Frequently Asked Questions
Here are some FAQ's that may help you solve the puzzle of the new directive – or go to the interactive 'Ask Questions' link to have your own query answered by one of Wielands Safety Team.
Why is todays standard EN954-1 not sufficient?
Until now, the safety-related parts of a machine\'s control system have been designed in accordance with EN 954-1, based on the calculated risk (formed into categories). The aim was to set an appropriate system behaviour (\'control class\') against a category (deterministic approach). Once electronics, and programmable electronics in particular, had made their mark on safety technology, safety could no longer be measured purely in terms of the simple category system found in EN 954-1. Furthermore, it was unable to provide information on probability of failure (probabilistic approach). Help is now available from EN 62061 and EN ISO 13849-1, the successor standard to EN 954-1. The new safety standards are intended to encourage designers to focus more on the functions that are necessary to reduce each individual risk, and what performance is required for each function, rather than simply relying on particular components.
... nach oben
How do the two new standards differ from BS EN 954-1?
When BS EN 954-1 is withdrawn on 29 December 2009, the available alternatives are BS EN 62061 and BS EN ISO 13849-1. The performance of each safety function is specified as either:
SIL (Safety Integrity Level, SIL 1 - 3) in the case of BS EN 62061
PL (Performance Level, PLa - PLe) in the case of BS EN ISO 13849-1
BS EN ISO 13849-1: "Safety-related parts of control systems, Part 1: General principles for design"
This standard may be applied to SRP/CS (safety-related parts of control systems) and all types of machinery, regardless of the type of technology and energy used (electrical, hydraulic, pneumatic, mechanical, etc.). BS EN ISO 13849-1 also lists special requirements for SRP/CS with programmable electronic systems.
BS EN ISO 13849-1 is based on the familiar categories from BS EN 954-1. It examines complete safety functions, including all the components involved in their design. BS EN ISO 13849-1 goes beyond the qualitative approach of EN 954-1 to include a quantitative assessment of the safety functions. A performance level (PL) is used for this, building upon the categories.
Components/devices require the following safety parameters:
Category (structural requirement)
PL (a – e): Performance level
MTTFd: Mean time to dangerous failure
B10d: Number of cycles by which 10% of a random sample of wearing components have failed dangerously
DC: Diagnostic coverage
CCF: Common cause failure
The standard describes how to calculate the performance level (PL) for safety-related parts of control systems, based on designated architectures. BS EN ISO 13849-1 refers any deviations to IEC 61508. Where several safety-related parts are combined into one overall system, the standard describes how to calculate the PL that can be achieved.
For additional guidelines on validation EN ISO 13849-1 refers to Part 2, which was published at the end of 2003. This part provides information on fault considerations, maintenance, technical documentation and usage guidelines.
BS EN 62061: "Functional safety of safety-related electrical, electronic and programmable electronic control systems"
This standard defines requirements and gives recommendations for the design, integration and validation of safety-related electrical, electronic and programmable electronic control systems (SRECS) for machinery. It does not define requirements for the performance of non-electrical (e.g. hydraulic, pneumatic, electromechanical) safety-related control elements for machinery.
BS EN 62061 represents a sector-specific standard under IEC 61508. It describes the implementation of safety-related electrical and electronic control systems on machinery and examines the overall lifecycle from the concept phase through to decommissioning. Quantitative and qualitative examinations of the safety-related control functions form the basis.
The performance level is described through the safety integrity level (SIL).
The safety functions identified from the risk analysis are divided into safety subfunctions; these safety subfunctions are then assigned to actual devices, called subsystems and subsystem elements. Both hardware and software are handled this way.
A safety-related control system is made up of several subsystems. The safety-related characteristics of these subsystems are described through parameters (SIL claim limit and PFHD).
Safety-related parameters for subsystems:
SILCL: SIL claim limit
PFHD: Probability of dangerous failure per hour
T1: Lifetime
These subsystems may in turn be made up of various interconnected subsystem elements (devices) with parameters to calculate the subsystem’s corresponding PFHD value.
