The basis of every development is the definition of the requirements for this - this applies particularly far-reaching in the area of security technology. As there is usually not enough leeway in a development project to design a 'jack of all trades', an application provides information on the framework - and also the safety framework - within which the product will operate.

Experience has shown that there is often a major information deficit between users in mechanical engineering and component manufacturers, which leads to considerable knowledge gaps. The different relevant standards - above all ISO 13849 and EN 62061 - make communication even more difficult. Unfortunately, the attempt to merge them into one standard recently failed. However, this has resulted in an amendment to the original EN ISO 13849-1 from 2008. Since mid-2016, the presumption of conformity for this standard has ended and EN ISO 13849-1:2015 (German version) has taken its place. In addition to editorial changes, there is also a change in Annex A (informative), which describes the determination of the required performance level (PLr).

The DIN EN ISO 13849-1 risk graph

© Innotec

The so-called risk graph can be used to determine the PLr. It is the basis for a precise determination of the risk based on three criteria:

• Severity of the injury (S)
• Frequency and/or duration of exposure to the hazard (F)
• Possibility of avoiding the hazardous events (P)

What specifically has changed in the risk graph in EN ISO 13849-1:2015 compared to EN ISO 13849-1:2008? First of all, the original three main input variables have remained the same. What is new, however, is that the 2015 standard now contains the following new wording to differentiate between F1 (rare to frequent) and F2 (frequent to permanent):

"If there is no other justification, F2 should be chosen if the frequency is higher than once every 15 minutes."

"F1 may be selected if the total exposure duration does not exceed 1/20 of the total operating time and the frequency is not higher than once every 15 minutes."

In addition to the possibility of avoiding hazardous events (P), there is a new degree of freedom, namely the probability of occurrence. The standard does not define a separate parameter for this; instead, the probability of occurrence is described as an additional parameter. However, in order to improve visualization and applicability, it is possible to add this new parameter to the risk graph.

Implementation of the standard is made easier by the fact that the PLr can be reduced by one level if the probability of occurrence is proven to be low. This makes it possible to implement the safety structures with less effort. This applies in particular to the major difference between a PLc and a PLd requirement. Identifying the correct requirement is essential when it comes to implementing safety-related parts of a control system (SRP/CS) in mechanical engineering.

For the assessment of a hazardous event, the standard refers to facts such as

• Reliability data
• Accident history on comparable machines

A basic prerequisite for classifying the probability of occurrence as low is an already comparable application on a machine. Comparable means: The same risk should be reduced with the same safety function, the same process and the same operations must be carried out by the operating personnel, or the same techniques must be used that cause the hazard. The probability of occurrence also depends on the probability of the hazardous event. It is extremely important that this assessment is carried out without the existing safety functions (SRP/CS)!

DIN EN 62061:2013 can be used as an aid here. In this standard, in which the parameter of the probability of occurrence is marked with the letter 'W', there is a more detailed description and distinction between the predictability of the behavior of machine components and that of a person. Among other things, it states: "For machine behavior, consider whether the machine or processed material has a tendency to behave in unexpected ways." In turn, stress, lack of awareness and/or lack of attention can play a role in human behavior in relation to the hazard. Table 1 from DIN EN 62061:2013 with its five variables can now be used as a subdivision into 'high' and 'low'.

Significance in practice

A lathe with manual tool change is used as an example for the risk assessment. A manual tool change is assessed as the initial situation in the life phase 'operation'. The severity of the injury can be assumed to be S2 (serious injury) and the frequency is assessed as F1 (rare to frequent). Due to the high dynamics of the drive, it is not possible to prevent the hazardous event. In other words, the human reaction time is not sufficient to pull the hand away in time (therefore P2). This results in the requirement for PLd for protective measures - in this case a guard that can be opened when guard locking is enabled.

Table 1 from DIN EN 62061:2013: It can be used as an auxiliary tool to make the classification of the probability of occurrence more transparent.

© Innotec

If it is assumed that the lathe is a follow-up machine - i.e. not a completely new concept - and the reliability data and accident history of comparable machines are available, the possibility of reducing the performance level by one level can be considered. This depends on the assessment of the probability of occurrence of the hazardous event. What does this mean in concrete terms? In the event of an intervention in the machine or in the spindle area that is only stopped by the functional control system (without SRP/CS), the following is estimated: What is the probability of an unintentional start-up, which could lead to a risk of injury? If this is assessed as 'low', the PLr can be reduced by one level to PLc. This means a significant difference in implementation and for the safety components: the components are technologically simpler and can often be wired more simply.

To give the subjective variable 'probability of occurrence' a numerical reference point: Based on DIN EN 61508-5:2011, 'low' can be assumed if the probability of the undesired event is less than or equal to 10%. This means that if an intervention in a hazardous area takes place ten times and this intervention is dangerous at most once, it is assumed to be 'low'. As a result, the PLr for the SRP/CS can be reduced by one level. If the new assessment of the probability of occurrence, which can reduce the PLr by one level, is not used, you are on the safe side and continue to meet the requirements of the standard. For new developments - without a comparable application and history - the risk graph remains unchanged.

It is important that the new degree of freedom is not only considered from the perspective of possible cost savings. Rather, in the area of risk management, it should help to find cost-efficient solutions for safety systems in view of applicable legal regulations. In short: when determining risk, the safety aspect should be given priority over the commercial aspect!

Author:
Peter Steuxner is an employee of Innotec.