To help clarify the functional safety requirements, ISO 13849-1 is being revised.
These changes have been published as a 'Final Draft Amendment', (ISO 13849-1:2006/FDAM 1:2015) meaning that there will be no further editorial or technical changes, with the publication of the amended standard following within a few months.
http://www.din.de/en/getting-involved/standards-committees/nasg/projects/wdc-proj:din21:167959123
Meanwhile, EN 62061 (equivalent to IEC 62061) has been updated to include references to other related standards that have changed, with no technical changes being made to the standard itself.
Within the updated ISO 13849-1, Table 1 is to be removed and replaced by a reference to the technical reports published in 2010 for guidance on the choice of which standard to adopt.
Previously the expression 'average probability of a dangerous failure per hour' had been used in full throughout the standard. Now, the abbreviation PFHD is also used, delivering some consistency between EN ISO 13849-1 and other functional safety standards.
Likewise, the term 'subsystem' is now included as an alternative term for Safety Related Parts of Control Systems (SRP/CS).
Summing up the PFHD of each SRP/CS in series alignment to establish the PFHD of the function is also made clear.
For Category 4 architectures, the 100 years Mean Time To Dangerous Failure (MTTFd) capping can be increased to 2500 years.
This is to overcome the limitations imposed on the calculated PFHD that results in an artificial limit to the number of subsystems in a series alignment. Annex K has also been expanded to take account of this.
The current 'assumption' that for Category 2 architecture the demand rate should be ≤1/100 test rate now has the added alternative provision that Category 2 can also be claimed if testing occurs immediately upon demand of the safety function, and safety times and distances are also satisfied.
There is clear guidance given that where non-electrical components are used in the output part of the SRP/CS, the use of specified categories is to be considered. For example, for Performance Level d (PLd) a Category 3 architecture is required, while for PLe Category 4 is specified.
For PLd with Category 2 architectures it is now a normative requirement for the Output of Test Equipment (OTE) to initiate a safe state.
There is also clarification that the use of the Risk Graph is not mandatory, and that other methods to establish the performance level required (PLr) of the safety functions can be used instead. The guidance on selecting some of the parameters is expanded, and it is made clear that the selection of P1 or P2 should consider both the possibility to avoid and the probability of occurrence of the hazardous event.
Some of the wording in parts of Annex C has been changed so that it is clear that the information in this Annex is more relevant to SRP/CS manufacturers than to end-users of SRP/CS subsystems. Finally, Annex I 'Examples' has been completely revised with example A (single channel) having a PLr of PLc, and example B (dual channel) having a PLr of PLd. More detail is now also given to the reliability data used in the examples to make them more in keeping with actual 'real world' applications
Practical steps
To make EN ISO 13849-1 work for them, machine builders need to pay more attention to the concept of functional safety, identify the individual safety functions of a machine, and then assign performance requirements against each of these to ensure that they comply. While breaking each function into further subsystems is a detailed and time-consuming process, it can help with the calculations and also help to ensure that nothing is missed.
Performance data is available from most of the safety product manufacturers for use in the calculations. However, even when the relevant data is available, it would be misleading to pretend that carrying out the calculations required by EN ISO 13849-1 is a straightforward task. To make things a little easier, several software packages have been produced that guide users through the process.
In spite of the availability of software support, ensuring compliance with EN ISO 13849-1 is still going to be a task that few system integrators or machine builders will want to undertake for themselves, or have the resources available to do so.
