1.10 EN ISO 13849-1 Safety of machinery – Safety-related parts of control systems – Part 1: Basic principles
In October 2006 EN ISO 13849-1 was officially adopted as the successor standard to EN 954-1. Like EN 954-1, it incorporates the safety-related parts of control systems (SRP/CS) in its area of application and all types of machines, regardless of the technology and energy form used (electric, hydraulic, pneumatic, mechanical, etc.). It focuses on the established categories of EN 954-1 and contains special requirements for SRP/CS with programmable electronic systems. With EN ISO 13849-1, in addition to the qualitative approach of EN 954-1, a quantitative consideration of the safety functions is also included. Performance levels (PL) are defined in EN ISO 13849-1 to classify different safety-related capacities into their respective categories. The five PLs (a, b, c, d, e) represent different average probability values of a failure to danger per hour.
Performance levels (PL) in accordance with EN ISO 13849-1
Performance
Level (PL) |
Average probability of a
failure to danger per hour [1/h] |
| a |
≥ 10-5 to < 10-4
|
| a |
≥ 3 · 10-6 to < 10-5 |
| c |
≥ 10-6 to < 3 · 10-6 |
| d |
≥ 10-7 to < 10-6 |
| e |
≥ 10-8 to < 10-7 |
Determining the required performance level PLr
A risk assessment must be performed and documented in order to define the required PLr for each safety function of the safety-related control system. The informative Annex A of the standard presents a qualitative procedure for assessing the risk and for determining the PLr.
Risk parameters:
| S |
Seriousness of injury |
| S1 |
Minor (usually reversible) injury |
| S2 |
Serious (usually irreversible injury including death) |
| F |
Frequency and/or duration of the exposure to the hazard |
| F1 |
Seldom to not very frequent and/or exposure to hazard is brief |
| F2 |
Frequent to continuous and/or exposure to hazard is long |
| P |
Possibility of preventing the hazard or limiting the harm |
| P1 |
Possible under certain conditions |
| P2 |
Not really possible |
Risk graph for determining the PLr for each safety function:
(source: EN ISO 13849-1)
| Legend |
| Start |
Point at which the evaluation of the contribution to the risk minimization begins |
| L |
Low contribution to risk minimization |
| H |
High contribution to risk minimization |
| PLr |
Required performance level |
|
Determination of the performance level reached
The following safety-related parameters are required for determining the performance level of components/devices:
EN ISO 13849-1
parameters |
Meaning |
| Cat. |
Category (B, 1, 2, 3, 4), structural setup as the basis for determining a specific PL
|
| PL |
Performance level (a, b, c, d, e) |
| MTTFd |
Mean time to dangerous failure |
| B10d |
Number of cycles with which 10 % of a random selection of the considered abrasion-prone pneumatic or electro-mechanical components have a failure to danger. |
| DC |
Diagnostic coverage |
| CCF |
Common cause failure |
| TM |
Service life, intended usage time (mission time) |
Further parameters to be considered are the influence that operational factors such as request rate and/or the test rate of the safety function can have on the resulting PL.
The following parameters are required for determining the PL:
| Category |
(in accordance with the architecture) |
| MTTFd |
(mean time to dangerous failure) |
| DCavg |
(average diagnostic coverage) |
| CCF |
Common cause failure (required from category 2) |
The combination of category and DCavg determines which column is to be selected. The respective shaded area is then determined in the column in accordance with the MTTFd of each channel. The resulting PL can now be read on the vertical axis.
Relation between the categories, DCavg, MTTFd of each channel and the resulting PL:
(source: EN ISO 13849-1)
Assessing of the CCF effect
This qualitative process should be applied to the entire system. Each component of the safety-related part of the control should be considered.
The following table lists a portion of the processes for quantification for measures against CCF.
| Draft/Application/Experience |
| Protection against overvoltage, overpressure, overcurrent etc. |
| Use of approved components |
| Evaluation/Analysis |
| Have the results of a failure mode and effect analysis been taken into account in order to avoid failures resulting from a common cause during development? |
| Competence/Training |
| Have designers/technicians been trained in recognizing the causes and effects of failures resulting from a common cause? |
Validation
The design of a safety-relevant control function must be validated. The validation must show that the design of each safety function satisfies the corresponding requirements (source: EN ISO 13849-2).
|
