The standards for safety related parts of control systems have seen a great deal of change recently. Laidler Associates explain the current situation and clear up some of the confusion caused by the changes
Standards relating to machine safety have been a cause of concern for some time, and the timing of the withdrawal of the well known EN 954-1 standard i.e. the date upon which the standard became no longer valid as a harmonised European standard, has caused considerable confusion.
The transition period for it’s withdrawal ran until December 2011 which meant that machine builders could choose whether to work to EN 954-1, EN ISO 13849-1 or EN 62061. As this date has now passed, EN ISO 13849-1 or EN 62061 should now be followed.
Since it was first published, EN 954-1 has been used as the standard for safety related parts of the control system both for machine builders and end users. However, it’s been accepted for many years that it needed to be replaced. Technology has moved on dramatically and components and systems are now available which are too technologically advanced to use EN 954-1.
New standards, new knowledge
While EN ISO 13849-1 and EN 62061 are more advanced standards which can deal with the newer technologies, they also require increased levels of knowledge to apply them correctly. Having two different standards for safety related controls that are both harmonised to the Machinery Directive has left many people confused about which standard should be applied in a particular application. However, EN 62061 applies to electrical, electronic and programmable electronic control systems, so could not directly replace EN 954-1, whereas EN ISO 13849-1 covers electrical, pneumatic, hydraulic and mechanical safety systems.
For those using both standards, there is further confusion as they each use different terminology. The long term objective is that they will be merged to simplify the process, making the standards more accessible by the machinery community. However, this is likely to be a few years off. In the meantime both IEC and ISO in 2010 recognised the situation by issuing documents providing ‘Guidance on the application of ISO 13849-1 and IEC 62061 in the design of safety related control systems for machinery’.
EN ISO 13849-1 adopts a totally different approach from EN 954-1, which means that achieving compliance with the new standard isn’t merely a matter of tweaking the existing documentation. EN 954-1 had an easy to follow risk graph that helped users to quickly establish a category as a reference point for the design of the safety related controls for their machine. In comparison, EN ISO 13849-1 follows a much more complex and time consuming process, which is proving unpopular in the machinery industry.
While it follows a similar method to EN 954-1 for defining a Performance Level required (PLr), the user then has to verify the Performance Level achieved by taking account of a number of other factors and calculations (e.g. diagnostic coverage, mean time to dangerous failure, architecture and common cause failures) to validate that the safety functions in question have achieved the performance requirements.
The approach to safety used by EN ISO 13849-1 is based on probabilities. Performance Levels (PLs) relate directly to the probability of a system failing to danger. To achieve PLa, for example, the average probability of a failure to danger per hour must be in the range = 10-5 to < 10-4.
While this new quantitative approach is more appropriate for complex machinery, and it also enables the proposed safety related control system to be validated, it does mean that designers have to consider many more aspects than before. ‘Component performance’ and the impact of ‘diagnostic coverage’ are the two main new requirements. With EN 954-1 it was a case of designing the system and relying on the design being right, but EN ISO 13849-1 forces you to validate that the control system really does do what is required of it.
To make EN ISO 13849-1 work for them, machine builders need to pay more attention to the concept of functional safety and identify the individual safety functions of a machine, then assigning performance requirements against each of these to ensure that they comply. Breaking each function into further sub-systems is a detailed and time consuming process, but it can help with the calculations whilst ensuring that nothing is missed.
Performance data is available from most of the safety product manufacturers which can be used for the calculations. However, even when the relevant data is available, it would be misleading to pretend that carrying out the calculations required by EN ISO 13849-1 is a straightforward task. To make things a little easier, several software packages have been produced that guide users through the process.
In spite of the availability of software support, ensuring compliance with EN ISO 13849-1 is still going to be a task which few system integrators or machine builders will want to undertake for themselves, or indeed have the resources available to do so. This may change of course, as the standard beds-in and the novel concepts it embodies become more familiar, but in the meantime, remember that a little money spent on consultancy may well save a lot of time, trouble and expenditure later.
T: 01642 345 637