How EN/ISO13849-2 Eases Validation for Programmable Safety Control

Understanding the validation requirements in EN/ISO13849-2 are critical in an efficient design process for the development of safety systems. This article provides some important points for both developers of the products or systems and for the validators.

As has been well documented, EN/ISO13849 is now taking center stage in the machinery industry due to the implementation of this standard as of January of 2012. Therefore it would be helpful to have a better understanding of the validation approach of the standard. Fortunately 13849-2 provides exactly that guidance. As they say in the movies, “we can do this the easy way or we can do this the hard way.” Having a high level overview of the validation process might not make this “easy” but it can help avoid making it unnecessarily difficult. Everyone involved with the development and validation of a product or system intended to be compliant with EN ISO13849 will benefit from understanding the guidance on fault exclusions and certainly the documentation requirements. As we’ll show below, the design team and the validation team should be independent. However, the overall design process will be much smoother if the design team is aware of options available in excluding faults and what the trade-offs might be between designing for a fault exclusion or not.

Independence

The first step is to understand who should be involved.  At UL we have first-hand knowledge of the benefits of independent review. Even with extremely experienced product development engineers it is very difficult to design the product and objectively verify it meets requirements. EN ISO 13849 recognizes that a proper and thorough review can best be done by an independent team, and states in the validation principles section 3.1, that validation shall be carried out by “persons independent of the design of the safety related part(s)”. The level of independence should reflect the safety performance of the safety related part. It’s important to point out however, that the validation team does not pick up where the design team leaves off or in other words sequentially get started after the design team is finished development. Throughout the design process the validation team should be involved. The standard states in paragraph 3.1 that “The analysis should be started as early as possible and in parallel with the design process, so that problems can be corrected early whilst they are still relatively easy to correct”. In other words, the major principle of the V-model approach shall be followed. Understanding that the analysis might not be possible on some parts until the design is further along, the standard does allow for the analysis to be performed later when the design is more developed.

Overview

Figure 1 of ISO 13849-2 provides an overview of the validation process.  In short, validation consists of a combination of analysis and testing, with analysis being required in all cases but depending on the technology, testing also will be a necessary component of the validation process.  The balance between the analysis and/or testing depends on the technology.

The analysis can be either “top down” Fault Tree Analysis or Event Tree Analysis,  where the analysis starts with the fault condition and then analyzes the conditions and probabilities leading up to it. “Bottoms up” analysis  such as Failure Mode Effects Analysis or Failure Mode Effects and Criticality Analysis is where the analysis starts at the component level or function level and analyzes the effect on the system.

Faults

As described in ISO EN 13849-1 it is not always possible to evaluate a safety system without assuming some faults can be excluded. Further the standard goes on to explain that fault exclusions are a technical compromise between technical safety requirements and the theoretical possibility of a fault occurring. The details however of the fault exclusions are in ISO EN 13849-2. The informative Annexes A-D (Annex A provides fault exclusion detail for Mechanical Systems, Annex B for pneumatic, C for Hydraulic and D for Electrical system) give more detail regarding fault lists (or what is included) and included and fault exclusions, i.e. what faults should be excluded from the validation process.

For a designer it’s important to understand how the design can affect the validation analysis and testing. For instance it’s important to understand that the short circuit between printed wiring board traces may be excluded provided certain criteria as stated in the standard for Insulation Coordination on Printed Wiring boards IEC 60664 (Insulation Coordination for Low Voltage Systems) is met, or that a relay fault in either the open or closed position cannot be excluded.

Documentation

Table 2 provides a list of documentation necessary for each category. As the categories increase, the documentation or rigor associated with the validation increases. Again this information is important for the design team to be aware of while designing the system since development of documentation is easier when included in the design process in contrast to doing this separately to the design process.

Conclusion

Altogether, this means that ISO 13849-2, despite its title “Validation”, is in fact a valuable tool not only for the verification & validation engineer, but also very important for the safety system designer. Our experience is indeed that designing a  safety system in accordance with ISO 13849, Part 2 is as necessary and as used  as  Part 1.

When ISO 13849-1 is compared to IEC 62061, it is often said that ISO 13849-1 is weak on the process (or functional safety management) side. This is maybe because not enough attention is paid to the Part 2 of ISO 13849.

Although the Part 2 is dated from 2003, it contains information and guidance that is essential for designing and evaluating a safety-related control system for machinery in accordance with ISO 13849-1:2006. And such information and guidance is what processes and functional safety management should be concerned with. In the currently ongoing effort to merge IEC 62061 and ISO 13849, the approach of ISO 13849-2 is hopefully a good source of inspiration for how to make processes and functional safety management requirements a simple and valuable tool.

For further information on Functional Safety and EN ISO13849 please contact Kevin Connelly at UL: call 631-546-2691 or e-mail kevin.connelly@ul.com

Have an Inquiry for Siemens about this article? Click Here >>