Under the old standard, BS EN 954-1, the categories (B, 1, 2, 3 and 4) dictated how a safety related electrical control circuit must behave under fault conditions. However, under the new European Machinery Directive 2006/42/EC, either of the two new standards can be followed; BS EN ISO 13849-1 or BS EN 62061 and these introduce the notion of not only if, but how likely, faults will occur.
This means there is a probabilistic element in compliance that must be quantified and to do so, machine builders must be able to determine levels of safety integrity or performance. This is to verify that their safety circuits meet with the determined safety integrity level (SIL) or performance level (PL).
It is therefore important that panel builders and designers are aware that manufacturers of components used in safety circuits (including safety detection components, safety logic solvers and output devices like contactors) should make data about those products available.
However, understanding the data can be a minefield; because there are different requirements for each standard, and knowing what each figure and acronym means and whether they are applicable can also be complicated. Here are the main points machine builders need to remember for each standard, starting with BS EN ISO 13849-1.
MTTFd (Mean Time To Dangerous Failure) is the average period before failure of components in the safety circuit causes harm to a worker. MTTFd is classed as high (low risk, 30-100 years), medium (10-30 years) or low (high risk, 3-10 years) however, if the component's MTTFd is 100 years, it does not mean it will last this long without fault.
DC (Diagnostic Coverage) is a component or circuit's ability to detect/diagnose a fault within itself (a short circuit, for example). The higher the DC, the lower the probability of hazardous hardware failures.
PL (Performance Level) is made up of the circuit architecture (category B, 1, 2, 3, 4 as in BS EN 954-1) as well as MTTFd and DC. PLa represents the highest failure probability, and PLe represents the lowest failure probability. If a manufacturer states a specific PL for a component (such as a safety relay) it means this is the highest PL a circuit incorporating that component could achieve.
CCFs (Common Cause Failures) are failures due to a common issue, such as a short circuit, or due to a single event not based on mutual causes. Steps can be taken to prevent common cause failures such as using different components driven in different modes in dual channel systems.
And for BS EN 62061....
SIL (Safety Integrity Level) is the discrete level for the determination of the safety integrity requirements of the safety-related control system. Level one is low, while three is high. If a manufacturer claims a specific SIL for a component (such as a safety PLC) it means this is the maximum SIL that can be claimed for a system that uses this component as a subsystem.
SILCL (SIL Claim Limit) applies to subsystems within a safety system. A subsystem is defined as a part of a safety system/circuit, which if it fails, will bring about a breakdown of the safety function. SILCL is the maximum SIL that can be claimed in relation to architectural constraints and systematic safety integrity.
PFHD (Probabililty of Dangerous Failure per hour) is a measure of the dependability of a component, subsystem or entire safety system/circuit - in the same way that MTTFd is in BS EN ISO 13849-1.
%SFF (Safe Failure Fraction) represents the share of failures in the total rate of failure subsystem, which does not lead to a dangerous failure.
For compliance with both standards
B10 and B10d are associated with electromechanical components. B10 is the number of operations at which 10% of the population will have failed and B10d is the number of cycles after which 10% of the population has failed to a dangerous state.
Electromechanical components do not have published MTTFd or PDHD figures, since failure rates depend upon the hourly actuation rate, which is application specific. However, designers can use B10 or B10d with known machine data (guard switches might activate for a known number of times per hour for machine loading purposes, for example) to calculate the MTTFd or PFHD of subsystems containing these components.
To download the Safe Machine Handbook, an unbiased and concise guide explaining the new directive, visit www.schneider-electric.co.uk.
Dave Collier is safety marketing manager at Schneider Electric