• HOME
• MACHINERY DIRECTIVE MADE SIMPLE
• FAQs
• SAFETY PRODUCT INFO
• SAFETY FIRST BROCHURE
• ZVEI
• WIELAND WEBSITE
• PRODUCT SELECTION GUIDE
• STOCKISTS
• MACHINERY DIRECTIVE
  (obtain copies from BSI)
• SISTEMA
• MEDIA CENTRE
• SEMINARS
• USEFUL PUBLICATIONS
• USEFUL LINKS

Machinery Directive Made Simple

The basic compliance procedure

The new EU Machinery Directive dictates that machinery should not present a risk (risk assessment in accordance with EN1050 and EN ISO 14121-1) but, given that there is no such thing as zero risk in technology, the aim is to achieve an acceptable residual risk. If safety is dependant on control systems, they must be designed with a sufficiently low probability of functional errors, and, if this is impossible, any errors that occur should not lead to the loss of the safety function. To meet this requirement it makes sense to use harmonised standards that have been created in accordance with a mandate from the European Commission, this being the only way to avoid spending extra time and effort demonstrating conformity in the event of a claim.

Why change?

Previously, the safety related parts of a machine’s control system were designed in accordance with EN 954-1 and this was based on the calculated risk. The aim was to set The aim was to set an appropriate system behaviour (“control class”) against a category (deterministic approach). Once electronics, and programmable electronics in particular, had made their mark on safety technology, safety could no longer be measured purely in terms of the simple category system found in EN 954-1. Furthermore, it was unable to provide information on probability of failure (probabilistic approach). Help is now available from EN 62061 and EN ISO 13849-1, the successor standard to EN 954-1.

The two standards explained

EN ISO 13849-1: “Safety-related parts of control systems, Part 1: General principles for design” This standard may be applied to SRP/CS (safety-related parts of control systems) and all types of machinery, regardless of the type of technology and energy used (electrical, hydraulic, pneumatic, mechanical, etc.).

EN ISO 13849-1 also lists special requirements for SRP/CS with programmable electronic systems. EN 62061: “Functional safety of safety-related electrical, electronic and programmable electronic control systems” This standard defines requirements and gives recommendations for the design, integration and validation of safety-related electrical, electronic and programmable electronic control systems (SRECS) for machinery. It does not define requirements for the performance of non-electrical (e.g. hydraulic, pneumatic, electromechanical) safety-related control elements for machinery.

EN ISO 13849-1 a brief explanation

EN ISO 13849-1 is based on the familiar categories from EN 954-1:1996. It examines complete safety functions, including all the components involved in their design.

EN ISO 13849-1 goes beyond the qualitative approach of EN 954-1 to include a quantitative assessment of the safety functions. A performance level (PL) is used for this, building upon the categories. Components/devices require the following safety parameters:

• Category (structural requirement)
• PL: Performance level
• MTTFd: Mean time to dangerous failure
• B10d: Number of cycles by which 10% of a random sample of wearing components have failed dangerously
• DC: Diagnostic coverage
• CCF: Common cause failure
• TM: Mission time

The standard describes how to calculate the performance level (PL) for safety-related parts of control systems, based on designated architectures, for the designated mission time TM.

EN ISO 13849-1 refers any deviations to IEC 61508. Where several safety- related parts are combined into one overall system, the standard describes how to calculate the PL that can be achieved.

For additional guidelines on validation EN ISO 13849-1 refers to Part 2, which was published at the end of 2003. This part provides information on fault considerations, maintenance, technical documentation and usage guidelines. The transition period from EN 954-1 to EN ISO 13849-1 is likely to end in October 2009. Until then, either standard may be applied.

EN 62061 a brief explanation

EN 62061 represents a sector-specific standard under IEC 61508. It describes the implementation of safety-related electrical and electronic control systems on machinery and examines the overall lifecycle from the concept phase through to decommissioning. Quantitative and qualitative examinations of the safety-related control functions form the basis. The performance level is described through the safety integrity level (SIL).

The safety functions identified from the risk analysis are divided into safety subfunctions; these safety subfunctions are then assigned to actual devices, called subsystems and subsystem elements. Both hardware and software are handled this way.

A safety-related control system is made up of several subsystems. The safety-related characteristics of these subsystems are described through parameters (SIL claim limit and PFHD).

Safety-related parameters for subsystems:

• SILCL: SIL claim limit
• PFHD: Probability of dangerous failure per hour
• T1: Lifetime

These subsystems may in turn be made up of various interconnected subsystem elements (devices) with parameters to calculate the subsystem’s corresponding PFHD value.

Safety-related parameters for subsystem elements (devices):

• Failure rate; for wearing elements: describe via the B10 value
• SFF: Safe failure fraction

On electromechanical devices the failure rate is indicated by the manufacturer as a B10 value, based on the number of cycles. The time-based failure rate and lifetime must be determined through the switching frequency for the respective application.

Internal parameters to be established during design/construction for a subsystem comprised of subsystem elements:

• T2: Diagnostic test interval
• Susceptibility to common cause failure
• DC: Diagnostic coverage
• PFHD: The PFHD value of the safety-related control system is calculated by adding the subsystems' individual PFHD values.

Users have the following options when designing a safety-related control system:

• Use devices and subsystems that already comply with EN 954-1 and IEC 61508 or EN 62061. The standard specifies how to incorporate qualified devices when implementing safety functions.
• Develop their own subsystems – Programmable, electronic subsystems or complex subsystems: Apply IEC 61508. – Simple devices and subsystems: Apply EN 62061.

The standard represents a comprehensive system for the implementation of safety-related electrical, electronic and programmable electronic control systems. EN 62061 has been a harmonised standard since December 2005.

EN 954-1, or alternatively EN ISO 13849-1, should be applied for nonelectrical systems.

Wieland Electric Ltd. Riverside Business Centre, Walnut Tree Close, Guildford GU1 4UG, Tel: +44 (0)1483 531213 or Fax: +44 (0)1483 505029
Copyright © 2009 Wieland Electric