Tag Archives: IEC 62061

Do you use ISO 13849 or IEC 62061? We need to hear from you! UPDATED

Posted by on August 17, 2012 Comments Off

Do you use ISO 13849–1 or IEC 62061 to define and ana­lyze the safety related parts of the con­trol sys­tems used on your machin­ery? Have you been frus­trated by try­ing to apply these stan­dards? Good news! ISO and IEC are work­ing on merg­ing these doc­u­ments, but the com­mit­tee work­ing on the merger needs some guid­ance from users. Here’s your chance to be heard!

Be Heard

Survey graphicIn May this year, ISO TC199 launched an online sur­vey ask­ing for input from machine builders and any­one else that uses ISO 13849 or IEC 62061. The sur­vey probes ways that the stan­dards are used , the kinds of prob­lems they encounter when try­ing to apply them, and how the use of these stan­dards affects their prod­ucts and busi­nesses. The sur­vey, titled “Design of safety related controls/​control sys­tems for machin­ery – Experiences with generic stan­dards (in par­tic­u­lar ISO 13849–1 and IEC 62061)” asks a num­ber of impor­tant ques­tions that will guide the Joint Working Group 1 (JWG1) as work pro­ceeds on merg­ing ISO 13849 and IEC 62061.

The sur­vey covers:

  • The generic and machine-​​specific stan­dards used in your company;
  • The types of con­trol tech­nolo­gies used in your products;
  • Challenges with get­ting com­po­nent reli­a­bil­ity data;
  • Use of ‘well-​​tried com­po­nents’, and the meth­ods to qual­i­fy­ing com­po­nents as ‘well-​​tried’;
  • Challenges related to inte­grat­ing mechan­i­cal, pneu­matic or hydraulic com­po­nents in the design of the safety related con­trols, and the spe­cific chal­lenges you have with this, as well as the means you have devel­oped to over­come these challenges;
  • The sources you use for fail­ure rate data;
  • The influ­ence of accident/​incident his­tory on your designs;
  • Methods used to deter­mine PLs or SILs;
  • The use of des­ig­nated archi­tec­tures in your designs;
  • The use of diagnostics;
  • Verification and val­i­da­tion procedures;
  • Use of Common Cause fac­tors; and
  • The use of design soft­ware tools like SISTEMA, PasCAL or SET

As you can see, it’s pretty wide-​​ranging. If you have a few min­utes and would like to con­tribute to the future devel­op­ment of these stan­dards, the Joint Working Group would like to hear from you! 

The sur­vey closes 31-​​Aug-​​12 30-​​Nov-​​12. Take a minute now to com­plete it.

English Survey

French Survey

German Survey

31-​​Dec-​​2011 — Are YOU ready?

Posted by on December 30, 2011 2 comments
This entry is part 8 of 8 in the series Circuit Architectures Explored

31-​​December-​​2011 marks a key mile­stone for machine builders mar­ket­ing their prod­ucts in the European Union, the EEA and many of the Candidate States. Functional Safety takes a pos­i­tive step for­ward with the manda­tory appli­ca­tion of EN ISO 13849–1 and –2. As of 1-​​January-​​2012, the safety–related parts of the con­trol sys­tems on all machin­ery bear­ing a CE Mark will be required to meet these standards.

This change started six years ago, when these stan­dards were first har­mo­nized under the Machinery Directive. The EC Machinery Committee gave machine builders an addi­tional three years to make the tran­si­tion to these stan­dards, after much oppo­si­tion to the orig­i­nal manda­tory imple­men­ta­tion date of 31-​​Dec-​​08 was announced.

If you aren’t aware of these stan­dards, or if you aren’t famil­iar with the con­cept of func­tional safety, you need to get up to speed, and fast.

