Dual system: safe design of controllers in accordance with EN ISO 13849-1 and EN 62061
Waldkirch, April 2007 – In 2006, two important new standards on safety-oriented machine controller components were created or harmonised: EN ISO 13849-1 and EN 62061. SICK provides information on their backgrounds, shows when which standard is useful, and organises informative events for developers, constructors, planners and safety officers in the field of machine construction.
Basically, both standards are successors to the EN 954-1, which expires on 31.10.2009 after a transition period of three years.
Deterministic and probabilistic: EN ISO 13849-1 combines the proven and the new
Classification of a machine’s safety controller into one of five categories according to the expected risks, and then carrying out a fault analysis – this is, grossly simplified, the determinism upon which the EN 954-1 standard was based. Quantitative methods and criteria for assessing functional safety have now also been included in the “direct” successor standard, EN ISO 13849-1. In detail, the probability aspect is expressed in the assessment of the dependability of components via their MTTFd (mean time to dangerous failure), the assessment of the quality of tests (DC – diagnostic coverage), and consideration of the susceptibility to multiple faults due to a particular cause (CCF – common cause failure). The proven consideration of risk parameters with the help of risk graphs has been retained. Some new Designated Architectures have also been added and they are all now considerably easier to handle. These are a variety of typical pre-calculated structural models of controller safety components. The advantage: the user can exploit the suitable Designated Architecture for the risk assessment, and thus no longer needs to carry out the highly complex mathematical calculations. The control categories of EN 954-1 are now reflected, with expanded content, in the new Performance Levels (PL) of EN ISO 13849.
EN 62061: advantageous evaluation basis for complex components
While EN ISO 13849 is a comprehensive and practicable standard for safety-oriented controller components for the application world of machine construction, EN 62061 represents a framework for the functional safety of safety-related electrical controller systems and their sub-systems on machines. The reliability of technical safety functions is assessed in EN 62061 by means of the Safety Integrity Level (SIL). Whereby a variety of controller architectures are taken into account with hardware fault tolerances and dependability in the form of the PFHD (probability of dangerous failure per hour). As a sector norm for the generic IEC 61508 standard, it is intended for use in the area of software-based and bus-compatible devices. This is “paid for” with more complex calculation processes and a comprehensive documentation requirement. Process-oriented documentation is unavoidable in order to guarantee this. Our recommendation: EN ISO 13849 for machine producers and users, EN 62061 for special considerations.
The EN ISO 13849-1 and EN 62061 standards, which largely took the same development path at the same time, both – although with differing philosophies and from different standardisation committees (ISO and IEC) – display important similarities. Among other things, these affect the failure probability for hazardous faults, the architecture of controllers, test requirements for detecting faults in good time, and the evaluation of faults with a common cause. Correspondingly, both standards lead to safe machines and plant with regard to the controller – via differing routes. EN ISO 13849 is recommended for machine constructors – particularly if hydraulic, pneumatic or mechanical controller components are involved. It covers all the technologies, is practicable for small and medium-sized companies in particular and, in many cases, makes clear reference to the applicable C-standards. The Performance Levels (PL) are divided up from the lowest level “a” to the highest “e” and are based on the basic familiar categories B, 1, 2, 3 and 4 and other parameters such as reliability, robustness and diagnosis of the safety components.
Complex programmable controllers, on the other hand, should be assessed on the basis of EN 62061 – also because it allows a detailed consideration during product development and for software. In this case, EN 62061 can offer advantages.
SICK supports both standards
Producers of safety technology, such as SICK, are particularly called upon to act in order to ensure that the new standards function in practice. It is their task to provide PL and SIL data on their products. Alternatively, the necessary characteristics, such as the MTTFd, PFHD, and level of diagnostic cover must be determined. Only then can the PL and SIL be calculated for the entire safety function, as well as for the chain of safety-relevant components or self-designed system parts. The circle of comprehensive safety thinking is also closed here, like that implemented by SICK with SafetyPLUS. All safety-relevant aspects of a machine are considered – from the initial conception step, through the risk analysis, engineering, project planning, up to commissioning, maintenance and modernisation. The aim is to develop a consistent sensor, controller and service solution for every task – from a single source. Safety-related seminars, training and advice are of decisive importance here – they form the links between product technology, practical application and the relevant legal situation. Thus SICK’s safety-oriented specialist seminars, both generally and regarding the new EN ISO 13849 and EN 62061 standards, are received with great interest – particularly among developers, constructors, planners and safety officers. Finally, SICK also supports informative events on the new standards situation arranged by organisations and trade associations.
Those who speak of safety do not expect to receive proprietary island solutions from suppliers, but open and inclusive concepts with a high level of sensor, controller and application competence, taking time-related and global dimensions into account – namely the entire machine life cycle and internationalisation.
As the market leader in safety technology, SICK sustains the continuity of its integrated safety thinking and activities with SafetyPlus. Greater integration means keeping all safety-relevant aspects in sight – from the first planning steps and risk analysis to the engineering and project planning phases, and on to the commissioning, repair and modernisation of a machine. Greater integration also leads to economical and future-oriented
results with a high level of investment security in the form of comprehensive sensor, controller and service solutions from a single source.
Safe system solutions from SICK mean SafetyPlus for the user.