Table of Contents
Advertisement
Appendix: Safety of machinery
14.5
Presumption of conformity with harmonised standards
The European directives mainly describe general requirements for the safety of products, but not
details of implementation. This is the responsibility of the European standardisation institutes, which
provide implementation recommendations for specific safety-related problems or specific product
classes. Standards that are assumed to meet the requirements of the directives and correctly imple-
ment them are listed as "harmonised standards". However, by no means all of the available standards
are harmonised.
A manufacturer can express the presumption of conformity of the respective product by applying and
implementing harmonised standards. However, in contrast to directives, standards are not legally
binding. This means that the manufacturer may also consider other solutions than those described in
the standards. However, these solutions must at least achieve the same level of safety as the relevant
standards and meet the requirements of the applicable directives.
14.6
Selection of performance level and category in accordance with
EN ISO 13849-1
The Machinery Directive requires that a defect in the logic of the control circuit, or even a malfunction
or damage to it, must not lead to a dangerous situation. This general approach is EN ISO 13849-1
"Safety-related parts of machine control systems", which defines performance levels (PL a to e) for
safety-relevant control parts. The PL is dependent on the category, the MTTFD value and the diagnost-
ic coverage (DCavg) of the respective safety circuit.
The category describes the structure of the safety functions in the same way as in the previous
EN 954-1. A new addition is the Performance Level (PL), which describes the probability of failure and
the ability to detect faults of the safety function.
The PL is selected by the manufacturer of the machine depending on the actual hazard potential,
which is determined using the hazard and risk analysis. In the case of dangers that can result in irre-
versible injuries or death, a minimum of PL d is usually required.
The category specified for the PL means the following:
–
Category 1: The system has been designed with 1 channel and thus an error results in a loss of
safety, but component availability is high.
–
Category 2: The system was designed with 1 channel and an error thus leads to a loss of safety,
but the error is detected by the system and displayed in any form.
–
Category 3: The system has been designed with 2 channels and an error does not result in loss of
safety
–
Category 4: The system has a 2-channel design and even an accumulation of several errors does
not lead to a loss of safety.
It is also important in this context that individual faults from category 3 must be detected in good time
in order to avoid accumulation of faults, which can ultimately lead to a loss of safety.
Errors that must be detected are items such as cross circuits between the circuits, interruptions, short
circuits or glued contacts in electrical and electronic systems. Specially certified safety switching
devices that already have a specific PL are frequently used to detect faults in the individual safety cir-
cuits. However, the total PL required for the safety function is only achieved if the circuitry with the
associated circuits has been implemented in accordance with the product description for the respect-
ive PL, and the PL of all components contributing to the safety function has been taken into account.
Festo — CDSA-D3-RV — 2020-08
53
Advertisement
Table of Contents
