Compliance inSight Consulting Inc.

Functional Safety and Control Reliability

Worker silhouetted through gears

Engi­neer­ing con­trols are the sec­ond lev­el in the Risk Reduc­tion Hier­ar­chy, imme­di­ate­ly fol­low­ing Elim­i­na­tion or Sub­sti­tu­tion of the haz­ard. Some engi­neer­ing con­trols, such as bar­ri­er guards, fixed, and mov­able guards do not, on their own, need to have a reli­a­bil­i­ty analy­sis done – as long as the basic design require­ments have been met.

Mov­able guards are required to have inter­locks by all mod­ern machin­ery stan­dards. Safe­guard­ing devices includ­ing light cur­tains, safe­ty mats, area scan­ners, and sim­i­lar pres­ence-sens­ing equip­ment must also be con­nect­ed to the con­trol sys­tem of the machin­ery. Since these devices are all required to work auto­mat­i­cal­ly to pro­tect work­ers when they may not be aware of a poten­tial dan­ger, these sys­tems must be reli­able. The ques­tion is…how reliable?

Con­trol reli­a­bil­i­ty require­ments are also applied to Emer­gency Stop systems.

Emer­gency Stop and Safe­guard­ing sys­tems are not the same, and may have dif­fer­ing lev­els of reli­a­bil­i­ty require­ments, with safe­guard­ing typ­i­cal­ly requir­ing high­er lev­els of reliability.


North America

In North Amer­i­ca, CSA and ANSI have been includ­ing con­trol reli­a­bil­i­ty infor­ma­tion in their stan­dards. In Cana­da, CSA Z432 and CSA Z434 ref­er­ence ISO 13849–1 and ISO 13849–2 or IEC 62061 as the fun­da­men­tal func­tion­al safe­ty stan­dards. Addi­tion­al­ly, CSA C22.2 No. 0.8, Safe­ty func­tions incor­po­rat­ing elec­tron­ic tech­nol­o­gy.

In the USA, B11 Stan­dards is the sec­re­tari­at for the devel­op­ment of the ANSI B11 fam­i­ly of Machine Tool stan­dards, and the RIA is the sec­re­tari­at for indus­tri­al robots and the devel­op­ment of RIA R15.06, which now includes ISO 10218–1 and ISO 10218–2, with US deviations.

The ISO and IEC stan­dards speak to the archi­tec­ture of the cir­cuits or sys­tems, the selec­tion of the com­po­nents used, the auto­mat­ic diag­nos­tics, com­mon-cause fail­ure modes.

Europe & International

In the mid-1990s, CEN, the Euro­pean Com­mit­tee for Stan­dard­iza­tion, pub­lished a stan­dard called EN 954–1 – Safe­ty of Machin­ery — Safe­ty Relat­ed Parts of Con­trol Sys­tems — Part 1: Gen­er­al Prin­ci­ples for Design. The scope of this stan­dard dealt pri­mar­i­ly with hard-wired con­trols, and touched briefly on the idea of pro­gram­ma­ble elec­tron­ic con­trols. This stan­dard intro­duced the idea that the reli­a­bil­i­ty of the safe­ty-relat­ed parts of the con­trol sys­tem should be dri­ven by the risk reduc­tion require­ments of the application.

EN 954–1 also intro­duced the con­cepts of reli­a­bil­i­ty cat­e­gories — the now-famil­iar Cat­e­go­ry B, 1, 2, 3 and 4. These cat­e­gories and the relat­ed cir­cuit archi­tec­ture should be a basic part of your cir­cuit design library. If these cat­e­gories aren’t already part of your cir­cuit design library, we need to talk!

Dur­ing the peri­od that EN 954–1 became com­mon­ly known, the IEC intro­duced a new stan­dard that dealt specif­i­cal­ly with the reli­a­bil­i­ty require­ments of pro­gram­ma­ble elec­tric and elec­tron­ic sys­tems, IEC 61508. This mul­ti-part stan­dard brought in a new set of cat­e­gories, or more prop­er­ly, Safe­ty Integri­ty Lev­els (SILs). There are four SIL lev­els, SIL 1 to SIL 4, that are based on fail­ure rates as opposed to cir­cuit archi­tec­tures. This stan­dard brought the idea of Func­tion­al Safe­ty into the stan­dards world, but it also intro­duced a lot of con­fu­sion for machine builders.

In an effort to address the spe­cif­ic needs of machine builders using pro­gram­ma­ble equip­ment in their safe­ty sys­tems, IEC devel­oped a prod­uct fam­i­ly stan­dard, IEC 62061 – Safe­ty of machin­ery – Func­tion­al safe­ty of safe­ty-relat­ed elec­tri­cal, elec­tron­ic and pro­gram­ma­ble elec­tron­ic con­trol sys­tems. This stan­dard is built on the foun­da­tion cre­at­ed by the IEC 61508 family.

Devel­op­ment on EN 954–1 became an ISO project and the stan­dard was renum­bered as ISO 13849–1. Two oth­er doc­u­ments were also includ­ed, ISO 13849–2 – Val­i­da­tion, which was nev­er pub­lished as a full CENELEC stan­dard, and ISO/TR 13849–100, a Tech­ni­cal Report devel­oped by the US TAG to ISO TC 199 that pro­vides some excel­lent guid­ance on the appli­ca­tion of the standard.

In 2006 a new edi­tion of ISO 13849–1 was pub­lished, and again, this one threat­ens to give machine builders some sig­nif­i­cant headaches. The stan­dard intro­duces the idea of Per­for­mance Lev­els, or PL. There are five Per­for­mance Lev­els, PLa through PLe. The per­for­mance lev­els are increas­ing­ly more reli­able as you go from PLa to e, and are based on fail­ure rates sim­i­lar to those found in IEC 61508. The stan­dard keeps the famil­iar Cat­e­go­ry B through 4 archi­tec­tures and adds addi­tion­al factors.

If any of this is unfa­mil­iar to you, we can help. We have pub­lic and pri­vate cours­es avail­able, and we are avail­able to con­sult with you on your projects.

Request a FREE con­sul­ta­tion, or Request a Quo­ta­tion today!