What do you think about machinery safety standards? Are they a help or a hindrance?
There doesn’t seem to be much middle ground in answers to this question. You either love them or hate them. If you have no real opinion it is probably because you never have to use them. But if you are reading this I am going to assume you are among the chosen ones who have to use them and that you need to know what standards are out there and which changes are going to appear over the horizon. That can be easier said than done, especially if you are taking a global perspective. Trying to match different standards to different geographies can be a frustrating and time consuming task. The increasing worldwide adoption of ISO and IEC standards certainly helps. For me they are the first place to look to when I am trying to ascertain a globally acceptable solution for safety related aspects of machinery.
Anyone who keeps abreast of what is happening in ISO and IEC machinery safety standards will probably know the term “functional safety”. This is safety that depends on the way a machine functions. The biggest influence on the way a machine functions is its control system so it is no surprise that some of the most significant changes occurring in machinery safety standards are concerned with the safety related aspects of their control.
We have moved from the relatively simple approach of the Categories of EN 954 to a more complex approach encompassing PL (Performance Level) of EN ISO 13849 and SIL (Safety Integrity Level) of IEC 62061. This has not exactly been greeted with universal acclaim but most people will accept that some sort of change was necessary. Actually that change is not yet complete; work has now been started on the merging of EN ISO 13849 and IEC 62061. But before we all throw our hands up in despair let me say that it is my contention that we a have reached the summit in terms of difficulty and disruption. There should be no new methodologies or formulae. What we have we should hold. Time and money have been spent getting us to where we are now and this is definitely not the time for starting over. But it is the time to grasp opportunity for some improvement.
Preliminary work has started in a joint ISO IEC working group. The target date for completion is set at 2016 but I would consider that optimistic. Maybe 2018 would be more realistic?
So what brought us to this point? In order to see where we should go in the future we must first understand the lessons of the past.
If we go back ten to twenty years many of us were working with the “Categories” from the now defunct EN 954: Safety related parts of control systems. The EN 954 approach required the use of basic safety principles and either the use of simple, strong and well tried components or fault tolerance and fault detection where necessary to prevent failure of the safety function.
The fact that the system seemed to achieve “Category 3” (for example) in pure structural terms posed a sometimes irresistible temptation to invoke a much simplified tick box approach.
An understanding of the full meaning of the standard was achieved over time and a reasonable consensus on how to interpret some of the “grey” areas was achieved. This was due in part to learning from experience of its use in practice but also due to the availability of instructive information such as the excellent guide produced by the IFA (formerly the BGIA) in Germany.
As we approached the end of the decade it became clear that the use of complex electronic and programmable technology for safety would become inevitable. It was evident that the provisions of this standard with its relatively simple approach could not be counted on to cope with the next generation of machinery safety technology.
This situation lead to the publication in 2005 of IEC 62061: Safety related electrical. electronic and programmable electronic control systems followed shortly by the fully revised EN ISO 13849. Both standards introduced a more complex approach that gives them both the possibility to deal with increasing complexity of safety technology and function. In many cases the safety function is no longer just a simple case of switching off the power. The advent of safety capable logic, for example, has enabled intelligent safety functions that can react to different machine conditions and can actually assist productivity rather than obstruct it. But the greater the flexibility of function, the greater the need for provisions against mistakes and faults.
ISO 13849 and IEC 62061 both include the necessary provisions but at the cost of an increase in complexity including the requirement to do some calculation of the reliability. This in turn means that reliability data has to be sought for the parts of the system. The fact that this data is not always forthcoming creates some understandable frustrations. The upside is that we now have standards that can deal with complexity and that also cover some of the gaps in the old standard that could be an issue even for low complexity systems.
So in summary we have moved from a standard that was perceived as simple to use but was restricted in terms of the technology it enabled, to standards that are perceived as difficult to use but have enabled the confident use of new technology.
The merging of IEC 62061 and ISO 13849 will remove the complication of having two standards. As part of the merging process we need to make sure that we do not introduce any different or additional requirements. The merging process should be regarded as an opportunity for clarification and simplification. It is also the chance for the resolution of some known issues such as the provision of reliability data.
I contend that we have made an overall gain but without doubt there have been trade-offs along the way. It is now time for some of the trade-offs to be re-examined with a view to getting the best of both worlds.