1.11 EN 954-1 „Safety of machinery – Safety-related
parts of control systems"
The European standard EN 954-1 "Safety of machinery– Safety-related parts of control systems" is established as the international state of technology in the area of machine safety. It applies for all safety-related parts of control systems, regardless of the power type used, e.g. electric, hydraulic, pneumatic or mechanical. EN 954-1 defines categories for classifying different safety-related capacities (categories B, 1, 2, 3, 4). The following table shows the categories with requirements for the safety function and required system behavior when a fault occurs.
Categories of the safety-related parts of control systems in accordance with EN 954-1:
| Cat. |
Summary of requirements |
System behavior 1) |
Principle for achieving safety |
| B |
The safety-related parts of control systems and/ or their protective devices and their components shall be designed, constructed, selected and combined in accordance with the applicable standards in such a way that they can withstand the expected influences and effects.
|
The occurrence of a fault can cause the loss of the safety function. |
Predominantly characterized by the selection of components. |
| 1 |
The requirements of B shall be satisfied. Approved components and approved safety principles must be applied. |
The occurrence of a fault can cause the loss of the safety function, but the probability that one will occur is lower than in B. |
Predominantly characterized by the selection of components. |
| 2 |
The requirements of B and the use of approved safety principles shall be ensured. The safety function shall be checked at appropriate intervals by the machine control system. |
The occurrence of a fault can cause the loss of the safety function between the test intervals. The loss of the safety function is detected by the test. |
Predominantly characterized by the structure. |
| 3 |
The requirements of B and the use of approved safety principles shall be ensured. Safety-related parts shall be designed so that:
- An single fault in each of these parts does not cause the loss of the safety function.
- The single faults are detected whenever this is reasonably possibly.
|
If a single fault occurs, the safety function is always maintained. Some but not all faults are detected. An accumulation of undetected faults can lead to loss of the safety function. |
Predominantly characterized by the structure. |
| 4 |
The requirements of B and the use of proven safety principles shall be ensured. Safety-related parts shall be designed so that:
- A single fault in each of these parts does not cause the loss of the safety function.
- The single fault is detected with or before the next request to the safety function, or if this is not possible, an accumulation of faults may not cause the loss of the safety function.
|
If faults occur the safety function is always maintained.
The faults are detected in time to prevent a loss of the safety function. |
Predominantly characterized by the structure. |
1) The risk assessment shows whether or not the complete or partial loss of the safety function(s) that the faults cause is manageable.
Validity of EN 954-1
As already mentioned, EN 954-1 is considered today as the internationally applicable standard in the area of safety-related control systems. One deficiency of this standard is that it does not contain any special requirements for programmable electronic control systems or statements on failure probabilities (probalistic approach). This lead to the formulation of EN ISO 13849-1. EN 954-1 will remain valid during the transition time until 31 Oct. 2009 together with EN ISO 13849-1, and will then be placed by this. Both standards EN-954-1 and EN ISO 13849-1 are listed in the Official EU Journal. In the next 3 years machines can continue to be purely formally evaluated for safety on the basis of EN 954 and certified in accordance with the Machinery Directive.
|
