Burning refinery

Delayed standards implementation causes confusion

Engineers and machine builders face safety standards confusion.

Legislation and conformance have grown and grown over the last 20 years until they have reached a point where many larger companies employ specialist engineers to keep on top of things. The trouble with this is 'specialists' can all too easily find themselves adrift from the mainstream engineering issues that concern their colleagues.

One prime example of this occurred towards the end of 2009, when the European Union suddenly decided to delay withdrawing an ageing standard even though its successor had already been introduced. The reason for the delay was never made clear, but it may well have been companies' lack of preparedness for the switchover, having been so preoccupied by the alarming economic situation. There are in fact two new standards, EN ISO 13849 and IEC/EN 62061, or BS/EN for general machines and electronical machines respectively, plus the existing one.

On the face of it, this was a sensible, simple and straightforward decision - one that would be welcomed by the general engineering populous because it would have afforded them more time to prepare for the new regime.

However, a major problem has arisen from the delay in that a number of companies have decided they would rather stick with the existing standard, while others want to forge ahead and adopt the new ones. Naturally, a third group of companies don't know what to do at all. Given that the withdrawal was announced a mere six weeks before the intended changeover date, many organisations had invested ready for the changeover; now they have lost momentum and feel aggrieved at the waste of time and money.

European standards

The reprieved standard, EN 954 is nearly 20 years old and, although it was due to be discontinued at the end of 2009, has now been pushed back two years. In simple terms, its replacements were to be EN 13849 and 62061, which are already in place. Until 2011 engineers can choose to comply with either old or new.

It is notable that EN 62061 is appropriate for electrical and PLC type applications, whereas EN 13849 is suitable for all types of machinery including pneumatic and hydraulic equipment. Based on Safety Integration Levels (SILs), this is attractive because it is an established standard with which many engineers are already familiar. However, it should be recognised that while EN 62061 is appropriate for some applications, EN 13849 is suitable for all production machinery work - particularly for those involving drive systems and sub-systems.

Many companies are not fully decided upon which route to follow; instead they are planning to go with the flow, watching other companies and taking expert advice only when they need it, but never taking the initiative in case they are wrong. In truth, this is a pragmatic approach and may be the best one for the many organisations that do not have the resources to develop their own strategies and become a leader in the field.

The extension means, in theory, engineers can relax and carry on as they were until December 2011. But the reality is that those who were not ready two months ago will not be ready in two years' time; they will wait it out and hope to find a leader to follow. Organisations that were ready will be pushing to make the changeover now, as they are geared up to do so.

The result is confusion in the marketplace with several standards vying for dominance. This is messy, frustrating and expensive and, ultimately, could lead to a reduction in overall safety levels until a single new regime is established.

Looking at recent history there has always been a transition period before new standards are introduced, which should allow companies time to get ready.

Directives relating to EMC (electromagnetic compatibility) that were introduced about 15 years ago are a good example to use. The problem had been around for years and the legislation sought to standardise strategies towards it. But the introduction was delayed for a year. Even then, the documentation was open to interpretation, so initially several approaches were adopted. Over the next two to three years a consensus slowly emerged, with optimum solutions evolving and becoming accepted throughout the industry, although a few special circumstances were inevitable.

The fact is that industry was only as ready as it wanted to be, because most people were waiting to see what others would do. As a result, there is currently little enthusiasm for replacing EN 954. There was no reason for delaying the matter. However, delayed it has been, which is what needs to be accepted.

EN 954 to EN 13849

EN 954 was introduced in 1992, at a time when technologies and engineering practices were significantly different than they are today. At that time output contactors were used to isolate the motor from the machine, so that it would stop if people were working on it, while an additional parallel safety circuit would allow inching.

A key issue is that it has become far more common to start and stop machines remotely. In the early 1990s this was not the case; there was nearly always a supervising manager present, using the Mark 1 Human Eyeball as their final check against potential problems.

Perhaps the biggest change has been driven by EN 954 itself; new rigour has been brought to calculating mean times between potentially dangerous failures. This can now be done much more reliably and it is transforming the way in which machines are designed.

In truth, EN 954 now does look dated and crude. It concerned itself with the design of circuits, developing architectures that implied safety. It did not really look at component quality; products were generally good but there was a presumption that they would fail eventually so some sort of failsafe or redundancy had to be built in. Current thinking is using a new concept - Mean Time to Failure (Dangerous) - for the whole system.

By contrast the new EN 13849 concerns itself not with individual parts or with design details, but with overall system safety. It defines the start and end points of systems and subsystems and requires safety between the two.

For example, the start point of a system may be the on/off button; the end point or final mechanism. Between the two there could well be a number of components including drives, motors, contactors, etc. It is the overall construction that will be certified under the new regime, not the individual components.

Significantly, something like the control system of a machine is defined under EN13849 as a component part. This means the machine builder is responsible for its safe functioning: if there is a problem, they will be the first port of call. They may be able to prove misuse by the end user or an out of spec component. But passing the buck back to a parts supplier will be very much more difficult because the system design should have been able to cope with an internal malfunction.

EN 13849 defines Mean Time To Failure (Dangerous) for systems. The critical point is the word 'Dangerous' MTTFd is not necessarily the same as Mean Time Between Failures (MTBF). Safe failure is acceptable; dangerous isn't. The standard assumes a machine life of typically 20 years, including service, commissions, repairs, and decommissioning. Thus the machine builders must involve their suppliers from the earliest design stages, and should choose a reputable supplier who is able to maintain the machine for its proposed lifetime.

The procedure will be for the machine builder first to confirm with the end user the required Performance Level class (these are defined A-E, 10,000 hours to 100 million hours or one year to 10,000 years' continuous safe operation) for the overall machine. It is then the machine builder's responsibility to ensure design to this brief, including work by sub-contractors.

The machine builder must consider the reliability of each component and architecture of design accordingly. If components are likely to fail, they must do so in a safe manner; there should be something in the architecture to control this. In the control system, this may involve the inclusion of a failsafe and redundancy subsystem.

Solution

New safety legislation seems to scare anyone who may have to meet it to the point of inaction. They ignore it until the last moment, when they turn to their suppliers for help.

Fortunately, help is at hand. Astute suppliers are up to speed in advance, and in this case an informative software tool is available from the IFA (Institute for Occupational Safety and Health of the German Social Accident Insurance) formerly the German Government's certification body BGIA. The software can be downloaded from their website, at www.dguv.de/ifa/en/pra/softwa/sistema/index.jsp. This is probably the designer's best aid to the subject; a detailed look at this is a very good investment.

The software executes all the calculations automatically and simplifies design procedures considerably. Importantly, it includes a comprehensive library of safety assessed products and components; using these ensures that safety performance levels can be met.

There are two conclusions to be drawn in relation to the new machine safety directive. Firstly, under EN 13849, responsibility for safety will not be transferable or avoidable. Secondly, the deferred cancellation of EN 954 does not mean people can forget it for a couple of years; instead we have a period in which we must be prepared to meet old and new requirements.

Dr Martin Payn is Division & UK Customer Assurance Manager, Parker SSD Drives Europe

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them

Close