Basic safety standards contain basic concepts, design principles, and general aspects (e.g., conception and working methods) that apply to all machines, devices, and systems.
Example standard:
EN ISO 12100 (safety of machinery)
EN ISO 13849 and EN IEC 62061 Performance Level and SIL requirements.
Essentially, the safety of machinery and systems for the protection of users depends on the correct application of standards and directives. In Europe, the basis for this is the Machinery Directive, which provides standard specifications to support companies when designing safety-related machines. However, even outside the European Economic Area, many European standards are gaining in importance due to their international status. The functional safety standards also play an important role in this context. The requirements on machine controllers are specified both in the EN ISO 13849 and EN IEC 62061 standards.
Global trends in the safety of machinery New requirements for PL and SIL
The trend of decentralization brings new challenges regarding the protection of people and the environment and the safety of machinery. In addition to classic safety devices such as safety door locks, emergency stop devices, and safety switches, programmable or configurable safety systems are increasingly being used to protect machines and systems as the level of complexity increases. An attempt was made in 2015 to unify the two EN ISO 13849 and EN IEC 62061 standards. Currently, both standards are being revised separately.
What changes are to be expected with regard to PL and SIL?
In some areas, such as “security-relevant software”, and the subject of “cybersecurity”, the two standards have already converged. Many other detailed changes have been incorporated resulting in overall greater consistency between the two standards. Whether this will have consequences for existing safety assessments will have to be determined on a case-by-case basis. Read in our white paper what the revisions to the standards may be.
EN standards for the safety of machinery Overview of the harmonized standards
The Machinery Directive contains essential health and safety requirements. The harmonized standards for the Machinery Directive are listed in the corresponding Official Journal of the European Union. A machine meets the essential health and safety requirements if it has been manufactured in accordance with these harmonized standards.
The EN standards are divided into various types:
Group safety standards concerning one safety aspect or one type of safety-related equipment that can be used across a wide range of machines, devices, and systems.
Type B1: Includes special safety aspects such as safety distances and surface temperature limits.
Example standards:
EN ISO 13857 (Safety distances in hazardous areas)
EN ISO 13855 (Safety distance calculation)
EN ISO 13849 (Safety of machinery – Safety-related parts of control systems)
Type B2: Includes safety-related devices such as emergency stop function and two-hand control devices.
*Example standards:
EN ISO 13850 (Safety of machinery – Emergency stop function)
EN 574 (two-hand control devices)
Standards concerning the safety of machinery with detailed safety requirements for all significant hazards for a particular machine or group of machines. Type C standards are also known as product standards.
Example standards:
EN 12622 (Safety of machine tools – Hydraulic press brakes)
EN 415 (packaging machines)
Standards for functional safety Scope and delimitation
Functional safety concerns the correct application of safety-related (control) systems and other risk reduction measures that are crucial to the safety of a system. In this case, when a critical error occurs, the controller initiates the safe state.
The EN IEC 62061 and EN ISO 13849-1 standards were derived from the EN 61508 standard for the machine building industry. Both of these standards specifically address the requirements for safety-related components of control systems on machinery.
Determination of the required performance level
Determining the required performance level of safety functions is a central aspect of the functional safety of machine controllers. Both EN IEC 62061 and EN ISO 13849-1 provide structured methods for evaluating and defining the required performance level of safety functions to ensure the safety of machinery.
Calculation of the SIL class
Safety Integrity Level in accordance with EN IEC 62061
An important parameter for the reliability of safety-related functions is the safety integrity level (SIL).
Various criteria are estimated to determine the required safety integrity level:
- Severity of injury (S)
- Frequency and duration of exposure to the hazard (F)
- Probability of the occurrence of a hazardous event (W)
- Possibility of avoiding or limiting the damage (P)
Determination of the performance level
Performance Level in accordance with EN ISO 13849-1
To determine the required performance level (PLr), various criteria must be assessed: the extent of damage, frequency, and duration of stay, as well as options for avoiding the hazard.
