Safety Label Format Solutions for Solving Complex Messaging Challenges

This entry is part 3 of 3 in the series Safe­ty Labels

Safety Label Messaging Basics

Safe­ty label design fol­lows three prin­ci­ples:

  1. Iden­ti­fy the haz­ard
  2. Iden­ti­fy the like­ly degree of injury that could occur
  3. Instruct the read­er about ways to avoid injury

Design­ing warn­ings seems a sim­ple task. How­ev­er, users may not be Eng­lish speak­ing or lit­er­ate. Depend­ing on the juris­dic­tions where your prod­uct will be mar­ket­ed, like the EU, text may not be desir­able, so pic­to­graph­ic labels may be the most appro­pri­ate choice.

Complex Content

The con­tent for your prod­uct safe­ty label becomes com­plex when there are sev­er­al ele­ments involved in explain­ing what the haz­ard is and how to avoid it. But, with the lat­est update to ISO 3864–2 came a sig­nif­i­cant mod­i­fi­ca­tion to the stan­dard that pro­vides a solu­tion to con­sid­er in these sit­u­a­tions: the new “word­less” for­mat that con­veys risk sever­i­ty.

Example of the new “wordless” safety label format option allowed by ISO 3864-2:2016.
Exam­ple of the new “word­less” safe­ty label for­mat option allowed by ISO 3864–2:2016. (Label design ©Clar­i­on Safe­ty Sys­tems. All rights reserved.)

The word­less label for­mat uses what ISO calls a “haz­ard sever­i­ty pan­el” but no sig­nal word. In place of words, the lev­el of risk is com­mu­ni­cat­ed through colour-cod­ing of the haz­ard sever­i­ty pan­el. ISO-for­mat­ted sym­bols as well as what ISO calls “sup­ple­men­tary safe­ty sym­bols” – sym­bols with­out an ISO-col­ored sur­round shape – can be used.

Example: Grill Industry Safety Label

As an exam­ple, let’s look at a label design cre­at­ed here at Clar­i­on as part of Clarion’s work with ISO/TC 145.

When the bar­beque grill indus­try need­ed a safe­ty sym­bol that would warn peo­ple not to use grills in enclosed spaces, Clar­i­on vol­un­teered its design department’s skills to devel­op a new label design. The new label uses the ISO 3864–2:2016 word­less for­mat.

Example Grill Industry Wordless Safety Label
Exam­ple Grill Indus­try Word­less Safe­ty Label (Label design ©Clar­i­on Safe­ty Sys­tems. All rights reserved.)

The new safe­ty label design includes a haz­ard sever­i­ty lev­el pan­el at the top. Below the sever­i­ty label pan­el are five sym­bols: a safe­ty sym­bol that defines the nature of the haz­ard, and four “sup­ple­men­tary” safe­ty sym­bols. The sup­ple­men­tary sym­bols give instruc­tions about “mis­us­es” and “prop­er use” to help keep peo­ple safe. Much like the graph­i­cal instruc­tions used in air­craft emer­gency instruc­tions, the bar­beque grill prod­uct safe­ty label uses mul­ti­ple graph­ics in a pro­gres­sive­ly illus­trat­ed design to com­mu­ni­cate a com­plex mes­sage.

Learn More

There are mul­ti­ple for­mat options allowed by the ANSI and ISO stan­dards, and it’s impor­tant to under­stand your choic­es – like this word­less option – so you can make the best deci­sions for your prod­ucts or mar­ket. To learn more about how the word­less for­mat can help solve com­plex mes­sag­ing chal­lenges, you can read Clarion’s recent arti­cle on this blog and the fea­ture arti­cle in the Octo­ber 2017 issue of InCom­pli­ance Mag­a­zine.

