Professional Documents
Culture Documents
Siemens AG © 2010
Contents Page
Safety concept in the EU ................................................................................................................... 2
Machinery Directive: Fundamental safety requirements .................................................................. 3
Harmonized standards ..................................................................................................................... 4
Presumption of conformity .................................................................................................................. 5
EU Declaration of Conformity and CE Marking .................................................................................. 6
Standards committees ........................................................................................................................ 7
Hierarchical structure of standards ..................................................................................................... 8
A standards (basic standards) ........................................................................................................... 9
B standards (group standards) .......................................................................................................... 10
C standards (product standards) ........................................................................................................ 11
Functional safety is only a part of it .................................................................................................... 12
Risk reduction in compliance with IEC 61508 .................................................................................... 13
Risk analysis criteria .......................................................................................................................... 14
ISO 13849-1: risk graph ...................................................................................................................... 15
IEC 62061: SIL determination ............................................................................................................. 16
IEC 62061 and ISO 13849-1: safety performance ............................................................................ 17
Example of Cat. B acc. EN 954-1 and PLa acc. EN ISO 13849-1 ...................................................... 18
Example of Cat. 1 acc. EN 954-1 and PLb acc. EN ISO 13849-1 ...................................................... 19
Example of Cat. 2 acc. EN 954-1, PLc acc. EN ISO 13849-1 and SIL1 acc. EN 62061 .................... 20
Example of Cat. 3 acc. EN 954-1, PLd acc. EN ISO 13849-1 and SIL2 acc. EN 62061 .................... 21
Example of Cat. 4 acc. EN 954-1, PLe acc. EN ISO 13849-1 and SIL3 acc. EN 62061 .................... 22
Application limits of IEC 62061 – ISO 13849 ....................................................................................... 23
Help on standards ............................................................................................................................... 24
Safety requirements
"Use of Work
Low Voltage Machinery
Equipment"
Directive Directive
Directive
(2006/95/EC) (2006/42/EC)
(86/655/EEC)
Manufacturers Users
SITRAIN
ST-PPDS / Standards Overview Page 2 Siemens AG © 2010
Article 95 The EC Directives that affect the implementation of products, and thus are directed
mainly at the manufacturer, are based on Article 95 of the EC Treaty. They are
based on a global approach:
• Through the EC Directives, free movement of goods is to be ensured in the
European Economic Area. The goal is to remove all technical trade barriers
that exist because of different technical requirements of member states for
technical products and their use.
• EC Directives contain general safety goals only and define fundamental safety
requirements.
• Standards bodies which have received the appropriate mandate from the
European Commission (CEN, CENELEC) can define technical specifications in
standards. These standards, which have to be adopted without change in
national standards by all member states, are listed in the EC Official Journal
and are thus harmonized in a specific directive.
• Compliance with specific standards remains voluntary. However, "it can be
presumed" that, by conforming to the harmonized standards, the corresponding
safety requirements of the directives are fulfilled.
Article 137 The EC Directives for occupational safety and for machine use mainly address the
users of machines. The level of protection defined in the minimum requirements
can be increased through national regulations.
The "Safety and health of workers at work" framework (directive) (89/391/EEC)
defines essential requirements for safety in the workplace.
In Germany, the requirements are summarized in the German Health and Safety
at Work Regulations (BetrSichV).
You will find more information (in German) on the Internet pages of the Federal
Institute for Occupational Safety and Health (BauA)
(http://www.baua.de/baua/index.htm).
Manufacturers are obliged to assess hazards in order to identify all of those that
apply to their machines…..
• Protective measures against mechanical hazards
(stability, danger of breakage, movable parts)
• Protective measures against hazards through electrical energy, fire/explosion,
radiation, gas emissions, dust, etc.
• Protective goals as well as requirements with regards to people-friendly design of
machines, maintenance and user information with warnings about residual hazards
• Requirements for controllers and control devices for the startup and shutdown of
machines in case of a failure of the power supply or the control circuit
• Documentation and operating manual
SITRAIN
ST-PPDS / Standards Overview Page 3 Siemens AG © 2010
Machinery According to the Machinery Directive, the member states of the EC are obliged to
Directive ensure that only those machines and safety components are sold, marketed, and
operated that fulfill the essential health and safety requirements listed in Annex 1.
The states may not refuse, limit or hinder market access or operation if a
manufacturer declares the conformity with the essential requirements of the
machinery directive.
Objective At no time may any machine present a danger to the consumer, machine or the
environment.
The machinery directive helps machine manufacturers to detect hazards resulting
from a machine and thus to take appropriate measures before a machine is sold,
marketed and operated. This process is also called the hazard assessment, which
ultimately leads to the necessary protective measures through a risk assessment.
