Machine safety should be an important consideration for OEM product designers. So, what is machine safety and how can designers lean on performance standards and vendors to ensure compliance?
What is machine safety?
Simply defined, machine safety is the work of implementing safeguards to protect personnel from injury by understanding the inherent risks associated with operating a machine. There are many machine safety solutions from simple to complex. Some simple examples include electrical safety interlock switches and light curtains. More complex solutions include a comprehensive Safety Instrumented System (SIS) involving programmable electronic components.
This article will focus on the latter, and look at how Original Equipment Manufacturer (OEM) designers can approach machine safety design leaning on the increasingly harmonized performance-based standards and components that carry third-party certification.
The bike designer analogy
Let us use the analogy of a bike designer to set the stage. The bike designer understands how the “machine” operates and has identified potential safety hazards and consequences of those hazards. The designer assesses appropriate protection layers (e.g. chain guards or foam protectors on cross bars) and executes a “likelihood analysis” evaluating how accidents are initiated – the frequency and consequences – and what can be done to further reduce risk (e.g. adding front and rear reflectors). The bike designer might even consult vendors that specialize in components to help achieve a desired level of risk reduction (e.g. a vendor who supplies highly reflective materials at a cost-effective price.)
Performance based machine safety standards aid product design
Machine designers who pay attention to the international performance-based standards are encouraged to follow a similar path to the bike designer in our analogy. This begins with the analysis phase that looks at machine functions, hazards and consequences. According to the standards, the analysis phase should culminate with a Safety Requirements Specification (SRS) which rigorously scopes out, in writing, the needs of safety, functionality and integrity.
Two of the most predominant machine safety standards are IEC 62061 and ISO 13849. These are performance-based standards intended to help designers engineer systems that reduce risk. They focus attention in either of two broad areas:
1 The Safety-related electrical control system (SRECS) or the Safety-related control function (SRCF) as defined by EN/IEC 62061:2021 [Safety of machinery – Functional safety of safety-related control systems.] This performance-based sector standard derives from the functional safety standard EN/IEC 61508 (aka “mother” standard.)
or
2 Safety-related parts of control systems (SRP/CS) as defined by EN/ISO 13849-1:2015 [Safety of machinery — Safety-related parts of control systems]
These standards require machine safety designers to assess whether a fault will occur in the safety-related function, and the probability of that fault occurring. This calculation informs whether the machine will meet the applicable regulatory requirements (e.g. the Machinery Directive 2006/42/EC) or a company’s tolerable risk criteria. The latter metric varies by industry segment, type of machinery and application.
Leaning on component manufacturers
It is important to note that OEMs often rely on sub-system manufacturers to provide component and process data, so that a theoretical calculation of the failure rate of a safety system can be calculated quantitatively. Qualitative assessments are also employed and, not surprisingly, vendor selection can depend on it.
Failure rates of components and subsystems are most often expressed either as an average in low demand applications (PFDavg) or continuous in high demand applications (PFH). The potential danger to machine operators can be continuous so Probability of Failure per hour (PFH) is the metric most often used in order to comply with the performance-based standards.
The portion of this value known as “Dangerous Undetected” failures (λDU) correlates with a Safety Integrity Level (SIL) in the case of EN/IEC 62061. Performance Level (PL) is used in the case of EN/ISO 13849. Compliance with machine safety directives are measured against these safety levels.
How component manufacturers aid compliance
Much is written about the application of the two machinery safety standards that work largely in harmony with one another. If you GOOGLE the standards by name or title, you will find a variety of information on how they are applied. Manufacturers who provide safety devices or related components can add to this knowledge by providing product and performance data on the components they manufacture. The most sought-after and highly credible data comes from independent third-party agencies. United Electric’s experience is with Exida, which describes itself as “the leading product certification and knowledge company specializing in automation system safety, alarm management, cybersecurity, and availability.”
Exida’s highly developed assessment and certification process includes the following elements:
1) Assessing the product development process through an audit and review of a detailed “safety case” and against a certification scheme that looks at the relevant requirements of both the IEC 61508 and ISO 13849 standards.
2) A detailed Failure Modes Effects and Diagnostic Analysis (FMEDA) for documenting the hardware architecture and failure behavior of a given product or component.
3) A review of field-failure-rate data to verify the accuracy of the FMEDA analysis.
4) A review of the manufacturing quality system that produced the product.
More on performance-based safety-related documentation
Component assessments and certifications vary from agency to agency. The safety certificate should confirm that a given product and its manufacturer have been assessed to relevant requirements of the performance-based standard(s). The certificate should delineate a product’s “Systematic Capability” (i.e., quantifying contributions of human error) as well as “Random Capability” (i.e. failures that occur randomly in nature).
Failure in Time (FIT) data
The certificate should also summarize a given product’s FIT data defined as one failure/109 hours broken down into four categories:
- Safe Detected (λSD)
- Safe Undetected (λSU)
- Dangerous Detected (λDD)
- Dangerous Undetected (λDU)
Example certification
Failure Mode Effects and Diagnostic Analysis (FMEDA)
A second important document that manufacturers should provide is the Failure Mode Effects and Diagnostic Analysis (FMEDA). This data typically is shared confidentially with the OEM safety designer, and is particularly insightful as it models the use of the certified component in an example safety function using failure rate data for each of the elements of that function: the sensor, logic solver and final element.
Functional Safety Assessments (FSA)
It is worth noting that Exida has a policy of publishing SIL/PL certificates and Functional Safety Assessments (FSA) on a public website called the Safety Automation Equipment List (SAEL), maintained for the benefit of safety designers. The SAEL is intended to aid transparency of the assessment and certification process.
Qualitative assessment – marrying unique component features with safety requirements
FIT data provided by manufacturers and assessed by third-party certification agencies is not the complete picture. Manufacturers of components can help designers by sharing specific or unique product attributes that may aid the safety, function and improve the integrity of machines. These are the “soft” product assessments that can be important to the continuous improvement of design and functionality.
For example, some electronic control devices use diagnostic algorithms to monitor a device’s health and status in order to monitor and detect dangerous failures. Other examples of newer technology in the sensor space include:
- Microprocessor-based pressure or temperature controls with embedded photo-MOSFETs for highly repeatable (±0.1%) SPST switching.
- Microprocessor-based pressure or temperature controls with embedded, high capacity relays that eliminate unneeded interconnected equipment.
- Microprocessor-based hybrids that can supply both 4 to 20mA signals and relay/switched outputs for continuous control and monitoring.
- Precision flow devices with additional environmental protection.
Conclusion
Machine safety is one of the OEM designer’s most important considerations. Internationally recognized performance-based standards encourage the use of tools to help designers assess and mitigate risk and improve safety design. This deep dive into proving and validating systems begins with the rigorous development of a Safety Requirements Specification (SRS) and the assessment of the safety-related control system. Third-party certifiable failure rate data can be critical to proving the safety of a design. Failure rate data is only part of the picture, rounded out by understanding unique or distinctive attributes of components that can improve design and safety.
About the author:
Chan Reis has more than 30 years of experience as a United Electric Controls (UE) territory manager. His engagements with dozens of UE’s largest OEM customers has informed his knowledge of international functional safety standards, especially the application of EN/IEC 61508, and the derivative Machine Safety Standard (EN/IEC 62061).
Comments