IEC TR 62061-1:2010 pdf download – Guidance on the application of ISO 13849-1 and IEC 62061 in the design of safety-related control systems for machinery
1 Scope
This Technical Report is intended to explain the application of IEC 62061 and ISO 1 3849-1 2) in the design of safety-related control systems for machinery.
2 General
2.1 Both IEC 62061 and ISO 1 3849-1 specify requirements for the design and implementation of safety-related control systems of machinery 3) . The methods developed in both of these standards are different but, when correctly applied, can achieve a comparable level of risk reduction.
2.2 These standards classify safety-related control systems that implement safety functions into levels that are defined in terms of their probability of dangerous failure per hour. ISO 1 3849-1 has five Performance Levels (PLs), a, b, c, d and e, while IEC 62061 has three safety integrity levels (SILs), 1 , 2 and 3.
2.3 Product standards (type-C) committees specify the safety requirements for safety-related control systems and it is recommended that these committees classify the levels of confidence required for them in terms of PLs and SILs.
2.4 Machinery designers may choose to use either IEC 62061 or ISO 1 3849-1 depending on the specific features of the application.
2.5 The selection and use of either standard is likely to be determined by, for example:
– previous knowledge and experience in the design of machinery safety-related control systems based upon the concept of categories described in ISO 1 3849-1 :1 999 can mean that the use of ISO 1 3849-1 :2006 is more appropriate;
– safety-related control systems based upon media other than electrical can mean that the use of ISO 1 3849-1 is more appropriate;
– customer requirements to demonstrate the safety integrity of a machine safety-related control system in terms of a SIL can mean that the use of IEC 62061 is more appropriate; – safety-related control systems of machinery used in, for example, the process industries, where other safety-related systems (such as safety instrumented systems in accordance with IEC 61 51 1 ) are characterized in terms of SILs, can mean that the use of IEC 62061 is more appropriate.
3 Comparison of standards
3.1 A comparison of the technical requirements in ISO 1 3849-1 and IEC 62061 has been carried out in respect of the following aspects:
– terminology;
– risk estimation and performance allocation;
– safety requirements specification;
– systematic integrity requirements;
– diagnostic functions;
– software safety requirements.
3.2 Additionally, an evaluation of the use of the simplified mathematical formulae to determine the probability of dangerous failures (PFH D ) and MTTF d according to both standards has been carried out.
3.3 The conclusions from this work are the following.
– Safety-related control systems can be designed to achieve acceptable levels of functional safety using either of the two standards by integrating non-complex 4) SRECS (safety- related electrical control system) subsystems or SRP/CS (safety-related parts of a control system) designed in accordance with IEC 62061 and ISO 1 3849-1 , respectively.
– Both standards can also be used to provide design solutions for complex SRECS and SRP/CS by integrating electrical/electronic/programmable electronic subsystems designed in accordance with IEC 61 508. – Both standards currently have value to users in the machinery sector and benefits will be gained from experience in their use. Feedback over a reasonable period on their practical application is essential to support any future initiatives to move towards a standard that merges the contents of both IEC 62061 and ISO 1 3849-1 .
– Differences exist in detail and it is recognized that some concepts (e.g. functional safety management) will need further work to establish equivalence between respective design methodologies and some technical requirements.
4 Risk estimation and assignment of required performance
4.1 A comparison has been carried out on the use of the methods to assign a SIL and/or PL r to a specific safety function. This has established that there is a good level of correspondence between the respective methods provided in Annex A of each standard.
4.2 It is important, regardless of which method is used, that attention be given to ensure that appropriate judgements are made on the risk parameters to determine the SIL and/or PL r that is likely to apply to a specific safety function. These judgements can often best be made by bringing together a range of personnel (e.g. design, maintenance, operators) to ensure that the hazards that may be present at machinery are properly understood.
4.3 Further information on the process of risk estimation and the assignment of performance targets can be found in ISO 1 41 21 -1 and IEC 61 508-5.