iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty!
IEC

IEC TR 63161:2022

(Main)

Assignment of a safety integrity requirements - Basic rationale

Assignment of a safety integrity requirements - Basic rationale

IEC TR 63161:2022 can be used where a risk assessment according to ISO 12100 has been conducted for a machine or process plant and where a safety related control function has been selected for implementation as a protective measure against specified hazards. This document describes an example basic logical rationale to assign a safety integrity requirement to the selected function.
The description is generic and as far as reasonably possible independent from any specific tool or method that can be used for assignment of a safety integrity requirement. The requirement can be expressed as a safety integrity level (SIL), or performance level (PL).
An example basic rationale is described that is embodied by such methods and tools, as far as they follow a risk based quantitative approach.
Conversely, the logic described in this document can be used as a reference for assessing specific methods or tools for safety integrity assignment. This can clarify how far the respective tool/method is following a risk based quantitative approach, and where deviations from that approach are imposed by other considerations. In real applications, the quantitative risk based approach can be modified or overridden by other considerations in many cases and for good reasons. It is not within the scope of this document to discuss or evaluate such reasons. Usually the reasons for deviations from a given tool or method from a quantitative logic are provided, so that this can be discussed in the proper frame.
Examples for such analyses are provided for common assignment tools in the format of risk graphs and risk matrices.
This document can be used for safety related control functions in all modes of application: continuous mode, high demand mode and low demand mode of application.

General Information

Status
Published
Publication Date
12-Jul-2022
ICS
13.110 - Safety of machinery
Technical Committee
TC 44 - Safety of machinery - Electrotechnical aspects
Current Stage
PPUB - Publication issued
Completion Date
13-Jul-2022
Ref Project

Buy Standard

IEC TR 63161:2022 - Assignment of a safety integrity requirements - Basic rationaleIEC TR 63161:2022 - Assignment of a safety integrity requirements - Basic rationale
PreviousNext
Technical report
IEC TR 63161:2022 - Assignment of a safety integrity requirements - Basic rationale
English language
46 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

IEC TR 63161
Edition 1.0 2022-07
TECHNICAL
REPORT
colour
inside
Assignment of safety integrity requirements – Basic rationale
IEC TR 63161:2022-07(en)
---------------------- Page: 1 ----------------------
THIS PUBLICATION IS COPYRIGHT PROTECTED
Copyright © 2022 IEC, Geneva, Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form

or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from

either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC

copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or

your local IEC member National Committee for further information.
IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC

The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes

International Standards for all electrical, electronic and related technologies.
About IEC publications

The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the

latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch

The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the

variety of criteria (reference number, text, technical publications previews. With a subscription you will always have

committee, …). It also gives information on projects, replaced access to up to date content tailored to your needs.

and withdrawn publications.
Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
The world's leading online dictionary on electrotechnology,
Stay up to date on all new IEC publications. Just Published
containing more than 22 300 terminological entries in English
details all new publications released. Available online and once
and French, with equivalent terms in 19 additional languages.
a month by email.
Also known as the International Electrotechnical Vocabulary
(IEV) online.
IEC Customer Service Centre - webstore.iec.ch/csc
If you wish to give us your feedback on this publication or need
further assistance, please contact the Customer Service
Centre: sales@iec.ch.
---------------------- Page: 2 ----------------------
IEC TR 63161
Edition 1.0 2022-07
TECHNICAL
REPORT
colour
inside
Assignment of safety integrity requirements – Basic rationale
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 13.110 ISBN 978-2-8322-3944-5

Warning! Make sure that you obtained this publication from an authorized distributor.

® Registered trademark of the International Electrotechnical Commission
---------------------- Page: 3 ----------------------
– 2 – IEC TR 63161:2022 © IEC 2022
CONTENTS

FOREWORD ........................................................................................................................... 4

INTRODUCTION ..................................................................................................................... 6

1 Scope .............................................................................................................................. 7

2 Normative references ...................................................................................................... 7

3 Terms and definitions ...................................................................................................... 7

4 Risk based quantitative approach .................................................................................. 10

4.1 General ................................................................................................................. 10

4.2 Sequence of steps in functional safety assignment ............................................... 10

4.3 Reference information ........................................................................................... 12

4.3.1 General ......................................................................................................... 12

