There has been considerable confusion regarding machine functional safety standards following the introduction of EN ISO 13849-1. Paul Laidler, business director for Machinery Safety at TÜV SÜD Product Service, comments
Standards relating to safety related parts of control systems have been a topic of concern for some time within the field of machinery safety. This is because there has been considerable confusion regarding the situation with these standards, which stems from the withdrawal of the more familiar standard EN 954-1 and its replacement by EN ISO 13849-1.
EN ISO 13849-1 and EN 62061 should now be followed to demonstrate compliance with the Machinery Directive. But, while these are more advanced standards which can deal with newer technologies, they also require increased levels of knowledge to apply them correctly.
Two different standards for safety related controls that are both harmonised to the Machinery Directive has left many people confused about which standard should be applied in a particular application.
EN 62061 applies to electrical, electronic and programmable electronic control systems, whereas EN ISO 13849-1 is not technology specific so it can be applied for electrical, pneumatic, hydraulic and mechanical safety systems (as could its predecessor EN 954-1).
ISO Technical Committee 199 ‘Safety of Machinery’ has set up a joint working group with the long-term objective to simplify the process and merge the two standards. This, however, is still in the early stages of development, so each standard will continue to exist for the immediate future.
EN ISO 13849-1 adopts a more complex and time-consuming process compared to the EN 954-1 standard it has replaced, which means it is not as simple as ‘tweaking’ the existing documentation. For example, while it follows a similar method to EN 954-1 by using an easy to follow risk graph for defining a Performance Level required (PLr), the user then has to verify the Performance Level achieved by taking account of a number of other factors and calculations (e.g. diagnostic coverage, mean time to dangerous failure, architecture and common-cause failures) to validate that the safety functions in question have achieved the performance requirements.
The approach to safety used by EN ISO 13849-1 is based on probabilities, with performance Levels (PLs) related directly to the probability of a system failing to danger. While this new quantitative approach is more appropriate for complex machinery, and it also enables the proposed safety-related control system to be validated, it does mean that designers have to consider many more aspects than before.
‘Component performance’ and the impact of ‘diagnostic coverage’ are the two main new requirements to consider. With EN 954-1 it was a case of designing the system and relying on the design being right, but EN ISO 13849-1 requires the validation of the control system to prove it really does do what is required of it.
However, many in the industry are uncertain about how to measure performance levels precisely and this could lead them to continue doing what they have done for the last 15 years. It would appear that, in an attempt to make things clearer, a level of confusion actually seems to have been introduced.
To make EN ISO 13849-1 work for them, machine builders need to pay more attention to the concept of functional safety. This requires identifying the individual safety functions of a machine and then assigning performance requirements against each of these to ensure that they comply. This shows that the designer understands the concept of ‘functions’ and can break them down – vital skills to help comply with EN ISO 13849-1. While breaking each function into further sub systems is a detailed and time consuming process, it can help with the calculations and ensure that nothing is missed.
Performance data is available for use in these calculations from most of the safety product manufacturers. However, even when the relevant data is available, it would be misleading to pretend that carrying out the calculations required by EN ISO 13849-1 is a straightforward task.
To make things a little easier, several software packages have been produced that guide users through the process. Some are produced by commercial organisations, but a useful package has also been produced by a non-commercial body. SISTEMA from IFA, the Institute for Research and Testing that is associated with the German insurance industry, clearly describes all aspects of the analytical procedure contained in the standard for determining the probability of failure of control systems. This can be downloaded free of charge from the IFA English language website.
In spite of the availability of this software, ensuring compliance with EN ISO 13849-1 is still going to be a task which machine designers may find too complicated to do themselves. The good news is that in this case familiarity will not breed contempt as the standard beds in and the novel concepts it embodies become more familiar.
TÜV SÜD Product Service