Voting has now finished and, depite strong opposition from the UK, USA and Japan, EN 13849-1 will definitely replace EN 954-1.
After a great deal of debate, both in the media and in committee meeting rooms, voting has been in favour of superseding EN 954-1 with EN (ISO) 13849-1, 'Safety of machinery, Safety-related parts of control systems, Part 1: General principles for design' (the UK, USA and Japan were the only nations to vote against). The new standard will be issued at the end of 2006 or early in 2007, and it is expected to be harmonised to the Machinery Directive in the second quarter of 2007. Even then, there will be a three-year transition period during which EN 954-1 can still be used. [See this more recent announcement confirming the extended transition period for EN 954-1 - Ed]
But what does this all mean for machine builders, system integrators and those involved in specifying and designing safety-related control systems for machines?
First of all, do not panic! Many commentators have warned that the simplicity of EN 954-1 with its easily-understood 'risk graph' would be replaced by something far more onerous that requires complex mathematics - and that the result might be that many machine builders would simply stop working to the appropriate standards. On the contrary, once specifiers, designers and machine builders have come to terms with the new standard, it could actually make things easier. For example, depending on the type of equipment and the Performance Level required, there is a choice of components that can be used to achieve a safety-related control system that conforms to the standard's requirements.
Although much criticism was levelled at the 'risk graph' used in EN 954-1 to select safety categories, and the standard's replacement was seen in some quarters as a good opportunity to dispense with it, a similar type of graph has been used in EN (ISO) 13849-1 for the selection of Performance Levels (which are similar in concept to the safety categories in EN 954-1). Following on from this graph, further guidance is included in the new standard to assist with the system design, meaning that the maths required is, in many cases, minimal (which is in stark contrast to EN 62061, the standard to be used for the design of software-programmable safety-related electrical control systems).
In general terms, EN (ISO) 13949-1 takes a four-stage approach to the design of safety-related control systems.
- Perform a risk assessment
- For the identified risks, allocate the safety measure (Performance Level (PL))
- Devise a system architecture that is suitable for the Performance Level
- Validate the design to check that it meets the requirements of the initial risk assessment
This last step involves using manufacturers' data for the reliability of the components and how they are configured in the architecture. The results can then be compared with the charts in the annexes of the standard to produce the required parameters for cross-checking against the original assessment. To assist with this step, EN (ISO) 13849-2 (Safety of machinery, Safety-related parts of control systems, Part 2: Validation) will be voted on and ratified. This is expected to be identical to the old prEN 954-2 that was never ratified.
Meanwhile, specifiers, designers and machine builders need to be aware that, following a lengthy period of uncertainty, the new standard is definitely being introduced. There is no need to make any changes to design procedures 'overnight' in order to comply, but it is essential that people find out more about the standard and learn how to apply it. Pilz already offers a one-day training course, 'An Introduction to EN 62061 and EN ISO 13849-1 Safety of Machinery', which is likely to be a very popular starting point.