How is safety function independence achieved in NANTeL?

• A. By separating safety-critical logic from non-safety processes, using independent channels and hardware, and ensuring no bridging of safety-critical and non-safety paths.
• B. By centralizing all logic in a single processor to ensure consistency.
• C. By using only software-based safety functions on a general-purpose CPU.
• D. By allowing non-safety processes to override safety decisions when necessary.

Answer: (A)

Independence of safety functions is built into the architecture by keeping safety-critical work separate from non-safety tasks. This means safety logic runs on independent channels and hardware, with dedicated processing paths, I/O, and power so that a fault or failure in non-safety software or hardware cannot affect safety decisions. By removing any bridging between safety-critical and non-safety paths, you prevent data, faults, or control actions from propagating across domains, so a non-safety issue cannot compromise protection actions like trips or interlocks. In NANTeL, this translates to using separate, isolated hardware and channels for safety functions, with controlled interfaces that do not allow non-safety processes to influence safety decisions. The other approaches—centralizing logic on one processor, relying solely on a general-purpose CPU for safety, or letting non-safety processes override safety—would create shared resources or control paths that could link a non-safety fault to safety outcomes, breaking the needed independence.