Functional Safety and Control Reliability
Engineering controls are the second level in the Risk Reduction Hierarchy, immediately following Elimination or Substitution of the hazard. Some engineering controls, such as barrier guards, fixed, and movable guards do not, on their own, need to have a reliability analysis done – as long as the basic design requirements have been met.
Movable guards are required to have interlocks by all modern machinery standards. Safeguarding devices including light curtains, safety mats, area scanners, and similar presence-sensing equipment must also be connected to the control system of the machinery. Since these devices are all required to work automatically to protect workers when they may not be aware of a potential danger, these systems must be reliable. The question is…how reliable?
Control reliability requirements are also applied to Emergency Stop systems.
Emergency Stop and Safeguarding systems are not the same, and may have differing levels of reliability requirements, with safeguarding typically requiring higher levels of reliability.
In North America, CSA and ANSI have been including control reliability information in their standards. In Canada, CSA Z432 and CSA Z434 reference ISO 13849–1 and ISO 13849–2 or IEC 62061 as the fundamental functional safety standards. Additionally, CSA C22.2 No. 0.8, Safety functions incorporating electronic technology.
In the USA, B11 Standards is the secretariat for the development of the ANSI B11 family of Machine Tool standards, and the RIA is the secretariat for industrial robots and the development of RIA R15.06, which now includes ISO 10218–1 and ISO 10218–2, with US deviations.
The ISO and IEC standards speak to the architecture of the circuits or systems, the selection of the components used, the automatic diagnostics, common-cause failure modes.
Europe & International
In the mid-1990s, CEN, the European Committee for Standardization, published a standard called EN 954–1 – Safety of Machinery — Safety Related Parts of Control Systems — Part 1: General Principles for Design. The scope of this standard dealt primarily with hard-wired controls, and touched briefly on the idea of programmable electronic controls. This standard introduced the idea that the reliability of the safety-related parts of the control system should be driven by the risk reduction requirements of the application.
EN 954–1 also introduced the concepts of reliability categories — the now-familiar Category B, 1, 2, 3 and 4. These categories and the related circuit architecture should be a basic part of your circuit design library. If these categories aren’t already part of your circuit design library, we need to talk!
During the period that EN 954–1 became commonly known, the IEC introduced a new standard that dealt specifically with the reliability requirements of programmable electric and electronic systems, IEC 61508. This multi-part standard brought in a new set of categories, or more properly, Safety Integrity Levels (SILs). There are four SIL levels, SIL 1 to SIL 4, that are based on failure rates as opposed to circuit architectures. This standard brought the idea of Functional Safety into the standards world, but it also introduced a lot of confusion for machine builders.
In an effort to address the specific needs of machine builders using programmable equipment in their safety systems, IEC developed a product family standard, IEC 62061 – Safety of machinery – Functional safety of safety-related electrical, electronic and programmable electronic control systems. This standard is built on the foundation created by the IEC 61508 family.
Development on EN 954–1 became an ISO project and the standard was renumbered as ISO 13849–1. Two other documents were also included, ISO 13849–2 – Validation, which was never published as a full CENELEC standard, and ISO/TR 13849–100, a Technical Report developed by the US TAG to ISO TC 199 that provides some excellent guidance on the application of the standard.
In 2006 a new edition of ISO 13849–1 was published, and again, this one threatens to give machine builders some significant headaches. The standard introduces the idea of Performance Levels, or PL. There are five Performance Levels, PLa through PLe. The performance levels are increasingly more reliable as you go from PLa to e, and are based on failure rates similar to those found in IEC 61508. The standard keeps the familiar Category B through 4 architectures and adds additional factors.