Manufacturing AUTOMATION

Features Machine Safety Opinion
Answering your questions about the IEC 62061 standard for machine safety


June 16, 2009
By Jim Grube

Topics

The new machine safety standards (ISO 13849 and IEC 62061) are allowing us to design new and more innovative solutions for machine safety. These standards take into consideration the architecture of a circuit plus the reliability of the devices which make up that system. You can actually quantify the level of safety and therefore be sure of the level of risk reduction.

The ISO 13849 standard can be used to design the safety-related parts of a control system’s (SRP/CS) electrical, electro-mechanical as well as mechanical (hydraulics) parts, while the IEC 62061 standard is used to design parts of a safety-related electronic control systems (SRECS). In Europe, OEMs and end users will be required to adhere to these standards by the end of 2009. Some large end users in Canada are using these new standards, even though there is no mandate to do so. The following information is a brief overview of IEC 62061.

Why was IEC 62061 developed?
The International Electrotechnical Commission (IEC) developed IEC 62061 to help engineers reduce failures of all types within the SRECS. The standard breaks failures down into various types, such as random or systematic, and treats them differently because they have different root causes. Incorrect safety specifications or programming errors are some causes of systematic failures, while faults in the devices cause random failures.

Many of these new electronic safety devices have more complex failure modes, which means they need new standards that take this into account. Past standards have never taken into account the lifetime and number of cycles to which a safety device is exposed. For example, if you operate a safety gate switch 16 times a day versus one time per day, it will have an impact on the level of safety. The 62061 standard takes into account the entire safety life cycle, from initial concept to dismantling the device, including validation and verification at the various stages of design. Each step is documented and validated, resulting in a very safe design.

Where did IEC 62061 come from?
IEC 62061 is a standard for the machine sector and is based on IEC 61508. IEC 61508 is widely considered “the” international standard for functional safety. Within IEC 61508, there are two types of requirements: low demand probability of failure on demand (PFD, typically for process safety, known as IEC 61511) and high demand probability of failure per hour (PFH, typically for machine safety, known as IEC 62061). When designing safety systems, we are most concerned with PFH of the safety related control function (SRCF).

Why do I need to know about IEC 62061?
You can use ISO 13849 up to Performance Level e (PLe) for non-complex electronic devices. PLe is required if your Severity =Serious, Frequency=Frequent and Possibility of Avoidance=Not Avoidable. Safety PLCs are considered complex devices, therefore for PLe, it is recommended that you use IEC 62061. When you develop complex safety systems, the simple addition of PFHd as per IEC 62061 results in easier handling and more accurate results especially when dealing with more than two safety systems in series.

What is the difference between ISO 13849 and IEC 62061?
There are many differences between the standards. Here are three:
• The method for calculating the amount of risk reduction differs. IEC62061 uses a safety integrity level (SIL) to measure the amount of risk reduction. Applying IEC 62061 to a safety circuit is fairly straightforward. The SRCF is broken up into subsystems and subsystem elements. For example the sensor is subsystem one, safety PLC is subsystem two and the actuator is subsystem three. For each subsystem, you calculate the PFHd and then add all PFHd together for the complete SRCF. Calculate the total PFH for simple devices such as sensors or actuators using the B10 value and number of cycles. Once we know the total failure rate (PFH), we can find the dangerous failure rate (PFHd) by simple multiplication based on the manufacturer’s data. Most complex safety devices such as light curtains, safety relays and safety PLCs already have a PFHd value.

• IEC 62061 takes into account the entire safety life cycle, whereas ISO 13849 does not.

• When handling more than two or three SRECS in IEC 62061 that make up one safety function, the PFHd for all devices are added together and the SIL determined without de-rating. For multiple SRP/CS, ISO 13849 uses tables or calculation. When using ISO 13849 with tables, a lower performance level (PL) may result. For example, if there are more than three SRP/CS with PLd, then the entire PL for this system based on the tables is PLc (de-rating takes place). Calculation of the MTTFd may result in an even lower PL. The term SRECS in 62061 is similar in definition to SRP/CS found in ISO 13849.

Can you use both standards?
Yes. You can use ISO 13849 to design complex mechanical/electrical systems up to PLe and IEC 62061 to design programmable electronic systems up to SIL3.


Jim Grube is a Certified Siemens Functional Safety Professional within the Siemens Canada Safety Integrated Team. He is also a member of the CSA. Siemens Industry Automation is located in Burlington, Ont. If you would like to receive more information regarding the topics discussed here, please send an e-mail to safety.integrated.ca@siemens.com. Please use the following text in the email subject line: “Safety Integrated IEC 62061 Info.”