MU July / August 2016
Machinery Update Issue 4, Volume XXVII, July / August 2016
Machinery Update Issue 4, Volume XXVII, July / August 2016
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
76 MACHINERY UPDATE JULY/AUGUST <strong>2016</strong> www.machineryupdate.co.uk<br />
Regulations<br />
Safety standards are<br />
confusing for all<br />
Stewart Robinson<br />
PRINCIPAL ENGINEER AND FUNCTIONAL SAFETY EXPERT AT TÜV SÜD PRODUCT SERVICE<br />
Following the collapse of the project designed to merge the two standards involving safety related<br />
control, the ISO published a completely new version of its standard (EN ISO 13849-1:2015)<br />
in December 2015. Here, we highlight some of the key changes<br />
As two standards<br />
relating to safety<br />
related control systems<br />
can be followed (EN ISO<br />
13849-1 and EN [IEC] 62061)<br />
to demonstrate compliance<br />
with the Machinery Directive,<br />
the standard organisations<br />
had intended to merge them.<br />
However, following the collapse<br />
of this project, the ISO published<br />
a completely new version of its<br />
standard (EN ISO 13849-1:2015)<br />
in December 2015.<br />
There are several key<br />
changes. Firstly, when looking<br />
for guidance on the choice<br />
of which standard to adopt,<br />
Table 1 has been removed and<br />
replaced by a reference to the<br />
technical report ISO/TR 23849.<br />
UPDATED REFERENCES<br />
References have been updated<br />
throughout the new standard,<br />
mainly to reflect changes<br />
in other standards. Some<br />
definitions have also been<br />
added, including a definition<br />
of ‘Proven in use’, and the<br />
addition of ‘T10d’ defined as the<br />
“Mean time until 10 % of the<br />
components fail dangerously”.<br />
Previously the expression<br />
‘average probability of<br />
a dangerous failure per<br />
hour’ had been used in full<br />
throughout the standard.<br />
Now, the abbreviation PFHD<br />
is also used, delivering some<br />
consistency between EN ISO<br />
13849-1 and other functional<br />
safety standards. Likewise,<br />
the term ‘subsystem’ is now<br />
included as an alternative<br />
term for Safety Related Parts<br />
of Control Systems (SRP/CS).<br />
The flow chart (Figure 2)<br />
for the overview of the risk<br />
reduction process now<br />
includes systematic failures<br />
in the list of things to<br />
consider when evaluating the<br />
Performance Level (PLr).<br />
For Category 2 architectures<br />
the ‘assumption’ that the<br />
demand rate should be ≤1/100<br />
test rate now has an added<br />
provision that Category 2 can<br />
also be claimed if testing occurs<br />
immediately upon demand of<br />
the safety function, and safety<br />
times and distances are also<br />
satisfied. To achieve PLd with<br />
Category 2 architectures it is now<br />
a normative requirement for the<br />
Output of Test Equipment (OTE)<br />
to initiate a safe state.<br />
There is a new clause (4.5.5)<br />
regarding the use of nonelectrical<br />
components where<br />
no reliability data is available,<br />
which allows for PFHD<br />
estimations to be made based<br />
on architectures and other<br />
factors.<br />
LIMITATIONS OVERCOME<br />
For Category 4 architectures,<br />
the 100 years Mean Time To<br />
Dangerous Failure (MTTFd)<br />
capping can be increased<br />
to 2,500 years. This is to<br />
overcome the limitations<br />
imposed on the calculated<br />
PFHD that results in an<br />
artificial limit to the number<br />
of subsystems in a series<br />
alignment. Annex K has<br />
therefore been updated to take<br />
account of this.<br />
The requirements for Safety<br />
Related Embedded Software<br />
(SRESW) include clear<br />
restrictions on the use of some<br />
Programmable Electronic<br />
Systems according to the PLr.<br />
For components for<br />
which SRESW requirements<br />
are not fulfilled, these<br />
components may be used<br />
under the following alternative<br />
conditions:<br />
• the SRP/CS is limited to PL<br />
a or b and uses category B,<br />
2 or 3;<br />
• the SRP/CS is limited to PL<br />
Carrying out the calculations<br />
to ensure compliance remains a<br />
resource-hungry process<br />
c or d and may use multiple<br />
components for two<br />
channels in category 2 or 3.<br />
The components of these<br />
two channels use diverse<br />
technologies.<br />
The summing up the PFHD<br />
of each SRP/CS in a series<br />
alignment, to establish the<br />
PFHD of the function, is made<br />
clearer (Clause 6.3).<br />
There is also clarification<br />
that the use of the Risk Graph<br />
in Annex A is not mandatory,<br />
and that other methods to<br />
establish PLr of the safety<br />
functions can be used instead.<br />
The guidance on selecting<br />
some of the parameters is<br />
expanded, and it is made<br />
clear that the selection of P1<br />
or P2 should consider both the<br />
possibility to avoid and the<br />
probability of occurrence of<br />
the hazardous event.<br />
There are some additional<br />
measures against Common<br />
Cause listed in table F.1. For<br />
example, detection of short<br />
circuits by dynamic test<br />
is listed as a measure for<br />
separation/segregation.<br />
SPECIFIC MEASURE<br />
The measure for EMC is now<br />
more specific: “For electrical/<br />
electronic systems, prevention<br />
of contamination and<br />
electromagnetic disturbances<br />
(EMC) to protect against<br />
common cause failures in<br />
accordance with appropriate<br />
standards (e.g. IEC 61326–3-1).”<br />
Annex I ‘Examples’ has<br />
been completely revised with<br />
example A (single channel)<br />
having a PLr of PLc, and<br />
example B (dual channel)<br />
having a PLr of PLd. More<br />
detail is now also given to the<br />
reliability data used in the<br />
examples to make them more<br />
in keeping with actual ‘real<br />
world’ applications.<br />
Despite its update, carrying<br />
out the calculations required<br />
by EN ISO 13849-1 remains<br />
a complex task, and while<br />
software solutions can help, it<br />
still remains a resource-hungry<br />
process for machine builders.<br />
i For more information<br />
contact W www.tuvps.com<br />
TÜV SÜD Product Service<br />
is the PPMA’s technical and<br />
legislative partner