The EN ISO 12100 (EN292) and EN1050 (ISO 14121) standards are standards
that machine manufacturers can utilize in the procedure and definition of protective
measures.
http://www.newapproach.org
SITRAIN
ST-PPDS / Standards Overview Page 4 Siemens AG © 2010
Harmonized These are drawn up by the two standardization organizations CEN (Comité
standards Européen de Normalisation) and CENELEC (Comité Européen de Normalisation
Electrotechnique) on behalf of the EU Commission to define the requirements of
the EU Directives for specific products.
These EN standards are published in the Official Journal of the European
Communities and are then to be adopted without change in national standards.
EN standards serve to fulfill the essential health and safety requirements and the
protective goals stated in Annex 1 of the Machinery Directive.
Liability:
• When standards are complied with, it can be presumed that a machine
manufacturer has not acted with gross negligence.
• In the event of a claim, the criminal law consequences are thereby reduced
to a minimum.
SITRAIN
ST-PPDS / Standards Overview Page 5 Siemens AG © 2010
Manufacturer's A machine manufacturer who wants to market a machine in the EU and who
responsibility declares conformity with the machinery directive is obliged to adhere to all
requirements of this directive. This will ensure that the machine manufacturer has
done everything humanly possible to construct a safe machine.
In accordance with current practice in the Member States, manufacturers are
responsible for certifying that their machines conform with the essential
requirements. This allows a manufacturer the freedom to have the machines
tested by third parties and to have their conformity confirmed.
EC conformity Before marketing (and, if applicable, putting into operation) a machine or safety
declaration component, manufacturers must produce an EC Declaration of Conformity or a
manufacturer declaration in compliance with the Machinery Directive Annex IV.
The existence of technical documentation and the delivery of operating instructions
for the machine or the safety component is a prerequisite for issuing an EC
Declaration of Conformity.
With the conformity declaration, manufacturers confirm that they adhere to all
requirements of the European directive under which their product falls.
CE marking Machines that are useable, ready to use and ready for operation in compliance
with the machinery directive are identified with the CE marking within the scope of
the conformity declaration.
Safety components are assigned the EC Declaration of Conformity only, but no
CE marking.
Notes
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
EN ISO 12100
EN ISO 14121
TYPE (IEC 61508)
Basic A
standards Basic terminology EN 954 (until 2011)
Basic design principles EN ISO 13849
General aspects (EN IEC 60204)
TYPE B (EN IEC 62061)
Group
standards B1 standard: General safety aspects EN 13850
B2 standard: safety-related equipment (Emergency Stop)
TYPE C
Product
standards Detailed safety requirements for a specific machine
A standards A standards are fundamental safety standards that contain basic terminology,
methodology and basic principles for design for all machinery. They primarily
address the institutions setting the B and C standards.
B standards Group standards with aspects that affect several similar machines in the same or
similar manner. The B standards also primarily address the institutions setting the
C standards. They can, however, also be helpful for manufacturers in the design
and production of a machine when no relevant C standards exist.
B1: Group safety standard containing general overriding safety aspects
(ergonomic design principles, safety clearances, etc.)
B2: Specification, among others, of (protective) safety devices of an overall nature
for (Emergency Stop, two-hand control devices, safety-related parts of control
systems, etc.)
C standards are product or engineering standards that detail the requirements of the A and B
standards for specific products and describe requirements for protective measures
that protect against all significant hazards of a machine.
If a C standard exists for a machine, it has the highest priority for a machine
manufacturer. If manufacturers conform to it they can presume that they are
fulfilling the basic requirements of Annex I of the Machinery Directive
("Presumption of Conformity"). The C standard's Annex ZA lists all requirements
that are fulfilled when complying with the C standard.
If no C standard exists for a machine, B standards must be consulted as a
guideline for machine construction.
Type A
Basic
safety standards
IEC 61508
ISO 12100 ISO 14121 Functional safety of
(EN292) (formerly EN 1050) electrical/electronic/
Safety Safety of machinery programmable electronic
of machinery Principles of risk assessment safety-related systems
SITRAIN
ST-PPDS / Standards Overview Page 9 Siemens AG © 2010
EN ISO 12100 The term safety of machinery looks at the capability of a machine to execute its
(formerly EN292) foreseen function during its entire lifecycle whereby risk has been sufficiently
reduced.
In the design of a machine, the hazards are of primary concern for the machine
manufacturer:
Mechanical: crushing, shearing, cutting
Electrical: contact with energized, electrostatically charged parts,
spattering melted parts in the event of a short-circuit
Miscellaneous: thermal hazards, noise
ISO 14121 This standard describes a procedure for identifying hazards and for assessing risk.
(formerly EN1050) It is a guide for decision making in the development stage of a machine and helps
in the planning of suitable and harmonized B and C standards.
IEC 61508 IEC 61508 defines methods for achieving the functional safety of products. This
standard applies worldwide and serves as the basis for specifications and for the
drafting and operating of Safety Instrumented Systems.
