Not everyone appears to be aware of the standard, ISO 13849-2:2003
(Safety of Machinery, Safety Relates Parts of Control Systems,
Validation). However, any safety-related control system designed and
built in accordance with BS EN 954-1 should be validated in line with the
ISO standard, as Richard Piggin explains
Designers of machinery and control systems have worked for many years
with BS EN 954 (Safety of Machinery, Safety Related Parts of Control
Systems), with Part 1 (General Principles for Design) being one of the
key documents. Less well known is prEN 954-2 (Safety of Machinery, Safety
Related Parts of Control Systems, Validation). This was intended to be
the second part of the standard but, as the 'pr' suggests, it never
progressed beyond the status of a draft. However, with EN 954-1 soon to
be replaced by ISO 13849-1, the standards committees have pressed ahead
with the corresponding ISO 13849-2: 2003 (safety of Machinery, Safety
related Parts of Control Systems, Validation), which would have replaced
and superseded EN 954-2 had that part of the earlier standard ever been
ratified.
As can be seen from the date, Part 2 of ISO 13849 was published in 2003,
in advance of Part 1, so it therefore refers to both EN 954-1 and ISO
13849-1. Because of the unusual timing arrangements, there could well be
a degree of confusion when ISO 13849-1 is published. For example, there
are references in Part 2 to 'categories' (in line with EN 954-1), whereas
ISO 13849-1 is expected to refer to 'performance levels' used alongside
categories.
The scope of BS EN ISO 13849-2 is relatively broad, encompassing the
validation of safety-related parts of control systems that use
mechanical, pneumatic, hydraulic and electrical (and electronic)
technologies. But machine builders working with programmable electronic
systems are directed towards IEC 61508 and IEC 62061. Validation requires
both analysis and testing in most cases, and the standard states that the
validation shall demonstrate that each safety-related part meets the
requirements of EN 954-1 (ISO 13849-1), in particular: the specified
safety characteristics of the safety functions provided by that part, as
set out in the design rationale, and: the requirements of the specified
category. Importantly, the rigour of validation increases with the
required performance level and complexity. For complex systems,
validation should be carried out by persons who are independent of the
design of the safety-related parts.
Activities that can be started at an early stage in the design process
include the preparation of generic fault lists and specific fault lists,
which can be compiled using the tables provided in the ISO 13849-2
appendices. Documentation is an essential element of meeting ISO 13849-2,
though most of this information should be available already if the
requirements of EN 954-1 (ISO 13849-1) are being met. A look-up table
within ISO 13849-2 shows what types of documentation are required,
depending on the category. In addition, the validation analysis and
testing must be recorded.
While it is likely that most machine builders working to EN954-1 are
performing some form of validation of the safety-related parts of their
control systems, they should be aware that there is a standard to which
they should work.
Richard Piggin is with Pilz Automation Technology. Copies of the ISO
13849-2 standard are available from this company, which is an official
BSI distributor.