Get Help

Unsure where to start? Clar­i­on is avail­able to help. For more infor­ma­tion on effec­tive prod­uct safe­ty label­ing and resources that you can put to use today, vis­it Clar­i­on also offers com­pli­men­ta­ry safe­ty label assess­ments, where we use our expe­ri­ence with the lat­est stan­dards and best prac­tices to assess your labels and ensure that they’re up-to-date in meet­ing today’s require­ments.

Digiprove sealCopy­right secured by Digiprove © 2018
Acknowl­edge­ments: Clar­i­on Safe­ty Sys­tems, LLC
All Rights Reserved

Machinery Safety Labels: 3 Top Tools for Effective Warnings

This entry is part 1 of 3 in the series Safe­ty Labels

Machinery Safety Labels

The third lev­el of the Hier­ar­chy of Con­trols is Infor­ma­tion for Use. Safe­ty Labels are a key part of the Infor­ma­tion for Use pro­vid­ed by machine builders to users and are often the only infor­ma­tion that many users get to see. This makes the design and place­ment of the safe­ty labels crit­i­cal to their effec­tive­ness. There is as much risk in the under-use of safe­ty labels as there is in the over-use of safe­ty labels. Often, machine builders and users sim­ply select gener­ic labels that are eas­i­ly avail­able from cat­a­logues, miss­ing the oppor­tu­ni­ty to design labels that are spe­cif­ic to the machine and the haz­ards present.

Product Safety and Liability Limitation

If your com­pa­ny man­u­fac­tures machin­ery that has poten­tial haz­ards asso­ci­at­ed with its trans­porta­tion, instal­la­tion, use, main­te­nance, decom­mis­sion­ing and/or dis­pos­al, you like­ly have a very strong need to cre­ate effec­tive prod­uct safe­ty labels. This task must be done right: prod­uct safe­ty labels play an inte­gral role in your company’s prod­uct safe­ty and lia­bil­i­ty pre­ven­tion efforts. And that means that people’s lives and your company’s finan­cial well-being are on the line. On that note, it’s impor­tant to keep in mind these two fac­tors when it comes to effec­tive safe­ty labels:

  1. If prop­er­ly designed, they can dra­mat­i­cal­ly reduce acci­dents. This not only improves a product’s over­all safe­ty record but adds to a company’s bot­tom line by reduc­ing prod­uct lia­bil­i­ty lit­i­ga­tion and insur­ance costs.
  2. If poor­ly designed, need­ed safe­ty com­mu­ni­ca­tion does not take place and this can lead to acci­dents that cause injuries. With these acci­dents, com­pa­nies face high costs set­tling or fight­ing law­suits because their prod­ucts lacked “ade­quate warn­ings.”

With the rise in prod­uct lia­bil­i­ty lit­i­ga­tion based on “fail­ure to warn” over the past sev­er­al decades, prod­uct safe­ty labels have become a lead­ing focal point in law­suits faced by cap­i­tal equip­ment man­u­fac­tur­ers. Let’s look at three best?practice tools for prod­uct safe­ty label design. These tools can pro­vide insight to help you cre­ate or improve your safe­ty label strat­e­gy in order to bet­ter pro­tect your prod­uct users from harm and your com­pa­ny from lit­i­ga­tion-relat­ed loss­es.


As a man­u­fac­tur­er, you know that your legal oblig­a­tion is to meet or exceed the most recent ver­sions of stan­dards relat­ed to your prod­uct at the time it’s sold into the mar­ket­place. Warn­ing label stan­dards are the first place to turn to when it comes to defin­ing your prod­uct safe­ty labels. Up until 1991, there was no over­ar­ch­ing, mul­ti-indus­try stan­dard in the U.S., or in the rest of the world, which gave defin­i­tive guid­ance on the prop­er for­mat­ting and con­tent for on-prod­uct warn­ings. In the U.S., that changed nation­al­ly with the pub­li­ca­tion of the ANSI Z535.4 Stan­dard for Prod­uct Safe­ty Signs and Labels in 1991, and inter­na­tion­al­ly with the pub­li­ca­tion of ISO 3864–2 Design Prin­ci­ples for Prod­uct Safe­ty Labels in 2004.

