It’s now almost three years since EN ISO 13849-1, the latest standard covering safety related components of machine control systems, came into full effect, but the requirements of this, admittedly rather complex, standard are still not always clearly understood. Steve Sands, head of product management for Festo provides some useful advice about the standard and pneumatic components that can help meet its requirements

When the old familiar EN954-1 standard for safety related components of machine control systems was withdrawn at the end of 2009* it was superseded by two standards: EN ISO 13849-1:2008, which is applicable to any control technology, and EN IEC 62061 which deals specifically with electrical and electronic control systems. Since this article deals with pneumatic control systems, we will make life a little easier by looking only at EN ISO 13849-1:2008. This standard works on the basis of safety Performance Levels (PLs) and the basic idea behind it is deceptively simple: decide on the PL required for a particular machine or application, denoted by PLr, and then design the control system to ensure that it reaches this PL.

The determination of PLr is usually carried out using the risk graph given in Annex A of the standard, and the process involves making decisions about the severity of potential injury by the machine or subsystem under consideration, the frequency and/or duration of exposure to the hazard, and the possibility of avoiding the hazard. The result of this process is a PL rating, from PL a, which corresponds to a low risk requiring only minimal measures for risk reduction, to PL e, which corresponds to a high risk requiring comprehensive measures for risk reduction.

Assessing the PL achieved by the control system is rather more complex, and the assessment is usually carried out with the aid of one of the software tools that are now available for this purpose. Let’s take a brief look at some of the factors that have to be taken into account, starting with system architecture.

Almost all control systems have three subsystems: input devices, control logic elements and output devices. These can be arranged according to a number of different architectures. The most basic is designated Category B, and has a single channel (one fault can cause the system to fail), designed according to basic safety principles. Category 1 is similar, but ‘uses well-tried safety principles’ which are detailed in the standard.

Category 2 is still a single channel but adds automatic diagnostic monitoring, which must carry out at least 100 tests for every call on the safety function. In pneumatic systems, however, it is often easier and more cost effective to opt for a Category 3 system, which is a dual-channel (redundant) system that must not fail in the event of a single fault. Finally, Category 4 systems are also dual channel, but incorporate enhanced monitoring to guarantee that all single faults are detected.

Another key factor in the PL assessment is the safe life of the components used, which is designated B10d. This is the number of operating cycles that a batch of the components will perform before 10 per cent of them fail to a dangerous condition. Also considered is the meantime to failure to danger (MTTFd) for the components, on the basis of which they are grouped into three ranges: 3 to 10 or more years = low, 10 to 30 or more years = medium, and 30 to 100 or more years = high. The best component manufacturers will be able to provide B10d and MTTFd data for all of their products.

The final two key factors are diagnostic coverage and common cause failures. Diagnostic coverage relates only to architectures in Categories 2, 3 and 4, and is concerned with how effective the diagnostic testing is in detecting dangerous failures. The diagnostic coverage of the system is the ratio of dangerous detected failures to the total number of dangerous failures, expressed as a percentage.

Common cause failures are those that, for example, could simultaneously affect both channels of a two-channel system. EN ISO 13849-1 requires that adequate measures be taken to guard against these. The standard provides a list of measures known to be effective against common cause failures, although it also acknowledges that the use of this list alone may not be sufficient.

As can be seen, meeting the requirements of EN ISO 13849-1 can be challenging, but the task is made much easier, particularly in pneumatic applications, by choosing components that have been developed with safety applications in mind.

These include, for example, safety exhaust valves that ensure the fastest possible safe release of pressure from pneumatic systems in the event of an emergency. Valves of this type are now available that combine 9,000l/min exhaust air flow rate with continuous testing and sensing of safety function that enable them to achieve a PL e safety performance level.

Also now available are PL e rated safety reverse valves that are primarily intended for use with presses to reverse the motion of the press in an emergency, and pneumatic cylinders with positive end-position locking. While the mechanical lock used in these cylinders is not a complete safety solution in itself, it can be used as part of a safety solution to help prevent unwanted movement in the event of a pneumatic system failure.

Components like these are the key ingredients for successfully implementing control systems that meet the safety requirements of EN ISO 13849-1. It is, however, important to bear in mind that it’s not just the components themselves that matter, they must also be used correctly. For this reason, it is always worth working with a pneumatics supplier that not only offers a wide range of proven products, but also backs them with expert advice on how they can be best used to achieve the highest standards of safety.


T: 0800 626422


* EN-954-1 was extended for two years until December 2011 (therefore continued to provide a ‘presumption of conformity’ to the new Machinery Directive) so complying with this standard was sufficient to meet certain of the Essential Health and Safety Requirements (EHSRs) of the Directive