EN IEC 62061 functional safety of programmable systems
The harmonised standard EN IEC 62061 covers all safety-relevant parts of electrical control systems in machinery. The standard applies to the whole life cycle of the machine from design to decommissioning.
EN IEC 62061 is the basis for the successful integration of safety-related electrical controls that comply with EN 13849-1 and IEC EN 61508 in order to validate the key requirements for the validation of the safety functions.
As with EN ISO 13849-1, the goal is to determine whether the implemented safety measures are suitable for reducing safety risks. In EN IEC 62061 this is assessed by using the risk graph and expressed in one of three Safety Integrity Levels (SIL), where SIL1 applies to the lowest safety risk and SIL3 to the highest.
Use the riskograph to determine the Safety Integrity Level (SIL)
How does a risk assessment according to EN 62061 work? Risk assessment is an iterative process. This means that it may be necessary to go through the process several times.
The risk must be assessed and the SIL determined for each hazard where the risk needs to be decreased by control technology measures.
The risk is estimated by EN IEC 62061 considering:
Se Severity of injury
Fr Frequency and duration of exposure to the hazard
Pr The likelihood of a hazardous event occurring
Av The possibility to avoid or reduce damage
Classification of severity of injury (Se)
Se 4 Irreversible: death, loss of an arm or eye
Se 3 Irreversible: broken limbs, loss of finger(s)
Se 2 Reversible: medical treatment required
Se 1 First aid (FAFS) required
Probability classification (Pr)
Pr 5 Very high
Pr 4 Likely
Pr 3 Possible
Pr 2 Rare
Pr 1 Negligible
To determine the risks, complex calculations are required. The PAScal calculation software makes this easier and more transparent.
Classification of frequency and duration of exposure (Fr) > 10 min
Fr 5 <= 1 hour
Fr 5 > 1 hour to <= 1 day
Fr 4 > 1 day to <= 2 weeks
Fr 3 > 2 weeks to <= 1 year
Fr 2 > 1 year
Classification of the possibility of restriction/prevention (Av)
Av 5 Impossible
Av 3 Rare
Av 1 Likely
Do you need support?
Contact our specialists
Safety Integrity Level (SIL) matrix of designation
The SIL is determined using the following table. Use the formula K = F + W + P for determining the K class.
Severity (S) | Class (K) 3 – 4 | Class (K) 5 – 7 | Class (K) 8 – 10 | Class (K) 11 – 13 | Class (K) 14 – 15 |
---|---|---|---|---|---|
4 | SIL 2 | SIL 2 | SIL 2 | SIL 3 | SIL 3 |
3 | (OM)* | SIL 1 | SIL 2 | SIL 3 | |
2 | (OM)* | SIL 1 | SIL 2 | ||
1 | (OM)* | SIL 1 |
* OM = Other measures
What requirements should be taken into account?
The following minimum requirements are set when a design of the relevant safety functions is selected:
1. Structural limitations of subsystems
The SIL achieved by the SRECS (Safety-Related Electrical Control System) based on the structural constraints is lower than or equal to the lowest SILCL of any system involved in the execution of the safety function. The control system architecture and the “safe failure fraction” (SFF) play an important role in this respect.
Percent of safer failures (SFF) | Hardware fault tolerance HFT 0 | Hardware fault tolerance HFT 1 | Hardware fault tolerance HFT 2 |
---|---|---|---|
< 60% | Not permitted | SIL 1 | SIL 2 |
60% to < 90% | SIL 1 | SIL 2 | SIL 3 |
90% to < 99% | SIL 2 | SIL 3 | SIL 3 |
>= 99% | SIL 3 | SIL 3 | SIL 3 |
2. Probability of coincidental dangerous hardware failure
The probability of a dangerous failure of each Safety-Related Control Function (SRCF) due to dangerous random hardware failures shall be equal to or less than the failure limit specified in the specification of the safety requirements.
SIL according to EN 62061 | Probability of a dangerous failure per hour (PFHD) [1/h] |
---|---|
SIL 3 | >= 10 E-8 to < 10 E-7 |
SIL 2 | >= 10 E-7 to < 10 E-6 |
SIL 1 | >= 10 E-6 to < 10 E-5 |