Functional Safety

Compliance of safety related controls can be a complex and challenging aspect of machinery safety. Product Compliance Support can support you through the whole process or just part of it.

Areas we can assist are:

  • Advise on compliant risk reduction strategies and which safety related control functions to apply according to ISO12100 and other machine specific type C standards (Safety Concept)
  • Determining which safety related control functions fall under the scope of ISO 13849-1:2023
  • Assistance with correctly defining each safety and its characteristics such as logic, span of control, reset functionality, control modes, priority level, reaction times etc
  • Producing a ‘Safety Requirement Specification’ (SRS) to formalise safety function characteristics
  • Guidance on determining the appropriate Performance Level (PLr) according to ISO13849-1 Annex A.
  • Assistance with design or design review of circuit structure, hardware selection, diagnostic measures.
  • Determine other related safety standards that may apply to specific safety functions such as requirements for interlocking devices (ISO14119), electrosensitive protective equipment such as light curtain or laser scanners (ISO13855) and 2 handed controls (ISO13851).
  • Advice on using programmable safety related controllers
  • Requirements for safety related software including validation of software logic.
  • Help determining a system design concept or detailed system design
  • Verification report Performance Level achieved (PLa) for each safety related function using block diagram and probability of failure calculations using SISTEMA software
  • Assistance with producing validation test routines to document the final implementation of the system is error free.

Deliverables:

Key deliverables we can offer are:

  • ‘Safety concept’ outlining measures to be applied and key design considerations and standards that apply.
  • Safety requirement specification (SRS)
    • Formal list of safety function characteristics.
    • Particularly useful when outsourcing the design of the controls
    • Provides a clear set of requirements when no machine specific standards exist
    • Used to verify and validate each safety function is error free
  • Safety system design document
    • Either a design concept or detailed electrical and hardware design
  • Design verification report to ISO 13849-1:2023 and ISO13849-2:2012
    • Illustration of hardware used in each safety function
    • Evaluation of hardware in terms of category, mean time to failure (MTTFd) and diagnostic coverage (DC).
    • Reliability block diagrams to refine the relationship between subsystems of the safety related parts of the control (SRP/CS)
    • Probability of dangerous failure per hour (PFHD) calculations using a report from SISTEMA software (Safety Integrity Software Tool for Machine Evaluation)
  • Step by step checklist for final validation testing

Background:

The Machinery Directive and The Supply of Machinery (Safety) Regulations 2008 (UK domestic legislation) requires that machinery can be operated, adjusted, and maintained without putting persons at risk.

A key part of these regulations include requirements for machinery controls. Specifically, clause 1.2.1 – ‘Safety and reliability of control systems’ requires that design and construction of the machine prevents hazardous situations arising from the following:          

  • a fault in the hardware or the software of the control system
  • errors in the control system logic do not lead to hazardous situations,
  • foreseeable human error
  • machinery starting unexpectedly
  • safety protective devices failing to remain active
  • Safety related parts of the control system being applied in a non-coherent way
  • Selection of operating modes that impact on the combination of safeguards applied

EN ISO 13849-1 (previously EN954-1) is an international harmonised standard that was introduced in 1995 to give specific guidance and a methodology for these topics and is central to functional safety compliance of machinery.

The standard provides a framework for ensuring that each safety related function has the appropriate level of reliability relative to the level of risk that the function is protecting from. It also provides a methodology for specification, design and validation to prevent unwanted errors arising throughout the implementation process.

Other functional safety standards exist for sectors such as rail (EN 50128), nuclear (IEC 61513) and the process industry (IEC 61511). These standards are derived from parent standard IEC61508. These standards were developed in parallel with machinery functional safety, however many of the principle adopted for machinery were born out of these requirements.

ISO 13849-1 for machinery, has evolved considerably since its introduction. It now adopts a similar quantitative approach to these other functional safety standards whilst still retaining the original concept of ‘Categories’ as means of circuit structure evaluation.

Scope:

As part of the risk reduction process defined in ISO12100:2010, ISO1389-1 should be applied whenever a safety function and its corresponding safety system are used to provide risk reduction.

Functional safety and ISO 13849-1 applies to virtually all machines from simple equipment with a single emergency stop button to large complex assemblies with multiple safety functions and operating modes.

Safety related parts of the control system (SRP/CS) and their subsystems include all devices required to carry out the safety function regardless of energy form (e.g. electrical, pneumatic and hydraulic). This can include power actuators such contactors, valves and inverter drives as well as safety input and logic devices such as safety switches, light curtains and safety relays.

Users of machinery already placed on the market are also subject to the Use of Equipment Directive OR Provisions and Use of Work Equipment Regulations/PUWER (GB domestic legislation). Safety systems should also be evaluated under ISO 13849-1 according the HSE Approved Code of Practice (ACOP) guidance when complying with Regulation 18 ‘Control Systems’.

Requirements

  • ISO13849-1 requires the following before placing the machine onto the market:
  • SRS and design of the safety system to take into account the results of a risk assessment or specification provided in machine specific standards.
  • Performance levels (PLr) should be specified within the SRS.
  • Evaluation of the design to ensure the requirements of the chosen PLr are met.
  • This includes:
  • ‘Probability of failure per hour’ (PFHd) as an estimate of reliability of the function in terms of random hardware failures. This calculation is based three contributing parameters –
    • Mean Time to Dangerous Failure (MTTFd),
    • Category (B, 1, 2,3 or 4) and
    • Diagnostic Coverage (None, Low, Medium or High).
    • Assess ‘Common Cause Failures’ (CCF)(resilience to systematic faults using points system 65 min required)
  • Verify and validate using methods from the standard and the dedicated validation part 2 -ISO13849-2.
  • Clear documentation of the whole process
  • Provide maintenance and information for use.