As of 2017, Cana­da does not have a warn­ing label stan­dard. Since Cana­da imports machin­ery from the U.S. and the EU, it is quite com­mon to see either ANSI Z535 style labels or ISO 3864 style labels on prod­ucts. Under Cana­di­an law, nei­ther is more cor­rect. How­ev­er, Québec has spe­cif­ic require­ments for French lan­guage trans­la­tions, and many CSA stan­dards pre­scribe spe­cif­ic haz­ard warn­ing labels that do not con­form to either ANSI or ISO styles.

Fol­low­ing the design prin­ci­ples in ANSI Z535.4 or ISO 3864–2 will give you a start­ing place for both the con­tent and for­mat choic­es you have to make for your prod­ucts’ safe­ty labels, bear­ing in mind the lan­guage require­ments of your juris­dic­tion. Note that both of these stan­dards are revised reg­u­lar­ly, every five years or so, and it’s impor­tant to be aware of the nuances that would make one for­mat more appro­pri­ate for your prod­uct than anoth­er.

Safety label standard ANSI Z535.4 Product Safety Signs and Labels
The ANSI Z535.4 prod­uct safe­ty label stan­dard
Safety label standard ISO 3864-2 Graphical symbols - Safety colours and safety signs - Part 2: Design principles for product safety labels.
The ISO 3864–2 prod­uct safe­ty label stan­dard


From an engi­neer­ing per­spec­tive, your job is to iden­ti­fy poten­tial haz­ards and then deter­mine if they need to be designed out, guard­ed, or warned about. From a legal per­spec­tive, your job is to define what haz­ards are “rea­son­ably fore­see­able” and “rea­son­able” ways to mit­i­gate risks asso­ci­at­ed with haz­ards that can­not be designed out. This is where risk assess­ment comes into play.

In today’s world, a prod­uct is expect­ed to be designed with safe­ty in mind. The risk assess­ment process helps you to accom­plish this task. At its most basic lev­el, risk assess­ment involves con­sid­er­ing the prob­a­bil­i­ty and sever­i­ty of out­comes that can result from poten­tial­ly haz­ardous sit­u­a­tions. After iden­ti­fy­ing the poten­tial haz­ards relat­ed to your prod­uct at every point in its life­cy­cle, you then con­sid­er var­i­ous strate­gies to either elim­i­nate or reduce the risk of peo­ple inter­act­ing with these haz­ards.

The best prac­tice risk assess­ment stan­dards that exist today (i.e. ANSI Z10, ANSI B11, CSA Z432, CSA Z1002, ISO 12100, ISO 31000, ISO 31010) give you a process to use to quan­ti­fy and reduce risks. Using these stan­dards as the basis for a for­mal­ized risk assess­ment process will not only help you to devel­op bet­ter safe­ty labels and a safer prod­uct, but it will also pro­vide you with doc­u­men­ta­tion that will help you to show the world that you are a safe­ty-con­scious com­pa­ny who uses the lat­est stan­dards-based tech­nol­o­gy to reduce risks. This will be high­ly impor­tant should you be involved in prod­uct lia­bil­i­ty lit­i­ga­tion down the road.

From an engi­neer­ing per­spec­tive, your job is to iden­ti­fy poten­tial haz­ards and then deter­mine if they need to be designed out, guard­ed, or warned about. From a legal per­spec­tive, your job is to define what haz­ards are “rea­son­ably fore­see­able” and “rea­son­able” ways to mit­i­gate risks asso­ci­at­ed with haz­ards that can­not be designed out. This is where risk assess­ment comes into play.

