Professional Documents
Culture Documents
Safety of Machinery: Notes On The Application of Standards EN 62061 and EN ISO 13849-1
Safety of Machinery: Notes On The Application of Standards EN 62061 and EN ISO 13849-1
Edition II
Fachverband Automation
IMPRINT
Safety of Machinery
Notes on the application
of standards EN 62061
and EN ISO 13849-1
German Electrical and Electronic
Manufacturers Association
Lyoner Strae 9
60528 Frankfurt am Main
Germany
Automation Division
Switchgear, Controlgear,
Industrial Control Systems Section
Technical Committee Safety Systems
in Automation
Author: Dr. Markus Winzenick
Phone: +49 69 6302-426
Fax: +49 69 6302-386
Mail: winzenick@zvei.org
www.zvei.org/automation
Despite utmost care no
liability for contents
June 2012
Safety of Machinery
Are you a machine manufacturer or system integrator?
Do you upgrade machinery?
This is what you need to consider in the future
in terms of functional safety!
Notes on the application of standards
EN 62061 and EN ISO 13849-1
nrichtlinie zu erfllen
1. Basic procedure
for complying with
the requirements
of the machinery
directive
2. Why is
EN 954-1
not sufficient
for the future?
3. Scope of the
two standards
4. Brief overview
on EN ISO 13849-1
The standard describes how to calculate the Performance Level (PL) for
safety-relevant parts of control systems, based on designated architectures, for the designated mission time TM.
In case of deviations EN ISO 13849-1 refers to IEC 61508 for electrical/electronic systems. Where several safety-relevant parts are combined
into one overall system, the standard describes how to calculate the
resulting PL that can be achieved.
For the subsequent validation, EN ISO 13849-1 refers to Part 2, which
was published at the end of 2003. This part provides information on,
among other topics, fault considerations, maintenance, technical documentation and usage guidelines. The transition period from EN 954-1 to
EN ISO 13849-1, during which either standard may be applied, ended in
Europe on December 31, 2011.
5. Brief overview
of EN 62061
5. Kurzbeschreibung EN 62061:
EN 62061 represents a sector-specific standard under IEC 61508. It
describes the implementation of safety-relevant electrical and electronic
control systems on machinery and examines the total life cycle from the
concept phase through to decommissioning. Quantitative and qualitative
examinations of the safety-related control functions form the basis.
The performance of a safety function is described by the Safety Integrity
Level (SIL).
The safety functions identified from the risk analysis are divided into safety subfunctions; these safety subfunctions are then assigned to actual
devices, called subsystems and subsystem elements. Both hardware and
software are handled this way. A safety-related control system is made up
of several subsystems. The safety-related characteristics of these subsystems are described by characteristic parameters (SIL claim limit and
PFHd).
)
!!
$
! " #
% &'(
6. Achieving safety,
step-by-step
basic procedure
The designer must follow the sequence described below, bearing in mind
the experience gained by users of similar machinery and information
gained from discussions with potential users (if this is possible):
Establish the limits and the
intended use of the machinery
, -
* #
!#
, -
, -
, - .
/ !#
** !
* 0
, -
3
$1
''
$
!# !
! .
, - .
!
$1
!
*
''
*
.
8
!
+
!
$1
*
!
()9
$1 % '%
*
$ ! !
8 5
$1 %' ')
$1
5 !
!
2 )) )
$1
!
2 ))
* #
.
"
;
.
;
.
8
# +
:
:
*
8
* #
=5
=5
=5
<
<
* .
:
: ! !
<
#
*
4#
#
4
4
5
.
-
4 # # +
5 !*!!
*
*
, 8
:
:
4#
EN 62061
!
8
*# +
>
"
*
7)
#
% &'
, &'
- %&'
. #
, &'
- %/'0
. #
&
/'0
- %&'
, &'
&7?
(7 '
)7 &
/
.
*
&
&
2/ :
2) Specification
The specification of the functional requirements shall describe each safety function that is to be performed. Any interfaces with other control functions shall be defined and any necessary error reactions
established. Furthermore, the required SIL or PL must be defined.
10
EN 62061
The selection or design of the SRECS shall always
meet the following minimum requirements:
Requirements for hardware safety integrity,
comprising
Architectural constraints for hardware safety
integrity
Requirements for the probability of dangerous
random hardware failures
plus requirements for systematic safety integrity,
comprising
Requirements for avoidance of failures and
Requirements for the control of systematic faults.
Systematic failures
The ability to perform a safety function under
expected environmental conditions
11
EN ISO 13849-1
* . .
*
* !
.
EN IEC 62061
!
1&' 2
* . .
!
1&' 2
3 &4-(
*56
7 &4-$
3 +8&4-9
*56
7 &4-(
&
3 &4-9
*56
< 9&(4;!
7 &4-(
3 &4-9
*56
7 +8&4-9
3 &4-:
*56
7 &4-9
3 &4-:
*56
7 &4-9
3 &4
*56
7 &4-:
3 &4-;
*56
7 &4-:
-;
55
7 94>
12
65= &
65= /
&
3 94>
7 ?4>
&
3 ?4>
7 ??>
3 ??>
Note:
The PFH values represent a necessary prerequisite for determining the Performance Level.
Furthermore, measures for failure avoidance
such as CCF, category and DC must be taken
into account for a complete determination of
the PL.
65= 4
EN ISO 13849-1
EN IEC 62061
* !
&
/
+
Note:
The table describes the relationship between the two concepts of the standards (PL and SIL). The PFH
coupling used in this table is, however, not sufficient on its own for the determination.
5) Verification
For each individual safety function, the PL of
the corresponding SRP/CS must match the
Required Performance Level. Where various
SRP/CS form part of a safety function, their PLs
shall be equal to or greater than the Performance Level required for this function.
6) Validation
The design of a safety-related control function shall be validated. The suitability of the safety-related
control function is examined for the application. The validation can be performed by means of an analysis or test (e.g., by targeted simulation of individual or multiple faults).
13
7. Glossary
Abbreviation
Explanation
B10d
Failure Rate
CCF
DC
Diagnostic coverage
DCavg
HFT
MTBF
MTTF
MTTFd
MTTR
PFH
PFHd
PL
Performance level; ability of safety-related parts to perform a safety function under expected conditions, to achieve the expected risk reduction
PLr
SIL
SILCL
SRCF
SRP/CS
SRECS
T1
T2
TM
Mission time
14
Abbreviation
Explanation
SFF
Security
Safety
Collective term for functional safety and machine safety, among others
Machinery
safety
State achieved when measures have been taken to reduce the risk to an
accepted residual risk after the hazard analysis has been carried out
Functional
safety
Part of the safety of the machine and the machine control system which
depends on the correct functioning of the SRECS, other technology safetyrelated systems and external risk reduction facilities.
15
8. FAQ list
<)/ =
,
! "2 #
$% F )3B-E5)
!
" $C&)0(B#
> )(50
2 1
? )(5-
> 3@)(5&
2 1
? )(50
> )(5&
2 1
? 3@)(5&
5A
> )(
2 1
? )(5&
'
> )(5B
2 1
? )(5A
16
17
18