By Ellen Fussell Policastro
When you talk about functional safety, the main point is to minimize and eliminate injuries to people, damage to the environment, and downtime and financial damage to companies.
Joe Lenner, senior functional safety engineer with TÜV Rheinland of North America, thoroughly examined this topic during a late July Siemens-sponsored webinar, Functional Safety: Standards, Discussion, and Machinery Directive.
Lenner stressed the importance of assessing risk and determining safety function levels, which become easier when you just comply with the standards that support the machinery directive. To place your equipment on the market, you must meet all applicable directives in the European Union. “So for a machine, such as a lathe in a mill or a piece of assembly equipment in an auto plant, you’d have to meet the machinery directive — low voltage directive and the EMC directive,” Lenner said.
Mean Time to Dangerous Failure
One important difference between EN13849 and the old EN954 is the introduction of quality measures in EN13849, which include the mean time to dangerous failure (MTTFd), diagnostic coverage, and common cause failures.
MTTFd is the average operating time that occurs without a dangerous failure within a single channel. It’s not a guarantee of a lifetime, just a statistical average.
There are three levels defined in the standards — low, medium, and high. Low is an MTTFd of 3-10 years, medium is 10-30 years, and high is 30-100 years. To figure the MTTFd value, use the values provided by the manufacturer. People who make safety devices should put this material in their data sheets. Annex C covers safety relays, and Annex D provides a way to calculate the MTTFd using statistical methodologies.
— Ellen Fussell Policastro
To prove you’ve met these directives, you’d follow the same process as in the U.S., “such as complying with OSHA for a press application, where the requirement is control reliability,” he said. “Control reliability simply states no single failure should cause the loss of the safety function.”
The best way to prove you’ve met all requirements it to comply with relevant harmonized standards. The two standards harmonized for machinery are EN/ISO 13849 and EN/ISO 62061 – children of IEC and EN 61508. Both standards are intended for integrators and manufacturers of equipment. EN 13849-1 focuses on predetermined architectures and contains requirements for hydraulic, pneumatic, and mechanical safety systems. On the other hand, EN/ISO 62061 allows more flexibility in architectures, but it’s more complicated in terms of proof of compliance. EN/ISO 62061 covers more electrical and electronic safety systems. However, both cover functional safety of electrical, electronic, and programmable electronic systems. “So if you’re doing something with pneumatic or hydraulic safety systems you want to look at EN 13849,” he said. It is much broader in terms of safety systems. EN/ISO 13849 replaces EN954, which has been around since the mid-1980s but has been long superseded by EN/ISO 13849.
Before you can comply with any standard, you need to do a risk assessment. “You can’t define what the safety function is if you don’t know what risk you’re trying to mitigate,” Lenner said. The safety function represents the whole loop: Input, process, and output. If a hazard mitigation requires intelligence or control, it’s a safety function. The objective is to keep a safe state.
A risk is the product of a hazard vs. severity. Tolerable risk is acceptable, but you want to quantify your risk so you can figure out what your level of reduction needs to be. You need to assess the extent and severity of harm as well as the frequency of exposure, probability of occurrence, and likelihood of avoidance. “With technical measures, you want to change the frequency of exposure, reduce the probability of occurrence, and reduce the possibility of harm,” Lenner said.
Specific hazards to assess include mechanical (crushing, slipping, tripping), electrical (shock), thermal (burns from touching hot or cold surfaces), noise, radiation, lasers for cutting and welding, and toxic gases. “It’s important when doing a risk assessment to get through all the risks first,” Lenner said. “You need to identify them all, then try to mitigate them.” Don’t find one hazard and mitigate as you go because you will likely leave things out.
After you identify all these hazards and assess the risks, then you can decide whether the risk is acceptable or whether a reduction is necessary and figure out how to do the reduction. “Would you use constructive measures, put up hard-guarding, design out the risk, or remove the pinch point completely? Do you use technical devices, such as a safety PLCs, safety relays, or light curtains? Or do you do informative work practices or instructions? Those are your choices,” Lenner said. “You’re really going down the list in terms of eliminating, mitigating, and instructing.”
“If you’re dealing with something like a pinch point on a press or a feeder of some kind, it’s important to make sure fingers stay out of the way. One way to do this, assuming the tolerances are correct, is to push the finger out of the way or put up a hard guard to prevent the finger from getting in the way in the first place. “The least effective method is a warning; we all know how guys are in the shop, and warnings get covered up. So you want to use one of the first two methods,” he said.
Ellen Fussell Policastro is a freelance writer in Raleigh, NC. Her email is firstname.lastname@example.org.