IEC TR 62061-1:2010 pdf – Guidance on the application of lSO 13849-1 and lEC 62061 in the design of safety-related control systems for machinery
IEC TR 62061-1:2010 pdf – Guidance on the application of lSO 13849-1 and lEC 62061 in the design of safety-related control systems for machinery.
— terminology:
— risk estimation and performance allocation:
— safety requirements specification:
— systematic integrity requirements:
— diagnostic functions:
– software safety requirements.
3.2 Additionally, an evaluation of the use of the simplified mathematical formulae to determine the probability of dangerous failures (PFH0) and MTTFd according to both standards has been carried out.
3.3 The conclusions from this work are the following.
— Safely-related control systems can be designed to achieve acceptable levels of functional safety using either of the two standards by integrating non-complex4) SRECS (safety- related electrical control system) subsystems or SRPICS (safety-related parts of a control system) designed in accordance with IEC 62061 and ISO 13849-1. respectively.
— Both standards can also be used to provide design solutions for complex SRCCS and SRP/CS by integrating electrical/electroniclprogrammable electronic subsystems designed in accordance with IEC 615O8
— Both standards currently have value to users in the machinery sector and benefits will be gained from experience In their use. Feedback over a reasonable period on their practical application is essential to support any future initiatives to move towards a standard that merges the contents of both IEC 62061 and ISO 13849-1.
— Differences exist in detail and it is recognized that some concepts (e.g. functional safety management) will need further work to establish equivalence between respective design methodologies and some technical requirements.
4 Risk estimation and assignment of required performance
4.1 A comparison has been carried out on the use of the methods to assign a SIL and/or PL to a specific safety function. This has established that there is a good level of correspondence between the respective methods provided in Annex A of each standard.
4.2 It is important, regardless of which method Is used, that attention be given to ensure that appropriate judgements are made on the risk parameters to determine the SIL and/or PLr that Is likely to apply to a specific safety function. These judgements can often best be made by bringing together a range of personnel (e.g. design, maintenance, operators) to ensure that the hazards that may be present at machinery are properly understood.
4.3 Further information on the process of risk estimation and the assignment of performance targets can be found in ISO 14121.1 and IEC 61508.5.
5 Safety requirements specification
SI A first stage in the respective methodologies of both ISO 13849-1 and IEC 62061 requires that the safety function(s) to be implemented by the safety-related control system are specified
5.2 An assessment should have been performed relevant to each safety function that is to be Implemented by a control circuit by, for example, using ISO 13849-1, Annex A. or IEC 62061, Annex A. This should have determined what risk reduction needs to be provided
7 System design
7.1 General requirements for system design using IEC 62081 and ISO 13849-1
The following aspects should be taken Into account when designing a SRECSISRP!CS.
— When applied within the limitations of their respective scopes either of the two standards can be used to design safety-related control 5ystems with acceptable functional safety, as indicated by the achieved SIL or P1.
— Non-complex safety-related parts that are designed to the relevant P1 in accordance with ISO 1 3849-1 can be integrated as subsystems into a safety-related electrical control system (SRECS) designed in accordance with IEC 62061. Any complex safety-related parts that are designed to the relevant P1 in accordance with ISO 13849-1 can be integrated into safety-related parts of a control system (SRPICS) designed in accordance with ISO 13849-1.
– Any non-complex subsystem that is designed In accordance with IEC 62061 to the relevant SIL can be integrated as a safety-related part into a combination of SRPCS designed In accordance with ISO 13849-1.
— Any complex subsystem that is designed in accordance with IEC 61508 to the relevant SIL can be integrated as a safety-related part into a combination of SRPICS designed in accordance with ISO 13849-1 or as subsystems into a SRECS designed in accordance with IEC 62061.
7.2 Estimation of PFH0 and MTTFd and the use of fault exclusions
7.2.1 PFHD and MTTFd
7.2.1.1 The value of MTTFd in the context of ISO 13849-1 relates to a single channel SRPICS without diagnostics and, only In this case, Is the reciprocal of PFHD In IEC 62061.
7.2.1.2 MTTFd is a parameter of a component(s) and!or single channel without any consideration being given to factors such as diagnostics and architecture, while PFH0 is a parameter of a subsystem that takes into account the contribution of factors such as diagnostics and architecture depending on the design structure.