EN ISO 13849-1: Functional Safety of Machinery

EN ISO 13849-1: Safety of machinery - Safety-related parts of control systems - Part 1: General principles for design

Last edit: 12/07/2023

On April 27, 2023, the new edition (the fourth) of ISO 13849-1:2023 came into force. The standard deals with the reliability of machine safety systems and (since 2010) has taken the place of EN 954-1. The scope of EN ISO 13489-1 is related to safety-related parts of control systems i.e. Safety Related Parts of Control System (SRP/CS), defined by the Standard as:

Part of a control system that performs a safety function, starting from a safety-related input(s) to generating a safety-related output(s)

 

 

 

The purpose of the standard is to provide guidance for the design and evaluation of control systems with safety functions to be integrated into protection systems aimed at risk reduction. The evaluation of such SRPs/CSs is based on their ability to perform the safety function under predictable conditions; therefore, the five performance levels (PL) of the protection system are defined, which are related to the probability of dangerous failure of the system. Dangerous failure is defined as.

failure of an element and/or subsystem and/or system that plays a part in implementing the safety function that:
a) prevents a safety function from operating when required (demand mode) or causes a safety function to fail (continuous mode) such that the machine/machinery is put into a hazardous or potentially hazardous state; or
b) decreases the probability that the safety function operates correctly when required.

The safety system, composed of elements called SRP/CS, thus has a level of reliability identified by the PL value. The first step that the designer must take is to estimate the risk, which is done based on three parameters: severity of the injury, frequency and/or time of exposure to the hazard, and possibility of avoiding the hazard. Once the risk estimation has been made, the required level of performance (PLr) that the safety system being used must achieve to reduce the estimated risk is determined through Figure A.1 of the Standard. This required level of reliability will be the greater the greater the risk that the security system must reduce.

If the PL value is not readily available, it can be calculated by means of the MTTFD and B10D, respectively, the average lifespan of a component before it suffers a dangerous failure and the number of cycles beyond which 10 percent of the components under analysis will fail. These parameters are used to get the most accurate estimate of PFHD (Avarage Probability of a dangerous Failure per Hour), which is the average probability of a dangerous failure occurring per hour. A PL value is associated with each range of PFHD values.

Very important for the evaluation of PL or PFHD is the architecture of the control system. It typically consists of three main elements:

  • (I) Inputs: Set of components that acquire information via the safety inputs
  • (L) Logic: Processes the inputs and generates an additional command to realize the safety functions that lead to a safe state.
  • (O) Output: Output signal to control actuators.

These elements can then be connected together according to more or less complex schemes increasing the level of reliability of the safety-related control system. EN ISO 13849-1 defines 5 architectures that refer to the 5 Categories of the old EN 954-1. The higher the category associated with a given architecture the higher is its Diagnostic Coverage (DC), which is the effectiveness of the monitoring system in detecting faults in SRP/CS. A high DC positively affects the reliability level of the whole system, so it is a parameter to be taken into account when calculating the PL.