Last edit: 30/06/2023
Chapter 9 contains some final considerations. Besides the frequency of demand, that distinguishes between a high or a low demand mode safety system, there is another important difference between the two approaches.
In machinery there is a much higher interaction between the Equipment Under Control and the people, between the machine and the operator. The majority of accidents in machinery do not happen while the machine or the manufacturing system is running, but during set-up, maintenance and handling of production disturbances.
Functional Safety practitioners should keep in mind that the final aim of this whole exercise should be to reduce the number of accidents. That is why, spending time and efforts in detailed calculations according to the two new standards discussed in this book makes sense only if there is a solid and thorough risk assessment behind it.
Hereafter some excerpt from the chapter.
[…] I hope you liked this journey through Functional Safety of Machinery.
The book was born from the idea that, with the new editions of ISO 13849-1 (fourth) and IEC 62061 (second), the two standards are now aligned as never before, despite starting from two different approaches.
ISO 13849-1 is based upon the assumption that Safety Related Parts of the Control System are repairable. Markov Chains are used to model the five categories and to calculate the PFHD for each one of them, based upon the value of key parameters like MTTFD and DCavg.
IEC 62061 assumes that Safety-related Control Systems or SCS are non-repairable and it uses the reliability block diagram technique to derive the equations for the PFH of the four architectures. In this case, the key elements are the component failure rates, the Safe Failure Fraction (SFF), and the architectural constraints.
The book starts from the mathematics at the base of Functional Safety, and a bit of history was given for those who like to know where we are coming from and how functional safety of machinery is related to other sectors, like the process industry.
The rest of the book details Functional Safety of Machinery as if it were one common approach.
Only in Chapters 6 and 7 we give details of the two standards and explain the few differences between them.
[…]
9.2 High vs Low-Demand Mode Applications
I hope you now realize the importance and the differences in approach between high and low demand mode applications.
High-demand mode Safety Standards, meaning ISO 13849-1 and IEC 62061, rely on a highfrequency usage of components, meaning, for example, from once a minute to once a week. Within
that range, the mathematical models work very well.
Four considerations:
- The more a component is used, the lower is its Reliability since it wears out more quickly (think about the relationship between B10D and MTTFD). Moreover, it may be necessary to
replace it after a few years (think about the meaning of T10D). - But the more a component is used, think about two pressure switches installed on the same piping, the better is the diagnostic coverage.
- The Diagnostics of an electromechanical component normally happens when there is a demand upon the safety function.
- An Electromechanical component, like a pressure switch, normally have no “intelligence” inside: therefore, the diagnostics depends upon the way it is connected to the control system
and how good the control system is to detects faults in the connection.