David Collier, Business Development Manager with Pilz Automation Technology, has some advice for machine builders who are still using the safety standard EN 954-1, which ceases to be current on 31 December 2011.
On New Year's Eve 2011 we will bid farewell to EN 954-1, Safety of machinery - Safety-related parts of control systems. The withdrawal of this standard on 31 December 2011 will bring new challenges for machine builders and users because, in addition to the familiar categories, the successor standard EN ISO 13849-1*, Safety of machinery - Safety-related parts of control systems, demands a probabilistic assessment of the safety functions, which goes beyond the qualitative approach of EN 954-1. The consequences will be far-reaching. Those affected are generally aware of the issue, but not all have recognised that failing to start working on the changeover now at the very latest will mean that they will no longer be 'on the safe side' after the end of the year.
Machinery placed on the market in the European Economic Area must comply with the Machinery Directive 2006/42/EC. The CE mark is the visible symbol on the machine, indicating a claim of conformity with the Machinery Directive and its requirements. In terms of actual implementation, the conformity process is supported by standards. In other words, when a standard is listed in the Official Journal of the European Union (OJ) – usually referred to as the standard being harmonised to the Machinery Directive – the machine builder benefits from a presumption of conformity provided the machine has been designed in compliance with that standard. To put it another way, anyone who applies the relevant machine standards should have a 'safe' machine, which can carry a CE mark so long as all the other requirements have been considered.
Anyone who does not apply the current standards can use another method to demonstrate that the machine meets the requirements of the MD. However, in practice this is associated with high costs. Achieving the state of the art by complying with the standards is the simpler, faster and more economical route.
Reasons to change
There is still some time available for companies to prepare processes for the changeover from EN 954-1 to EN ISO 13849-1. However, it is important to act quickly because it does take time to safely convert all the relevant areas of the business: first, engineers need to be given the opportunity to prepare thoroughly for the changeover; second, with its more creative design options, EN ISO 13849-1 can give companies a competitive advantage.
Of course, up-to-date knowledge of the new standard is required in order to take advantage of this added value.
Differences between the standards
Where are the fundamental changes from EN 954-1? Previously the focus was on the structure; in other words, the control system architecture. Ultimately this was converted into 'categories'. In contrast, the structure in EN ISO 13849-1 is stated on a qualitative basis. This means that quantitative variables - such as the mean time to a dangerous failure (MTTFd), diagnostic coverage (DC) and common cause failures (CCF) - have been added. Together, all these parameters affect the performance level (PL) that can be achieved. Varying them also enables engineers to identify the optimum configuration. Due to these parameters, the new standard also considers aspects such as the probability of failure and fault detection capabilities. These do not just refer to the logic section on a safety control system, for example; instead the whole safety function is considered, from sensor to actuator.
This overall assessment is nothing new in itself, but it does now have a different priority: as a result of the rigorous assessment in accordance with EN ISO 13849-1, it is now fully established and stipulated. The focus may now be on components - such as valves for example - which were considered as lower priority under EN 954-1. In accordance with the new standard, the characteristic data and reliability values must now be included in the calculations.
Advantages of the new standard
The potential variations available with the application of EN ISO 13849-1 are part of the reason why some machine builders and system integrators have been hesitant to implement it. Users do not have the same level of confidence in applying EN ISO 13849-1 as they had with the manageable EN 954-1. The fact is that if engineers adhere to the current standards when developing a machine, and document this process, then there is a presumption of conformity and the burden of proof is shifted. In this case it is assumed that a machine that complies with the standards in accordance with the state of the art will be safe. That is another reason for finding out about the changes and incorporating them as quickly as possible.
Additionally, when applying EN ISO 13849-1, failure rates (based upon manufacturers' B10d data) for electromechanical devices - such as interlock switches and contactors - are used to determine when a component might fail (based upon a predicted switching rate or demand) in the form of a T10d figure in years. This permits the designer to determine whether a component might fail to danger within the lifespan of the machine (when T10d is less than the intended lifespan). This provides valuable maintenance information for the end user of the machine, which will enable safe productivity to be assured.
Knowledge of the standard
Clearly, knowledge of the new standard is the basis for its application, and there is still some time for engineers to gain the necessary expertise before EN ISO 13849-1 supersedes EN 954-1. Safety system designers can call on the support of experts or attend relevant seminars. Indeed, it is often more economical to draw on the help of experts than to become one, especially when time is short.
Training courses convey the necessary knowledge for the application of EN ISO 13849-1. Pilz, for example, offers day courses on the new Machinery Directive 2006/42/EC and EN ISO 13849-1. Practical situations are used to demonstrate the thinking behind the new standards and procedures, as well as providing examples of best practice. Delegates also learn how software tools such as the Pilz PAScal Safety Calculator can help with safety calculations and how these tools can be used to simplify safety calculations considerably. If that is not enough and engineers need to get going quickly, Pilz can serve as a service provider and development partner.
* As of 31 December 2011 safety-related parts of control systems must comply with either EN ISO 13849-1 (with its attendant Performance Levels), or EN 62061 (and its attendant Safety Integrity Levels). It is anticipated that many will opt for EN ISO 13849-1 because it is more similar to EN 954-1 and more appropriate for safety-related control systems with non-electrical functions.
For further information on Pilz Services and Training in relation to EN ISO 13849-1, email or go to www.pilz.co.uk/services.