ISO 13849-1:2021 Safety of machinery - Safety­ related parts of control systems

Annex A
(informative)
Guideline for the determination of required performance level

1

Figure A.1 provides guidance for the determination of the safety-related PL r for the safety function. The graph should be considered for each safety function.

A.2 Selection of required performance level

Annex A is concerned with the contribution to the risk reduction made by the safety-related parts of the control system being considered. The method given in this clause is based on the estimation of risk parameters (which is by nature partly subjective as for any other risk estimation method). Therefore, this method is only a guidance to machine designers and standard makers for estimating the PL r for each safety function to be carried out by an SRP/CS.

NOTE This methodology to estimate the PL r is not mandatory. It is a generic approach which assumes a worst case probability of occurrence of a hazardous event (the probability of occurrence is 100 %).

In cases where the probability of occurrence can be assessed as low, a downgrade by one performance level is possible. Other risk estimation methods for specific types of machine can be used as appropriate and experience in successfully dealing with similar machines/hazards should be taken into account when estimating PL r . Therefore, the PL required by a type-C standard can deviate from that indicated by the generic approach given at Figure A.1.

The graph in Figure A.1 is based on the situation prior to the provision of the intended safety function (see also ISO/TR 22100-2:2013). Risk reduction by technical measures independent of the control system (e.g.mechanical guards), or additional safety functions, are to be taken into account in determining the PL r of the intended safety function; in which case, the starting point of Figure A.1 is selected after the implementation of these measures (see also Figure 4).

These parameters used in determining the PL r are

— severity of injury (S)

— frequency and time of exposure to the hazard (F),

— possibility of avoiding the hazard or limiting the harm (P).

Experience has shown that these parameters can be combined, as in Figure A.1, to give a gradation of the contribution to required risk reduction from low to high. It is emphasized that this is a qualitative process giving only an estimation of a required performance level.

A.3 Guidance for selecting parameters S, F and P for the risk estimation
A.3.1 Severity of injury S1 and S2

In estimating the risk, only slight injuries or serious injuries are considered.

To make a decision the usual consequences of accidents and normal healing processes should be taken into account in determining S1 and S2. For example, bruising and/or lacerations without complications would be classified as S1, whereas amputation or death would be S2.

NOTE For guidance about the evaluation of severe or slight injury see also ISO/TR 14121-2.

A.3.2 Frequency and/or exposure times to hazard, F1 and F2

A generally valid time period to be selected for parameter F1 or F2 cannot be specified. However, the following explanation could facilitate making a decision where doubt exists.

F2 should be selected if a person is frequently or continuously exposed to the hazard. It is irrelevant whether the same or different persons are exposed to the hazard on successive exposures, e.g. for the use of lifts. The frequency parameter should be chosen according to the frequency and duration of access to the hazard.

Where the demand on the safety function is known by the designer, the frequency and duration of this demand can be chosen instead of the frequency and duration of access to the hazard. In this document, the frequency of demand on the safety function is assumed to be more than once per year.

The period of exposure to the hazard should be evaluated on the basis of an average value which can be seen in relation to the total period of time over which the equipment is used. For example, if it is necessary to reach regularly between the tools of the machine during cyclic operation in order to feed and move work pieces, then F2 should be selected.

In case of no other justification, F2 should be chosen if the frequency is higher than once per 15 min.

F1 may be chosen if the accumulated exposure time does not exceed 1/20 of the overall operating time and the frequency is not higher than once per 15 min.

A.3.3 Possibility of avoiding hazard or limiting harm

It is important to know whether a hazardous event can be recognized before it can cause harm and be avoided. For example, can the exposure to a hazard be directly identified by its physical characteristics, or recognized only by technical means, e.g. indicators. Other important aspects which influence the selection of parameter P include, for example:

a) speed with which the hazard arises (e.g. quickly or slowly);

b) possibilities for hazard avoidance (e.g. by escaping);

c) practical safety experiences relating to the process;

d) whether operated by trained and suitable operators;

e) operated with or without supervision.

When a hazardous event occurs, P1 should only be selected if there is a realistic possibility of avoiding a hazard or of significantly reducing its effect; otherwise P2 should be selected.

The parameter P can be determined by the following approach:

— determine the letter of each factor of the Table A.1 that reflects the specific application (only one choice for each factor is possible);

— count the number of chosen letters “A”, “B” and “C”;

— determine the correspond value of the parameter P in Table A.2.

Only one choice for each factor is possible in Table A.1.

Table A.1 — Determination of parameter P based on five factors

1

1

P1 should only be selected if there is a realistic possibility of avoiding a hazard or of significantly reducing its effect; otherwise P2 should be selected.

13.4 Overlapping hazards

When using ISO 13849-1, all hazards are considered as a specific hazard or hazardous situation. Each hazard can therefore be evaluated separately.

When it is obvious that there is a combination of directly linked hazards which always occur simultaneously then they should be combined during risk estimation.

The determination of whether hazards should be considered separately or in combination should be considered during the risk assessment of the machine.

EXAMPLE 1 A continuous welding robot can create various simultaneous hazardous situations, for example
crushing caused by movement and burning due to the welding process. This can be considered as a ombination
of directly linked hazards.

EXAMPLE 2 For a robot cell in which separate robots are working, for the cell areas where only one robot can
create at the same time a hazard the robots can be considered separately.

EXAMPLE 3 As a result of a risk assessment it can be sufficient for a rotary table with clamping devices to
consider each clamping device separately.