Last edit: 11/08/2023
In Chapter 4: both standards are introduced and it is clarified that they should be used after a risk assessment on the machine is done. The standards play a role when the risk reduction has to be done by a control system. With the two new editions, the importance of subsystems is now valid for both standards: all the considerations on Categories and Architectures have to be done at subsystem level and not for the whole Safety Function. The misunderstanding was mainly in the previous editions of ISO 13849-1, due to the heritage of EN 954-1.
The chapter continues with the introduction and explanation of the PFH and SIL acronyms, and their relationship. Finally, the concept of Required SIL (sometimes indicated as SILr in the book) and PLr is introduced and the methodology how to determine them, recommended by each of the two new international standards, is described. Examples on how to avoid Systematic Failures are presented with the concepts of Basic and Well-tried Safety Principles, used in both Standards. We also clarify that the Reset is often a Safety Function. Finally, the book details some technical aspects (like the Direct Opening Action), not detailed in the two new standards, but that are important to understand them correctly.
Hereafter some excerpt from the chapter.
4.1.2 Protective and Preventive Measures
In general, Risk Reduction happens through both Preventive measures, which reduce the frequency, and mitigating or Protective measures, which reduce the severity.
The operation of cutting trees in a forest is an example of a Preventive measure since it prevents fires to spread. On the other hand, a fire detector is an example of a Protective measure since it cannot reduce the frequency at which a fire occurs, but it can reduce the severity of consequences by initiating a sprinkler system.
Preventive measures reduce the likelihood of a dangerous event, while protective measures reduce the severity of the damage.
The use of glycolic water in Forging Presses is another example of a preventive measure since it reduces the likelihood of fires.
The creation of a safeguarded space with an interlocked door can be seen as a protective measure; however, it only reduces the likelihood of the accident to happen and not the severity of the damage. For that reason, it is an example of a preventive and not of a protective measure. […]
[…]
4.3.1 Safety-Related Stop
This is probably the most common Safety Sub-Function. A Rolling Mill Stand is a safeguarded space. When access is permitted (with the use of a trapped key, for example) all movements are stopped, thanks to the activation of an SCS: the machine is then placed in a safe state. That can be stated in a different way: the machine is placed in a safety-related stop.
A Safety-related stop can be activated by a Safeguard (an interlocking device or an Active Optoelectronic Protective Device) and can be “translated” in the de-energization of a contactor or in the activation of the Safe Torque off (STO) of a Variable Speed Drive.
As a result of the risk assessment, safe stopping sub-functions can be realized according to the stop categories in IEC 60204-1, § 9.2.2, and/or according to other similar Safety Functions as described in IEC 61800-5-2, § 4.2.
After a stop command is initiated, the stop condition shall be maintained until safe conditions for restarting are established.
[…]
4.5.1 PFHD and PFH
ISO 13849-1 has always used the acronym PFHD to indicate the probability of dangerous failure per Hour. IEC 62061 2005 edition used the same acronym. The new edition of IEC 62061 uses the IEC 61508-4 [8] acronym, PFH, to indicate the same variable. For completeness, we report hereafter the definition as in IEC 61508-4.
[IEC 61508-4] 3.6 Fault, failure and error
3.6.19 Average Frequency of a Dangerous Failure Per Hour (PFH). Average frequency of a dangerous failure of an E/E/PE safety related system to perform the specified safety function over a given period of time.
Therefore, don’t get confused, because PFHD ≡ PFH.