Any potential risks posed by a machine should be largely eliminated from the start for economic reasons. And a safety system should minimize unnecessary trips to maximize uptime. Here are five steps to consider when planning a machine build:
STEP ONE Risk assessment
The machine builder is required to implement risk assessment to identify all hazards associated with any proposed system; to assess and evaluate the respective risks; and to design and construct the system in consideration of such hazards. Risk assessment implementation is to be considered a design-accompanying process which is to be carried out by experts of various disciplines. In this context, the EN ISO 12100 standard offers support by description of an iterative procedure for risk assessment. Also, in the U.S., this is covered by the ANSI B11.0 standard.
STEP TWO Risk reduction
Risk reduction comprises design measures and technical protective equipment, as well as training measures for users — and can be divided into three levels:
Level 1 — Safe design
Covers, fences, etc. take top priority within the scope of risk reduction. They are to ensure the following:
- Avoidance of crushing points
- Avoidance of electric shock
- Concepts for machine shutdown in case of emergency
- Concepts for operation and maintenance
Level 2 — Technical protective measures
A safety function must be defined for each hazard which cannot be eliminated by means of design measures.
A safety system executes safety functions and comprises these subsystems:
- Detecting (position switch, E-STOP, light curtain etc.)
- Evaluating (fail-safe controller, safety relay etc.)
- Reacting (contactor, drives, etc.)
Level 3 — User information on residual risks
As a matter of law, users must be informed of any possible residual risks. User information might typically comprise:
- Warnings in the operating instructions
- Special work instructions
- Notes on the use of personal protective equipment
Machine builders can ensure compliance with the new machinery directives and resulting export capability and liability by the application of the EN ISO 13849-1 and IEC 62061 standards
The IEC 62061 standard specifies requirements and provides recommendations for the design, integration and validation of safety-related, electrical, electronic and programmable electronic control systems (SRECS). A system designed in accordance with IEC 62061 complies with all relevant requirements of IEC 61508. The IEC 62061 standard does not define any requirements for the capacity of non-electrical (e.g. hydraulic, pneumatic, electromechanical) safety-related control elements for machines.
The IEC 62061 (EN 62061) standard can be applied for the evaluation of all electrical and electronic systems, independent of their category. The requirements can also be applied to non-electrical controls, given they comply with ISO 13849. Sub-systems (SRP/CS) assessed in accordance with EN ISO 13849-1 can be used comparably.
The ISO 13849-1 standard may be applied to safety-related parts of control systems (SRP/CS) and all types of machines — regardless of the technology and energy used (electrical, hydraulic, pneumatic, mechanical, etc.). It also specifies special requirements for SRP/CS with programmable electronic systems.
Most important changes in the standard include:
- Performance level (beyond the exclusive consideration of categories)
- Incorporation of development and application of programmable electronic systems with safety function (PES) in safety-related parts of control systems
- Extended consideration of the control and avoidance of systematic failures and faults
Application of the ISO 13849-1 standard is recommended when the safety function is mainly realized on the basis of fluid power (hydraulic, pneumatic).
With both standards, the risk of each hazard is estimated on the basis of the risk element determination. This determination is based on:
- Severity of the harm involved
- Frequency and duration of a person’s exposure to the hazard
- Probability of occurrence of a hazardous event
- Possibilities of avoiding or limiting the harm
The required Safety Integrity Level (SIL in accordance with IEC 62061) or Performance Level (PL in accordance with ISO 13849-1) is determined on the basis of these criteria.
STEP THREE Implementation of technical protective measures and validation
For this purpose, a test plan must first be drawn up with the relevant test specification, including a detailed description of the tests, the test setup, the test environment, the test programs and error simulations. The test plan must also include the expected results of the individual tests. The validation can start in any phase of the machine life, but must be completed before delivery and acceptance by the customer.
Validation target — Assurance of compliance with requirements
- Specified in European directives
- Resulting from the customer’s specification documents, the machine’s application and any further country-specific requirements applicable to the machine
- The purpose of the validation procedure is to ensure that the implemented safety functions make the required contribution to risk reduction to ensure that the machine is safe and remains so.
STEP FOUR Market availability with documentation
All machine-relevant information must be available with full documentation when the machine is made available to the market. This comprises: customer specification documents, technical documentation, certificate of conformity, acceptance report (if applicable), transport documents, etc.
STEP FIVE Product monitoring in the field
Every manufacturer is required to monitor their product by means of a survey for any hidden defects after it has been placed on the market. The user must be informed of any discovered hidden defects.
The integration of safety technology in standard automation concepts entails considerable and sustainable user benefits for enhanced competitiveness. Machine builders benefit from reduced hardware and significantly simplified engineering. The result: considerably faster realization of machines and systems, as well as easier adjustability to new requirements. The advantages for system operators: they are provided with safe and more productive machines and systems. A single integrated system of safety technology and standard automation reduces downtimes thanks to improved diagnostics, which also increases the system availability for production.
Drives with integrated safety functions
Electrically-driven power units and machine components frequently bear enormous risk potential. Rotating units such as saws, rollers and spindles may lead to severe or even fatal injuries. Drives with integrated safety functions facilitate the easy realization of safety concepts. Previously required electromechanical components and corresponding wiring are eliminated. The transfer of safety-relevant signals can be realized via standard field buses, which additionally minimizes wiring complexity and expenditures. Drives with integrated safety functions support implementation of much more powerful safety concepts — both in terms of functionality and response times. In many cases, this often results in increased productivity.