Most of us are aware that from December 29 2009 the European Machinery Directive 2006/42/EC supersedes the Machinery Directive 98/37/EC. To reflect this in the UK, the Supply of Machinery (safety) Regulations 1992 as amended will be replaced by the Supply of Machinery (safety) Regulations 2008.
One of the main changes associated with the new Machinery Directive relates to the standards available for the design of the Safety Related Electrical Control System (SRECS). Users of BS EN 954-1 will be familiar with the old “risk graph” used to design safety related parts of electrical control circuits to the categories B, 1, 2, 3 or 4. Here, the user was prompted to subjectively assess severity of injury, frequency of exposure and possibility of avoidance, to arrive at a required category for each safety related part. This category then stipulated how the safety circuit must behave under fault conditions.
However, with electronics and programmable electronics being increasingly incorporated into these systems, safety can no longer be measured purely in terms of categories. Neither can this standard provide information on the probability of failure.
Therefore, in recent years the concept of functional safety has emerged. Functional safety is part of the overall safety relating to the Equipment Under Control (EUC) and the EUC control system, which depends on the correct functioning of the electrical/electronic/programmable electronic and other technology safety-related systems as well as external risk reduction facilities. It is an attribute of the equipment under control and of the control system, not of any particular component or specific kind of device. It applies to all parts that contribute to the performance of a safety function, including for example, input switches, logic solvers such as safety relays, safety controllers and safety PLCs (including their software and firmware) and output devices such as contactors and variable speed drives.
It should also be remembered that the words correct functioning mean that the function is correct, not just what is expected, so it is essential the functions are selected correctly. In the past, there has been a tendency for components specified to a high category of BS EN 954-1 to be chosen, instead of components that have a lower category but might actually have more suitable functions. This might be as a result of the misconception that the categories are hierarchical, such that category 3 is always “better” than category 2 and so on. The new functional safety standards are intended to encourage designers to focus more on the functions that are necessary to reduce each individual risk, and what performance is required for each, rather than simply relying on particular components.
The new standards BS EN ISO 13849-1 and BS EN 62061 help with the weaknesses of BS EN 954-1. They still require consideration of circuit architecture as in EN 954-1, but additionally take into account the reliability of the safety circuit components and its ability to detect/diagnose faults and reject common cause failure. The performance of each safety function is specified as either a SIL (Safety Integrity Level 1, 2 or 3) in the case of BS EN 62061, or PL (Performance Level a, b, c, d or e) in the case of BS EN ISO 13849-1.
The requirements of these two new functional safety standards and illustrative worked examples are set out in a clear and concise handbook, which is available for download at www.schneider-electric.co.uk.
Dave Collier is safety marketing manager at Schneider Electric