Kevin Ives, a consultant with Pilz Automation Technology, discusses machinery safety standards in the light of EN ISO 13849-1 being harmonised to the Machinery Directive as of 8 May 2007.
Following the ISO 13849-1 debacle and now the announcement in the Official Journal of its harmonisation to the Machinery Directive on 8 May 2007, machinery safety standards are under the spotlight once again.
ISO 13849-1 (Safety of machinery, Safety-related parts of control systems, Part 1: General principles for design) has been very unpopular in some quarters, especially here in the UK, and there are several reasons for this. Nevertheless, now it is harmonised to the Machinery Directive as EN ISO 13849-1, this standard will replace EN 954-1 (Safety of machinery, Safety-related parts of control systems, Part 1: General principles for design), which is a standard that machine builders are familiar with and, on the whole, understand and conform to. The trouble is, EN 954-1 is a relatively simple standard, with an easy-to-follow (often criticised as being too easy) risk graph that helps people establish a safety category for their machine. Safety categories are worked out on a qualitative basis, so the process is also quick. The new EN ISO 13849-1 follows a similar process to define a performance level, but the user then has to perform a number of calculations involving diagnostic coverage, mean time to dangerous failure, architecture and common-cause failures to validate that the performance level has been achieved. In comparison with an EN 954-1 assessment, this is complicated and time-consuming. So the worry is that people will simply carry on doing what they have done for the last 15 years.
For those people that find themselves using both EN ISO 13849-1 and EN 62061, it is also frustrating - and possibly confusing - that different terminology is used: EN ISO 13849-1 Performance Level b is roughly equivalent to a 'low' EN 62061 SIL 1; Performance Level c is a 'high' SIL 1; Performance Level d is SIL 2; and Performance Level e is SIL3.
And now some good news
Having said that, the standard does have its good points, though I am not the only person that believes the new standard was 'eased' through the approvals process. In May 2006 the reports from the committee suggested that it was going to be abandoned, as EN 62061 had been harmonised and is broadly similar to EN ISO 13849-1. However, EN 62061 only applies to electrical control systems, so some committee members felt that, because EN 62061 could not replace EN 954-1, EN ISO 13849-1 had to be approved, as it also covers pneumatic, hydraulic and mechanical safety systems. With what seemed like undue haste (in comparison with international standards committee history) the new standard was approved and, at the final vote, many countries abstained. Nevertheless, it was approved despite strong objections and the UK, USA and Japan voting against it.
One of the things in the standard's favour is the quantitative approach, which is undoubtedly more appropriate for complex machinery, and the standard also enables the proposed safety-related control system to be validated. With EN 954-1 it was a case of designing the system and relying on the design being right, but EN ISO 13849-1 forces you to validate that the control system really does do what is required of it.
EN ISO 13849-1 was harmonised on 8 May 2007, but it should be noted that there is a transition period until 30 November 2009 during which machine builders can choose whether to work to EN 954-1 or EN ISO 13849-1. [See this more recent announcement confirming the extended transition period for EN 954-1 - Ed.] For a simple machine - typically one on which the safety-related control system uses nothing more sophisticated than safety relays - I would usually recommend using EN 954-1, and I am confident that the HSE would be comfortable with that. However, for more complex machinery, or anything using a programmable safety controller of any sort, I would recommend EN 62061. Complex non-electrical safety-related control systems should be designed to EN ISO 13849-1.
In addition, pay attention to the Type C standards that relate to specific categories of machinery; surprisingly, people are often not aware that these standards exist. This is a pity, because the standards are very useful inasmuch as they tell you what the risks are and indicate the minimum safety category (as per EN 954-1) that should be used. However, as time goes on, these standards - which are generally 'three-letter' EN standards (such as EN 692 for mechanical presses) - are being rewritten and produced as international ISO standards with a five- or six-figure number. These will contain references to EN ISO 13849-1 and IEC 62061, rather than the old EN 954-1.
If people want to find out more about EN ISO 13849-1 and EN 62061, there are already some technical articles on the Pilz website about these, plus Pilz runs a one-day training course that explains these two standards, when to use each one, and how to perform the calculations. Pilz consultants can, of course, also give one-to-one advice about specific projects.
For more information about consultancy services, visit the website at www.pilz.co.uk.