Bs En Iso 13849-1 Pdf

[Ariel Wascom]

The greater the risk, the higher the requirements of the control systems. The hazardous situation is classified into five levels, known as Performance Levels (PL), from PL "a" (low) to PL "e" (high). The required PL is determined and assigned as part of the risk assessment in accordance with EN ISO 13849-1.

The last edition of EN ISO 13849-1 was published in 2015. The standard is based on a probabilistic approach for the assessment of safety-related control systems and contains internationally unified requirements, referring to the risk assessment, required Performance Levels and identification of safety-related control parts, through to implementation of safety functions.

ISO 13849-1 uses a graph to deal with the assignment of risks to the required Performance Level and uses structural and statistical methods to evaluate safety functions. The objective is to establish the suitability of safety measures to reduce risks.

In the European Union, the standard EN ISO 12100 is used to determine the steps you need to consider when assessing and reducing risk on machinery. The evaluation and verification of safety functions are the prevail of the standards EN ISO 13849 and EN IEC 62061. The design of the safety-related parts of control systems is an iterative process, which is executed in several steps:

Risks are assessed in EN ISO 13849-1 with the aid of a graph. The assessed criteria include severity of injury, frequency of exposure to the risk and the possibility of avoiding the risk. The outcome of the assessment is the required Performance Level (PL) for the individual safety functions, which are intended to minimise the risks.

If "C" is selected OR "B" is selected at least three times: P2
If "C" is not selected AND "B" is selected twice: P1 or P2, depending on the specific situation
If "C" is not selected AND "B" is zero or selected once: P1

The risk is the combination of the probability of occurrence of harm and the severity of that harm. Typically, several safety functions are available to reduce the risks. Each safety function is implemented as a combination of several subsystems. A subsystem is a unit of the architectural design of a safety-related system at the highest level, whereby the architecture represents the specific configuration of hardware and software elements in a Safety-related Control System (SCS). Subsystems are either already validated by the manufacturer or are designed as new subsystems by the machine manufacturer or integrator.

A Safety Requirements Specification (SRS) is required for a clear description of the safety functions. This is documentation containing all the details required for safe and correct performance of the safety functions. The following is recorded for each safety function:

The requirements of application software have been increased in comparison with the previous version EN ISO 13849-1: 2015. An informative Annex N has been included on the subject of avoiding faults/fault avoidance measures for the safety-related software design. ISO 13849-1 now covers various software types:

Also, suggestions for improvement have been included, with regard to how these can be linked to the requirements for programming languages with limited (LVL = Limited Variability Language) or unlimited language scope (FVL = Full Variability Language).

An informative Annex L has been incorporated into ISO 13849-1. This contains details of how to guarantee sufficient EMC noise immunity. EMC interference can mean that electrical or electronic systems behave unexpectedly. For this reason, basic measures should be taken against EMC influences at subsystem and overall system level. Various options are listed for this, including the help of an EMC measures table. The EMC Directive regulates the essential requirements for electromagnetic compatibility.

ISO 13849 is a safety standard which applies to parts of machinery control systems that are assigned to providing safety functions (called safety-related parts of a control system).[1] The standard is one of a group of sector-specific functional safety standards that were created to tailor the generic system reliability approaches, e.g., IEC 61508, MIL-HDBK-217, MIL-HDBK-338, to the needs of a particular sector. ISO 13849 is simplified for use in the machinery sector.

ISO 13849 is designed for use in machinery with high to continuous demand rates. According to IEC 61508, a HIGH demand rate is once or more per year of operation, and a CONTINUOUS demand rate is much, much more frequent than HIGH. For systems with a LOW demand rate, i.e., less than once-per-year, see IEC 61508, or the appropriate sector-specific standard such as IEC 61511.

According to an informal stakeholder survey done in 2013, more than 89% of machine builders and more than 90% of component manufacturers and service providers use ISO 13849 as the primary functional safety standard for their products.[4]

The second edition of ISO 13849-1 was published in 2006. That edition introduced MTTFd, DCavg, and CCF for the first time. The revisions incorporated the recommendations developed through the EU STSARCES project.[6] and [7]

The third edition of ISO 13849-1 was published in 2015. The revision included additional technical explanations and clarification of the analytical methods.This edition was reaffirmed in 2020, while a new revision was started.