MIL-STD 882 risk assessment form
A typ­i­cal risk assess­ment scor­ing matrix (based on MIL STD 882 as defined in ANSI B11/ISO 12100 Safe­ty of Machin­ery – Risk Assess­ment Annex D)


A large num­ber of machin­ery man­u­fac­tur­ers sell their prod­ucts around the globe and when this is the case, com­pli­ance with glob­al stan­dards is a require­ment. The ANSI Z535.4 and ISO 3864–2 prod­uct safe­ty label stan­dards, and the EU machin­ery direc­tive place an empha­sis on using well-designed sym­bols on machin­ery safe­ty labels so infor­ma­tion can be con­veyed across lan­guage bar­ri­ers.

The EU Machin­ery Direc­tive 2006/42/EC requires that all infor­ma­tion for use be pro­vid­ed in the offi­cial lan­guages of the coun­try of use. Infor­ma­tion for use includes haz­ard warn­ing signs and labels that bear mes­sages in text. Adding sym­bols also increas­es your labels’ notice­abil­i­ty. The use of sym­bols to con­vey safe­ty is becom­ing com­mon­place world­wide and not tak­ing advan­tage of this new visu­al lan­guage risks mak­ing your product’s safe­ty labels obso­lete and non-com­pli­ant with local, region­al and inter­na­tion­al codes. In ISO 3864–2’s lat­est, 2016 update, a major change in ISO label for­mats was made: a new “word­less” for­mat that con­veys risk sever­i­ty was added to the stan­dard. This new label for­mat uses what ISO calls a “haz­ard sever­i­ty pan­el” but no sig­nal word. It com­mu­ni­cates the lev­el of risk through colour-cod­ing of the haz­ard sever­i­ty pan­el. This for­mat option elim­i­nates words – mak­ing trans­la­tions unnec­es­sary.

It should be not­ed that some­times sym­bols alone can­not con­vey com­plex safe­ty mes­sages. In these cas­es, text is often still used. When ship­ping to non-Eng­lish speak­ing coun­tries, the trend today is to trans­late the text into the lan­guage of the coun­try in which the machine is sold. Dig­i­tal print tech­nol­o­gy makes this solu­tion much more cost effec­tive and effi­cient than in the past.

Safety label by Clarion Safety Systems on a machine
A typ­i­cal Clar­i­on machine safe­ty label that uses an inter­na­tion­al­ly for­mat­ted graph­i­cal sym­bol and a for­mat that meets both ANSI Z535.4 and ISO 3864–2 design prin­ci­ples (Design ©Clar­i­on Safe­ty Sys­tems. All rights reserved.)

Concluding Thoughts

The safe­ty labels that appear on your prod­ucts are one of its most vis­i­ble com­po­nents. If they don’t meet cur­rent stan­dards, if they aren’t designed as the result of a risk assess­ment, and if they don’t incor­po­rate well-designed graph­i­cal sym­bols, your com­pa­ny risks lit­i­ga­tion and non-con­for­mance with mar­ket require­ments. Most impor­tant­ly, you may be putting those who inter­act with your machin­ery at risk of harm. Mak­ing sure your prod­uct safe­ty labels are up-to-date is an impor­tant task for every engi­neer respon­si­ble for a machine’s design.

For more infor­ma­tion on effec­tive prod­uct safe­ty labelling and resources that you can put to use today, vis­it Clar­i­on also offers com­pli­men­ta­ry safe­ty label assess­ments, where we use our expe­ri­ence with the lat­est stan­dards and best prac­tices to assess your labels and ensure that they’re up-to-date in meet­ing today’s require­ments.

Ed. note: Addi­tion­al Cana­di­an mate­r­i­al con­tributed by Doug Nix.

Digiprove sealCopy­right secured by Digiprove © 2017
Acknowl­edge­ments: Derek Evers­dyke, Clar­i­on Safe­ty Sys­tems, LLC
Some Rights Reserved

ISO 13849–1 Analysis — Part 5: Diagnostic Coverage (DC)

This entry is part 5 of 9 in the series How to do a 13849–1 analy­sis

What is Diagnostic Coverage?

