Essentially, the safety of machinery and systems for the protection of users depends on the correct application of standards and directives. In Europe, the basis for this is the Machinery Directive, which provides standard specifications to support companies when designing safety-related machines. However, even outside the European Economic Area, many European standards are gaining in importance due to their international status. The functional safety standards also play an important role in this context. The requirements on machine controllers are specified both in the EN ISO 13849 and EN IEC 62061 standards.
Global trends in the safety of machinery New requirements for PL and SIL
The trend of decentralization brings new challenges regarding the protection of people and the environment and the safety of machinery. In addition to classic safety devices such as safety door locks, emergency stop devices, and safety switches, programmable or configurable safety systems are increasingly being used to protect machines and systems as the level of complexity increases. An attempt was made in 2015 to unify the two EN ISO 13849 and EN IEC 62061 standards. Currently, both standards are being revised separately.
What changes are to be expected with regard to PL and SIL?
In some areas, such as “security-relevant software”, and the subject of “cybersecurity”, the two standards have already converged. Many other detailed changes have been incorporated resulting in overall greater consistency between the two standards. Whether this will have consequences for existing safety assessments will have to be determined on a case-by-case basis. Read in our white paper what the revisions to the standards may be.
EN standards for the safety of machinery Overview of the harmonized standards
The Machinery Directive contains essential health and safety requirements. The harmonized standards for the Machinery Directive are listed in the corresponding Official Journal of the European Union. A machine meets the essential health and safety requirements if it has been manufactured in accordance with these harmonized standards.
The EN standards are divided into various types:
Standards for functional safety Scope and delimitation
Functional safety concerns the correct application of safety-related (control) systems and other risk reduction measures that are crucial to the safety of a system. In this case, when a critical error occurs, the controller initiates the safe state.
The EN IEC 62061 and EN ISO 13849-1 standards were derived from the EN 61508 standard for the machine building industry. Both of these standards specifically address the requirements for safety-related components of control systems on machinery.
Determination of the required performance level
Determining the required performance level of safety functions is a central aspect of the functional safety of machine controllers. Both EN IEC 62061 and EN ISO 13849-1 provide structured methods for evaluating and defining the required performance level of safety functions to ensure the safety of machinery.
Determination of the performance level
Performance Level in accordance with EN ISO 13849-1
To determine the required performance level (PLr), various criteria must be assessed: the extent of damage, frequency, and duration of stay, as well as options for avoiding the hazard.
Risk parameters:
S: Severity of the injury:
- S1 – slight injury (normally recoverable)
- S2 – severe injury, including death (normally irrecoverable)
F: Frequency and/or duration of exposure to the hazard:
- F1 – seldom to quite often and/or exposure time is short
- F2 – frequent to continuous and/or the exposure time is long
P: Possibility of avoiding or limiting the hazard:
- P1 – possible under specific conditions
- P2 – hardly possible
Note: Where the probability of occurrence can be classified as low, the required performance level (PLr) may be reduced by one level.
Determination of the achieved performance
Once the control architecture has been designed, the achieved performance of the safety functions is determined. The EN IEC 62061 and EN ISO 13849-1 standards each use different approaches and characteristics to ensure the reliable execution of the safety function.
Safety Integrity Level in accordance with EN IEC 62061
The safety-related parameter for subsystems is based on the following values:
- Hardware fault tolerance (HFT), application-specific
- Safe failure fraction (SFF), manufacturer’s specifications
- Diagnostic coverage (DC), manufacturer’s specifications or EN ISO 13849-1
- Probability of a dangerous failure per hour (PFHd), based on the other values
- Proof test interval or mission time, manufacturer’s specifications/manufacturer-specific
- Diagnostic test interval, application-specific
- Susceptibility to failures resulting from a common cause, manufacturer’s specifications or EN ISO 13849-1
Performance Level in accordance with EN ISO 13849-1
The Performance Level (PL) of the safety-related part of a controller (SRP/CS) is determined by estimating the following parameters:
- Category: specified as a defined structure in the standard.
- Mean time to dangerous failure (MTTFd): specified by the component manufacturer.
- Diagnostic coverage (DC): In accordance with the standard.
- Failure as a result of a common cause (CCF): To be determined as a point system in accordance with various criteria.
- Achieved Performance Level (PL): Determined from a table and must be equal to or greater than the required PLr.
Relationship between the PL and SIL concepts