Companies selling industrial equipment in Europe must comply with European regulations that can be confusing. That’s the case for these who must comply with the Essential Health and Safety Requirements defined in the Machinery Directive 2006/42/EC, since it specifies compliance with two different standards.
Those two are ISO 13849 and IEC 62061which were developed by two different standards groups for different product types. They have some commonalities: both target machinery and component manufacturers, both require quality management systems and processes for document signoffs and changes.
However, they also have several differences, said Joe Lenner, Senior Functional Safety Engineer at TUV Rheinland of North America Inc. in a recent Webcast. The International Organization for Standardization developed ISO 13849 primarily for straightforward architectures, so it’s very simplified with very conservative estimates. It focuses primarily on electrical, hydraulic and mechanical systems.
The International Electrotechnical Commission’s IEC 62061 is recommended for more complex systems and architectures defined by the company seeking to market in Europe. It requires a more accurate assessment of risk reduction. The standard is written primarily for electronics, with no dependence on specific architectures. It also specifies some of the environmental issues developers need to contend with.
Right now, companies have to determine which of these two standards to use. However, that will change in a few years. ISO and IEC have formed a joint working group that has a goal of unifying ISO 13849 and IEC 62061. They plan to develop a single standard that will be dual listed as ISO/IEC -17305. But that will take a while.
“For next three years plus, companies will have to work with both standards,” Lenner said. “Developers need to be careful how they make their selection.”
To comply with ISO 13849, vendors must begin by drafting a declaration of conformity, which must include factors such as the test techniques used. Certain very dangerous machines require certification, most others companies can document compliance themselves. The standard includes diagnostics, but many aspects are carryovers from earlier standards.
“If you complied with EN-954 categories, you would also have the ability to comply with ISO 13849,” Lenner said.
IEC 62061 also builds upon an earlier standard, it employs relevant requirements of IEC 61508 for safety of machinery. IEC 62061 follows same principles to achieve functional safety, though it is simpler to implement than 61508. The new standard is more risk dependent.
Risk assessment is an important aspect for both ISO 13849 and IEC 62061. Both set levels determined by categories, which are determined by fail safe capabilities determined by redundancy, common cause failures and other factors.
The standards use different parameters for determining risk. ISO 13849 assesses the probability of a dangerous failure per hour, setting risk using performance levels (PL) using five rankings: a, b, c, d and e.
ISO 62061 focuses on dangerous failures per year, setting three safety integrity levels (SIL) 1, 2 and 3. As levels go higher, safety and complexity also increase.
“If you tried to do SIL 3 in a single channel with a microprocessor, without hardware fault tolerance, it would be very difficult,” Lenner said. “You need to look at the full life of the machine, and you should aim for a lifetime of 20 years.”
Hardware reliability is one of the primary quantitative aspects of the ratings for both standards. Design teams can use mean time to dangerous failure (MTTFd) to determine the average operating time without a dangerous failure in one channel.
Common cause effects are another form of quantitative analysis for both standards. These common cause failures result from a single cause and can impact more than one channel.
Frequent problems are external stress such as excessive temperature, high electromagnetic interferences and the lack of spatial separation between channels. Common causes also include systematic design failures due to the high complexity of the design.
A primary goal of the two standards is to drive undetected failures down to the smallest levels possible. The standards aim to reduce failures classified as safe, but dangerous failures are a primary focal point. If failures are deemed to have dangerous consequences, product developers must determine whether they can be detected before they result in hazard or dangerous conditions.
Once these faults are pinpointed, the primary goal is to eliminate them. If they can’t be removed, safeguards must be installed, so injuries don’t occur.
There are several ways to determine the potential for errors. Equipment and component suppliers can provide a wealth of data on failure rates. Companies can also find suggested diagnostic techniques that can be used to check for some issues. Testing is yet another technique. Developers can also use equations included in the standard to determine levels.
There are also many ways that developers can find help. Standards organizations offer limited types of assistance, offering a wealth of data on their Websites. Many suppliers can provide assistance related to their equipment or components. Third party suppliers also provide consulting services that can help companies get up to speed quickly.
Siemens provides a no charge online “Safety Evaluation Tool” that can assist you in the safety calculations and design, for both the ISO 13849-1 & IEC 62061 machine safety standards. This tool is available online at www.siemens.com/safety-evaluation-tool
Have an Inquiry for Siemens about this article? Click Here >>