Under­stand­ing Diag­nos­tic Cov­er­age (DC) as it is used in ISO 13849–1 [1] is crit­i­cal to analysing the design of any safe­ty func­tion assessed using this stan­dard. In case you missed a pre­vi­ous part of the series, you can read it here.

In the last instal­ment of this series dis­cussing MTTFD, I brought up the fact that every­thing fails even­tu­al­ly, and so every­thing has a nat­ur­al fail­ure rate. The bath­tub curve shown at the top of this post shows a typ­i­cal fail­ure rate curve for most prod­ucts. Fail­ure rates tell you the aver­age time (or some­times the mean time) it takes for com­po­nents or sys­tems to fail. Fail­ure rates are expressed in many ways, MTTFD and PFHd being the ways rel­e­vant to this dis­cus­sion of ISO 13849 analy­sis. MTTFis giv­en in years, and PFHd is giv­en in frac­tion­al hours (1/h). As a reminder, PFHd stands for “Prob­a­bil­i­ty of dan­ger­ous Fail­ure per Hour”.

Three of the stan­dard archi­tec­tures include auto­mat­ic diag­nos­tic func­tions, Cat­e­gories 2, 3 and 4. As soon as we add diag­nos­tics to the sys­tem, we need to know what faults the diag­nos­tics can detect and how many of the dan­ger­ous fail­ures rel­a­tive to the total num­ber of fail­ures that rep­re­sents. Diag­nos­tic Cov­er­age (DC) rep­re­sents the ratio of dan­ger­ous fail­ures that can be detect­ed to the total dan­ger­ous fail­ures that could occur, expressed as a per­cent­age. There will be some fail­ures that do not result in a dan­ger­ous fail­ure, and those fail­ures are exclud­ed from DC because we don’t need to wor­ry about them — if they occur, the sys­tem will not fail into a dan­ger­ous state.

Here’s the for­mal def­i­n­i­tion from [1]:

3.1.26 diag­nos­tic cov­er­age (DC)

mea­sure of the effec­tive­ness of diag­nos­tics, which may be deter­mined as the ratio between the fail­ure rate of detect­ed dan­ger­ous fail­ures and the fail­ure rate of total dan­ger­ous fail­ures

Note 1 to entry: Diag­nos­tic cov­er­age can exist for the whole or parts of a safe­ty-relat­ed sys­tem. For exam­ple, diag­nos­tic cov­er­age could exist for sen­sors and/or log­ic sys­tem and/or final ele­ments. [SOURCE: IEC 61508–4:1998, 3.8.6, mod­i­fied.]

That brings up two oth­er relat­ed def­i­n­i­tions that need to be kept in mind [1]:

3.1.4 fail­ure

ter­mi­na­tion of the abil­i­ty of an item to per­form a required func­tion

Note 1 to entry: After a fail­ure, the item has a fault.

Note 2 to entry: “Fail­ure” is an event, as dis­tin­guished from “fault”, which is a state.

Note 3 to entry: The con­cept as defined does not apply to items con­sist­ing of soft­ware only.

Note 4 to entry: Fail­ures which only affect the avail­abil­i­ty of the process under con­trol are out­side of the scope of this part of ISO 13849. [SOURCE: IEC 60050–191:1990, 04–01.]

and the most impor­tant one [1]:

3.1.5 dan­ger­ous fail­ure

fail­ure which has the poten­tial to put the SRP/CS in a haz­ardous or fail-to-func­tion state

Note 1 to entry: Whether or not the poten­tial is real­ized can depend on the chan­nel archi­tec­ture of the sys­tem; in redun­dant sys­tems a dan­ger­ous hard­ware fail­ure is less like­ly to lead to the over­all dan­ger­ous or fail-to- func­tion state.

Note 2 to entry: [SOURCE: IEC 61508–4, 3.6.7, mod­i­fied.]

Just as a reminder, SRP/CS stands for “safe­ty-relat­ed parts of con­trol sys­tems”.

