How to use ISO functional safety standards
Some say high-quality engineering is about breaking down large challenges into smaller, more manageable tasks. Many safety engineers are overwhelmed by the sheer volume of safety standards. It’s a struggle to find a starting point and determine which standards are appropriate for which application and in what geographic location. Like training for a marathon, this seemingly daunting part of a safety engineer’s journey is best executed when broken down into smaller, more attainable steps. A roadmap can help determine the appropriate ISO standard for the project and how it can be applied to achieve desired safety performance.
ISO standards primer
The ISO functional safety standards use a three-tier structure that includes Type A, B, and C standards to define requirements for different types of machinery. Understanding the scope of each type will help safety engineers narrow their focus to the appropriate standard(s).
Type A standards are the most basic safety standards and apply to all machinery. They use basic machinery-design concepts and provide general principles. For example, ISO 12100 (Safety of machinery – General principles for design – Risk assessment and risk reduction) is a Type A standard that provides a detailed description of the risk-assessment process accepted for most machinery.
Type B standards are divided into two categories, B1 and B2. B1 standards define a single safety aspect and B2 standards define a single type of safeguard. For example, ISO 13849-1 (Safety-related parts of control systems) is a B1 standard that provides guidance for designing the safety-related parts of a control system. It defines the characteristics of each type of safeguarding function. ISO 62061 is also a B1 standard that offers an alternative to ISO 13849-1 based on Safety Integrity Levels (SIL). ISO 13850 and ISO 13851 are examples of B2 standards that describe the specific functional aspects of emergency-stop devices and two-hand control devices, respectively.
Type C standards are the most narrowly defined standards and have the most stringent requirements for specific types of machinery. For example, ISO 10218-1 applies to industrial robots, while mechanical presses are covered by EN692 and hydraulic presses by EN693. Whenever possible, safety engineers should use a Type C standard to evaluate safety-design requirements for new machinery.
Take a normative approach
No single standard can completely define the requirements for a given functional safety application. Each ISO functional safety standard typically includes a Normative References section to identify other standards that a safety engineer should consult for a more complete picture.
For a comprehensive overview of ISO functional safety standards, safety engineers should, at a minimum, consider reviewing five specific standards: ISO 12100, ISO 13849, ISO 62061, ISO 61508, and IEC 60204. These five standards define minimum requirements for each step in the functional safety lifecycle (pictured below) as defined in ISO 61508 and 62061, including risk or hazard assessment, design, verification, installation, and validation.
Understanding the difference between Type A, B, and C ISO standards, and having a general understanding of the five individual standards that take a safety engineer through the functional safety lifecycle is the first step toward achieving compliance.
Get your secret decoder
Each ISO standard contains a title that provides clues to its content and alphanumeric designation that indicates its reference number, adoption date, and adoption location(s). Safety engineers should select the standard with the most recent revision date and appropriate adoption location.
For example, consider standard BS EN ISO 120100:2010 (Safety of Machinery – General Principles for Design – Risk Assessment and Risk Reduction). The title indicates that this standard contains general principles, so it is likely Type A. The title also signifies that it provides guidance for machinery safety-related risk assessments and risk-reduction techniques. The alphanumeric designator provides additional detail—the author is ISO, the reference number is 12100, and Europe (EN) and Britain (BS) adopted it in 2010. A safety engineer can determine that it is the latest Type A standard providing a model for risk assessment and remediation on machinery in Britain.
Leverage the ISO model
After selecting the most up-to-date standard(s) in the appropriate region, a safety engineer needs to efficiently review and digest the content. ISO functional safety standards have a consistent organizational format that allows a user to navigate each standard and identify links to several normative references. Safety engineers should break down the individual standard into sections to more quickly understand whether it is relevant to the application. Each ISO functional safety standard contains the following sections:
• Scope – The scope serves as a starting point and provides an abstract of the standard’s intended use, whether it is Type A, B, or C, and any limitations. Safety engineers should skim the scope to determine whether the standard is suited for the application. Remember that if the standard is Type A or B, there may be a more applicable Type C standard, depending on the specific type of machinery. When reviewing multiple potentially applicable ISO standards, skimming the scope section of each can often help quickly narrow down to a smaller list.
• Normative References – These typically follow the scope and, as mentioned above, are other ISO standards that can provide a broader, more complete understanding of required processes and documentation.
• Terms and Definitions – Engineers should use the terms and definition to clarify what is meant by phrases and words used frequently throughout the standard. Definitions also help accurately communicate machinery-safety concepts to ensure consistent understanding among those applying the standard.
• Body – The body indicates the rules to follow when applying the standard. Language in the body is normative and often includes words like shall, should, may, and can to indicate required items, permissible actions, and statements of possibility when conforming to the standard. Compliance requires adherence to all normative content in the standard. Flow charts and tables are often included in the body to help illustrate how the standard relates to its normative references and allow users to more quickly understand the content. For example, Figures 1, 2, and 3 in ISO 13849-1 illustrate the relationship between ISO 12100 and ISO 13849-1 to help users understand how to use the risk-assessment standard (12100) when going through the process of designing safety-related parts of a control system as defined in 13849-1.
• Annex – This section provides additional information to help understand the standard. The main difference between the body and annex sections is that the body uses primarily normative, or prescriptive, language while the annex uses descriptive language. Safety engineers should consult the annex for a more practical description of how to apply the standard. For example, in ISO 13849-1, Annex A provides examples of diagnostic coverage and Annex F provides the scoring process for quantifying Common Cause Failure. Both are critical elements for evaluating the achieved required safety Performance Level.
Path to functional safety
Breaking down ISO functional safety standards into their elemental parts as described above will help safety engineers define an easier, more manageable path to compliance.
– Bill Stone is machine safety expert, Rockwell Automation, and functional safety engineer (TÜV Rheinland). Edited by Mark T. Hoske, content manager, CFE Media, Control Engineering and Plant Engineering, firstname.lastname@example.org.
Also see the Control Engineering Machine Safety blog, with more safety advice about codes, standards, and best practices related to machine safety.