Functional safety

Safety in hazardous situations using emergency stop

The causes of hazards and the technical measures applied to avoid them can vary widely. As a result, different types of safety are differentiated by the cause of potential hazards, for example.

We talk about "functional safety” when safety depends on the correct function of a control system.

The risk assessment plays a key role with regard to functional safety requirements. The steps you need to consider when risk assessing and reducing risk on machinery come from the standard EN ISO 12100. The evaluation and verification of safety functions are the prevail of the standards EN ISO 13849 and EN / IEC 62061, provided the required protection measure is dependent on a control system. The safety integrity requirements (PL, SIL) are derived from the risk estimation.

Functional safety standards - EN ISO 13849 and IEC 62061

Functional safety refers to that part of a system's overall safety that depends on the correct functioning of the safety-related control system. Safety generally depends also on other risk-reduction measures, which are considered in accordance with EN ISO 12100. Emergency stops, safety gates, light curtains or speed monitoring are some of the typical safety devices that are used to safeguard plant and machinery. With the rising level of complexity of plant and machinery, programmable systems are increasingly being used in addition to conventional relays. Both EN ISO 13849 and IEC 62061 provide conformance with international legislation , e.g. the machinery directive. Both standards are paramount for plant and machine builders, because many B and C standards refer to them directly.

Revision of the standards EN ISO 13849 and IEC 62061

Both standards had to be updated to keep representing the “state of the art”. The latest edition of IEC 62061 was published on 19 February 2021. The rework on ISO 13849-1 is still ongoing and is likely to be finished early 2022.The impetus to revise both standards stemmed not just from the routine revision and upgrade to the state of the art, but also from the many discussions that took place during the failed attempt to unify the two standards into IEC/ISO 17305.

The content of IEC 62061 is known, but the changes on EN ISO 13849 are not finalised yet; however it is clear both new editions

  • require a clear description of the safety requirements specifications including information such as
    • the operating modes during which the function is active (always, only during maintenance, etc.)
    • how to monitor safety functions
    • when and how to test the safety function
    • the associated fault reaction
    • reaction time
  • changed their methodology on how to define the required safety level (PL or SIL)
  • changed requirements with respect to the application software in line with the complexity and programming language selected
  •  allow subsystems, developed in accordance with one standards, to be used within the other

Existing safety concepts must be closely scrutinised

Plant and machine builders should re-assess existing safety concepts with regard to the changed SIL / PL classification in the standards. In some cases there will be greater flexibility with regard to the proposed risk parameters. Whether there are any effects on existing safety assessments will need to be evaluated on a case-by-case basis.

Transition periods after ratification?

IEC 62061 is published in February 2021; however ongoing discussions in the standards committees mean it may be 2022 for EN ISO 13849. Whether there will be a transition period for publication of the standards in the Official Journal and how long this might be is yet to be determined. Therefore it is advisable to deal with the expected development early, in other words now.
We’ll keep our eye on the ball for you!

Basic standards IEC 62061

Functional safety at a glance

Download functional safety poster

The aim of functional safety is always to protect humans and machines from hazards. In Europe, the relevant functional safety standards in the engineering sector are listed in the Machinery Directive. Download our “Functional safety” poster and learn about the risk assessment and risk reduction procedure in accordance with EN ISO 12100 in a compact, at-a-glance format. Derived from this so-called A-standard there are two important standards you can apply

  • EN ISO 13849-1: Applicable for electrical, electronic, programmable electronic, hydraulic, pneumatic, mechanical systems
  • EN / IEC 62061: Applicable for electrical, electronic, programmable electronic systems

Important parameters for the reliability of safety-related functions are the Safety Integrity Level (SIL) and Performance Level (PL).

Download functional safety poster

Further information

New concept on fault tolerance in machinery safety developed at ZVEI with the collaboration of Pilz

A working group within the ZVEI (German Electrical and Electronic Manufacturers' Association), working in collaboration with Pilz and the IFA (Institute for Occupational Safety and Health), has developed a white paper, which describes the basic principles of fault-tolerant devices and systems in functional safety on plant and machinery. The white paper is available for download free of charge.

Free download

It is primarily aimed at machine builders and system integrators, who design and implement safety functions and subsystems for the machine controller. This information can also be applied for the design of safety-related devices and systems in product development. The procedure and the requirements to be met have been published by ZVEI in a white paper.

What is a fault-tolerant system?

Fault-tolerant systems can enable continued operation, even though a potentially hazardous failure has been detected. A fault-tolerant system requires not just fault detection but also fault evaluation. This makes it possible to decide whether the detected fault can be tolerated or is serious. If the latter is the case, an immediate stop (shutdown) is mandatory.

This type of fault evaluation is not usual in current implementations of “classic factory automation systems”. However, fault tolerance is impossible without fault evaluation. It is clear that decision-making for a graduated fault reaction is only possible on devices or systems with a suitable design. The developer and also the user of a fault-tolerant device or system must also define the length of the period Δtdeg for continued operation (in a degraded state). Additional risk reduction measures must also be specified if necessary, which then become part of the information for use. This may be used to bring a processing step to an end, to give a practical example.

New concept on fault tolerance in machinery safety at ZVEI

Further information

Services - As a solution supplier, Pilz provides support across the machine lifecycle

Training - Stay up-to-date on machinery safety and automation

Read more in the Safety Compendium

Overview of area

Contact

Pilz Czech s.r.o.
Zelený pruh 95/97
140 00 Praha 4
Czech Republic

Telephone: +420 222 135353
E-Mail: info@pilz.cz

Technical Support (office hours)

Telephone: +420 222 135354
E-Mail: Support@pilz.cz