Failure Math

Failure Rate Data Sources

To do any cal­cu­la­tions, we need data, and this is true for fail­ure rates as well. ISO 13849–1 pro­vides some tables in the annex­es that list some com­mon types of com­po­nents and their asso­ci­at­ed fail­ure rates, and there are more fail­ure rate tables in ISO 13849–2. A word of cau­tion here: Do not mix sources of fail­ure rate data, as the con­di­tions under which that data is true won’t match the data in ISO 13849. There are a few good sources of fail­ure rate data out there, for exam­ple, MIL-HDBK-217, Reli­a­bil­i­ty Pre­dic­tion of Elec­tron­ic Equip­ment [15], as well as the data­base main­tained by Exi­da. In any case, use a sin­gle source for your fail­ure rate data.

Failure Rate Variables

IEC 61508 [7] defines a num­ber of vari­ables relat­ed to fail­ure rates. The low­er­case Greek let­ter lamb­da, \lambda, is used to denote fail­ures.

The com­mon vari­able des­ig­na­tions used are:

\lambda = fail­ures
\lambda_{(t)} = fail­ure rate
\lambda_s = “safe” fail­ures
\lambda_d = “dan­ger­ous” fail­ures
\lambda_{dd} = detectable “dan­ger­ous” fail­ures
\lambda_{du} = unde­tectable “dan­ger­ous” fail­ures

Calculating DC

Of these vari­ables, we only need to con­cern our­selves with \lambda_d, \lambda_{dd} and \lambda_{du}. To under­stand how these vari­ables are used, we can express their rela­tion­ship as


Fol­low­ing on that idea, the Diag­nos­tic Cov­er­age can be expressed as a per­cent­age like this:

DC\%=\frac{\lambda_{dd}}{\lambda_d}\times 100

Determining DC%

If you want to actu­al­ly cal­cu­late DC%, you have some work ahead of you. Rather than going into the details here, I am going to refer you hard­core types to IEC 61508–2, Func­tion­al safe­ty of electrical/electronic/programmable elec­tron­ic safe­ty-relat­ed sys­tems — Part 2: Require­ments for electrical/electronic/programmable elec­tron­ic safe­ty-relat­ed sys­tems. This stan­dard goes into some depth on how to deter­mine fail­ure rates and how to cal­cu­late the “Safe Fail­ure Frac­tion,” a num­ber which is relat­ed to DC but is not the same.

For every­one else, the good news is that you can use the table in Annex E to esti­mate the DC%. It’s worth not­ing here that Annex E is “Infor­ma­tive.” In stan­dards-speak, this means that the infor­ma­tion in the annex is not part of the “nor­ma­tive” text, which means that it is sim­ply infor­ma­tion to help you use the nor­ma­tive part of the stan­dard. The design must con­form to the require­ments in the nor­ma­tive text if you want to claim con­for­mi­ty to the stan­dard. The fact that [1, Annex E] is infor­ma­tive gives you the option to cal­cu­late the DC% val­ue rather than select­ing it from Table E.1. Using the cal­cu­lat­ed val­ue would not vio­late the require­ments in the nor­ma­tive text.

If you are using IFA SISTEMA [16] to do the cal­cu­la­tions for you, you will find that the soft­ware lim­its you to select­ing a sin­gle DC mea­sure from Table E.1, and this prin­ci­ple applies if you are doing the cal­cu­la­tions by hand too. Only one item from Table E.1 can be select­ed for a giv­en safe­ty func­tion.

Ranking DC

Once you have deter­mined the DC for a safe­ty func­tion, you need to com­pare the DC val­ue against [1, Table 5] to see if the DC is suf­fi­cient for the PLr you are try­ing to achieve. Table 5 bins the DC results into four ranges. Just like bin­ning the PFHd val­ues into five ranges helps to pre­vent pre­ci­sion bias in esti­mat­ing the prob­a­bil­i­ty of fail­ure of the com­plete sys­tem or safe­ty func­tion, the ranges in Table 5 helps to pre­vent pre­ci­sion bias in the cal­cu­lat­ed or select­ed DC val­ues.