4.3.2 Accident scenario .......................................................................................... 13

4.3.3 Hazard zone .................................................................................................. 13

4.3.4 Severity of harm ............................................................................................ 13

4.3.5 Safety control function ................................................................................... 14

5 Quantified parameters of a functional safety assignment ............................................... 14

5.1 General ................................................................................................................. 14

5.2 Parameter types ................................................................................................... 14

5.2.1 General ......................................................................................................... 14

5.2.2 Probability ..................................................................................................... 14

5.2.3 Event rate ...................................................................................................... 14

5.3 Probability of occurrence of harm .......................................................................... 15

5.4 Quantification of risk ............................................................................................. 15

5.5 Target failure measure .......................................................................................... 15

5.6 Probability of occurrence of a hazardous event – P .............................................. 16

5.7 Exposure parameter – F ...................................................................................... 17

5.8 Probability of avoiding or limiting harm – A .......................................................... 18

5.8.1 General ......................................................................................................... 18

5.8.2 Vulnerability (V) ............................................................................................. 18

5.8.3 Avoidability (A) .............................................................................................. 19

5.9 Demand types and related event rates .................................................................. 19

5.9.1 Event classes ................................................................................................ 19

5.9.2 Demand and demand rate .............................................................................. 20

5.9.3 Initiating events and rate of initiating events I ............................................. 20

5.9.4 Safety demands and safety demand rate D ................................................. 21

5.9.5 Tolerable risk limit – Parameter L .............................................................. 22

(S)

5.10 Additional parameters ........................................................................................... 23

6 General principle of functional safety assignment .......................................................... 25

6.1 Basics ................................................................................................................... 25

6.1.1 Applicability to complete functions ................................................................. 25

6.1.2 Risk relation .................................................................................................. 25

6.1.3 Logical independence of parameters ............................................................. 25

6.2 High demand or continuous mode of operation ..................................................... 25

6.3 Low demand mode of operation ............................................................................ 26

7 Assignment of the demand mode ................................................................................... 27

7.1 Demand mode – General ...................................................................................... 27

---------------------- Page: 4 ----------------------
IEC TR 63161:2022 © IEC 2022 – 3 –

7.2 Assignment criteria ............................................................................................... 30

8 Relation to ISO 12100 ................................................................................................... 30

9 Tools for functional safety assignment ........................................................................... 31

9.1 General ................................................................................................................. 31

9.2 Selection of independent parameters .................................................................... 32

9.3 Logarithmizing parameters .................................................................................... 32

9.4 Discretization of parameters ................................................................................. 32

9.5 Parameter scores .................................................................................................. 33

9.6 Scoring methods in strict sense ............................................................................ 34

Annex A (informative) Examples of SIL assignment tools numerical analysis ....................... 35

A.1 General ................................................................................................................. 35

A.2 Assignment of score values to parameter entries .................................................. 35

A.3 Extraction of tolerable risk limits ........................................................................... 36

A.4 Risk matrix of IEC 62061 ...................................................................................... 38

A.5 Risk graph of ISO 13849 ....................................................................................... 41

A.6 Risk graphs for low demand mode of operation ..................................................... 43

Bibliography .......................................................................................................................... 46

Figure 1 – Sequence of steps in functional safety assignment............................................... 12

Figure 2 – Protection layers, event rates and their relation.................................................... 22

Figure 3 – Hazard rate according to the Henley / Kumamoto equation .................................. 29

Figure 4 – Elements of risk according to ISO 12100 .............................................................. 31

Figure 5 – Discretization of parameters ................................................................................. 33

Figure A.1 – Extraction of tolerable risk limits ....................................................................... 37

Figure A.2 – Risk matrix based on IEC 62061 ....................................................................... 38

Figure A.3 – Maximum allowable PFH as function of the score sum for the different

severity levels ....................................................................................................................... 39

Figure A.4 – Representation by a continuous numerical interpolation .................................... 40

Figure A.5 – Risk graph of ISO 13849-1 ................................................................................ 41

Figure A.6 – Interpolation per severity level .......................................................................... 43

Figure A.7 – Risk graph for low demand mode of operation .................................................. 44

Figure A.8 – Risk graph for low demand mode of operation – from Figure 7 of VDMA

4315-1 .................................................................................................................................. 45

Table 1 – Parameters overview ............................................................................................. 24

Table A.1 – Relation between PLs and ranges in PFH .......................................................... 42

---------------------- Page: 5 ----------------------
– 4 – IEC TR 63161:2022 © IEC 2022
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
ASSIGNMENT OF SAFETY INTEGRITY REQUIREMENTS –
BASIC RATIONALE
FOREWORD

1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising

all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international

co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and

in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,

Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC Publication(s)"). Their

preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with

may participate in this preparatory work. International, governmental and non-governmental organizations liaising

with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for

Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.

