Do you use ISO 13849 or IEC 62061? We need to hear from you! UPDATED

Do you use ISO 13849-1 or IEC 62061 to define and analyze the safety related parts of the control systems used on your machinery? Have you been frustrated by trying to apply these standards? Good news! ISO and IEC are working on merging these documents, but the committee working on the merger needs some guidance from users. Here’s your chance to be heard!

Be Heard

Survey graphicIn May this year, ISO TC199 launched an online survey asking for input from machine builders and anyone else that uses ISO 13849 or IEC 62061. The survey probes ways that the standards are used , the kinds of problems they encounter when trying to apply them, and how the use of these standards affects their products and businesses. The survey, titled “Design of safety related controls/control systems for machinery – Experiences with generic standards (in particular ISO 13849-1 and IEC 62061)” asks a number of important questions that will guide the Joint Working Group 1 (JWG1) as work proceeds on merging ISO 13849 and IEC 62061.

The survey covers:

  • The generic and machine-specific standards used in your company;
  • The types of control technologies used in your products;
  • Challenges with getting component reliability data;
  • Use of ‘well-tried components’, and the methods to qualifying components as ‘well-tried’;
  • Challenges related to integrating mechanical, pneumatic or hydraulic components in the design of the safety related controls, and the specific challenges you have with this, as well as the means you have developed to overcome these challenges;
  • The sources you use for failure rate data;
  • The influence of accident/incident history on your designs;
  • Methods used to determine PLs or SILs;
  • The use of designated architectures in your designs;
  • The use of diagnostics;
  • Verification and validation procedures;
  • Use of Common Cause factors; and
  • The use of design software tools like SISTEMA, PasCAL or SET

As you can see, it’s pretty wide-ranging. If you have a few minutes and would like to contribute to the future development of these standards, the Joint Working Group would like to hear from you! 

The survey closes 31-Aug-12 30-Nov-12. Take a minute now to complete it.

English Survey

French Survey

German Survey

31-Dec-2011 – Are YOU ready?

This entry is part 8 of 8 in the series Circuit Architectures Explored

31-December-2011 marks a key milestone for machine builders marketing their products in the European Union, the EEA and many of the Candidate States. Functional Safety takes a positive step forward with the mandatory application of EN ISO 13849-1 and -2. As of 1-January-2012, the safety-related parts of the control systems on all machinery bearing a CE Mark will be required to meet these standards.

This change started six years ago, when these standards were first harmonized under the Machinery Directive. The EC Machinery Committee gave machine builders an additional three years to make the transition to these standards, after much opposition to the original mandatory implementation date of 31-Dec-08 was announced.

If you aren’t aware of these standards, or if you aren’t familiar with the concept of functional safety, you need to get up to speed, and fast.

Under EN 954-1:1995 and the 1st Edition of ISO 13849-1, published in 1999, a designer needed to select a design Category or architecture, that would provide the degree of fault tolerance and reliability needed based on the outcome of the risk assessment for the machinery. The Categories, B, 1-4, remain unchanged in the 2nd Edition. I’ve talked about the Categories in detail in other posts, so I won’t spend any time on them here.

The 2nd Edition brings Mean Time to Failure into the picture, along with Diagnostic Coverage and Common Cause Failures. These new concepts require designers to use more analytical techniques in developing their designs, and also require additional documentation (as usual!).

One of the main failings with EN 954-1 was Validation. This topic was supposed to have been covered by EN 954-2, but this standard was never published. This has led machine builders to make design decisions without keeping the necessary design documentation trail, and furthermore, to skip the Validation step entirely in many cases.

The missing Validation standard was finally published in 2003 as ISO 13849-2:2003, and subsequently adopted and harmonized in 2009 as EN ISO 13849-2:2003. While no mandatory implementation date for this standard is given in the current list of standards harmonized under 2006/42/EC-Machinery, use of Part 1 of the standard mandates use of Part 2, so this standard is effectively mandatory at the same time.