ISO 13849-1, Table 5 Diagnostic coverage (DC)
ISO 13849–1, Table 5 Diag­nos­tic cov­er­age (DC)

If the DC val­ue was high enough for the PLr, then you are done with this part of the work. If not, you will need to go back to your design and add addi­tion­al diag­nos­tic fea­tures so that you can either select a high­er cov­er­age from [1, Table E.1] or cal­cu­late a high­er val­ue using [14].

Multiple safety functions

When you have mul­ti­ple safe­ty func­tions that make up a com­plete safe­ty sys­tem, for exam­ple, an emer­gency stop func­tion and a guard inter­lock­ing func­tion, the DC val­ues need to be aver­aged to deter­mine the over­all DC for the com­plete sys­tem. [1, Annex E] pro­vides you with a method to do this in Equa­tion E.1.

Equation for averaging the DC values of multiple safety functions
ISO 13849–1-2015 Equa­tion E.1

Plug in the val­ues for MTTFD and DC for each safe­ty func­tion, and cal­cu­late the result­ing DCavg val­ue for the com­plete sys­tem.

That’s it for this arti­cle. The next part will cov­er Com­mon Cause Fail­ures (CCF). Look for it on 20-Mar-17!

In case you missed the first part of the series, you can read it here.

Book List

Here are some books that I think you may find help­ful on this jour­ney:

[0]     B. Main, Risk Assess­ment: Basics and Bench­marks, 1st ed. Ann Arbor, MI USA: DSE, 2004.

[0.1]  D. Smith and K. Simp­son, Safe­ty crit­i­cal sys­tems hand­book, 3rd Ed. Ams­ter­dam: Else­vier/But­ter­worth-Heine­mann, 2011.

[0.2]  Elec­tro­mag­net­ic Com­pat­i­bil­i­ty for Func­tion­al Safe­ty, 1st ed. Steve­nage, UK: The Insti­tu­tion of Engi­neer­ing and Tech­nol­o­gy, 2008.

[0.3]  Overview of tech­niques and mea­sures relat­ed to EMC for Func­tion­al Safe­ty, 1st ed. Steve­nage, UK: Overview of tech­niques and mea­sures relat­ed to EMC for Func­tion­al Safe­ty, 2013.


Note: This ref­er­ence list starts in Part 1 of the series, so “miss­ing” ref­er­ences may show in oth­er parts of the series. Includ­ed in the last post of the series is the com­plete ref­er­ence list.

[1]     Safe­ty of machin­ery — Safe­ty-relat­ed parts of con­trol sys­tems — Part 1: Gen­er­al prin­ci­ples for design. 3rd Edi­tion. ISO Stan­dard 13849–1. 2015.

[7]     Func­tion­al safe­ty of electrical/electronic/programmable elec­tron­ic safe­ty-relat­ed sys­tems. 7 parts. IEC Stan­dard 61508. Edi­tion 2. 2010.

[14]   Func­tion­al safe­ty of electrical/electronic/programmable elec­tron­ic safe­ty-relat­ed sys­tems — Part 2: Require­ments for electrical/electronic/programmable elec­tron­ic safe­ty-relat­ed sys­tems. IEC Stan­dard 61508–2. 2010.

[15]     Reli­a­bil­i­ty Pre­dic­tion of Elec­tron­ic Equip­ment. Mil­i­tary Hand­book MIL-HDBK-217F. 1991.

[16]     “IFA — Prac­ti­cal aids: Soft­ware-Assis­tent SISTEMA: Safe­ty Integri­ty — Soft­ware Tool for the Eval­u­a­tion of Machine Appli­ca­tions”,, 2017. [Online]. Avail­able: [Accessed: 30- Jan- 2017].

Digiprove sealCopy­right secured by Digiprove © 2017
Acknowl­edge­ments: IEC and ISO as cit­ed
Some Rights Reserved