Safety-related parameters for subsystem elements (devices):
Failure rate; for wearing elements describe via the B10 value
SFF: Safe failure fraction; for electromechanical devices the failure rate is indicated by the manufacturer as a B10 value, based on the number of cycles. The time-based failure rate and lifetime must be determined through the switching frequency for the respective application. Internal parameters to be established during design / construction for a subsystem comprised of subsystem elements:
T2: Diagnostic test interval
Β: Susceptibility to common cause failure
DC: Diagnostic coverage
PFHD: The PFHD value of the safety-related control system is calculated by adding the subsystems\' individual PFHD values.
... nach oben
What are the scopes of the two new standards? (EN ISO 13849-1 and EN62061)
EN ISO 13849-1: "Safety-related parts of control systems, Part 1:General principles for design"
This standard may be applied to SRP/CS (safety-related parts of control systems) and all types of machinery, regardless of the type of technology and energy used (electrical, hydraulic, pneumatic, mechanical, etc.). EN ISO 13849-1 also lists special requirements for SRP/CS with programmable electronic systems.
EN 62061: "Functional safety of safety-related electrical, electronic and programmable electronic control systems"
This standard defines requirements and gives recommendations for the design, integration and validation of safety-related electrical, electronic and programmable electronic control systems (SRECS) for machinery. It does not define requirements for the performance of non-electrical (e.g. hydraulic, pneumatic, electromechanical) safety-related control elements for machinery.
... nach oben
Which standard should I use?
A For the safety related electrical control circuits use either BS EN ISO 13849-1 or BS EN 62061. The big question is which of these two standards to use. The logical step from BS EN 954-1 is to use BS EN ISO 13849-1 but, with complex bespoke products and software, BS EN 62061 should be applied. p>
... nach oben
How do I adopt a step by step approach to basic procedure?
Step 1 – Risk assessment in accordance with EN 1050 / EN ISO 14121
Step 2 – Define the measures required to reduce the calculated risks
Step 3 – Risk reduction through control measures
Step 4 – Implementation of control measures using EN ISO 13849-1 or EN 62061
The detail required for each step can be found in the “Safety of Machinery” ZVEI brochure.
... nach oben
Where does the responsibility for implementation lie?
Machine builders, buyers, owners and users all have a responsibility for safety.
Users of machines need to ensure that newly-purchased machines are CE marked, and accompanied by a Declaration of Conformity to the Machinery Directive. Machines must be used in accordance with the manufacturer's instructions.
Existing machines taken into service prior to the Machinery Directive do not need to comply, although they need to comply with PUWER and be safe and fit for purpose.
Modification of machines can be considered as manufacture of a new machine, even if for use in-house, and the company modifying a machine needs to be aware that it might need to issue a Declaration of Conformity and CE marking.
Existing machines – the Work Equipment Directive
This is implemented in UK law as the Provision and use of Work Equipment Regulations 1998, (PUWER 1998). It applies to the provision of all work equipment, including mobile and lifting equipment, in all workplaces and work situations where the Health and Safety at Work etc Act 1974 (HSW Act) applies. It extends outside Great Britain to some offshore activities. The regulations apply to all employers, the self-employed, and others who have control of the provision of work equipment. They require that all equipment is suitable for use and is inspected and maintained as necessary to ensure that it remains so.
Manufacturers' responsibilities & new machines
Manufacturers placing machines on the market within the European Economic Area must comply with the requirements of the Machinery Directive. Note that "placing on the market" includes an organisation supplying a machine to itself, i.e. building or modifying machines for its own use, or importing machines into the EEA.
New machines - the Machinery Directive
In the UK the Machinery Directive 98/37/EC is implemented as the Supply of Machinery (safety) regulations 1992 as amended.
From 29 December 2009 the relevant UK regulations will be the Supply of Machinery (safety) regulations 2008, which implement the European Machinery Directive 2006/42/EC.
Machines have to comply with the Essential Health and Safety Requirements (EHSRs) listed in Annex I of the Directive, thus setting a common minimum level of protection across the EEA (European Economic Area). Machine manufacturers, or their authorised representatives within the EU, must ensure that the machine is compliant, the Technical File can be made available to the enforcing authorities on request, the CE marking is affixed, and a Declaration of Conformity has been signed, before the machine may be placed on the market within the EU.
... nach oben