Copyright © 2012 Rockwell Automation, Inc. All rights reserved.

Safety Standards Update:

The Direction of IEC

62061 and ISO 13849

Derek Jones

Rockwell Automation

Safety related machinery control systems

2

3

Safety related machinery control systems

Withdrawn

EN 954

CATEGORY

FAULT TOLERANCE

DIAGNOSTICS

2005/6 2011

4

Safety related machinery control systems

Withdrawn

FAULT TOLERANCE

DIAGNOSTICS SRS

RELIABILITY

SYSTEMATIC

FSMIEC/EN 62061 SIL

EN ISO 13849 PL

EN 954

CATEGORY

FAULT TOLERANCE

DIAGNOSTICS

2005/6 2011

5

Safety related machinery control systems

Is that OK (or are there any problems?)

Machine

Builder

More complexity?

Data required

6

Safety related machinery control systems

Is that OK (or are there any problems?)

Machine

Builder

More complexity?

Data required

Safety

Component

manufacturer

Multiple standards certification

Data required

IEC 61508, ISO 13849 and IEC 62061

and product standard

7

Merger of ISO 13849 and IEC 62061

Withdrawn

FAULT TOLERANCE

DIAGNOSTICS SRS

RELIABILITY

SYSTEMATIC

FSMIEC/EN 62061 SIL

EN ISO 13849 PL

EN 954

CATEGORY

FAULT TOLERANCE

DIAGNOSTICS

2005/6 2011 2016 ?

IEC ISO

17305

8

Merger of ISO 13849 and IEC 62061

Do we need to care about ISO and IEC if we are in the US?

UL

9

Merger of ISO 13849 and IEC 62061

Do we need to care about ISO and IEC if we are in the US?

UL

GB

10

Merger of ISO 13849 and IEC 62061

Do we need to care about ISO and IEC if we are in the US?

ENUL

ANSIGB

AS

11

Merger of ISO 13849 and IEC 62061

Do we need to care about ISO and IEC if we are in the US?

ENUL

ANSIGB

AS

GOST R

NR

JIS

12

Merger of ISO 13849 and IEC 62061

111 participating member bodies in ISO

USA

France

Germany

Korea, Republic of

China

Romania

Japan

Italy

Poland

Spain

Russian Federation

India

Netherlands

Czech Republic

United Kingdom

Finland

Belgium

Sweden

Switzerland

Hungary

Slovakia

Australia

South Africa

Norway

Turkey

Canada

Bulgaria

Portugal

Ukraine

Brazil

Denmark

Thailand

Malaysia

Indonesia

Israel

Greece

Croatia

Belarus

New Zealand

Sri Lanka

Saudi Arabia

Pakistan

Colombia

Singapore

Philippines

Chile

Jamaica

Mexico

13

Merger of ISO 13849 and IEC 62061

Do we need to care about ISO and IEC if we are in the US?

ENUL

ANSIGB

AS

GOST R

NR

JIS

14

Merger of ISO 13849 and IEC 62061

Why not go back to where we were? (Forget the complexity and the data)

15

Merger of ISO 13849 and IEC 62061

Why not go back to where we were? (Forget the complexity and the data)

“Trust me ……… I’m a safety relay”.

16

Merger of ISO 13849 and IEC 62061

Why not go back to where we were? (Forget the complexity and the data)

“Trust me ……… I’m a safety relay”.

FAULT TOLERANCE

DIAGNOSTICS SRS

RELIABILITY

SYSTEMATIC

FSM

We have to keep pace with changes in technology

and changes in risk

17

Merger of ISO 13849 and IEC 62061

Changes in technology and changes in risk

From “The human machine interface as an emerging risk”Risk Observatory: EU-OSHA – European Agency for Safety and Health at Work - ISBN-13: 978-92-9191-300-8

“Greater specialisation means that fewer workers are able to understand how to

work with the specific complex machine. Maintenance activities, in particular,

pose a challenge as a lot of complex systems need human assistance or

intervention. The design of many machines considers only operation under

normal conditions; as a consequence, when maintenance needs to be carried out,

risks related to such complex systems are not predictable and can be of different

nature.”

18

Merger of ISO 13849 and IEC 62061

Couldn’t we just go worst case? - Lets call everything PLe/SIL3

19

Merger of ISO 13849 and IEC 62061

Couldn’t we just go worst case? - Lets call everything PLe/SIL3

20

Merger of ISO 13849 and IEC 62061

Couldn’t we just go worst case? - Lets call everything PLe/SIL3

Safety requirement specification =

Integrity requirement (PL or SIL) and Functional requirement

21

Merger of ISO 13849 and IEC 62061

Where do we go from here?

22

Merger of ISO 13849 and IEC 62061

23

Merger of ISO 13849 and IEC 62061

Where do we go from here?

24

Merger of ISO 13849 and IEC 62061

Where do we go from here?

25

Merger of ISO 13849 and IEC 62061

Where do we go from here?

– No starting over …. Keep the same methodologies but learn

from experience

– Clarify and simplify where possible

– Resolve the data problems

– Don’t wait ……… Use the existing standards

26

Merger of ISO 13849 and IEC 62061

DC

Safety Related Subsystem Designer

(Safety Component Manufacturer)Safety Related System Designer

(Machine Builder)

SYSTEMATIC

SUBSYSTEM PFH CALCULATION

13849 Simplified method

Or

62061 Simplified method

CCF

SAFETY FUNCTION

SPECIFICATION

SUBSYSTEM

1 PFH

SUBSYSTEM

2 PFH

SUBSYSTEM

3 PFH

+

+

FUNCTIONAL SAFETY MANAGEMENTFUNCTIONAL SAFETY MANAGEMENT

ARCHITECTURE /

CATEGORY

SUBSYSTEM ELEMENTS

MTTF / λ

LOW COMPLEXITY

SUBSYSTEMS

HIGH COMPLEXITY SUBSYSTEMS

SUBSYSTEMS WITH FUNCTIONAL SAFETY PRODUCT STANDARD

USE IEC 61508 OR EQUIVALENT

E.G. IEC 61800-5-2

27

Merger of ISO 13849 and IEC 62061

• We have moved from a standard that was perceived as simple to use but

was restricted in terms of the technology it enabled, to standards that are

perceived as difficult to use but have enabled the confident use of new

technology.

• As part of the merging process we need to make sure that we do not

introduce any different or additional requirements. The merging should

be regarded as an opportunity for clarification, simplification and the

resolution of known issues such as the provision of reliability data.

It is now time to look for the best of both worlds.

Questions

28