Part 2 brings a number of key annexes that are necessary for the implementation of Part 1, and also outlines the complete documentation trail needed for validation, and coincidentally, audit. Notified bpdies will be looking for this information when evaluating the content of Technical Files used in CE Marking.

From a North American perspective, these two standards gain access through ANSI’s adoption of ISO 10218 for Industrial Robots. Part 1 of this standard, covering the robot itself, was adopted last year. Part 2 of the standard will be adopted in 2012, and RIA R15.06 will be withdrawn. At the same time, CSA will be adopting the ISO standards and withdrawing CSA Z434.

These changes will finally bring North America, the International Community and the EU onto the same footing when it comes to Functional Safety in industrial machinery applications. The days of “SIMPLE, SINGLE CHANNEL, SINGLE CHANNEL-MONITORED and CONTROL RELIABLE” are numbered.

Are you ready?

Compliance InSight Consulting will be offering a series of training events in 2012 on this topic. For more information, contact Doug Nix.

Understanding Risk Assessment

When people discuss ‘Risk’ there are a lot of different assumptions made about what that means. For me, the study of risk and risk assessment techniques started in 1995. As a technologist and controls designer, I had to somehow wrap my head around the whole concept in ways I’d never considered. If you’re trying to figure out risk and risk assessment this is a good place to get started!

What is risk?

From a machinery perspective, ISO 12100:2010 defines risk as:

“combination of the probability of occurrence of harm and the severity of that harm”

Risk can have positive or negative outcomes, but when considering safety, we only consider negative risk, or events that result in negative health effects for the people exposed.

The risk relationship is illustrated in ISO 12100:2010 Figure 3:

ISO 12100-2010 Figure 3
ISO 12100-2010 Figure 3


R = Risk

S = Severity of Harm

P = Probability of Occurrence of Harm

The Probability of Occurrence of Harm factor is often further broken down into three sub-factors:

  • Probability of Exposure to the hazard
  • Probability of Occurrence of the Hazardous Event
  • Probability of Limiting or Avoiding the Harm

How is risk measured?

In order to estimate risk a scoring tool is needed. There is no one ‘correct’ scoring tool, and there are flaws in most scales that can result in blind-spots where risks may be over or under-estimated.

At the simplest level are ‘screening’ tools. These tools use very simple scales like ‘High, Medium, Low’, or ‘A, B, C’. These tools are often used when doing a shop-floor inspection and are intended to provide a quick method of capturing observations and giving a gut-feel assessment of the risk involved. These tools should be used as a way to identify risks that need additional, detailed assessment. To get an idea of what a good screening tool can look like, have a look at the SOBANE Déparis system.

Every scoring tool requires a scale for each risk parameter included in the tool. For instance, consider the CSA tool described in CSA Z434:

CSA Z434-03 Table 1As you can see, each parameter (Severity, Exposure and Avoidance) has a scale, with two possible selections for each parameter.

When considering selection of a scoring tool, it’s important to take some time to really examine the scales for each factor. The scale shown above has a glaring hole in one scale. See if you can spot it and I’ll tell you what I think a bit later in this post.

There are more than 350 different scales and methodologies available for assessing risk. You can find a good review of some of them in Bruce Main’s textbook “Risk Assessment: Basics and Benchmarks” available from DSE online.

A similar, although different, tool is found in Annex 1 of ISO 13849-1. Note that this tool is provided in an Informative Annex. This means that it is not part of the body of the standard and is NOT mandatory. In fact, this tool was provided as an example of how a user could link the output of a risk assessment tool to the Performance Levels described in the normative text (the mandatory part) of the standard.

Consider creating your own scales. There is nothing wrong with determining what characteristics (parameters) you want to include in your risk assessment, and then assigning each parameter a numeric scale that you think is suitable; 1-10, 0-5, etc. Some scales may be inverted to others, for example: If the Severity scale runs from 0-10, the Avoidability scale might run from 10-0 (Unavoidable to Entirely Avoidable).

