Click on the advert above to visit the company web site

Product category: Machine Safety Monitoring and Control
News Release from: Pilz Automation Technology | Subject: ISO13849-2
Edited by the Engineeringtalk Editorial Team on 30 July 2004

Validation of safety-related control
systems

ISO13849-2 gives machine builders a standard against which they can work when validating safety-related control systems.

Designers of machinery and control systems have worked for many years with BS EN954 (Safety of machinery, Safety related parts of control systems), with Part 1 (General principles for design) being one of the key documents Less well known is prEN 954-2 (Safety of machinery, Safety related parts of control systems, Validation)

This was intended to be the second part of this important standard but, as can be seen by the "pr", it never progressed beyond the status of a draft.

However, with EN954-1 soon to be replaced by ISO13849-1, the standards committees have pressed ahead with the corresponding ISO13849-2:2003 (Safety of machinery, Safety related parts of control systems, Validation), which would have replaced and superseded EN954-2 had that part of the earlier standard ever been ratified.

As can be seen from the date, Part 2 of ISO13849 was published in 2003, in advance of Part 1, so it therefore refers to both EN954-1 and ISO13849-1.

Because of the unusual timing arrangements, there could well be a degree of confusion when ISO13849-1 is published; for example, there are references in Part 2 to "categories" (in line with EN954-1), whereas ISO13849-1 is expected to refer to "performance levels" used alongside categories.

Nonetheless, the existence of a published ISO13849-2 gives machine builders a standard against which they can work when validating safety-related control systems.

The scope of BS EN ISO13849-2 is relatively broad, encompassing the validation of safety-related parts of control systems that use mechanical, pneumatic, hydraulic and electrical (and electronic) technologies.

But machine builders working with programmable electronic systems are directed towards IEC61508 and IEC 62061.

Validation requires both analysis and testing in most cases, and the standard states that the validation shall "demonstrate that each safety-related part meets the requirements of EN954-1 (ISO13849-1), in particular: the specified safety characteristics of the safety functions provided by that part, as set out in the design rationale, and; the requirements of the specified category".

Importantly, the rigour of validation increases with the required performance level and complexity.

For complex systems, validation should be carried out by persons who are independent of the design of the safety-related parts.

A flow diagram in ISO13849-2 shows the validation process, with the preparation of the validation plan coming first.

Furthermore, it is recommended that the analysis should commence in parallel with the design process in order that problems can be corrected as soon as possible and at minimum cost.

Other activities that can be started at an early stage are the preparation of generic fault lists and specific fault lists.

These lists can be compiled using the tables included in the informative appendices to ISO13849-2, and criteria are provided that, if met, permit faults to be excluded (for example: in the case of a relay, the fault might be simultaneously closing of normally open and normally closed contacts; this can be excluded if positively driven (or mechanically guided) contacts are used).

Of course, documentation is an essential element of meeting the requirements of ISO13849-2, although most of this information should be available already if the requirements of EN954-1 (ISO13849-1) are being met.

A look-up table within ISO13849-2 shows what types of documentation are required, depending on the category.

In addition, the validation analysis and testing must be recorded.

For the analysis, both top-down techniques (such as fault tree analysis) and bottom-up techniques (such as failure modes and effects analysis) can be used, depending on the goal to be achieved.

Testing is described as "complementary to analysis and often necessary"; it should be adequately planned, performed in a logical sequence, and the results recorded.

Tests should be performed on a sample operated at or near to its final operating configuration (for instance, with guards and covers in place).

However, for the validation of categories, the standard refers to three types of validation method: analysis from circuit diagrams; tests on the actual circuit and fault simulation on actual components; and a simulation of control system behaviour, eg by means of hardware and/or software models.

Clearly any software or hardware models will, themselves, need to be validated accordingly.

It is now almost a year since ISO13849-2 was published, and very little has been said or written about it.

Although it is likely that most machine builders working to EN954-1 are performing some form of validation of the safety-related parts of their control systems, they should be aware that there is a standard to which they should work.

Copies of the standard are available through Pilz, which is an official BSI distributor.

• Pilz Automation Technology: contact details and other news
• Email this article to a colleague
• Register for the free Engineeringtalk email newsletter
• Engineeringtalk Home Page

Search the Pro-Talk network of sites

Put your news on Engineeringtalk  |   Advertise  |   Get the free Engineeringtalk newsletter  |   Engineeringtalk Home
About Engineeringtalk  |   Copyright © 2000-2008 Pro-Talk Ltd, UK