The increasing role of functional safety in complex machine design

Mechatronics and safety: Proper application of safety standards is required to attain CE Marking, vital for machines placed in Europe. See the five steps to self certification.


Figure 1: This chart shows the standards involved when making a risk assessment and the application of A, B, and C level standards. Courtesy: SickOne of the biggest challenges facing U.S. machine builders is the transition from the old safety standard EN954-1 to the new ISO 13849-1 or IEC 61061 safety standards. Proving conformity with these safety standards helps a machine builder obtain a CE Mark, required for placing machines in Europe. Achieving a CE Mark need not be difficult if the right steps are taken.

The new standards are used to demonstrate conformity to the European Machinery Directive 2006/42/EC for safety-related parts of a control system (SRP/CS). This functional safety approach to machine design is a necessary response to the changing complexity of automation and the increasing role of new software-based controllers in carrying out integrated safety functions. While the task of designing the safety control system has become a bit more complicated, functional safety offers a more flexible method to design the SRP/CS and to mitigate hazards with safety functions.

Although the use of functional safety concepts has its origins in the process control industry, this approach for machinery-specific implementation is gaining momentum with machine builders. But with two years of implementation now passed, there are still many machine and robot builder OEMs in the U.S. struggling to understand the Machinery Directive and how to implement the standard(s) to show conformity on the way to CE Marking.

Bottom line for U.S. manufacturers looking to place machines in the EU market: You have to build your machinery such that the essential health and safety requirements in the Machinery Directive are met. This overview of designing for the Machinery Directive includes references and suggestions for those requiring more detailed information, and provides best practices for others.

Applicable directives, standards

The safety of machinery depends to a large extent on the correct application of directives and standards. In Europe the national legal requirements are harmonized by European directives, such as the Machinery Directive. Such directives describe general requirements that are specified in more detail by standards.

The directives define basic objectives and requirements and are kept as technologically neutral as possible. In the area of health and safety at work and machine safety, the following directives have been published:

  • Machinery Directive 2006/42/EC – aimed at the manufacturers of machinery
  • Work Equipment Directive 2009/104/EC – aimed at organizations that operate machinery
  • EMC Directive 2004/108/EC
  • Low Voltage Directive 2006/95/EC

Manufacturers must take into account the integration of safety during the design process. In practice, this means that the designer makes a risk assessment as early as the machine’s development phase. The resulting measures can then flow directly into the design.

CE Marking Machinery and the conformity assessment procedure under the Directive can take several paths, depending on the type and risk level of the machine.

5 steps to self-certify a machine

Most machines are not listed in Annex IV of the Machinery Directive and can therefore take the self-certification route, which requires the manufacturer to complete these five steps:

  1. Perform a risk assessment
  2. Demonstrate conformity to the Essential Health and Safety Requirements (EHSRs) of Annex I, or against the requirements of applicable C-type harmonized standards.
  3. Compile all technical documentation into a Technical File
  4. Complete an EC Declaration of Conformity
  5. Affix the CE Mark 

This procedure does not involve the intervention of a Notified Body, but the manufacturer or an authorized representative may choose to seek independent advice or assistance as necessary to carry out the conformity assessment of the machinery. Any technical report(s) generated must be included in the Technical File.

Directives describe basic requirements, and A, B, and C level harmonized standards demonstrate conformity to the directives. A list of harmonized standards is available. Figure 1 shows the basic A, B, and C level harmonized standards typically applied.

If a C-type standard exists for a machine-such as ISO 10218-1:2011 Robots and Robotic Devices - Safety requirements for industrial robots-then this standard has priority over all other A and B-type standards and any information in these guidelines. In these cases, only the C-type standard applies.

While the use of standards is not mandatory, the selection of a standard and its correct application is the surest way to obtain conformance with the relevant EHSRs. The end user is still responsible for ensuring that the equipment complies with the directives and that the standards were applied correctly.

Performing risk assessment

The first step on the path to a CE Mark is a risk assessment. When designing a machine, analyze the possible risks and, where necessary, add protective measures to protect the operator from any hazards that may exist.

To aid a machine manufacturer with this task, ISO 12100:2010 defines and describes the process of risk assessment, including risk estimation and risk evaluation. A risk assessment is a sequence of logical steps that permit systematic analysis and evaluation of risks.