Under EN 954–1:1995 and the 1st Edition of ISO 13849–1, pub­lished in 1999, a designer needed to select a design Category or archi­tec­ture, that would pro­vide the degree of fault tol­er­ance and reli­a­bil­ity needed based on the out­come of the risk assess­ment for the machin­ery. The Categories, B, 1–4, remain unchanged in the 2nd Edition. I’ve talked about the Categories in detail in other posts, so I won’t spend any time on them here.

The 2nd Edition brings Mean Time to Failure into the pic­ture, along with Diagnostic Coverage and Common Cause Failures. These new con­cepts require design­ers to use more ana­lyt­i­cal tech­niques in devel­op­ing their designs, and also require addi­tional doc­u­men­ta­tion (as usual!).

One of the main fail­ings with EN 954–1 was Validation. This topic was sup­posed to have been cov­ered by EN 954–2, but this stan­dard was never pub­lished. This has led machine builders to make design deci­sions with­out keep­ing the nec­es­sary design doc­u­men­ta­tion trail, and fur­ther­more, to skip the Validation step entirely in many cases.

The miss­ing Validation stan­dard was finally pub­lished in 2003 as ISO 13849–2:2003, and sub­se­quently adopted and har­mo­nized in 2009 as EN ISO 13849–2:2003. While no manda­tory imple­men­ta­tion date for this stan­dard is given in the cur­rent list of stan­dards har­mo­nized under 2006/​42/​EC-​​Machinery, use of Part 1 of the stan­dard man­dates use of Part 2, so this stan­dard is effec­tively manda­tory at the same time.

Part 2 brings a num­ber of key annexes that are nec­es­sary for the imple­men­ta­tion of Part 1, and also out­lines the com­plete doc­u­men­ta­tion trail needed for val­i­da­tion, and coin­ci­den­tally, audit. Notified bpdies will be look­ing for this infor­ma­tion when eval­u­at­ing the con­tent of Technical Files used in CE Marking.

From a North American per­spec­tive, these two stan­dards gain access through ANSI’s adop­tion of ISO 10218 for Industrial Robots. Part 1 of this stan­dard, cov­er­ing the robot itself, was adopted last year. Part 2 of the stan­dard will be adopted in 2012, and RIA R15.06 will be with­drawn. At the same time, CSA will be adopt­ing the ISO stan­dards and with­draw­ing CSA Z434.

These changes will finally bring North America, the International Community and the EU onto the same foot­ing when it comes to Functional Safety in indus­trial machin­ery appli­ca­tions. The days of “SIMPLE, SINGLE CHANNEL, SINGLE CHANNEL-​​MONITORED and CONTROL RELIABLE” are numbered.

Are you ready?

Compliance InSight Consulting will be offer­ing a series of train­ing events in 2012 on this topic. For more infor­ma­tion, con­tact Doug Nix.

Understanding Risk Assessment

Posted by on January 31, 2011 10 comments

When peo­ple dis­cuss ‘Risk’ there are a lot of dif­fer­ent assump­tions made about what that means. For me, the study of risk and risk assess­ment tech­niques started in 1995. As a tech­nol­o­gist and con­trols designer, I had to some­how wrap my head around the whole con­cept in ways I’d never con­sid­ered. If you’re try­ing to fig­ure out risk and risk assess­ment this is a good place to get started!

What is risk?

From a machin­ery per­spec­tive, ISO 12100:2010 defines risk as:

com­bi­na­tion of the prob­a­bil­ity of occur­rence of harm and the sever­ity of that harm”

Risk can have pos­i­tive or neg­a­tive out­comes, but when con­sid­er­ing safety, we only con­sider neg­a­tive risk, or events that result in neg­a­tive health effects for the peo­ple exposed.

The risk rela­tion­ship is illus­trated in ISO 12100:2010 Figure 3:


ISO 12100-2010 Figure 3

ISO 12100–2010 Figure 3


Where

R = Risk

S = Severity of Harm

P = Probability of Occurrence of Harm

The Probability of Occurrence of Harm fac­tor is often fur­ther bro­ken down into three sub-​​factors:

  • Probability of Exposure to the haz­ard
  • Probability of Occurrence of the Hazardous Event
  • Probability of Limiting or Avoiding the Harm

How is risk measured?

