Understanding Standards-based Safety System Design

Summary

The use of standard components in the design of safety applications is fundamentally possible because of the EN ISO 13849 and Annex V of the Machinery Directive 2006/42/EC. When designing safety and controls, there is no legislation prescribing the specific use of safety-rated products. There is only legislation requiring safe function and the use of redundancy, high diagnostic values and high mean time to dangerous failure values (MTTFD)—depending of course on the level of safety an application requires. USA standards such as EN ISO 12100 and ANSI B11 have followed suit and are harmonized to this effort.

The components used to achieve safety typically include an input device, a logic controller and an output device commonly referred to as ILO. Common input devices are light curtains, e-stop buttons and laser scanners. The logic controllers can vary from simple relays up to safety PLCs based again on the safety level required. Output devices are devices that perform a safe function (stopping, blocking, holding, reversing, or exhausting).

The standard EN ISO 13849-1 offers simplified charts for achieving the required category and performance levels needed (Figure 1). These variables work together to ensure that safety is not just focused on component reliability but instead introduces common sense safety principles such as redundancy, diversity and fail-safe behavior of the safety-related control parts. When determining the performance level, the greater the risk, the higher the requirements of the control system.

Regardless of the products selected for a safety circuit, the machine designer is responsible for ensuring compliance with the EN ISO 12100 and ANSI B11 standards. In effect, there are three levels of products a machine builder can choose from: standard fluid power components, standard fluid power components deemed suitable for use as a safety-related part of a control system (SRP/CS), and safety-related products. Each requires different levels of work or attention from the machine builder.
 
 

Figure 1: The standard EN ISO 13849-1 offers simplified charts for achieving the required category and performance levels needed.

Standard fluid power components

These can be any component the machine designer chooses. All relevant testing, documentation and validation to ensure integrity become the liability of the machine designer. He or she must prove the components they selected are suitable for safe function in the system design.

In addition to the familiar basic framework of the categories, the current standards EN ISO 13849 Parts 1 and 2 (Safety of machinery – Safety- related parts of control systems – Part 1: General design principles [1] and Part 2: Validation [2]) also describe a probabilistic assessment of the functional safety achieved. Because there have been misinterpretations during the application of the standards about the use of standard components, the complexity and work required to prove safe function are significant. For this reason, most machine designers seek products in the next category.

Standard SRP/CS fluid power components

These are “well-tried and trusted” components that may have an associated endurance B10 or MTTF value. These standard products have been deemed suitable for use as an SRP/CS by the manufacturer of the component.

This component is typically endurance tested and the manufacturer will provide the life expectancy value as either a B10 value, a B10D value, or a MTTF value. (Hydraulic products typically offer an MTTFD value, whereas pneumatics will publish a B10D value given that MTTFD in pneumatics is highly dependent on the number of operations (Nop) of the system.) It is then up to the system designer to use this data to calculate his or her probability of failure based on the safety circuit components chosen. In essence, using this category of product saves time and money in testing, and it provides some level of assurance of the component’s reliability, even though it has not been third-party validated.

Safety-rated products

Products designed and placed on the market specifically for safety applications bear significant upfront testing and costs by the manufacturer. These products must be tested extensively and evaluated for fault performance to ensure they are fail-safe and pass all applicable electrical certifications. They are then passed to an authorized notified body for full third-party evaluation and certification.

Safety-rated products are provided with: the assurance of testing; a documented performance level or MTTFD; documented diagnostic coverage capability and CCF (evaluations of common cause failure); and third-party verification of the same. These tests mitigate a significant amount of work and liability for the machine builder.

Validation

An essential step in system design is the validation of the safety circuit and components. Validation must be done on the safety circuit to ensure the circuit will function properly and fail safely. Testing must consider faults to ensure the machine responds accordingly and that the interconnect means provide the proper level of performance as noted in the risk assessment.

Regardless of which type of products are selected for the safety circuit, it is the responsibility of the machine designer to ensure compliance with the standards. Safety-rated products offer significant advantages in that they are certified to conform to specific safety Categories thereby saving time and reducing liability.

_{This feature originally appeared in AUTOMATION 2023: IIoT & Industry 4.0.}