Last edit: 27/04/2023
In Chapter 6 the five Categories of ISO 13849-1 are presented, with several insights into Category 2, probably the most difficult one to understand and use.
The simplified approach is explained in detail. The Physical and Logical representation of the Architectures are detailed. Finally the following steps are clearly explained. The PL of the subsystem shall be determined by going through the following aspects:
1) The Architecture
a) Decompose the Safety Related Parts of the control system into subsystems (§5.1.3)
b) Assign a category to each subsystem;
c) Evaluate whether the applicable qualitative requirements of the category are met (table 6.1), including:
– basic safety principles (§4.13.2)
– well-tried safety principles (§4.13.3)
– well-tried components (§5.2)
d) Evaluate whether the required behaviour under fault conditions is met;
2) The MTTFD value for single components (Annex C and D of ISO 13849-1);
3) The Diagnostic Coverage, limited in any case by the selected Category (Annex E of ISO 13849-1);
4) The CCF has to reach at least 65 points (Annex F of ISO 13849-1);
5) The effect of the safety-related software design on the operation of the hardware (Annex J of ISO 13849-1);
6) The effect of measures against systematic failures (Annex G of ISO 13849-1)
Hereafter some excerpt from the chapter.
6.1.1 Introduction to the Simplified Approach
The numerical quantification of the probability of failure of a subsystem can never be attained exactly, but only by approximation with the aid of statistical methods or other estimations are possible.
Any validated and recognized method can be used for this purpose. Such methods include reliability block diagrams (used in IEC 62061), fault tree analysis, Markov modeling (used in ISO 13849-1) or Petri nets.
However, in general, engineers lacking prior experience in quantification of the probability of failure of safety related control systems require some degree of support. This need was addressed, in ISO 13849-1, by developing a simplified approach, also called simplified method which, whilst being based upon sound scientific principles (Markov modeling), describes a simple method for quantification in successive steps.
The starting point of the simplified method is the observation that the majority of safety-related control systems can be grouped in very small number of basic types, or to combinations of these basic types.
These types are, at one end of the spectrum, the single-channel untested system having components with different reliability level; in the middle of the spectrum, the same type, but enhanced by testing; and at the other end, the two-channel system featuring high-quality testing. Systems with more than two channels are rare in machinery.
That was the starting point for the development of the probabilistic approach of ISO 13849-1. At the time, it was decided that the five categories of EN 954-1 could cover the majority of SRP/CS used in Machinery and, for that reason, continuity was intentionally assured with the previous standard.
6.3.2 How to Calculate MTTFD of a Subsystem
For the estimation of MTTFD of a component, the order of priorities is:
- Use of manufacturer’s data. This is the recommended option. Today, all standard components like interlocking devices and contactors should be provided with manufacturer’s data regarding their Reliability. Please consider that when MTTFD data of components are provided by the manufacturer, the number of operations indicated by the manufacturer is considered so that the number is lower than the use in the application.
- Reference to annex C and annex D of ISO 13849-1, where conservative Reliability data are provided.
- Field data from specific application failure rates. In Machinery this is probably not easy since failure rate field data should come from identical component applications in similar environments collected over a significant period of time and where the collection and analysis method results in a reasonable level of confidence in the data. Please refer to IEC 61508-7 § B.5.4 for further details.
- In case of no information at all, a conservative value of 10 years can be assumed as MTTFD.