31-​​Dec-​​2011 — Are YOU ready?

Posted by on December 30, 2011 2 comments
This entry is part 8 of 8 in the series Circuit Architectures Explored

31-​​December-​​2011 marks a key mile­stone for machine builders mar­ket­ing their prod­ucts in the European Union, the EEA and many of the Candidate States. Functional Safety takes a pos­i­tive step for­ward with the manda­tory appli­ca­tion of EN ISO 13849–1 and –2. As of 1-​​January-​​2012, the safety–related parts of the con­trol sys­tems on all machin­ery bear­ing a CE Mark will be required to meet these standards.

This change started six years ago, when these stan­dards were first har­mo­nized under the Machinery Directive. The EC Machinery Committee gave machine builders an addi­tional three years to make the tran­si­tion to these stan­dards, after much oppo­si­tion to the orig­i­nal manda­tory imple­men­ta­tion date of 31-​​Dec-​​08 was announced.

If you aren’t aware of these stan­dards, or if you aren’t famil­iar with the con­cept of func­tional safety, you need to get up to speed, and fast.

Under EN 954–1:1995 and the 1st Edition of ISO 13849–1, pub­lished in 1999, a designer needed to select a design Category or archi­tec­ture, that would pro­vide the degree of fault tol­er­ance and reli­a­bil­ity needed based on the out­come of the risk assess­ment for the machin­ery. The Categories, B, 1–4, remain unchanged in the 2nd Edition. I’ve talked about the Categories in detail in other posts, so I won’t spend any time on them here.

The 2nd Edition brings Mean Time to Failure into the pic­ture, along with Diagnostic Coverage and Common Cause Failures. These new con­cepts require design­ers to use more ana­lyt­i­cal tech­niques in devel­op­ing their designs, and also require addi­tional doc­u­men­ta­tion (as usual!).

One of the main fail­ings with EN 954–1 was Validation. This topic was sup­posed to have been cov­ered by EN 954–2, but this stan­dard was never pub­lished. This has led machine builders to make design deci­sions with­out keep­ing the nec­es­sary design doc­u­men­ta­tion trail, and fur­ther­more, to skip the Validation step entirely in many cases.

The miss­ing Validation stan­dard was finally pub­lished in 2003 as ISO 13849–2:2003, and sub­se­quently adopted and har­mo­nized in 2009 as EN ISO 13849–2:2003. While no manda­tory imple­men­ta­tion date for this stan­dard is given in the cur­rent list of stan­dards har­mo­nized under 2006/​42/​EC-​​Machinery, use of Part 1 of the stan­dard man­dates use of Part 2, so this stan­dard is effec­tively manda­tory at the same time.

Part 2 brings a num­ber of key annexes that are nec­es­sary for the imple­men­ta­tion of Part 1, and also out­lines the com­plete doc­u­men­ta­tion trail needed for val­i­da­tion, and coin­ci­den­tally, audit. Notified bpdies will be look­ing for this infor­ma­tion when eval­u­at­ing the con­tent of Technical Files used in CE Marking.

From a North American per­spec­tive, these two stan­dards gain access through ANSI’s adop­tion of ISO 10218 for Industrial Robots. Part 1 of this stan­dard, cov­er­ing the robot itself, was adopted last year. Part 2 of the stan­dard will be adopted in 2012, and RIA R15.06 will be with­drawn. At the same time, CSA will be adopt­ing the ISO stan­dards and with­draw­ing CSA Z434.

These changes will finally bring North America, the International Community and the EU onto the same foot­ing when it comes to Functional Safety in indus­trial machin­ery appli­ca­tions. The days of “SIMPLE, SINGLE CHANNEL, SINGLE CHANNEL-​​MONITORED and CONTROL RELIABLE” are numbered.

Are you ready?

Compliance InSight Consulting will be offer­ing a series of train­ing events in 2012 on this topic. For more infor­ma­tion, con­tact Doug Nix.

