According to test and certification provider TÜV SÜD United Kingdom’s Stewart Robinson, the ISO is making some revisions to ISO 13849-1 to help clarify the functional safety requirements.

The changes have been published as a “Final Draft Amendment”, meaning that there will be no further editorial or technical changes, with the publication of the amended standard following within a few months. Meanwhile, EN 62061 has been updated to include references to other related standards which have changed, with no technical changes to the standard itself made.

1     Within the updated ISO 13849-1, Table 1 is to be removed, and replaced by a reference to the technical reports published in 2010 for guidance on the choice of which standard to adopt.
 
2     Previously the expression “average probability of a dangerous failure per hour” had been used in full throughout the standard. Now, the abbreviation PFHD is also used, delivering some consistency between EN ISO 13849-1 and other functional safety standards. Likewise, the term “subsystem” is now included as an alternative term for Safety Related Parts of Control Systems (SRP/CS). Summing up the PFHD of each SRP/CS in series alignment to establish the PFHD of the function is also made clear.
 
3     For Category 4 architectures, the 100 years Mean Time To Dangerous Failure (MTTFd) capping can be increased to 2,500 years. This is to overcome the limitations imposed on the calculated PFHD that results in an artificial limit to the number of subsystems in a series alignment. Annex K has also been expanded to take account of this.
 
4     The current “assumption”, that for Category 2 architecture the demand rate should be ≤1/100 test rate, now has the added alternative provision that Category 2 can also be claimed if testing occurs immediately upon demand of the safety function, and safety times and distances are also satisfied.
 
5     There is clear guidance given that where non-electrical components are used in the output part of the SRP/CS, the use of specified categories is to be considered. For example for Performance Level d (PLd) a Category 3 architecture is required, whilst for PLe Category 4 is specified.
 
6     For PLd with Category 2 architectures it is now a normative requirement for the Output of Test Equipment (OTE) to initiate a safe state.
 
7     There is also clarification that the use of the Risk Graph is not mandatory, and that other methods to establish the performance level required (PLr) of the safety functions can be used instead. The guidance on selecting some of the parameters is expanded, and it is made clear that the selection of P1 or P2 should consider both the possibility to avoid and the probability of occurrence of the hazardous event.
 

8     Some of the wording in parts of Annex C has been changed so that it is clear that the information in this Annex is more relevant to SRP/CS manufacturers than to end-users of SRP/CS subsystems. Finally, Annex I “Examples” has been completely revised with example A (single channel) having a PLr of PLc, and example B (dual channel) having a PLr of PLd. More detail is now also given to the reliability data used in the examples to make them more in keeping with actual “real world” applications.

Stewart Robinson is Principal Engineer and Functional Safety Expert with TÜV SÜD United Kingdom

Go here for the full article