Euchner: current safety equipment also meets the follow-up standards to EN 954-1. How does existing „Safety Engineering“ match up with the new standards? Is it necessary to start again and do things differently? The clear answer is „No“. In the future, existing safety engineering will be completely adequate for the protection of people and machines - provided that the „safety engineering“ and the components are used correctly. This was the situation in the past and continues to be so with the introduction of new standards,“ says Jens Rothenburg, Standards and Safety Expert at Euchner in Leinfelden, Germany.

The New Standards

The introduction of EN 62061 and EN ISO 13849- 1 succeeding the EN 954-1 has brought some changes in the assessment of suitable safety systems. It is not just the structure of a safetyrelated circuit to be considered, as it has been in the EN 954-1; now the reliability and, if necessary, the software as well as many other aspects are considered in the assessment of the performance of the safety system.

An example to illustrate this point: a safety guard with two safety switches is used for an application. One of these switches is a switch with a separate actuator and the other is a switch with a lever arm to provide redundancy. A positively driven contact of each switch is connected to a safety relay that monitors the simultaneity. Two contactors are connected to the output side; these contactors are used to shut down the machine.

Both contactors are monitored by a feedback circuit so that the application satisfies the conditions for category 4. The dual-channel structure and the type of monitoring are described by this circuit. The complete circuit is to be assessed using EN ISO 13849-1.

Step-by-step Procedure with EN ISO 13849-1

The procedure with the new standard is not very difficult. In the first step, a risk assessment is performed, in the same way as in the EN 954-1. For instance this assessment can be performed using the methodology in Annex A of the standard and gives a required Performance Level PL instead of the “old” safety category. In the next step, the design engineer thinks about a structure for the circuit, for example like the circuit described above.

The category is then determined for this structure in accordance with EN ISO 13849-1. As this category is identical to the category described in EN 954-1, there is nothing new here for the design engineer. In the majority of cases, it will certainly be possible to use a known application for the circuit. Therefore all components used in the past will still be used.

Euchner safety switches are well-proven and now simply need to be assessed using the new methods in EN ISO 13849-1. Furthermore, EN ISO 13849-1 requires additional steps for the assessment of the performance of the safety system. The Diagnostics Coverage DC is determined for all applications from category 2. The standard includes figures for a few familiar methods that can then be used if they suit the application. However, it is also possible to determine the related percentage using a simple counting method. The next value to be determined is the much discussed MTTFd, the Mean Time To dangerous Failure.

Software packages or spreadsheets are used for an easy calculation of this value. To be able to determine the total value, it is necessary to have the failure data for all components used. These data are available from the manufacturers or can be found mostly in Annex C of the standard. For electronic products, the MTTFd figure will normally be available directly from the manufacturer. It is possible to state this probability for electronic products, as electronic components are not dependent on the switching state (on or off).

The probability of failure is determined using statistical methods. For electromechanical and pneumatic components a B10d value will normally be available instead of MTTFd. Electromechanical components are dependent on the number of operating cycles and this dependence is characterized by the B10d figure. This figure is a number of operating cycles, not a service life, because a safety- switch which is opened once a year will have a longer service life than a switch that is operated twice a minute. To consider this, an intermediate step is necessary for the calculation of the required MTTFd; this step is also described in EN ISO 13849-1.

A MTTFd figure must be calculated using an assumption for the number of operating cycles per year. A Performance Level Calculator describing this step is available from Euchner. Finally, it is also necessary to consider the possibility of a failure due to faults with a common cause. A simple method covering this aspect is described in Annex F to the standard. Points are awarded for different methodologies which are to be added together.

If a minimum number of points is reached, it can be assumed that the circuit is adequately safe against faults with a common cause. All calculated figures are then plotted on figure 2 of the standard, and the Performance Level PL achieved is determined graphically. It is also possible to use a software or the Euchner BG-Performance Level Calculator instead of the graphical method. If the PL achieved is at least as good as the required PLr, everything can be documented as usual and the job is done.

Software Assessment?

Since software is nowadays used more frequently because of safe control systems (e.g. the configuration of the AS-i safety monitor), an assessment method will be required here as well. EN ISO 13849-1 is excellently suited for this task. Software can be assessed using a clear, wellstructured method. With this standard, it is also possible to assess the entire safety system including pneumatic, hydraulic and electromechanical components in an easy way. In contrast, EN 62061 is not suitable for this task as it is explicitly not intended to be used for pneumatic and hydraulic components, and is only of limited application to electromechanical components.

Assessment of Existing Components Using New Standards

Many people ask now how familiar components can be used in the method described with EN ISO 13849-1. The structure of the circuit and thus finally the category, is absolutely the same. Mostly the safety categories of the EN 954-1 as well as safety components are used today. As a direct result, it is most likely, that the values and requirements of the new standard are already fulfilled with the existing application. The diagnostics coverage is actually always included in the category, as appropriate testing was already always required for category 2, 3 or 4. The only new aspect is that the quality of the testing must be assessed.

Faults with a common cause are also nothing new. EN 954-1 already required faults with a common cause to be considered as only one fault. And this situation has always had to be considered in the structure which is the category of the circuit. The category can be evaluated very easily using the new standard. For safety components, the calculation of the failure figures is certainly not a point that will result in a reduction in the values for the circuit. Because of their design based on a safety principle, these components are very fail-safe.

The only new feature is that they must be included in a calculation with all other components in the circuit. As a result, if EN 954-1 has always been applied, practically all criteria in EN ISO 13849-1 are already met without the user noticing. The assessment provides improved awareness of how the safety technology has been implemented.

Assessment Using EN 62061?

The procedure in EN 62061 is different, but the methods and evaluations are very similar. The probability of failure is also calculated similarly, however not using the MTTFd but instead the Probability of dangerous Failure per Hour PFHd. For the electromechanical components, the B10 figure is required again. However there is no description as to how this figure is to be applied.

It is necessary to refer to other standards in which the reference to EN 62061 is unclear. A further disadvantage of EN 62061 is also that it is not possible to evaluate pneumatic and hydraulic components, but both are used in many safety circuits for shut down. Another distinct disadvantage is that the structures according to EN 62061 have a different layout to the familiar categories; this aspect then makes a new assessment necessary.

Conclusion: Easy-to-use EN 13849-1!

All in all, this new standard provides a better assessment of the safety engineering in many areas. Due to the fact that it permits a considerably more comprehensive assessment of the safety technology, the standard has also become more complex. “Old” components can surely continue to be used for safety systems. Today the methods described are already a familiar process for safety component manufacturers like Euchner.

Contact:

Jens Rothenburg
Euchner GmbH + Co. KG,
Leinfelden-Echterdingen
Tel.: +49 711 7597 0
Fax: +49 711 753316
info@euchner.de
www.euchner.de