Why I wear a Poppy on 11-​​Nov

Posted by on November 11, 2011 3 comments

Canadian Veteran's PoppyIn a recent arti­cle in the Independent, Robert Fisk writes that the poppy has become noth­ing more than a fash­ion state­ment in the UK. Merely a way to show that you are British, or to score points with the boss, or to make a polit­i­cal state­ment. He believes that wear­ing a poppy on 11-​​Nov mocks our war dead. He says that he doesn’t wear the poppy because he is not ‘wor­thy’ of wear­ing it. This makes me deeply sad. I don’t think that this is true in Canada, and I know that this is not the case for me.

I have not lost any­one in my fam­ily to war. I am not pro-​​military, but I under­stand why we must defend our­selves with lethal force at times. I believe that every­one who chooses a career in the Forces makes a major sac­ri­fice for me and for every other Canadian who does not serve, and I sup­port our troops in the work that they do. I believe that they are vital in ensur­ing that Canada can con­tinue to exist and pro­vide peace­ful lead­er­ship in the world.

I wear a poppy on Remembrance Day because I care deeply about the peo­ple involved. I care about every­one killed in these great con­flicts, not just our casu­al­ties, but those against whom we fought, and the civil­ians whose lives were destroyed because of these con­flicts. War is a waste. The vet­er­ans that I’ve met all want one thing: an end to war. So for me, the Poppy and Remembrance Day is about the peo­ple. It’s not about WHY we went to war. It’s not about the verac­ity of the rea­sons cited by our lead­ers. It’s about the courage of those that serve. Those that put them­selves in harm’s way. It’s about remem­ber­ing the loss. It’s about remem­ber­ing the sense­less­ness of war. It’s about choos­ing peace before arms. It’s about end­ing war.

That’s why I wear the Poppy, and it’s why Robert Fisk can write the things he writes. Today, I Remember.

Inconsistencies in ISO 13849–1:2006

Posted by on November 10, 2011 1 comment
This entry is part 7 of 8 in the series Circuit Architectures Explored

I’ve writ­ten quite a bit recently on the topic of cir­cuit archi­tec­tures under ISO 13849–1, and one of my read­ers noticed an incon­sis­tency between the text of the stan­dard and Figure 5, the dia­gram that shows how the cat­e­gories can span one or more Performance Levels.

ISO 13849-1 Figure 5

ISO 13849–1, Figure 5: Relationship between Categories, DC, MTTFd and PL

If you look at Category 2 in Figure 5, you will notice that there are TWO bands, one for DCavg LOW and one for DCavg MED. However, read­ing the text of the def­i­n­i­tion for Category 2 gives (§6.2.5):

The diag­nos­tic cov­er­age (DCavg) of the total SRP/​CS includ­ing fault-​​detection shall be low.

This leaves some con­fu­sion, because it appears from the dia­gram that there are two options for this archi­tec­ture. This is backed up by the data in Annex K that under­lies the diagram.

The same con­fu­sion exists in the text describ­ing Category 3, with Figure 5 show­ing two bands, one for DCavg LOW and one for DCavg MED.

I con­tacted the ISO TC199 Secretariat, the peo­ple respon­si­ble for the con­tent of ISO 13849–1, and pointed out this appar­ent con­flict. They responded that they would pass the com­ment on to the TC for res­o­lu­tion, and would con­tact me if they needed addi­tional infor­ma­tion. As of this writ­ing, I have not heard more.

So what should you do if you are try­ing to design to this stan­dard? My advice is to fol­low Figure 5. If you can achieve a DCavg MED in your design, it is com­pletely rea­son­able to claim a higher PL. Refer to the data in Annex K to see where your design falls once you have com­pleted the MTTFd calculations.

Thanks to Richard Harris and Douglas Florence, both mem­bers of the ISO 13849 and IEC 62061 Group on LinkedIn for bring­ing this to my attention!

If you are inter­ested in con­tact­ing the TC199 Secretariat, you can email the Secretary, Mr. Stephen Kennedy. More details on ISO TC199 can be found on the Technical Committee page on the ISO web Site.

All original content on these pages is fingerprinted and certified by Digiprove
Performance Optimization WordPress Plugins by W3 EDGE