Putting the spotlight on EN 62061
01 April 2010
Dave Collier urges machine designers to ignore the delay to withdraw EN 954-1, and to start using EN ISO 13849-1 or EN 62061 as soon as possible. Here he focuses on some aspects of EN 62061, the standard for machines implementing the requirements of EN 61508
Where does EN 62061 best fit? Those working in industries with safety cultures involving EN 61508 or other related standards (EN 61511 for process, EN 61513 for nuclear, for example) might prefer to use EN 62061 rather than EN ISO 13849-1 when designing machine control systems.
They will already be familiar with the creation and development of a safety requirements specification (SRS); a ‘functional safety plan’ to deliver a safety system; the calculations; the terminology; and the documentation. In short, they will find it more satisfactory to work with the requirements of EN 62061, in the same way that users of EN 954-1 will find it easier to migrate to EN ISO 13849-1.
"He who fails to plan is planning to fail"
Clause 4 of EN 62061 specifies requirements for management of functional safety. Guidance is also given on the organisational requirements that are necessary, including the requirement to draw up a functional safety plan. In addition, consideration is given to modifications during the machine’s lifecycle. Modifications are cited by the HSE as one of the major causes of accidents; therefore, it makes common sense to manage them within a set of guidelines that includes an assessment of potential impact on the functional safety.
Part of the functional safety plan includes the identification of “persons, departments…and resources that are responsible for carrying out and reviewing” the activities concerned with compliance. This makes good business sense, and is particularly important for safety when modifications are to be made such as during commissioning, maintenance, or upgrade. In these circumstances it is essential to allocate responsibility for each stage, and to ensure that adequate resources are available – including sufficient time.
The safety requirement specification for each safety related control function will include both a functional specification (what it does) and a safety integrity specification (how dependable it is). The functional specification details such things as frequency of operation, response time and interactions with other processes. Safety integrity specification must consider both random hardware failures and systematic failures. Most systematic failures result from incorrect specification; for example, a switch with too low a current rating for its load. As part of the design process, this specification should be detailed enough for the correct selection of components.
In EN 62061, a safety integrity requirement is expressed in terms of the PFHD or probability of dangerous failure per hour. This can be calculated from reliability data for each component or sub-system that implements safety related control functions and is related to the safety integrity level (SIL 1, 2 or 3) shown in the standard.
Although many will have decided to use EN ISO 13849-1 (and Sistema software) because it makes for easier progression from EN 954-1, we should recognise that EN 62061 and EN ISO 13849-1 will converge at some point in the next few years. The management requirements of EN 62061 are not detailed in EN ISO 13849-1, and are well worth considering to ensure the safest possible control systems throughout the machine lifecycle in all industries.
Dave Collier is product marketing manager at Schneider Electric
Contact Details and Archive...