ISO 13849-1 (Safety of machinery - Safety-related parts of control systems - General principles for design), an international standard, was revised in 2006. As the background of the revision, semiconductor parts such as transistors and MOS-FETs have been put to use in the safety machinery that composes the safety-related parts of control systems, which represents a change in control methods from control by way of hard wiring to control by way of software. In the conventional way of thinking about categories, safety was determined according to system architectures (structures) that used mechanical safety devices and relays with forcibly guided contacts, so it could not be said that sufficient thought was given to safety attributable to the reliability of parts.
Under these circumstances, attempts were made to regulate mechanical safety according to functions and reliability from around the year 2000.
This way of thinking is called “functional safety.” ISO 13849-1:2006 is a standard that revises ISO 13849-1:1999, which was based on the conventional standard EN 954-1, by adding details from IEC 61508 (IEC 62061), which defined functional safety.
ISO 13849-1: 1999 specified the determination method of category and its requirements.
Symbol | Symbol details | Parameter | Short explanation on the parameter |
---|---|---|---|
S | Severity of injury | S1 | Slight (normally reversible) injury |
S2 | Serious (normally irreversible) injury including death | ||
F | Frequency and/or exposure time to the hazard | F1 | Seldom to quite often exposure time is short |
F2 | Frequent to continuous exposure time is long | ||
P | Possibility of avoiding the hazard | P1 | Possible |
P2 | Scarcely possible |
Explanation of symbols
The following is a criteria for each parameter according to AISI/RIA R15.06.
Category | Summary of requirements | System behavior |
---|---|---|
B | Safety-related parts of control systems and their protective equipment shall be designed, constructed, selected, assembled, and combined in accordance with relevant standards so that they can withstand the expected influence. | The occurrence of a fault can lead to the loss of the safety function. |
1 |
Requirements of B shall apply. Well-tried components and well-tried safety principles shall be used.* |
The occurrence of a fault can lead to the loss of the safety function, but the probability of occurrence is lower than for category B. |
2 |
Requirements of B and the use of well-tried safety principles shall apply. The safety function shall be checked at suitable intervals by the machine control system. |
The occurrence of a fault can lead to the loss of the safety function between the checks. The loss of the safety function is detected by the check. |
3 |
Requirements of B and the use of well-tried safety principles shall apply. Safety-related parts shall be designed so that - a single fault in any of these parts does not lead to the loss of the safety function and - whenever reasonably practicable, the single fault is detected. |
When a single fault occurs, the safety function is always performed.Some, but not all, faults will be detected. Accumulation of undetected faults can lead to the loss of the safety function. |
4 |
Requirements of B and the use of well-tried safety principles shall apply. Safety-related parts shall be designed so that - a single fault in any of these parts does not lead to the loss of the safety function and - single faults are detected at or before the next demand upon the safety function, but that if this detection is not possible, an accumulation of undetected faults shall not lead to the loss of the safety function. |
When the faults occur, the safety function is always performed.The faults will be detected in time to prevent the loss of the safety function. |
* Well-tried safety principles are, for example, 1) avoidance of certain faults (ex. avoidance short-circuit by separation), 2) reducing the probability of faults (ex. over-dimensioning or underrating of components), 3) by orientating the mode of fault (ex. by ensuring an open circuit in the event of fault), 4) detect faults very early, and 5) restrict the consequences of a fault (ex. earthing of the equipment).