Once the scales in your tool have been defined, document the definitions as part of your assessment.

Who should conduct risk assessments?

Lake YogaIn many organizations, I find that risk assessment has been delegated to one person. This is a major mistake for a number of reasons. Risk assessment is not a solo activity for a ‘guru’ in a lonely office somewhere!

Risk assessment is not a lot of fun to do, and since risk assessments can get to be quite involved, it represents a significant amount of work to put on one person. Also, leaving it to one person means that the assessment will necessarily be biased to what that person knows, and may miss significant hazards because the assessor doesn’t know enough about that hazard to spot it and assess it properly.

Risk assessment requires multiple viewpoints from participants with varied expertise. This includes users, designers, engineers, lawyers and those who may have specialized knowledge of a particular hazard, like a Laser Safety Officer or a Radiation Safety Officer. The varied expertise of the people involved will allow the committee to balance the opinion of each hazard, and develop a more reasoned assessment of the risk.

I recommend that risk assessment committees never be less than three members. Five is frequently a good number. Once you get beyond five, it becomes increasingly difficult to obtain consensus on each hazard. Also, consider the cost. As each committee member is added to the team, the cost of the assessment can escalate exponentially.

Training in risk assessment is crucial to success. Ensure that the individuals involved are trained, and that at least one has some previous experience in the practice so that they may guide the committee as needed.

When should a risk assessment be conducted?

Risk Assessment Lifetime Flow Chart
Risk Assessment in the Lifetime of a Product

Risk assessment should begin at the beginning of a project, whether it’s the design of a product, the development of a process or service, or the design of a new building. Understanding risk is critical to the design process. Cost for changes made at the beginning of a project are minimal compared to those that will be incurred to correct problems that might have been foreseen at the start. Risk assessment should start at the concept stage and be included at each subsequent stage in the development process. The accompanying graphic illustrates this idea.

Essentially, risk assessment is never finished until the product, process or service ceases to exist.

What tools are available?

As mentioned earlier in this post, the book ‘Risk Assessment: Basics and Benchmarks” provides an overview of roughly 350 different scoring tools. You can search the Internet and turn up quite a few as well. The key thing with all of these systems is that you will need to develop any software based tools yourself. Depending on your comfort with software, this might be a spreadsheet format, a word processing document a database, or some other format that works for your application.

There are a number of risk assessment software tools available as well, including ISI’s CIRSMA™ and DSE’s DesignSafe. As with the scoring tools, you need to be careful when evaluating tools. Some have significant blind spots that may trip you up if you are not aware of their limitations.

Remember too that the output from the software can only be as good as the input data. The old saw “Garbage In, Garbage Out” holds true with risk assessment.

Where can you get training?

There are a few places to get training. Compliance InSight Consulting provides training to corporate clients and will be launching a series of web-based training services in 2011 that will allow individual learners to get training too.

The IEEE PSES operates a Risk Assessment Technical Committee that is open to the public as well. See the RATC web site.

The Answer to the Scale Question

The Exposure Scale in the CSA tool has a gap between E1 and E2. Looking at the definitions for each choice, notice that E1 is less than once per day or shift, while E2 is more than once per hour. Exposures that occur once per hour or less, but more than once per day cannot be scored effectively using this scale.

Also, notice the Severity scale: S1 encompasses injuries requiring not more than basic first aid. One common question I get is “Does that include CPR*?”. This question comes up because most basic first aid courses taught in Canada include CPR as part of the course. There is no clear answer for this in the standard. The S2 factor extends from injuries requiring more than basic first aid, like a broken finger for instance, all the way to a fatality. Does it make sense to group this broad range of injuries together? This definition doesn’t quite match with the Province of Ontario’s definition of a Critical Injury found in Regulation 834 either.

All of this points to the need to carefully assess the scales that you choose before you start the process. Choosing the wrong tool can skew your results in ways that you may not be very happy about.

*Cardio-Pulmonary Resuscitation