Following ISO 13849-1, the design of the safety system is based on a risk assessment performed by the manufacturer of the machine.[8] The risk assessment identifies the safety functions required to mitigate risk and the performance level these functions need to meet to adequately mitigate the identified risks, either completely, or in combination with other safeguards, e.g., fixed or movable guards or other measures.

The Annex A decision tree, Figure A.1, is provided as an example of how the PLr can be determined. The Annex A method is not a risk assessment tool since the output from the tool is in terms of Performance Level, not risk. Figure A.1 cannot be used for risk assessment. Examples of a risk matrix and a risk decision tree are given in ISO/TR 14121-2.[9]Risk assessment is typically done in at least two cycles, the first to determine the intrinsic risk, and the second to determine the risk reduction achieve by the control measures implemented in the design.

Each safety function identified in the risk assessment is assigned a required Performance Level (PLr) based on the intrinsic risk determined through the risk assessment. The intrinsic risk is the risk posed by the machine if no risk control measures were present, or if the risk control measures fail or are defeated by the user.

The Performance Level of a safety function is determined by the architectural characteristics of the controller (classified according to designated architectural categories, Category B, 1, 2, 3, 4), the MTTFD of the components in the functional channel(s) of the system, the average diagnostic coverage (DCavg implemented in the system, and the application of measures against Common Cause Failures (CCF). Category B, 1 and 2 architectures are single channel, and therefore offer no fault tolerance.

Each designated architecture has an associated block diagram. When analyzing SRP/CS designs, a block diagram should be developed to assist the analyst in calculating the MTTFD of the functional channel(s).

Category B represents the basic category. This category is single-channel, and can include components with MTTFD = Low or Medium. Components must be suitable for use in the application, and specified appropriately for the conditions of use, i.e., voltage, current, frequency, switching frequency, ambient temperature, pollution class, shock, vibration, etc. Since Category B is single channel, DCavg = NONE. CCF is not relevant in this category.

Category 1 achieves increased reliability as compared to Category B through the use of MTTFD = High components. These components are deemed "well-tried components" and are listed in ISO 13849-2, Annexes A through D. Additionally, components that have been tested by the manufacturer and approved according to the relevant component safety standard, e.g., IEC 60947-5-5, are also considered well-tried. Since Category 1 is single channel, DCavg = NONE. CCF is not relevant in this category.

Safety-related parts of control systems (SRP/CS) require validation. ISO 13849-2 includes all of the details required for the validation using analytical techniques (including FMEA, FMECA, FMEDA, IFA SISTEMA or any of the other analytical tools available), functional testing, and documentation in a validation record.

failure of an element and/or subsystem and/or system that plays a part in implementing the safety function that:
a) prevents a safety function from operating when required (demand mode) or causes a safety function to fail (continuous mode) such that the machine/machinery is put into a hazardous or potentially hazardous state; or
b) decreases the probability that the safety function operates correctly when required.

These elements can then be connected together according to more or less complex schemes increasing the level of reliability of the safety-related control system. EN ISO 13849-1 defines 5 architectures that refer to the 5 Categories of the old EN 954-1. The higher the category associated with a given architecture the higher is its Diagnostic Coverage (DC), which is the effectiveness of the monitoring system in detecting faults in SRP/CS. A high DC positively affects the reliability level of the whole system, so it is a parameter to be taken into account when calculating the PL.

ISO 13849-1:2023 specifies a methodology and provides related requirements, recommendations, and guidance for the design and integration of safety related parts of control systems (SRP/CS) that perform safety functions, including the design of software. This standard applies to SRP/CS for high demand and continuous modes of operation including their subsystems, regardless of the type of technology and energy (e.g. electrical, hydraulic, pneumatic, and mechanical). It is intended for standardization bodies elaborating type-C standards, as defined in ISO 12100:2010, which is used for risk assessment of the machine. Machinery covered by ISO 13849-1:2023 can range from simple (e.g. small kitchen machines, or automatic doors and gates) to complex (e.g. packaging machines, printing machines, presses and integrated machinery into a system).

c80f0f1006