EN ISO 13849-1 is not the only standard that is causing headaches among machine builders. In this article, the editor of the Pilz Safety Update email newsletter interviews Kevin Ives, a Pilz consultant who has a detailed knowledge of the standards and who keeps a close eye on standards development.
Editor: What is the problem with EN ISO 13849-1 [Safety of machinery, Safety-related parts of control systems, Part 1: General principles for design]?
KI: Now it is harmonised to the Machinery Directive as EN ISO 13849-1, this standard replaces EN 954-1 [Safety of machinery, Safety-related parts of control systems, with Part 1: General principles for design], which is a standard that machine builders are familiar with and, on the whole, understand and conform to. The trouble is, EN 954-1 is a relatively simple standard, with an easy-to-follow (too easy) risk graph that helps people establish a safety category for their machine. Safety categories are worked out on a qualitative basis, so the process is also quick. The new EN ISO 13849-1 follows a similar process to define a performance level, but the user then has to perform a number of calculations involving diagnostic coverage, mean time to dangerous failure, architecture and common-cause failures to validate that the performance level has been achieved. In comparison with an EN 954-1 assessment, this is complicated and time-consuming. So the worry is that people will simply carry on doing what they have done for the last 15 years.
For those people that find themselves using both EN ISO 13849-1 and EN 62061, it is also frustrating - and possibly confusing - that different terminology is used: EN ISO 13849-1 Performance Level b is roughly equivalent to a 'low' EN 62061 SIL 1; Performance Level c is a 'high' SIL 1; Performance Level d is SIL 2; and Performance Level e is SIL3.
Editor: But if the standard was voted through, surely it cannot be that bad?
KI: I am not the only person that believes the new standard was 'eased' through the approvals process. In May 2006 the reports from the committee suggested that it was going to be abandoned, as EN 62061 had been harmonised and is broadly similar to EN ISO 13849-1. However, EN 62061 only applies to electrical control systems, so some committee members felt that, because EN 62061 could not replace EN 954-1, EN ISO 13849-1 had to be approved, as it also covers pneumatic, hydraulic and mechanical safety systems. With what seemed like undue haste (in comparison with international standards committee history) the new standard was approved and, at the final vote, many countries abstained. Nevertheless, it was approved, despite strong objections, with the UK, USA and Japan voting against it.
Although there is a lot to be disliked about EN ISO 13849, it has to be said that there are several things in its favour. For example, the quantitative approach is undoubtedly more appropriate for complex machinery, and it also enables the proposed safety-related control system to be validated. With EN 9541 it was a case of designing the system and relying on the design being right, but EN ISO 13849-1 forces you to validate that the control system really does do what is required of it.
Editor: What is the timetable for the introduction of EN ISO 13849-1?
KI: It was harmonised on 8 May 2007, with a transition period until 30 November 2009 during which machine builders can choose whether to work to EN 954-1 or EN ISO 13849-1.
Editor: Which standards are you advising people to use for the time being?
KI: For a simple machine - typically one on which the safety-related control system uses nothing more sophisticated than safety relays - I would usually say use EN 954-1, and I am confident that the HSE would be comfortable with that. However, for more complex machinery, or anything using a programmable safety controller of any sort, I would recommend EN 62061. Complex non-electrical safety-related control systems should be designed to EN ISO 13849-1.
Editor: What about Type C standards that relate to specific categories of machinery?
KI: Yes, these should be used as well. Surprisingly, I often come across people that are not aware that these standards exist. This is a pity, because the standards are very useful inasmuch as they tell you what the risks are and indicate the minimum safety category (as per EN 954-1) that should be used. However, as time goes on, these standards - which are generally 'three-letter' EN standards (such as EN 692 for mechanical presses) - are being rewritten and produced as international ISO standards with a five- or six-figure number. These will contain references to EN ISO 13849-1 and IEC 62061, rather than the old EN 954-1.
Editor: Where can people find out more about EN ISO 13849-1 and EN 62061?
KI: There are already some technical articles on the Pilz website about these, plus Pilz runs a one-day training course that explains these two standards, when to use each one, and how to perform the calculations. Pilz consultants can, of course, also give one-to-one advice about specific projects.