This page summarizes the steps, derived from the ISO 12100, ISO 13849-1/2, and EN 62061 standards, required to design machines with safety in mind.
To implement risk assessment and reduction, the designer should take the following steps:
Perform a risk assessment with a multi-disciplinary team
Risk reduction process for the hazard
Determination of required performance level (PLr)
Design of Safety related parts of Control system
Evaluation of the achieved performance level (PL)
Validation process
Risk assessment
A risk assessment consist of:
Risk analysis, comprising:
Determination of the limits of the machinery
Hazard identification
Risk estimation
Risk evaluation
Determination of limits of machinery
When performing a risk assessment, it’s important to establish the limits of the machinery and consider all phases of its life cycle. This involves identifying the characteristics and performance capabilities of the machine or series of machines within an integrated process, as well as any people, environmental factors, and products associated with it, while keeping in mind the limits of the machinery.
Hazard identification
An essential step in the risk assessment is the systematic identification of reasonably foreseeable hazards, hazardous situations and/or hazardous events during all phases of the machine life cycle. To identify hazards effectively, a team consisting of professionals from multiple disciplines should consider the following factors:
Human interaction during the whole life cycle of the machine
Possible states of the machine
Unintended behavior of the operator or reasonably foreseeable misuse of the machine
Risk estimation
The risk estimation shall be carried out for each hazardous situation by determining the elements of risk:
Severity of harm
Probability of occurrence of harm
Exposure of persons to the hazard
Occurrence of a hazardous event
Possibility of avoiding or limiting harm
Risk evaluation
After risk estimation has been completed, risk evaluation shall be carried out to determine if risk reduction is required. If risk reduction is required, then appropriate protective measures shall be selected and applied.
Risk reduction process for the hazard
The hazard analysis and risk reduction process for a machine requires that hazards are eliminated or reduced through a hierarchy of measures:
Applying inherently safe design measures to control systems
Applying inherently safe design measures to control systems
Determination of required performance level (PLr)
Guidance for selecting parameters S, F and P for the risk estimation:
Severity of injury
S1; slight (normally reversible injury)
S2; serious (normally irreversible injury or death)
Frequency and/or exposure times to hazard
F1; seldom-to-less-often and/or exposure time is short
F2; frequent-to-continuous and/or exposure time is long
possibility of avoiding hazard or limiting harm
P1; possible under specific conditions
P2; scarcely possible
The required performance level, ranging from low (performance level a) to high (performance level e), can be determined based on the chosen risk parameters in the following figure.
Design of Safety related parts of Control system
A typical safety function diagrammatic presentation is given in following figure showing a combination of
safety-related parts of control systems (SRP/CS) for:
Input
Logic/processing
Output/power control elements
Interconnecting means
Evaluation of the achieved performance level (PL)
Determine the PL for each selected SRP/CS or combination of SRP/CS that performs a safety function by estimating the following factors:
The MTTFd (mean time to dangerous failure) value for single components
Using the classifications of Low, Medium, and High
The DC (diagnostic coverage)
Using the classifications of None, Low, Medium, and High
The CCF (Common cause failure)
The minimum score required to pass is 65%
The structure
Using the classifications of category B, 1, 2, 3, and 4
The behaviour of the safety function under fault condition(s)
Safety-related software
Systematic failure
The ability to perform a safety function under expected environmental conditions.
The performance level can be determined by reading the chosen parameters in the following figure:
Validation Process
Software safety requirements
The primary focus for all lifecycle activities of safety-related software should be on avoiding faults introduced during the software lifecycle (as shown in the figure below). The goal of the following requirements is to ensure software that is readable, understandable, testable, and maintainable.
Verification that achieved PL meets PLr
It is necessary for the PL (Performance Level) of each individual safety function to match the required performance level (PLr) of the related SRP/CS as determined by Figure 3. If a match is not achieved, an iterative process as described in Figure 3 must be undertaken.
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.