EN ISO 13849-1:2015Safety of machinery - Safety­ related parts of control systems

Annex A
(informative)

Determination of required performance level (PLr)

A.1 Selection of PLr

Annex A is concerned with the contribution to the reduction in risk made by the safety-related parts of the control system being considered. The method given here provides only an estimation of the risk reduction required and is intended only as guidance to the designer and standard maker in determining the PLr for each necessary safety funct ion to be carried out by an SRP/CS.

NOTE  This methodology to estimate the PLr is not mandatory. It is a generic approach which assumes a worst case  robability of occurrence of a hazardous event (i.e, the probability  of occurrence is 100 %). Other
risk estimation methods for specific types of machine can be used as appropriate and experience in successfu lly
dealing with  similar machines/hazards  should be taken  into account when  estimati n g PLr. Therefore, the PL
required by a type-C standard can deviate from that indicated by th e generic approach given at Figure A.1

The graph at Figure A.1 is based on the situation prior to the provision of the intended safety function (see also JSO/TR 22100-2:2013). Risk reduction by technical measures independent of the control system  (e.g. mec hanical  guards), or additional  safety  functions, are  to  be  taken  into  account  in
determining the PLr of the i ntended safety function﹔in which case, the starti n g point of Figure A.1 is
selected after the implementation of these measu res (see also Figure 2).
The severity of injury (denoted by S〕 is roughly estimated only (e.g. laceration, amputation, fatality). For the frequency of occurrence, auxiliary parameters are used to improve the estimation. These parameters  are

frequency and time of exposure to the hazard (F), and possibility of avoiding the hazard or limiting the harm (P).
Experience has shown that these paramete rs can be combined, as in Figure A.1. to give a gradat ion or risk from low to high. It is emphasized that this is a qualitative process giving only an estimat ion of risk.

A.2 Guidance for selecting parameters S, F and P for the risk estimation

A.2.1 Severity of injury S1and S2

In estimating the risk arising from a failure of a safety function only slight injuries (normally reversib le〕
and serious injuries (normally irreversible〕 and death are considered.

To make a decision the usual consequences of accidents and normal healing processes should be taken into account in de·termining Sl and S2. For example, bruising and/or lacerations without complications would be classified as Sl, whereas amputation or death would be S2.

A.2.2 Frequency and/or exposure times to hazard, Fl and F2

A generally val id time period to be selected for parameter F1 or F2 cannot be specified. However, the
following explanation could facil itate making the right decision where doubt exists.

F2 should be selected if a person is frequently or continuously exposed to the hazard. It is irrelevant whether the same or different persons are exposed to the hazard on successive exposures, e.g. for the use of lifts. The frequency paramete r should be chosen according to the frequency and duration of access to the hazard.

Where the demand on the safety function is known by the designer, the frequency and duration of this demand can be chosen instead of the frequency and durat ion of access to the hazard. I n this part of I SO 13849, the frequency of demand on the safety function is assumed to be more than once per year.

The period of exposure to the hazard should be eva luated on the basis of an average value wh ich can be seen in relation to the total period of time over wh ich the equipment is used. For example, if it is necessary to reach regularly between the tools of the machine during cyclic operation in order to feed and move work pieces, then F2 should be selected.

In case of no other justifireation,  F2 should be chosen if the frequency is higher than once per 15 min.

Fl may be chosen if the accumu lated exposure time does not exceed 1/20 of the overall operati n g time and the frequency is not higher than once per 15 min.

A.2.3 Possibility of avoiding the hazardous event Pl and P2 and probability of occurrence

The probability of avoiding the hazard and the probability of occurrence of a hazardous event are both combined  in the parameter P. When a hazardous situation occurs, Pl should on ly be selected if there is a realistic chance of avoiding a hazard or of significantly reducing its effect otherwise P2 shou ld be selected.

W here the probability of occurrence of a hazardous event can be justified as low, the PLr may be reduced by one level, see A. 2.3.2.

A.2.3.1 Possibility of avoiding the hazard

I t is important to know whether a hazardous situation can be recognized before it can cause harm and be avoided. For example, can the exposure to a hazard be directly i dentified by its physical characteristics, or recognized only by technical means, e.g. indicators. Other important aspects which Influence the selection of parameter P include, for example:
- speed with which the hazard arises (e.g. quickly or slowly)﹔
- possibilities for hazard avoidance (e.g. by escaping)﹔
- practical safety experiences relating to the process﹔
- whether operated by trained and suitable operators﹔
- operated with or without supervision.

A.2.3.2 Probability of occurrence of a hazardou s event

The probability of occu rrence of a hazardous event depends on ei ther human behavior or technical failures. In most cases, the appropriate probabilities are unknown or hard to identify. The estimation of the probabili 句 of occurrence of a hazardous event should be based on factors including:
- reliability data﹔
- history of accidents on comparable machines .

NOTE A low number of accidents does not necessarilr, mean that the occurrence of hazardous situations is low.but that the safety mea sures on the machines are sufficient .

Where comparable machines

- include the same risk(s) that the relevant safety function is intended to reduce,
- require the same process and operator action,
- apply the same technology causing the hazard.

figA1

 

Figure A.1provides guidan ce for the determination  of th e safety-related  PLr dependin g on the risk assessment for the whole m ach ine. The risk assessment method is based on ISO 12100 (see Figure 1land
also ISO/TR 22100-2). The graph should be considered for each safety function.

A.3     Overlapping hazards

When using ISO 13849-1, all hazard s are considered as a specific hazard or hazardous situation . For the quantification of risk, each hazard can th erefore beeva luated separately.

When  it  is obvious  that  there  is a  combination  of  directly  linked  hazards  which  always occur
simultaneou sly then th ey should be combin ed during risk estimation.

The determination of w hether hazards should be con sidered separately or in combination should be
con sidered during the risk assessm ent of the m achine.

EXAMPLE 1 A continuous welding robot may create various simul taneous hazardous situations, for example crush i ng caused by movement and burning due to the weld i ng process. This can be considered as a combination of directly lin ked h azard s_

EXAMPLE 2      For a robot cell in which separate robots are working, each robot is considered separately.

EXAM PLE 3      As a result of a risk assessment it can be sufficient to con sider at rota ry table with clamping dev ices each clamping device separately.