In order to esti­mate risk a scor­ing tool is needed. There is no one ‘cor­rect’ scor­ing tool, and there are flaws in most scales that can result in blind-​​spots where risks may be over or under-​​estimated.

At the sim­plest level are ‘screen­ing’ tools. These tools use very sim­ple scales like ‘High, Medium, Low’, or ‘A, B, C’. These tools are often used when doing a shop-​​floor inspec­tion and are intended to pro­vide a quick method of cap­tur­ing obser­va­tions and giv­ing a gut-​​feel assess­ment of the risk involved. These tools should be used as a way to iden­tify risks that need addi­tional, detailed assess­ment. To get an idea of what a good screen­ing tool can look like, have a look at the SOBANE Déparis sys­tem.

Every scor­ing tool requires a scale for each risk para­me­ter included in the tool. For instance, con­sider the CSA tool described in CSA Z434:

CSA Z434-03 Table 1As you can see, each para­me­ter (Severity, Exposure and Avoidance) has a scale, with two pos­si­ble selec­tions for each parameter.

When con­sid­er­ing selec­tion of a scor­ing tool, it’s impor­tant to take some time to really exam­ine the scales for each fac­tor. The scale shown above has a glar­ing hole in one scale. See if you can spot it and I’ll tell you what I think a bit later in this post.

There are more than 350 dif­fer­ent scales and method­olo­gies avail­able for assess­ing risk. You can find a good review of some of them in Bruce Main’s text­book “Risk Assessment: Basics and Benchmarks” avail­able from DSE online.

A sim­i­lar, although dif­fer­ent, tool is found in Annex 1 of ISO 13849–1. Note that this tool is pro­vided in an Informative Annex. This means that it is not part of the body of the stan­dard and is NOT manda­tory. In fact, this tool was pro­vided as an exam­ple of how a user could link the out­put of a risk assess­ment tool to the Performance Levels described in the nor­ma­tive text (the manda­tory part) of the standard.

Consider cre­at­ing your own scales. There is noth­ing wrong with deter­min­ing what char­ac­ter­is­tics (para­me­ters) you want to include in your risk assess­ment, and then assign­ing each para­me­ter a numeric scale that you think is suit­able; 1–10, 0–5, etc. Some scales may be inverted to oth­ers, for exam­ple: If the Severity scale runs from 0–10, the Avoidability scale might run from 10–0 (Unavoidable to Entirely Avoidable).

Once the scales in your tool have been defined, doc­u­ment the def­i­n­i­tions as part of your assessment.

Who should con­duct risk assessments?

Lake YogaIn many orga­ni­za­tions, I find that risk assess­ment has been del­e­gated to one per­son. This is a major mis­take for a num­ber of rea­sons. Risk assess­ment is not a solo activ­ity for a ‘guru’ in a lonely office somewhere!

Risk assess­ment is not a lot of fun to do, and since risk assess­ments can get to be quite involved, it rep­re­sents a sig­nif­i­cant amount of work to put on one per­son. Also, leav­ing it to one per­son means that the assess­ment will nec­es­sar­ily be biased to what that per­son knows, and may miss sig­nif­i­cant haz­ards because the asses­sor doesn’t know enough about that haz­ard to spot it and assess it properly.

Risk assess­ment requires mul­ti­ple view­points from par­tic­i­pants with var­ied exper­tise. This includes users, design­ers, engi­neers, lawyers and those who may have spe­cial­ized knowl­edge of a par­tic­u­lar haz­ard, like a Laser Safety Officer or a Radiation Safety Officer. The var­ied exper­tise of the peo­ple involved will allow the com­mit­tee to bal­ance the opin­ion of each haz­ard, and develop a more rea­soned assess­ment of the risk.