IEC 61508 is not a standard that has been harmonized under an EU Directive. It is
the basic standard for the harmonized IEC EN 62061 and ISO EN 13849
standards, which reference IEC 61508. Wherever IEC61508 is referenced, it is an
"other applicable" standard further to the respective, harmonized standard.
Electrical
B1 Safety- equipment Functional
Safety of
related parts of Safety of of
control systems machinery machines machines
EN 954-1 ISO EN 13849-1 EN 60204-1 IEC EN 62061
Emergency stop
Two-hand Light barriers,
equipment, Laser scanners
B2 control devices Principles for design EN 61496
light curtains
EN 574 EN 61496
EN 418
SITRAIN
ST-PPDS / Standards Overview Page 10 Siemens AG © 2010
EN 954-1 The categories (B, 1 to 4) describe the required behavior of safety-related parts of
a control system with respect to its towards possible hazardous faults (fault
detection, fault control). EN 954 offers support during the design and assessment
of safety-related solutions on a machine.
EN 60204 This standard applies to the use of electrical and electronic devices and systems
of machinery that are not carried by hand while working, including a group of
machines that work together in a coordinated fashion.
IEC 62061 Safety of machinery – Functional safety of safety-related electrical, electronic and
programmable electronic control systems
This international standard has been listed under the Machinery Directive as
EN 62061:2005 since 2005 and is thus harmonized.
The aim of this standard is to define specification of the performance of electrical
control systems in conjunction with significant hazards. The aspects of the entire
safety lifecycle and the safety requirements up to the safety validation are
examined here.
SITRAIN
ST-PPDS / Standards Overview Page 11 Siemens AG © 2010
Product standards In the C standards, only reference is made to the general statements formulated in
A and B standards.
Product standards contain machine-specific requirements which, depending on the
circumstances, could also deviate from the basic and group standards.
C standards have absolute priority for machine manufacturers. They can presume
that they therefore comply with the essential requirements of Annex I of the
Machinery Directive (listed in Annex ZA of the C standard) and thus the "automatic
presumption of conformity" applies to them.
If no product standard exists for a machine, B standards can be used as help in
the design of a machine.
SITRAIN
ST-PPDS / Standards Overview Page 12 Siemens AG © 2010
Functional safety The safety-related parts of a control system must be designed in such a way that
they work reliably according to the hazard risk when used in accordance with their
intended purpose and in foreseeable cases of misuse, and also when faults occur.
The following are to be prevented by avoiding systematic faults and by controlling
systematic and random faults in safety-related functions:
• Human injuries or death
• Disastrous impacts on the environment
• Destruction or damaging of production facilities and industrial goods,
including production losses (optional)
Increasing risk
Principle of The aim is to reduce risk to a tolerable level. First, an attempt is made to
risk reduction implement risk-reducing measures to reduce the overall risk of a machine by
structural measures (e.g. affixing a protective guard or warning signs).
If a risk regarded as too high then still exists, an attempt is made with the safety-
related parts of the control system to achieve a further risk reduction. These are
ultimately the so-called safety functions such as a safety-door monitoring function
with a position switch and a safety relay or a fail-safe PLC.
What remains in the end is an actual risk that is lower than the tolerable or
acceptable risk.
Risk A risk involves various elements, which are described in detail in the standard:
• Extent of harm
• Frequency and duration of hazard exposure
• Probability of occurrence
• Possibility of risk avoidance or limiting
Reference to The assessment of the named risk elements defines the level of the requirements
ISO13849 IEC62061 for risk reduction measures and thus represents the input parameter for the risk
graphs according to ISO 13849-1 (EN954-1) and the SIL classification according
to IEC 62061.
How
Severity of severe • Severe
injury • Slight
How
Frequency often
and/or • Frequent
exposure time • Seldom
How
probable
Possibilities • Hardly possible
of avoidance • Possible
SITRAIN
ST-PPDS / Standards Overview Page 14 Siemens AG © 2010
PLr
P1
F1 a
S1 P2
P1 b
F2
P2
c
P1
F1
P2
S2 P1 d
F2
P2
e
SITRAIN
ST-PPDS / Standards Overview Page 15 Siemens AG © 2010
PLr A required performance level (PLr) must be defined and documented for every
chosen safety function.
3 5 4 3 12 Door monitoring,
Risk of crushing SIL2
deactivating axes XY
Kommentare
SITRAIN
ST-PPDS / Standards Overview Page 16 Siemens AG © 2010
AV Avoidance possibilities
• Structural measures
• Surveillance of operation (e.g. also using video cameras)
• Deployment of specially trained personnel
SITRAIN
ST-PPDS / Standards Overview Page 17 Siemens AG © 2010
Safety The categories of EN 954-1 were independent of a specific solution and did not
performance provide a clear measure of the safety performance of a control system.
