Download En ISO 13849-1 Safety performance level PDF

TitleEn ISO 13849-1 Safety performance level
File Size3.1 MB
Total Pages26
Table of Contents
                            Transition to EN ISO 13849-1
	Introduction
	Migrating from EN 954-1 to EN ISO 13849-1
	System Structure
	Reliability Data
	Methods of Data Determination
	Diagnostic Coverage
	Common Cause Failure
	Systematic Faults
	Working with Rockwell Automation
	Safety Solutions
	Useful websites
                        
Document Text Contents
Page 1

EN
IS

O
1

38
49

-1

Safety Performance Levels
Transition from
EN954-1 to EN ISO 13849-1

Page 2

FUNCTIONAL SAFETY
Transition from EN 954-1 to EN ISO 13849-1

1

INTRODUCTION

This publication is intended to shed some light on the recent and upcoming changes

in the legislation and standards that apply to the safety of machinery. It is focused

on the EU requirements but, due to the increasing globalisation of machinery safety

standards, much of the content is relevant worldwide.

Machinery and processes continue to become faster, more flexible and more

powerful. In order to offer the continued safety of operators and technicians

protective measures have, in turn, evolved to keep pace with the increasing

complexity of automation. Traditionally, safety systems have been implemented

separately to automation systems, operating independently and often in parallel to

the automation system. There is good reason for this; the safety system must

always be available. A fault or unexpected occurrence in the "normal" operation of

the machine must not degrade or compromise the safety protective measures.

However it is an inescapable fact that as automation systems become more

intelligent then so must the safety system. What is required for safer functionality

increasingly depends on what the machine is doing or what mode it is in. This

means that "safety" has, in some way, to communicate with the "normal" control

system. That means that we need to reconsider how we achieve the

independence and integrity of the safety system. One of the most significant

manifestations of this is a new generation of standards commonly referred to as

Functional Safety Standards. In this publication we will consider one of the most

significant of them: EN ISO 13849-1. In addition to this, there is a new Machinery

Directive in the EU that looks to keep the legislative landscape relevant to the

contemporary industrial environment.

For anyone supplying machines or using them it is important to keep informed of the

relevant standards and regulatory requirements. This publication is intended to

assist in that task especially with regard to control system aspects. It is not a

substitute for a detailed study of the specific provisions detailed in the standards and

legislation. It is intended to give an overview and hopefully it will help to give some

clarity on what is required.

Page 13

12

The ultimate type of data required as part of the PL determination in the standard

[and SISTEMA] is the PFH [the probability of dangerous failure per hour]. This is the

same data as represented by the PFHd abbreviation used in IEC/EN 62061.

The table above shows the relationship between PFH and PL and SIL. For some

subsystems the PFH may be available from the manufacturer. This makes life easier

for the calculation. The manufacturer will usually have to perform some relatively

complex calculation and/or testing on their subsystem in order to provide it. In the

event that it is not available, EN ISO13849-1 gives us an alternative simplified

approach based on the average MTTFd [mean time to a dangerous failure] of a

single channel. The PL [and therefore the PFH] of a system or subsystem can then

be calculated using the methodology and formulae in the standard. It can be done

even more conveniently using SISTEMA.

MTTFd

This represents the average mean time before the occurrence of a failure that could

lead to the failure of the safety function. It is expressed in years. It is an average

value of the MTTFd's of the "blocks" of each channel and can be applied to either a

system or a subsystem. The standard gives the following formula which is used to

calculate the average of all the MTTFd's of each element used in a single channel

or subsystem.

At this stage the value of SISTEMA becomes apparent. Users are spared time

consuming consultation of tables and calculation of formulae since these tasks are

performed by the software. The final results can be printed out in the form of a

multiple page report.

PL

(Performance Level)

PFH
D

(Probability of dangerous

failure per hour)

SIL

(Safety Integrity

Level)

A ≥10

–5

to <10

–4

None

B ≥3 x 10

–6

to <10

–5

1

C ≥10

–6

to <3 x 10

–6

1

D ≥10

–7

to <10

–6

2

E ≥10

–8

to <10

–7

3

Page 14

FUNCTIONAL SAFETY
Transition from EN 954-1 to EN ISO 13849-1

13

(D.1)

where

MTTF
d

is for the complete channel;

MTTF
di
, MTTF

dj

is the MTTFd of each component which has a contribution to the safety function.

The first sum is over each component separately; the second sum is an equivalent,

simplified from where all nj identical components with the same MTTFdi are
grouped together.

In most dual channel systems both channel are identical therefore the result of the

formula represents either channel. If the system/subsystem channels are different

the standard provides a formula to cater for this.

(D.2)

where MTTF
dC1

and MTTF
dC2

are the values for two different redundant channels.

This, in effect, averages the two averages. In the cause of simplification it is also

allowable to just use the worst case channel value.

The standard groups the MTTFd into three ranges as follows:-

3 to <10 years = low

10 to <30 years = medium

30 to 100 years = high

As we will see later, the achieved range of MTTFd average is then combined with

the designated architecture Category and the diagnostic coverage [DC] to provide a

preliminary PL rating. The term preliminary is used here because other requirements

including systematic integrity and measures against common cause failure still have

to be met where relevant.

=MTTF
3
2 1

d MTTF +MTTF
+

dC1 dC2 1
MTTFdC1

1
MTTFdC2

1 Ñ

i=1
=ΣMTTFd

1
MTTFdi

Ñ

j=1
=Σ njMTTFdj

Page 25

24

Rockwell Automation

The products, the knowledge and the global infrastructure to help you with your

safety and automation needs.

www.discoverrockwellautomation.com/safety

www.rockwellautomation.com

I N T E G R A T E D S A F E T Y S O L U T I O N S

APPLICATION
KNOWLEDGE HMI

INDUSTRY
SOLUTIONS

FACTORYTALK™

NETLINX™ NETWORKS

SAFETY INPUTS
SAFETY LOGIC
CONTROLLERS

CONNECTION SYSTEMS

LEGISLATION
& STANDARDS

GUIDANCE

SAFETY
WWW

SAFETY
SERVICES

SAFETY OUTPUTS

Page 26

Publication: SAFETY-RM004A-EN-P — April 2009 © 2009 Rockwell Automation, Inc. All Rights Reserved.

Similer Documents