Inconsistencies in ISO 13849 – 1:2006

This entry is part 7 of 8 in the series Circuit Architectures Explored

I’ve writ­ten quite a bit recently on the top­ic of cir­cuit archi­tec­tures under ISO 13849 – 1, and one of my read­ers noticed an incon­sist­ency between the text of the stand­ard and Figure 5, the dia­gram that shows how the cat­egor­ies can span one or more Performance Levels.

ISO 13849-1 Figure 5
ISO 13849 – 1, Figure 5: Relationship between Categories, DC, MTTFd and PL

If you look at Category 2 in Figure 5, you will notice that there are TWO bands, one for DCavg LOW and one for DCavg MED. However, read­ing the text of the defin­i­tion for Category 2 gives (§6.2.5):

The dia­gnost­ic cov­er­age (DCavg) of the total SRP/​CS includ­ing fault-​detection shall be low.

This leaves some con­fu­sion, because it appears from the dia­gram that there are two options for this archi­tec­ture. This is backed up by the data in Annex K that under­lies the dia­gram.

The same con­fu­sion exists in the text describ­ing Category 3, with Figure 5 show­ing two bands, one for DCavg LOW and one for DCavg MED.

I con­tac­ted the ISO TC199 Secretariat, the people respons­ible for the con­tent of ISO 13849 – 1, and poin­ted out this appar­ent con­flict. They respon­ded that they would pass the com­ment on to the TC for res­ol­u­tion, and would con­tact me if they needed addi­tion­al inform­a­tion. As of this writ­ing, I have not heard more.

So what should you do if you are try­ing to design to this stand­ard? My advice is to fol­low Figure 5. If you can achieve a DCavg MED in your design, it is com­pletely reas­on­able to claim a high­er PL. Refer to the data in Annex K to see where your design falls once you have com­pleted the MTTFd cal­cu­la­tions.

Thanks to Richard Harris and Douglas Florence, both mem­bers of the ISO 13849 and IEC 62061 Group on LinkedIn for bring­ing this to my atten­tion!

If you are inter­ested in con­tact­ing the TC199 Secretariat, you can email the Secretary, Mr. Stephen Kennedy. More details on ISO TC199 can be found on the Technical Committee page on the ISO web Site.

31-​Dec-​2011 – Are YOU ready?

This entry is part 8 of 8 in the series Circuit Architectures Explored

31-​December-​2011 marks a key mile­stone for machine build­ers mar­ket­ing their products in the European Union, the EEA and many of the Candidate States. Functional Safety takes a pos­it­ive step for­ward with the man­dat­ory applic­a­tion of EN ISO 13849 – 1 and -2. As of 1-​January-​2012, the safety-​related parts of the con­trol sys­tems on all machinery bear­ing a CE Mark will be required to meet these stand­ards.

This change star­ted six years ago, when these stand­ards were first har­mon­ized under the Machinery Directive. The EC Machinery Committee gave machine build­ers an addi­tion­al three years to make the trans­ition to these stand­ards, after much oppos­i­tion to the ori­gin­al man­dat­ory imple­ment­a­tion date of 31-​Dec-​08 was announced.

If you aren’t aware of these stand­ards, or if you aren’t famil­i­ar with the concept of func­tion­al safety, you need to get up to speed, and fast.

Under EN 954 – 1:1995 and the 1st Edition of ISO 13849 – 1, pub­lished in 1999, a design­er needed to select a design Category or archi­tec­ture, that would provide the degree of fault tol­er­ance and reli­ab­il­ity needed based on the out­come of the risk assess­ment for the machinery. The Categories, B, 1 – 4, remain unchanged in the 2nd Edition. I’ve talked about the Categories in detail in oth­er posts, so I won’t spend any time on them here.

The 2nd Edition brings Mean Time to Failure into the pic­ture, along with Diagnostic Coverage and Common Cause Failures. These new con­cepts require design­ers to use more ana­lyt­ic­al tech­niques in devel­op­ing their designs, and also require addi­tion­al doc­u­ment­a­tion (as usu­al!).

One of the main fail­ings with EN 954 – 1 was Validation. This top­ic was sup­posed to have been covered by EN 954 – 2, but this stand­ard was nev­er pub­lished. This has led machine build­ers to make design decisions without keep­ing the neces­sary design doc­u­ment­a­tion trail, and fur­ther­more, to skip the Validation step entirely in many cases.

The miss­ing Validation stand­ard was finally pub­lished in 2003 as ISO 13849 – 2:2003, and sub­sequently adop­ted and har­mon­ized in 2009 as EN ISO 13849 – 2:2003. While no man­dat­ory imple­ment­a­tion date for this stand­ard is giv­en in the cur­rent list of stand­ards har­mon­ized under 2006/​42/​EC-​Machinery, use of Part 1 of the stand­ard man­dates use of Part 2, so this stand­ard is effect­ively man­dat­ory at the same time.

Part 2 brings a num­ber of key annexes that are neces­sary for the imple­ment­a­tion of Part 1, and also out­lines the com­plete doc­u­ment­a­tion trail needed for val­id­a­tion, and coin­cid­ent­ally, audit. Notified bpdies will be look­ing for this inform­a­tion when eval­u­at­ing the con­tent of Technical Files used in CE Marking.

From a North American per­spect­ive, these two stand­ards gain access through ANSI’s adop­tion of ISO 10218 for Industrial Robots. Part 1 of this stand­ard, cov­er­ing the robot itself, was adop­ted last year. Part 2 of the stand­ard will be adop­ted in 2012, and RIA R15.06 will be with­drawn. At the same time, CSA will be adopt­ing the ISO stand­ards and with­draw­ing CSA Z434.

These changes will finally bring North America, the International Community and the EU onto the same foot­ing when it comes to Functional Safety in indus­tri­al machinery applic­a­tions. The days of “SIMPLE, SINGLE CHANNEL, SINGLE CHANNEL-​MONITORED and CONTROL RELIABLE” are numbered.

Are you ready?

Compliance InSight Consulting will be offer­ing a series of train­ing events in 2012 on this top­ic. For more inform­a­tion, con­tact Doug Nix.