Click on the advert above to visit the company web site

Product category: Machine Safety Components
News Release from: Pilz Automation Technology | Subject: Advice on safety standards
Edited by the Engineeringtalk Editorial Team on 09 January 2004

New standard on safety-related control
systems

Anyone involved in the specification, design, manufacture, procurement, installation, commissioning, operation, maintenance or modification of machinery should be aware of the new IEC62061 standard.

Anyone involved in the specification, design, manufacture, procurement, installation, commissioning, operation, maintenance or modification of machinery should be aware of a new standard that is nearing publication: IEC62061, "Safety of machinery - functional safety of safety-related electrical, electronic and programmable electronic control systems" This is now available in the form of a draft for public comment and it is possible that it will come into force in 2004

Most readers will have heard of IEC61508, even if they are not familiar with its contents.

IEC61508 is a seven-part standard that forms the generic document for a (proposed) range of industry specific standards.

One of the daughter standards for IEC61508 is IEC62061, a single-part standard with annexes, directed specifically at the machinery sector.

It is applicable to safety-related electrical, electronic and programmable electronic (E/E/PE) control systems on machines or combinations of machines working together.

This standard differs in many ways from the existing BS EN954-1 standard, especially in that it is only concerned with E/E/PE control systems and it is risk-based.

That is, it requires the user to specify a level of risk reduction based on a risk assessment (which may be based on quantitative or qualitative methods).

The level of risk reduction is defined as a figure for permitted dangerous failures of the safety system.

The risk assessment is used to indicate a safety integrity level (SIL) that defines a level of performance in terms of permitted dangerous failures per hour (DFH).

When Annex 1 of the standard is complete, it will detail preferred methods for performing the risk assessments based on BS EN ISO12100 (Safety of machinery - basic concepts, general principles for design) and ISO14121 (Safety of machinery - principles of risk assessment, equivalent to EN1050).

IEC62061 follows the same format as the generic standard in that it uses a lifecycle approach, though in this standard the number of phases is reduced to six and they are referred to as 'clauses'.

The discussion of these 'clauses' commences in the standard at Clause 4.

Clause 4: "Management of functional safety" requires that a procedure be put in place to specify the management and technical activities that are necessary for the achievement of the required functional safety of the safety-related system.

This includes defining and assigning the responsibilities of all those people or departments that will be used.

Competence of those assigned is tacitly referred to here, as in the rest of the clauses.

Clause 5: "Requirements for the specification of safety-related control functions" is the preparation of the safety requirements specification and, from that, the generation of the functional safety specification.

Also in this clause is the requirement to identify a SIL for each safety related function.

Note that the phrase "safety-related control function" is abbreviated to SRCF throughout the standard.

Clause 6: "Design and integration of the safety-related electrical control system" is equivalent to phase 9 of IEC61508.

Here the standard details the requirements for the design of the hardware - and, where necessary, the design of the software.

Depending on the SIL indicated in clause 5, the system architecture will need be determined.

Criteria such as safe failure fraction (SFF), diagnostic coverage (DC), hardware fault tolerance and common cause failures (CCF) need to be considered.

Note that the phrase "safety-related electrical control system" is abbreviated to SRECS throughout the standard.

Clause 7: "Information for use of the SRECS" covers the requirement for all aspects of the SRECS to be documented.

All of the necessary information that needs to be supplied with the machine for both operation and maintenance must be put into the machine manuals.

Clause 8: "Validation of the safety-related electrical control system" requires that the SRECS as installed and commissioned be inspected and tested to ensure that the requirements of clause 5 have been met.

Clause 9: "Modification" covers the continued maintenance of the system as far as modifications are concerned; modifications may be necessary due to changes in functional requirements, new legislation or shortfalls in the original SRS.

The standard requires that a full impact analysis be completed and documented before the modification is made.

Revalidation to the changed circumstances, as in clause 8, will also be needed.

This standard is a major change in complexity from the original BS EN954-1, but it is not too far away from the proposed ISO13849-1 (Safety of machinery, safety related parts of control systems, general principles for design) that is planned to replace BS EN954-1 (read more about this on the Pilz support website).

It is conceivable that, as both new standards are based on the generic standard IEC61508, there may be some discussion as to whether two standards with similar (but slightly different) scopes are necessary.

It may be that both are combined but, either way, there should be at least one of these harmonised to the Machinery Directive sometime in 2004.

• Pilz Automation Technology: contact details and other news
• Email this article to a colleague
• Register for the free Engineeringtalk email newsletter
• Engineeringtalk Home Page

Search the Pro-Talk network of sites

Put your news on Engineeringtalk  |   Advertise  |   Get the free Engineeringtalk newsletter  |   Engineeringtalk Home
About Engineeringtalk  |   Copyright © 2000-2008 Pro-Talk Ltd, UK