Risk parameters:
S: Severity of the injury:
- S1 – slight injury (normally recoverable)
- S2 – severe injury, including death (normally irrecoverable)
F: Frequency and/or duration of exposure to the hazard:
- F1 – seldom to quite often and/or exposure time is short
- F2 – frequent to continuous and/or the exposure time is long
P: Possibility of avoiding or limiting the hazard:
- P1 – possible under specific conditions
- P2 – hardly possible
Note: Where the probability of occurrence can be classified as low, the required performance level (PLr) may be reduced by one level.
Determination of the achieved performance
Once the control architecture has been designed, the achieved performance of the safety functions is determined. The EN IEC 62061 and EN ISO 13849-1 standards each use different approaches and characteristics to ensure the reliable execution of the safety function.
Safety Integrity Level in accordance with EN IEC 62061
The safety-related parameter for subsystems is based on the following values:
- Hardware fault tolerance (HFT), application-specific
- Safe failure fraction (SFF), manufacturer’s specifications
- Diagnostic coverage (DC), manufacturer’s specifications or EN ISO 13849-1
- Probability of a dangerous failure per hour (PFHd), based on the other values
- Proof test interval or mission time, manufacturer’s specifications/manufacturer-specific
- Diagnostic test interval, application-specific
- Susceptibility to failures resulting from a common cause, manufacturer’s specifications or EN ISO 13849-1
Performance Level in accordance with EN ISO 13849-1
The Performance Level (PL) of the safety-related part of a controller (SRP/CS) is determined by estimating the following parameters:
- Category: specified as a defined structure in the standard.
- Mean time to dangerous failure (MTTFd): specified by the component manufacturer.
- Diagnostic coverage (DC): In accordance with the standard.
- Failure as a result of a common cause (CCF): To be determined as a point system in accordance with various criteria.
- Achieved Performance Level (PL): Determined from a table and must be equal to or greater than the required PLr.
Relationship between the PL and SIL concepts
Safety of machinery in accordance with EN ISO 13849 and EN IEC 62061 Basic procedure
In accordance with the Machinery Directive Annex I, a risk assessment must be carried out for every machine that is placed on the market within the EU. Remaining residual risks can be minimized within the scope of technical protective measures by using safety-related control parts. If the control parts are designed in accordance with the harmonized EN ISO 13849 and EN IEC 62061 standards, the required risk minimization can be achieved by means of SIL or PL safety functions.
When it comes to the specification of the functional requirement, the relevant safety functions must be described in detail. To ensure this is done, the crucial interfaces to other control functions and error responses must be defined. The resulting document is the most important basis for the further design engineering process.
Determination of the required performance level in accordance with EN IEC 62061 or EN ISO 13849-1.
Once the control architecture has been designed, the achieved performance of the safety functions is determined. The EN IEC 62061 and EN ISO 13849-1 standards each use different approaches and characteristics to ensure the reliable execution of the safety function.
EN IEC 62061: Hardware failures may cause further dangerous failures of the SRCF (Safety Related Control Function). The probability of this must be less than or equal to the specified failure threshold defined in the specification (step 1):
The SIL (Safety Integrity Level) achieved by the SRECS (Safety Related Electrical Control System) must be less than or equal to the lowest SIL of any subsystem involved in the execution of the safety function.
EN ISO 13849-1: For the various safety functions, it is necessary that the PL (Performance Level) of the associated SRP/CS (Safety Related Parts of Control System) corresponds to the “required PL”.
The PL of the various SRP/CSs that are part of a safety function must be greater than or equal to the required performance level of that function.
Finally, the entire safety-related control function of an application must be assessed to validate its capability in the application. Here, its suitability can be determined through analysis or testing, e.g., by simulating certain types of errors.
Functional safety standards
More information on EN ISO 13849 and EN IEC 62061
Would you like to receive further information on the latest revisions to the international EN ISO 13849 and EN IEC 62061 standards?
Learn more in our white paper about:
❯ Upcoming revisions to the EN ISO 13849 and EN IEC 62061 standards
❯ Effects on the subject of “Cybersecurity”
❯ Revisions in the field of “safety-relevant software”