IEC 62061 and ISO 13849-1 consider safety functions as follows:
• A particular hazard (through a machine) can be assigned to a defined safety
function
• The required safety performance can be determined for a defined safety
function
The required safety performance is dependent on the specific solution and risk:
• IEC 62061: Safety Integrity Level (SIL)
• ISO 13849: Performance Level (PL)
Closed
Open
SITRAIN
ST-PPDS / Standards Overview Page 18 Siemens AG © 2010
EN ISO 13849-1
EN 954-1
Closed
Open
SITRAIN
ST-PPDS / Standards Overview Page 19 Siemens AG © 2010
EN ISO 13849-1
EN 954-1
Closed
On
Open
**Mirror contacts
Positively-opening
SITRAIN
ST-PPDS / Standards Overview Page 20 Siemens AG © 2010
EN ISO 13849-1
EN 954-1
Notes:
Category 2 of EN 954-1 can only be fulfilled if a warning (message) is issued automatically in the event of
failure of the actuator or the machine control initiates a safe state. Otherwise, a second deactivation path
is necessary.
In the case of single-channel use (HFT=0) of electromechanical components (e.g. position switches),
SFF<60% and DC=0 apply because no diagnostics possibilities are available. If the electro-mechanical
components have proven themselves in operation (in compliance with ISO 13849) and if they are used
in compliance with Cat. 1 or PLc (because PLc requires a "high" MTTFd value), SILCL=1 can also be
achieved (see Corrigendum 1 of IEC62061).
On
Closed
Open
* *Mirror contacts
Positively-opening
SITRAIN
ST-PPDS / Standards Overview Page 21 Siemens AG © 2010
EN ISO 13849-1
EN 954-1
On
Closed
Open
**Mirror contacts
Positively-opening
SITRAIN
ST-PPDS / Standards Overview Page 22 Siemens AG © 2010
EN ISO 13849-1
EN 954-1
SITRAIN Training for ST-PPDS
Automation and Industrial Solutions Page 22 Standards Overview
Application limits
of IEC 62061 – ISO 13849
IEC 62061
Is applicable to all electrical and electronic systems of any architecture
(SIL 1 to 3)
Programmable logic controllers (PLCs, etc.) must fulfill IEC 61508
ISO 13849-1
Is applicable without restrictions to hydraulic, pneumatic and electromechanical
systems.
Is applicable to programmable electronic systems with restrictions only
(e.g. in the case of PLe, the firmware must comply with the requirements of
IEC 61508, Part 3, Section 7 for SIL 3)
Programmable logic controllers for PLe (PLCs, etc.) must fulfill IEC 61508
The calculation concept of ISO 13849-1 is based on defined architectures
(Cat. B, 1, 2, 3, 4)
SITRAIN
ST-PPDS / Standards Overview Page 23 Siemens AG © 2010
ISO 13849 The aim of this standard is to serve as a guide for design and assessment of
safety-related control circuits with regard to their ability to execute a safety function
under predictable conditions.
It considers control systems that perform safety functions in…
• simple machines
(e.g. a small kitchen appliance or automatic doors and gates)
• ranging to manufacturing facilities
(such as packaging machines, printing machines or presses)
Safety-related parts of control systems are:
• non-disconnecting protective devices
(such as two-hand control devices or interlocking devices)
• protective devices operating without physical contact
(such as light barriers or pressure-sensitive protective facilities)
• control modules
(such as logic for control(ler) functions, data processing, monitoring, etc.)
• circuit-breaker elements (such as relays, valves, etc.)
IEC 62061 The aim of this standard is to define the safety performance of safety-related
electrical, electronic and programmable electronic control systems (SRECS) in
conjunction with significant hazards.
The aspects of functional safety (no electrical hazards -> IEC 60204) throughout
the lifecycle of a machine are considered here:
• to determine the required safety integrity level for each safety-related control
function that is to be executed by SRECS
• to enable the design of SRECS according to certain safety-related parts of
control systems
• to integrate safety-related parts of control systems designed in accordance
ISO 13849 (without the regulation of safety performance)
• to validate the SRECS
EN 62061
Siemens function example with respect to 62061
http://support.automation.siemens.com/WW/view/de/23996473
EN ISO 13849
BGIA Report 2008
http://www.dguv.de/bgia/13849
Technical book:
Funktionale Sicherheit von Maschinen und Anlagen
Umsetzung der europäischen Maschinenrichtlinie in der Praxis
(ISBN 978-3-89578-366-1)
EU Directives:
Directives, activities related to directives, list of harmonized standards, FAQs, etc.
http://www.newapproach.org
SITRAIN
ST-PPDS / Standards Overview Page 24 Siemens AG © 2010
Notes
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................
....................................................................................................................................