What does not change in the new EN 13849-1 standard?
How does existing safety technology match up against the new standard? Is it necessary to start from scratch? The clear answer to this question is 'no'. Existing safety technology will be completely adequate for the protection of people and machines also in the future, provided the components used are employed correctly, says Euchner's Jens Rothenburg.
The introduction of EN 13849-1 as the successor to EN 954-1 has or will bring some changes to the assessment of suitable safety systems. At the latest by the end of 2011, it will not just be the structure of a safety-related circuit that has to be considered, as in the old EN 954-1; now the reliability and, if necessary, the software as well as many other aspects must be considered in the assessment of the performance of the safety system.
As an example, let's look at a safety guard with two safety switches used for a given application. One of these is a switch with a separate actuator and the other is a switch with a lever arm to provide redundancy. A positively driven contact on each switch is connected to a safety relay that monitors the two. And two contactors are connected to the output side, used to shut down the machine. Both the contactors are monitored with a feedback circuit so that the application satisfies the conditions for category 4. The dual-channel structure and the type of monitoring are described by this circuit. The complete circuit is to be assessed using EN 13849-1.
In the first step, a risk assessment is performed, as is familiar from EN 954-1. This assessment can, for instance, be performed using the methodology in Annex A to the standard and produces a required Performance Level PLr instead of the risk assessment category according to old 954-1 standard.
In the next step, the designer gives consideration to a structure for the circuit. The category of the circuit in accordance with EN 13849-1 is determined for this structure. As this category is identical to the category described in EN 954-1, there is nothing new here for the designer. In most cases, it will certainly be possible to use a proven circuit, so all the components used in the past will still be employed. Euchner safety switches are well-proven and now simply need to be assessed using the new methods in the EN 13849-1 standard.
Now come the additional steps EN 13849-1 requires for the assessment of the performance of the safety system. The Diagnostics Coverage (DC) is determined for all applications from category 2. The standard includes figures for a few familiar methods that can then be used if they suit the application. However, it is also possible to determine the related percentage using a simple numerical method.
The next value to be determined is the MTTFd, the mean time to dangerous failure. To be able to determine the overall figure, the failure data for all components used are required. These data are available from the manufacturers or, to a large extent, can be found in Annex C to the standard. For electronics, the MTTFd figure will normally be available directly from the manufacturer of the safety component. This probability can be readily stated for electronics, as electronics are not dependent on the switching state (on or off). The probability of failure is determined straightforwardly using statistical methods.
In contrast, electromechanical components are dependent on the number of operating cycles, and this dependence is characterised by the B10d figure. This figure is a number of operating cycles, not a service life. After all, a safety switch that is opened once a year will have a longer service life than a switch that is operated twice a minute. To take this situation into account, an intermediate step is necessary for the calculation of the required MTTFd (also described in EN 13849-1). An MTTFd figure must be calculated using an assumption for the number of operating cycles per year. A disc calculator covering this step is available from Euchner.
Finally, it is also necessary to consider the possibility of a failure due to faults with a common cause. A simple method covering this aspect is described in Annex F to the standard; here points are awarded for different methods that must then be added together. If a minimum number of points are achieved, it can be assumed the circuit is adequately safe against faults with a common cause.
All the figures determined are then plotted on Figure 5 in the standard and the Performance Level (PL) achieved determined graphically. It is also possible to use software or the disc calculator from Euchner instead of using the graphical method. If the PL achieved is at least as good as the required PLr, everything can be documented as usual and the task is complete.
With software playing an increasing role in safety control systems, for example to configure the AS-Interface safety monitor, an assessment method is also required here. EN 13849-1 is well suited to this task, and software can be assessed using a clear, well-structured method. In addition, this standard can also be used to assess the entire safety system including pneumatic, hydraulic and electromechanical components.
For many people, the question arises as to how familiar components can be used in the method described with EN 13849-1. The structure of the circuit, and at the end of the day therefore the category, is completely unchanged. Also the components used remain unchanged. As in the majority of cases safety components are used, experience has shown it can be assumed with a high probability that the figures required for the diagnostics coverage and MTTFd will be achieved. The diagnostics coverage is actually always included in the category, as appropriate testing was already always required for category 2, 3 or 4. The only new aspect is that the quality of the testing must be assessed.
Faults with a common cause are also nothing new. EN 954-1 already required faults with a common cause to be considered as only one fault. And this situation has always had to be considered in the structure, that is the category of the circuit. The category can be evaluated very easily using the new standard.
For safety components, the calculation of the failure figures is certainly not a point that will result in a reduction in the figures for the circuit. Due to their design based on a safety principle, these components are very fail-safe. The only new feature is that they must be included in a calculation with all other components in the circuit. As a result, if EN 954-1 has always been applied, practically all criteria in EN 13849-1 are already met. Overall, this new standard provides a better assessment of the safety technology in many areas. It might have become more complex, but it is possible to continue using the previous components for safety systems.
Other News from Euchner (UK) Ltd
Latest news about Safety products