There is a bit of news coming up in the safety field. While the Machinery Directive is nearing a new publication, there is also some activity when it comes to harmonized standards relating to functional safety in the machine world.
What’s new in Machine Safety
After the publication of the second edition of IEC 62061 in 2021, the publication of the fourth edition of ISO 13849-1 is coming in 2023.
The update of ISO 13849 is much awaited, since, in our experience, users of PL-ISO 13849 are much more numerous than users of SIL-IEC 62061 (in the machine world).
Currently the document is in the “Final Draft” stage, so we do not expect substantial changes compared to what has already been prepared.
Here is a list of the expected variations, we will get back to the subject when the official version comes out:
- The entire document has been reorganized to facilitate the design and development of control systems
- New paragraph on risk analysis recommendations (clause 4)
- Identification of security functions (updated to clause 5)
- Combination of multiple subsystems (updated to clause 6)
- New clause 7 on software security requirements
- New clause 9 on ergonomic aspects of design
- Validation (updated in clause 8 and moved to clause 10)
- New Annex G.5 on Functional Safety Management
- New Annex L on immunity to electromagnetic interference (EMI)
- New Annex M with additional information for the specification of safety requirements
- New Annex N on failure prevention measures for safety software design
- New Annex O with the safety values of the components or parts of the control systems
Validation is included directly in part 1 of ISO 13849 which then becomes self-supporting, while part 2 of 2012 remains a valid alternative.
Save this link:
What are the significant updates compared to the previous edition
- Fulfilment of the safety function through the use of subsystems
As with edition IEC 62061:2021, also in the draft of ISO 13849-1 it is clearly reported that the subsystems compliant with the SIL world (see IEC 62061 and IEC 61508), can also be used in the PL field.
Whereas previously it was just implied, it is now written in black and white in paragraph 4.6.
In our opinion, therefore, it is increasingly important to seek compliance with IEC 61508, as it allows access to a greater number of markets.
Note that SIL devices can be used in PL scope where the application is in High Demand Mode or Continuous Mode. In addition, devices analyzed according to Route 2h should be excluded.
Safety Requirement Specification
In the draft of the new ISO 13849-1 edition, more emphasis is placed on the importance of writing safety specifications.
The new edition tries to reorder the information and give a more exhaustive guide on the contents to be reported. Among the requirements listed, here we indicate those that in our opinion have seen a substantial update, or a new introduction.
- Safety functions for maintenance activities:In the previous edition, although good practice, it was not explicitly required to also report assessments related to maintenance in the risk analysis. In the new edition, not only is it required to deal with this phase in the risk analysis, but there could also be new safety functions exclusively related to the maintenance phase.
- Minimize the temptation of circumventing safety functions:The draft of 13849-1 expressly requires that during the design phase of the machine (or its part) all the necessary measures be taken to minimize reasons to circumvent a safety function. Recent research has shown that many injuries occur due to the cancellation of safety functions and/or the circumvention of protections.
- Remote access:The draft also introduces an essential, frequently used aspect, i.e. remote access to the machine. The design of the SRP/CS must allow remote access to a machine only if specific measures have been taken to avoid dangerous situations that may occur due to the undetected presence of people in or near the machine.
The safety software of the SRP/CS must not be modifiable via remote access if it is not possible to validate the safety function locally.
Remote access, and more generally cyber security in the industrial field, will also be accepted by the harmonized standards to the Machinery Directive, after the Machinery Regulation will probably see a substantial update during 2023. This will include topics related to the technological development of machines and possible risks caused by OT and AI, data exchange between IT and OT and exposure to cyber attacks capable of compromising the functioning of systems and therefore the safety of people.
Read the article:
As is known, in applications related to functional safety, the devices involved must have a high level of immunity from electromagnetic disturbances: as far as the emission constraints are concerned, these are not to be evaluated, even if this does not imply the need to comply with the legal requirements according to the applicable directives.
Thus, the fourth edition of ISO 13849 provides a precise scheme according to the target to be achieved, recalling standards such as IEC 61000-6-2 for PLb and IEC 61000-6-7 or IEC 61326-3-1 for larger PLs.
Functional Safety Management
In the new ISO 13849 version, a strong reference is made to the management of functional safety, thus aligning with other relevant regulations such as IEC 62061 and IEC 61508.
The user must activate a security plan that contains the measures to prevent problems regarding incorrect specifications, implementations or modifications.
In particular, the functional safety plan must:
- identify the relevant activities of the SRP/CS design process (specifications, design, integration analysis, testing, verification, validation) and details on when they should take place
- identify the roles and resources required for the performance and review of each of these activities
- identify procedures for the release, configuration, documentation and modification of hardware and software projects
- establish a validation plan
- identify relevant activities before making any changes
Systematic capacity for software
The new edition is also self-supporting from a software point of view, as it directly indicates the measures and techniques to be applied during development to avoid systematic failures.
Values of components and safety parts
The draft provides ways to characterize the devices used in security functions, and takes 4 categories into consideration:
- Type 1 device, which has the highest level of integration. Pre-designed safety systems with integrated diagnostics are typical. This type is rated SIL or PL according to its intended use. The device manufacturer specifies the classification.
- Type 2 device, not necessarily developed in accordance with safety standards; however, this does not exclude application in accordance with ISO 13849-1.
- Type 3 device, e. components with a failure mode that depends on the operating cycles. Additional application data (number of operations, number of activations, circuit structure, direct current and CCF consideration) are required for the user to evaluate a safety function. Devices of this type are not necessarily developed in accordance with safety standards; however, this does not exclude application in accordance with ISO 13849-1.
- Type 4 device, which is nothing other than a special kind of type 1. This type has non-random faults that lead to a dangerous fault, which means that the probability of a dangerous fault occurring in the vicinity of PFH is 0.
Finally, for each type of device, the parameters must be made available in the following way:
|Characteristic value||Type 1 device||Type 2 device||Type 3 device||Type 4 device|
x = mandatory
O = optional
Here are the expected changes. As promised, we will return to the topic as soon as the official version of the new ISO 13849 is available. In the meantime, let’s keep in touch.