I rec­om­mend that risk assess­ment com­mit­tees never be less than three mem­bers. Five is fre­quently a good num­ber. Once you get beyond five, it becomes increas­ingly dif­fi­cult to obtain con­sen­sus on each haz­ard. Also, con­sider the cost. As each com­mit­tee mem­ber is added to the team, the cost of the assess­ment can esca­late exponentially.

Training in risk assess­ment is cru­cial to suc­cess. Ensure that the indi­vid­u­als involved are trained, and that at least one has some pre­vi­ous expe­ri­ence in the prac­tice so that they may guide the com­mit­tee as needed.

When should a risk assess­ment be conducted?


Risk Assessment Lifetime Flow Chart

Risk Assessment in the Lifetime of a Product


Risk assess­ment should begin at the begin­ning of a project, whether it’s the design of a prod­uct, the devel­op­ment of a process or ser­vice, or the design of a new build­ing. Understanding risk is crit­i­cal to the design process. Cost for changes made at the begin­ning of a project are min­i­mal com­pared to those that will be incurred to cor­rect prob­lems that might have been fore­seen at the start. Risk assess­ment should start at the con­cept stage and be included at each sub­se­quent stage in the devel­op­ment process. The accom­pa­ny­ing graphic illus­trates this idea.

Essentially, risk assess­ment is never fin­ished until the prod­uct, process or ser­vice ceases to exist.

What tools are available?

As men­tioned ear­lier in this post, the book ‘Risk Assessment: Basics and Benchmarks” pro­vides an overview of roughly 350 dif­fer­ent scor­ing tools. You can search the Internet and turn up quite a few as well. The key thing with all of these sys­tems is that you will need to develop any soft­ware based tools your­self. Depending on your com­fort with soft­ware, this might be a spread­sheet for­mat, a word pro­cess­ing doc­u­ment a data­base, or some other for­mat that works for your application.

There are a num­ber of risk assess­ment soft­ware tools avail­able as well, includ­ing ISI’s CIRSMA and DSE’s DesignSafe. As with the scor­ing tools, you need to be care­ful when eval­u­at­ing tools. Some have sig­nif­i­cant blind spots that may trip you up if you are not aware of their limitations.

Remember too that the out­put from the soft­ware can only be as good as the input data. The old saw “Garbage In, Garbage Out” holds true with risk assessment.

Where can you get training?

There are a few places to get train­ing. Compliance InSight Consulting pro­vides train­ing to cor­po­rate clients and will be launch­ing a series of web-​​based train­ing ser­vices in 2011 that will allow indi­vid­ual learn­ers to get train­ing too.

The IEEE PSES oper­ates a Risk Assessment Technical Committee that is open to the pub­lic as well. See the RATC web site.

The Answer to the Scale Question

The Exposure Scale in the CSA tool has a gap between E1 and E2. Looking at the def­i­n­i­tions for each choice, notice that E1 is less than once per day or shift, while E2 is more than once per hour. Exposures that occur once per hour or less, but more than once per day can­not be scored effec­tively using this scale.

Also, notice the Severity scale: S1 encom­passes injuries requir­ing not more than basic first aid. One com­mon ques­tion I get is “Does that include CPR*?”. This ques­tion comes up because most basic first aid courses taught in Canada include CPR as part of the course. There is no clear answer for this in the stan­dard. The S2 fac­tor extends from injuries requir­ing more than basic first aid, like a bro­ken fin­ger for instance, all the way to a fatal­ity. Does it make sense to group this broad range of injuries together? This def­i­n­i­tion doesn’t quite match with the Province of Ontario’s def­i­n­i­tion of a Critical Injury found in Regulation 834 either.

All of this points to the need to care­fully assess the scales that you choose before you start the process. Choosing the wrong tool can skew your results in ways that you may not be very happy about.

*Cardio-​​Pulmonary Resuscitation

All original content on these pages is fingerprinted and certified by Digiprove
Performance Optimization WordPress Plugins by W3 EDGE