The aim of the risk assessment is to:

  • Identify hazards
  • Identify tasks associated with each hazard
  • Determine whether a risk reduction is necessary or not
  • Determine how the required risk reduction shall be reached
  • Identify safety functions
  • Determine the Required Performance Level (PLr).

Figure 2: This diagram depicts paths for Risk Estimation & Associated Required Performance Level (PLr). Courtesy: SickThe documented outcome of the risk assessment is critical when risk reduction measures are implemented by devices that perform safety functions. The machine must be designed and built taking into account the results of the risk assessment.

Section 6 of ISO 12100:2010 outlines applying inherently safe design measures for control systems. It states that the design measures of the control system shall be chosen so that their safety-related performance provides a sufficient amount of risk reduction. To prevent hazardous machine motion and to achieve safety functions, the design of control systems shall comply with the principles and methods presented in subclause 6 and shall be applied as appropriate to the circumstances (see ISO 13849-1, IEC 60204-1, and IEC 62061).

Determining the PLr for the system defines the performance of control components and their integration into the control system for the SRP/CS. The performance level is defined in five discrete steps, from “a” to “e” (Figure 2), and is calculated via a complex formula. The PLr depends on the structure of the control system, the reliability of the components used, the ability to detect failures, and resistance to multiple common cause failures in multiple channel control systems. In addition, further measures to avoid design faults are required.

Documenting calculations for the PLr is an essential part in building the Technical File for the machine. While these calculations can be a bit complex, there is a free software program (Safety Integrity Software Tool for the Evaluation of Machine Applications, or SISTEMA) from IFA, an institute for research and testing of the German Social Accident Insurance.

The IFA website includes information and examples on how to install and use the software. A critical step in the correct use of SISTEMA is the inclusion of component manufacturer libraries that list their devices for use with the software. This aids in the reliability calculations of safety devices used in performing safety functions. Current manufacturers’ device libraries can be found on the IFA website as well as on the manufacturers’ own web sites.

After the PLr is established for various machine functions, the designer must make sure the safety systems meet either ISO 13849-1 or IEC 62061 requirements. Table 1 from ISO 13849-1 summarizes the scope of applications for IEC 62061 and ISO 13849-1.

Table shows the recommended application of IEC 62061 and ISO 13849-1 as they relate to the technologies implementing the safety-related control function(s). Courtesy: Sick

Functional safety methods found in ISO 13849-1 give guidance to design adjustments that define what a safe control circuit is. ISO13849-1 can be applied to all areas of the SRP/CS, including hydraulic and pneumatic components when analyzing the complete safety system.

The advantage of using these standards is that it allows design engineers to adjust their safety circuit structure and the quality of their chosen safety or even non-safety devices according to the level of risk defined by the PLr. This eliminates over-engineering and ensures the proper application of both safety and non-safety rated devices.

See next page for an application photo, diagram, and more about Declaration of Conformity and affixing a CE Mark.

<< First < Previous Page 1 Page 2 Next > Last >>

The Top Plant program honors outstanding manufacturing facilities in North America. View the 2015 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
Doubling down on digital manufacturing; Data driving predictive maintenance; Electric motors and generators; Rewarding operational improvement
2017 Lubrication Guide; Software tools; Microgrids and energy strategies; Use robots effectively
Prescriptive maintenance; Hannover Messe 2017 recap; Reduce welding errors
The cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Research team developing Tesla coil designs; Implementing wireless process sensing
Commissioning electrical systems; Designing emergency and standby generator systems; Paralleling switchgear generator systems
Natural gas engines; New applications for fuel cells; Large engines become more efficient; Extending boiler life

Annual Salary Survey

Before the calendar turned, 2016 already had the makings of a pivotal year for manufacturing, and for the world.

There were the big events for the year, including the United States as Partner Country at Hannover Messe in April and the 2016 International Manufacturing Technology Show in Chicago in September. There's also the matter of the U.S. presidential elections in November, which promise to shape policy in manufacturing for years to come.

But the year started with global economic turmoil, as a slowdown in Chinese manufacturing triggered a worldwide stock hiccup that sent values plummeting. The continued plunge in world oil prices has resulted in a slowdown in exploration and, by extension, the manufacture of exploration equipment.

Read more: 2015 Salary Survey

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
The maintenance journey has been a long, slow trek for most manufacturers and has gone from preventive maintenance to predictive maintenance.
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.
Maintenance Manager; California Oils Corp.
Associate, Electrical Engineering; Wood Harbinger
Control Systems Engineer; Robert Bosch Corp.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me