Inconsistencies in ISO 13849-1:2006

This entry is part 7 of 8 in the series Circuit Architectures Explored

I’ve written quite a bit recently on the topic of circuit architectures under ISO 13849-1, and one of my readers noticed an inconsistency between the text of the standard and Figure 5, the diagram that shows how the categories can span one or more Performance Levels.

ISO 13849-1 Figure 5
ISO 13849-1, Figure 5: Relationship between Categories, DC, MTTFd and PL

If you look at Category 2 in Figure 5, you will notice that there are TWO bands, one for DCavg LOW and one for DCavg MED. However, reading the text of the definition for Category 2 gives (§6.2.5):

The diagnostic coverage (DCavg) of the total SRP/CS including fault-detection shall be low.

This leaves some confusion, because it appears from the diagram that there are two options for this architecture. This is backed up by the data in Annex K that underlies the diagram.

The same confusion exists in the text describing Category 3, with Figure 5 showing two bands, one for DCavg LOW and one for DCavg MED.

I contacted the ISO TC199 Secretariat, the people responsible for the content of ISO 13849-1, and pointed out this apparent conflict. They responded that they would pass the comment on to the TC for resolution, and would contact me if they needed additional information. As of this writing, I have not heard more.

So what should you do if you are trying to design to this standard? My advice is to follow Figure 5. If you can achieve a DCavg MED in your design, it is completely reasonable to claim a higher PL. Refer to the data in Annex K to see where your design falls once you have completed the MTTFd calculations.

Thanks to Richard Harris and Douglas Florence, both members of the ISO 13849 and IEC 62061 Group on LinkedIn for bringing this to my attention!

If you are interested in contacting the TC199 Secretariat, you can email the Secretary, Mr. Stephen Kennedy. More details on ISO TC199 can be found on the Technical Committee page on the ISO web Site.

31-Dec-2011 – Are YOU ready?

This entry is part 8 of 8 in the series Circuit Architectures Explored

31-December-2011 marks a key milestone for machine builders marketing their products in the European Union, the EEA and many of the Candidate States. Functional Safety takes a positive step forward with the mandatory application of EN ISO 13849-1 and -2. As of 1-January-2012, the safety-related parts of the control systems on all machinery bearing a CE Mark will be required to meet these standards.

This change started six years ago, when these standards were first harmonized under the Machinery Directive. The EC Machinery Committee gave machine builders an additional three years to make the transition to these standards, after much opposition to the original mandatory implementation date of 31-Dec-08 was announced.

If you aren’t aware of these standards, or if you aren’t familiar with the concept of functional safety, you need to get up to speed, and fast.

Under EN 954-1:1995 and the 1st Edition of ISO 13849-1, published in 1999, a designer needed to select a design Category or architecture, that would provide the degree of fault tolerance and reliability needed based on the outcome of the risk assessment for the machinery. The Categories, B, 1-4, remain unchanged in the 2nd Edition. I’ve talked about the Categories in detail in other posts, so I won’t spend any time on them here.

The 2nd Edition brings Mean Time to Failure into the picture, along with Diagnostic Coverage and Common Cause Failures. These new concepts require designers to use more analytical techniques in developing their designs, and also require additional documentation (as usual!).

One of the main failings with EN 954-1 was Validation. This topic was supposed to have been covered by EN 954-2, but this standard was never published. This has led machine builders to make design decisions without keeping the necessary design documentation trail, and furthermore, to skip the Validation step entirely in many cases.

The missing Validation standard was finally published in 2003 as ISO 13849-2:2003, and subsequently adopted and harmonized in 2009 as EN ISO 13849-2:2003. While no mandatory implementation date for this standard is given in the current list of standards harmonized under 2006/42/EC-Machinery, use of Part 1 of the standard mandates use of Part 2, so this standard is effectively mandatory at the same time.

Part 2 brings a number of key annexes that are necessary for the implementation of Part 1, and also outlines the complete documentation trail needed for validation, and coincidentally, audit. Notified bpdies will be looking for this information when evaluating the content of Technical Files used in CE Marking.

From a North American perspective, these two standards gain access through ANSI’s adoption of ISO 10218 for Industrial Robots. Part 1 of this standard, covering the robot itself, was adopted last year. Part 2 of the standard will be adopted in 2012, and RIA R15.06 will be withdrawn. At the same time, CSA will be adopting the ISO standards and withdrawing CSA Z434.

These changes will finally bring North America, the International Community and the EU onto the same footing when it comes to Functional Safety in industrial machinery applications. The days of “SIMPLE, SINGLE CHANNEL, SINGLE CHANNEL-MONITORED and CONTROL RELIABLE” are numbered.

Are you ready?

Compliance InSight Consulting will be offering a series of training events in 2012 on this topic. For more information, contact Doug Nix.