Last edit: 22/08/2023
Annex A of ISO 13849-1 can be used to determine the required Performance level of a Safety Function: the so called PLr. The method is applicable to Safety Functions in high demand mode only.
Annex A is an informative Annex: that means other methods can be used; for example the one of the IEC 62061.
First of all, it is important to state that the method described in Annex A has subjectivity built in it; it is not an engineering tool but rather it is a qualitative way to state the level of Reliability of a Safety System. That is the reason why Annex A in both ISO 13849-1 and IEC 62061 is Informative.
Harmonised standards to the Machinery Directive provide a Presumption of Conformity to the EHSR; Informative Annexes are not considered in this respect.
Regardless of the method used, it is important that the assessment is made by a team composed by different disciplines: like people from the mechanical and the electrical department, the commissioning, service, etc. Please also refer to Annex C of B11.0 [45]. Being a competent team, there is a high probability that the level of reliability of the specific Safety Function is the correct one. You may have played once in the teambuilding activity of Moon Landing. In essence, you have to rank the importance of 15 items you can bring with you, to survive on the Moon. Items rank from a box of matches to two 100 lb. tanks of oxygen. Each team member does its own ranking and, afterwards, they have to prepare one common agreed ranking. What comes out, normally, is that the team judgement is better that the one of each member. The same usually happens with the determination of the required performance level (PLr) of a safety function.
Risk parameters
The method is based on the estimation of 3 parameters:
- Severity of injury (S):
S1: slight (normally reversible injury);
S2: serious (normally irreversible injury or death).
- Frequency and/or exposure to hazard (F):
F1: seldom-to-less-often and/or exposure time is short;
F2: frequent-to-continuous and/or exposure time is long.
- Possibility of avoiding hazard or limiting harm (P):
P1: possible under specific conditions;
P2: scarcely possible.
A combination of those parameters allows the determination of the Required performance level (PLr).
The principle is that, the higher the risk to be reduced by the Safety Function, the higher its required Performance Level.
S: Severity of injury
To make a decision between S1 and S2, you can also refer to the indications given by the Rapex Directive (§4.7). For example, bruising and/or lacerations without complications would be classified as S1, whereas amputation or death would be S2.
F: Frequency and/or exposure time to hazard
The frequency parameter should be chosen according to the frequency and duration of access to the hazard. In case of no other justification, F2 should be chosen, if the frequency is higher than once per 15 min. F1 may be chosen if the accumulated exposure time does not exceed 1/20 of the overall operating time and the frequency is not higher than once per 15 min.
Just to give an example, if we consider a machine with manual winding whose operator must cyclically reach the loading area, F2 is clearly the appropriate choice. For a machining centre that operates automatically, F1 could be selected.
P: Possibility of avoiding hazard or limiting harm
It is important to know whether a hazardous event can be recognized before it can cause harm and be avoided. Important aspects, which influence the selection of parameter P include:
- Speed with which the hazard arises (e.g. quickly or slowly);
- Possibilities to avoid the hazard (e.g. by escaping);
- Past experience related to the machine;
- Whether operated by trained and suitable operators;
- Operated with or without supervision.
When a hazardous event occurs, P1 should only be selected if there is a realistic possibility of avoiding a hazard or of significantly reducing its effect; otherwise P2 should be selected. In the new edition of ISO 13849-1 there is a methodology that may be followed in order to decide if P1 or P2 is the correct parameter.
The graph in Figure 4.11 {4.6.1.3.1} shows the path to be followed, once the various parameters have been decided. Please note that the analysis is based on the situation prior to the provision of the intended safety function: please refer to the concept of the Naked Machinery in §4.1.4
An Example on how to use the graph
With reference to a manually loaded Press
- The consequence of the dangerous event is a serious irreversible injury à S2
- An operator is exposed to the hazard several times a day à F2.
- It is not possible to avoid hazard or limiting harm caused by the dangerous event à P2
The analysis of the Table A.1 shows that the PLr value is e.