EN ISO 13849-1 updated
Optimization through more precise specification, amendment, and restructuring.
Due to harmonization with the Machinery Directive 2006/42/EC, EN ISO 13849 has provided important support in the design of functional safety for many years.
This standard can be used to implement the requirements of Annex I of the Machinery Directive with regard to the safety and reliability of control systems (1.2.1).
The same applies to the EU Machinery Regulation (MVO). The revision of EN ISO 13849 has now been completed, which has led to some changes.
Technologies are developing faster than ever.
It is therefore essential that standards and directives also reflect current state-of-the-art technology.
Against this backdrop, the machine building industry is currently undergoing change, as the Machinery Directive currently in force will soon be replaced by the Machinery Regulation.
The transition period between the two sets of regulations is 42 months.
In the area of functional safety, both EN IEC 62061 and EN ISO 13849-1 have therefore been revised.
The Machinery Directive 2006/42/EC requires a risk assessment to be carried out. EN ISO 12100 provides various aids for implementing the essential health and safety requirements from Annex I of the Machinery Directive (Annex III of the Machinery Regulation in the future).
Constructive, technical, and informative measures can be defined during the risk assessment.
Components that are responsible for safeguarding against hazards in terms of control technology must have a certain level of reliability depending on the risk.
This reliability must be determined and evaluated for each component that performs a safety function to mitigate a risk.
In this area of functional safety, EN IEC 62061 (safety integrity level, SIL) and EN ISO 13849 (performance level, PL) aid the machine manufacturer.
When it comes to implementing the requirements regarding the reliability of control technology, the machine manufacturer is free to choose between these standards.
Both use the PFH value (probability of dangerous failure per hour) as a mathematical parameter for calculating reliability:
Overview of the changes
Existing content was adapted as part of the revision of EN ISO 13849. New information has also been added to the normative and informative sections. Figure 3 provides an overview of the changes.
Illustration of the correlation between the risk assessment and the relevant information for control technology engineers, which is summarized in the Safety Requirements Specification (SRS).
• Specification of safety functions
One area of focus in the adaptation of the standard is the specification of safety functions, also known as the Safety Requirements Specification (SRS). The SRS forms an essential interface for control technology engineers, as it lists the requirements resulting from the risk assessment that the safety functions must meet.
The SRS provides the basis for designing the technical implementation for functional safety.
This is particularly relevant if the risk assessment and functional safety are carried out by different institutions, for example by different departments or even other companies.
It was particularly important to the standard makers that the SRS are described in detail, so that all important safety requirements are clearly defined.
Clear specification supports design, implementation, and subsequent validation. It is an essential building block for preventing and/or identifying systematic errors.
• Safety-related application software (SRASW)
A new section on software has been included in the standard to further expand on the aspects of safety-related software (SRASW).
EN ISO 13849 now includes a simplified V-model for the development of SRASW
validation must be designed depending on the performance level (Annex N).
Figure 4:
Illustration of the simplified V-model in accordance with ISO 13849 for the development, programming, and validation of safety-related application software (SRASW)
This procedure can also be used if ready-made modules – for example certified PLCopen function blocks – are used in combination with the LVL (Limited Variability Language) programming language during software development.
This is common practice for many software developments.
Another aspect with regard to software development is that the standard contains specific requirements as to how the software design process and validation must be designed depending on the performance level (Annex N).
• Functional safety management
Faulty safety functions that do not sufficiently mitigate a risk on the machine are often the result of systematic errors.
These can arise, for example, during the specification, implementation, or modification of safety functions.
One way to reduce this type of error is to adopt a careful approach.
This is where functional safety management comes into play, which is covered in Annex G.
The functional safety plan or safety project plan aims to define measures that serve to reduce systematic errors.
- Typical methods that are defined in the safety project plan are:
- A list of all relevant activities and documents
- Resource and role planning
- A validation plan
- Change management
Figure 5:
Illustration of the safety lifecycle for machines from Phoenix Contact;
the safety lifecycle maps all the requirements described and is used in the CE services for machine builders offered by the company.
• Cybersecurity
The shattering effect of malicious third parties gaining access to machines will increase in the future.
With the Machinery Regulation, the demand for measures to ensure the cybersecurity of machinery is becoming more clearly defined.
The safety-related control technology is now aware that there must be protection against unauthorized intrusion.
As soon as external access has an impact on functional safety systems, the aspects must be examined more closely.
This already applies to desired access, such as remote maintenance.
This consideration begins with the preparation of the risk assessment.
EN ISO 13849 does not describe any specific measures, but merely points out that such criteria must be taken into consideration.
Instead, it refers to other documents such as ISO/TR 22100-4 and IEC/TR 63074.
• Electromagnetic compatibility (EMC)
Another aspect in the annexes of the standard is the detailed consideration of the electromagnetic compatibility (EMC) for SRP/CS (safety-related parts of control systems) or their subsystems.
The annex sets out four possible approaches.
“Path C” comprises a similar evaluation scheme to that for CCF (common cause failure).
A specified number of points must be scored by implementing certain measures. This approach enables a targeted assessment and assurance of electromagnetic compatibility (immunity) for the corresponding components or subsystems.
Early engagement with the adapted standard
In summary, it is clear that much of what is already familiar will be retained and the standard will be optimized through various amendments.
Examples of this include the improved estimation of DC (diagnostic coverage) and CCF, the additions and changes to categories 1, 2, and 4, and the clear definition of the term “well-tried component”.
A decision aid for parameter P in the risk graph has also been added.
These changes contribute to the further optimization and precise specification of EN ISO 13849.
Despite the expected transition period, those responsible should familiarize themselves with the adapted standard in good time in order to adapt all documentation and technology specifically to the requirements.
Support for the implementation of standards
As the Phoenix Contact Services unit, we support users in carrying out risk assessments and demonstrating safety integrity (based on Sistema, for example) on the basis of EN ISO 13849.
Furthermore, the company’s experts are available to assist with the creation of a CE-compliant machine – including documentation, verification and validation, and operating instructions as an option.
