-7 | < 1.0 x 10-7 |