Due to a lack of relevant data, there appears to be a problem with applying the machinery safety standard EN ISO 13849-1 to systems incorporating mechanical components. The intention is that this web page will provide a forum for designers, suppliers, consultants and others to share their views on this subject.
First, a reader raised the question of safety-critical mechanical components such as brakes and the problem with applying the recently introduced machinery safety standard EN ISO 13849-1, as the relevant data for mechanical components simply does not exist. Furthermore, the reader has learned from one supplier of brakes that models in the standard do not fit mechanical components such as brakes and cannot be used to generate data. Similarly, if a machine is fitted with safety-related controls that are primarily electrical, electronic or programmable electronic, and the control system is therefore being designed to EN 62061, then the lack of data for components such as electrically-actuated brakes results in the same problem.
Having contacted various suppliers of brakes, plus the Health and Safety Executive (HSE) and independent machinery safety consultants, the initial lack of positive response suggested there is, indeed, a problem. However, Andrew Nicoll of Mayr Transmissions says: "Our designers in Germany are working with the German authorities to ensure that they both fully understand the requirements and ramifications of the spec and to jointly agree a route to compliance." He goes on to explain that mechanical components will react very differently in different operating conditions, making it practically impossible to determine a Mean Time To Failure for every product in every conceivable operating condition.
Richard Brooks of Conformance, a CE marking and product safety consultancy, comments: "Reliability data for mechanical components is thin on the ground. The problem this creates depends on what is being designed though. There are three cases below:
- Design of a control system which controls a brake, in which case the application of EN ISO 13849-1 should be entirely suitable.
- Design of the whole safety-related function which includes a braking function, in which case the brake could be considered as a component of a control system and needs to be attributed with the appropriate values for MTTFd etc.
- The mechanical design of the brake itself, in which case the control system-related standards are not applicable.
"It is only in case 2 that reliability data for the mechanical brake component is required. EN ISO 13849-1:2006 does give some advice on this; Annex C4 provides a method for calculating MTTFd given appropriate reliability data but that requires reliability testing. In the absence of this data, typical values for mechanical and hydraulic components are provided in Annex C1-3, providing certain criteria are met - associated with well-tried safety principles. These sources should provide sufficient information to proceed with an analysis.
"EN 62061 is only applicable to electrical safety related control systems, not non-electrical systems. EN 13849 applies to both electrical and non-electrical systems. I would need a more detailed understanding of the application to advise more specifically. Obviously, we would be happy to deal with any enquiry of this nature."
Machine builders struggling with standards
Nick Williams, also of Conformance, adds: "For my part, I think engineers sometimes forget that the whole process of CE marking and risk assessment-led safety design is a relatively new concept in engineering terms, and although the basic framework of Directives and standards has been in place since the mid 1990s, many of the standards and the concepts behind them are still very much 'work in progress' and it will take time for standard working practices to evolve around them. This is particularly true for the application of programmable electronic systems (PES) for safety applications, which is frequently being led as much by the desire of the PES manufacturers to sell novel products as it is by a demand for such equipment from machinery designers. The net effect of this is that the standards do not contain all of the answers and designers must be prepared to invest some time in properly understanding what a standard is trying to achieve and then using their experience to apply those principles. (The other side of that coin, of course, is that often the standards writers could so a lot more to explain the context of the requirements!)
"We still regularly come across cases where electrical control system designers are unfamiliar with even EN 954-1 and, generally speaking, mechanical control system designers are even further behind. While I do not subscribe to the school of thought which states that EN 13849 is a solution in search of a problem, I do think that the people who create these standards are sometimes out of touch with the practical applications which most of the engineers in (particularly small) machinery manufacturing companies have to struggle with, and they lose sight of the fact that at the end of the day the need is to get equipment which is 'safe enough' out of the door."
Another comment comes from Franco Tomei, who writes: "It would appear to me that any mechanical brake would not be able to comply due to so many variables. It may be possible by installing a stop time monitoring system such that if the stop time goes beyond a pre-set limit then the machine would not be able to operate, thereby preventing a dangerous situation from arising.
"The woodworking industry has this issue and I do not believe that any mechanical brakes are used on 20,000 to 30,000rpm spindles; electrical braking systems are used due to their predictive response. However, it is appreciated that in some circumstances mechanical brakes are the only possibility, in which case a conservative approach would need to be taken."
A view from the HSE
Richard Wilson of the Health and Safety Executive (HSE) Field Operations Directorate Mechanical Specialist Group states that he is seeking further information from his colleagues and contacts but, meanwhile, this is his understanding of the current situation:
"The first point to make is that this is not a new problem. It started with the publication of BS EN 954-1:1997 Safety of machinery - Safety-related parts of control systems - Part 1: General principles for design. This subsequently became ISO 13849-1:1999 but was revised under the Vienna agreement and has now been published as BS EN ISO 13849-1:2006.
"954 introduced performance (not safety) categories. It was recognised that as 954 tended to be largely based on electrical components something needed to be written to help in relation to mechanical components. This resulted in PD CR 954-100:1999 Safety of machinery - Safety-related parts of control systems - Part 100: Guide on the use and application of EN 954-1:1996. It covers the topic of combining categories and technologies in one function. It states that mechanical links, that can only ever be Category B or 1, can give a safety function that will equal higher Categories. Mechanical components obviously need routine maintenance to ensure their continued integrity. The arrival of IEC 61508 that resulted in BS EN 62061 have changed things and there will certainly be ongoing work on comparing the two, ie 13849 and 62061."
[See this more recent announcement confirming the extended transition period for EN 954-1 - Ed]
If you are a machine designer, supplier or consultant and would like to share your thoughts on this subject, email me at .
Jonathan Severn, Editor