Are you ready for functional safety?

This illustration depicts a machinery directives and harmonized standards overview.

The Machinery Directive (2006/42/EC) and its harmonized standards provide system developers with tools and guidelines to specify, develop, and validate the safety robustness of machinery for all of its functions, in all of its operating modes, and for its intended use and foreseeable misuse. All of this must be done prior to the machinery being placed on the market or put into service within any European Union member country.
The directive is considered a new approach, meaning that the actual regulation outlines the essential health and safety requirements for applicable machinery. However, it does not provide any detailed information to guide the development of solutions. This type of directive relies on technical standards to provide guidance and solutions to meeting its stated requirements. Therefore, the standards and directives work in concert to specify the required result and the state-of-the-art process or solution.

Global impact
International safety standards — such as the harmonized ISO13849-1 standard — have been updated as a result of the revised Machinery Directive. ISO13849-1 has been developed within the International Organization for Standardization (ISO) community to ensure that it is global in nature, not just a European standard. In addition, more specific safety demands are also reflected in industry specific standards — for example, ISO25119 for agricultural and forestry equipment and ISO15998 for earthmoving machines.

The harmonized standards are created and recast periodically to ensure they remain applicable and current as time and innovation continue to impact the machinery industry. This process, along with the collaborative efforts of the standards committees, helps ensure that the latest ideas and technology are represented within the resulting standards.
The adoption and application of the internationally recognized processes and tools for the design of control systems should benefit any machinery manufacturer — both inside the European Community and elsewhere, including North America.

Processes and tools
The primary intent of the functional safety concept is to maintain a machine’s ability to perform its intended functions while ensuring the risk has been adequately reduced. Rigorousmachine system design processes are the key to complying with new functional safety requirements while simultaneously delivering optimum functionality, safety robustness, and system availability.

The first step in the design for functional safety is to determine requirements for the system. According to Directive 2006/42/EC, a machine manufacturer must ensure that a hazard and risk analysis is carried out in order to determine the health and safety requirements that apply to the machine. The machinery must then be designed and constructed taking into account the results of the risk assessment.

The key to this risk assessment — and the resulting risk reduction process — is achieving the required risk reduction functionality, referred to as the safety function. Multiple safety functions may be required to address all risk. By definition, the absence of any required safety functions may result in an immediate increase in the risk level for the machinery.
Under the previous guidelines, when a portion of the system was understood to be safety critical, the recommendation was to establish redundancy for that portion of the system. Today, however, the toolbox includes architecture categories and quantitative parameters, such as Mean Time To dangerous Failure (MTTFd), Diagnostic Coverage (DC), and Common Cause Failure (CCF). The tools enable a probabilistic evaluation of the safety-related part of a control system and rely on each other in order to deliver the required risk reduction.

The best implementation of this concept is achieved when risk reduction measures are seamlessly incorporated into the design of a machine’s functionality. This level of system integration typically requires cooperation between the system integrator and the suppliers of components used in the system.

This graphical representation shows how EN954-1 fits in with ISO 13849.

Systems as solutions
The entire supply chain can participate in (and bring value to) this process to help machinery manufacturers meet these new requirements for critical machinery systems and subsystems. Traditionally, off-highway equipment has relied on hydraulic or mechanical systems to implement critical functionality, such as steering, propulsion, and work functions. These safety-related control systems have often been considered proven in use, (fault excluded). As electronics continue to grow as a vital means to enhance machine performance and effectiveness, the robustness of the entire system must be quantitatively assessed to ensure adequate risk reduction is achieved.

The challenge for OEMs is to design and verify vehicle functions in order to meet a specific performance level identified by the hazard and risk analysis, gather MTTFd data from individual component suppliers, and verify that the diagnostic coverage (DCavg) and CCFs are within required ranges.

Component suppliers, such as Sauer-Danfoss, are developing new products (in some cases pre-qualified) to help OEMs comply with new state-of-the-art standards and European law. System integrators and suppliers working together will speed up system development and qualification time, reduce total costs, and bring vehicles to market faster.

Steve Crow is Team Leader — Product Application Engineering at Sauer-Danfoss. For more information, email nadvertising@sauer-
danfoss.com. or visit bit.ly/ND1Oaw.