Les Hunt writes: With the news last week that the Machinery Directive Working Group has decided to grant machine builders a transition period from the existing EN954-1 to the more comprehensive EN ISO 13849-1 and EN/IEC 62061 safety standards, we ask Schneider Electric’s Dave Collier to respond. Dave has been writing a regular column on the new standards in the pages of DPA and its sister title Panel & System Building, and these articles can be accessed at the DPA website. Meanwhile, over to Dave Collier for an analysis of these issues and some timely advice….
The European Commission’s Machinery Directive Working Group has confirmed its decision to recommend allowing EN 954-1 to support compliance with the Machinery Directive for an as yet unspecified period, but is this a positive move? I would say perhaps not, and suggest manufacturers should move to the new standards now.
There are two main influencing factors in why the EC Working Group has decided to recommend extending EN 954-1 for this further period. Firstly it has been said that some sectors of industry are not ready as they will not be able to provide the necessary safety reliability data for the new EN ISO 13849-1 or EN 62061 standards.
Secondly reference to EN 954-1 is still made in many C-type standards, which are the machine specific standards that take precedence over all A-type and B-type standards. Some C-type standards have, in fact, already been revised to refer to EN ISO 13849-1 and the delay will allow more time for an orderly review of all C-type standards.
However, while there is some foundation for the decision, there are numerous reasons for designers to ignore the delay and start working with the new standards now, particularly with EN ISO 13849-1, which will be easier to adopt.
To explain why designers shouldn’t delay we need to consider why new standards were deemed necessary. Under the old standard, the categories (B, 1, 2, 3 and 4) dictated how a safety related electrical control circuit must behave under certain conditions. For years EN 954-1 has been used simplistically resulting in it being wrongly applied to whole machines rather than individual safety functions. So, a high-risk machine may have been designated as a “category 4 machine”, meaning that all safety systems have needed to meet with the requirements of category 4, when in reality some of its systems might only need to manage much lower risks. In some cases, components that have a lower category might actually have had more suitable functions.
Another weakness that has resulted from EN 954-1 lies in the familiar “risk graph”. It has long been wrongly applied as a risk assessment tool, which it patently is not: risk assessment is covered in a separate standard, EN ISO 14121-1. The graph is actually a means of allocating a category to a safety-related part of a control system, but misusing it has given rise to the tendency to apply categories throughout the whole system.
EN ISO 13849-1 uses a similar tool to determine the required performance level (PLr) of the individual safety functions. This means that safety functions can be assigned to the appropriate architecture to deal with each individual risk. So, for lower risk parts of the machine, it is possible to use simpler circuitry. Or, to look at it another way, you can achieve a PL using a lower category, and hence fewer components and wiring, than would otherwise have been allowed under EN 954-1. This is with the proviso that high reliability components, or components with higher MTTFd (Mean Time To dangerous Failure) or B10d figures, are used. This is a consequence of the fact the five Performance Levels (PLs) associated with EN ISO 13849-1 are bands of values rather than discrete categories.
The retention of EN-954-1 potentially delays advances in machine safety. Although it is seen as well understood and simple to use, it is not really rigorous enough to ensure sufficient safety integrity in many modern and complex machines. EN ISO 31849-1, on the other hand, can make safety more cost effective for designers, allowing them to design safety circuits using fewer, higher reliability, components. As a practical example, in accordance with EN ISO 31849-1 a PLd can be achieved using a category 2 single channel or category 3 dual channel architecture, which gives the designer more choice than under EN 954-1 which would demand the use of category 3.
To support the EN ISO standard, there is a free-to-download software utility that developers and testers can use to evaluate the safety of the machine in the context of the standard. The SISTEMA software has been developed by BGIA, the German Institute for Occupational Safety and Health. The tool permits the designer to model the structure of the safety-related control components based on the designated architectures of the standard, thereby permitting automated calculation of the reliability values with various levels of detail, including that of the attained PL.
Manufacturers, including Schneider Electric, publish software libraries for their safety components which contain relevant reliability data (such as MTTFd) and can be imported into SISTEMA. The software, combined with a manufacturer’s software library, eliminates time-consuming consultation of tables and calculation of formulae and the final results can be printed out in a summary document.
Complying with the new standards may prove initially more time consuming, but it can achieve greater levels of safety throughout the machine’s life. Delaying implementation until forced to do so could leave machine manufacturers lagging behind competitors who have been quicker to understand that early compliance ensures they are working to the highest level of safety.
For those who recognise the need to act now rather than wait, Schneider Electric has published a Safe Machines Handbook, an unbiased and concise guide explaining some aspects of the new directive and the use of the new standards. This can be downloaded free-of-charge by visiting www.schneider-electric.co.uk
Dave Collier
Safety Marketing Manager
Schneider Electric