2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international

consensus of opinion on the relevant subjects since each technical committee has representation from all

interested IEC National Committees.

3) IEC Publications have the form of recommendations for international use and are accepted by IEC National

Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC

Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any

misinterpretation by any end user.

4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications

transparently to the maximum extent possible in their national and regional publications. Any divergence between

any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.

5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity

assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any

services carried out by independent certification bodies.

6) All users should ensure that they have the latest edition of this publication.

7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and

members of its technical committees and IEC National Committees for any personal injury, property damage or

other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and

expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC

Publications.

8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is

indispensable for the correct application of this publication.

9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent

rights. IEC shall not be held responsible for identifying any or all such patent rights.

IEC TR 63161 has been prepared by IEC technical committee 44: Safety of machinery –

Electrotechnical aspects. It is a Technical Report.
The text of this Technical Report is based on the following documents:
Draft Report on voting
44/935A/DTR 44/954/RVDTR

Full information on the voting for its approval can be found in the report on voting indicated in

the above table.
The language used for the development of this Technical Report is English.

This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in

accordance with ISO/IEC Directives, Part 1 and ISO/IEC Directives, IEC Supplement, available

at www.iec.ch/members_experts/refdocs. The main document types developed by IEC are

described in greater detail at www.iec.ch/standardsdev/publications.
---------------------- Page: 6 ----------------------
IEC TR 63161:2022 © IEC 2022 – 5 –

The committee has decided that the contents of this document will remain unchanged until the

stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to

the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates that it

contains colours which are considered to be useful for the correct understanding of its

contents. Users should therefore print this document using a colour printer.
---------------------- Page: 7 ----------------------
– 6 – IEC TR 63161:2022 © IEC 2022
INTRODUCTION

This document describes an example basic logical rationale for assigning a safety integrity

requirement to a safety related control function in a risk based approach. The parameters for

the assignment are explained. It is described how these parameters can relate to the risk

assessment according to ISO 12100 and to the safety integrity requirement.
---------------------- Page: 8 ----------------------
IEC TR 63161:2022 © IEC 2022 – 7 –
ASSIGNMENT OF SAFETY INTEGRITY REQUIREMENTS –
BASIC RATIONALE
1 Scope

This document can be used where a risk assessment according to ISO 12100 has been

conducted for a machine or process plant and where a safety related control function has been

selected for implementation as a protective measure against specified hazards. This document

describes an example basic logical rationale to assign a safety integrity requirement to the

selected function.

The description is generic and as far as reasonably possible independent from any specific tool

or method that can be used for assignment of a safety integrity requirement. The requirement

can be expressed as a safety integrity level (SIL), or performance level (PL).

An example basic rationale is described that is embodied by such methods and tools, as far as

they follow a risk based quantitative approach.

Conversely, the logic described in this document can be used as a reference for assessing

specific methods or tools for safety integrity assignment. This can clarify how far the respective

tool/method is following a risk based quantitative approach, and where deviations from that

approach are imposed by other considerations. In real applications, the quantitative risk based

approach can be modified or overridden by other considerations in many cases and for good

reasons. It is not within the scope of this document to discuss or evaluate such reasons. Usually

the reasons for deviations from a given tool or method from a quantitative logic are provided,

so that this can be discussed in the proper frame.

Examples for such analyses are provided for common assignment tools in the format of risk

graphs and risk matrices.

This document can be used for safety related control functions in all modes of application:

continuous mode, high demand mode and low demand mode of application.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies.

For undated references, the latest edition of the referenced document (including any

amendments) applies.

ISO 12100:2010, Safety of machinery – General principles for design – Risk assessment and

risk reduction
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following

addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
---------------------- Page: 9 ----------------------
– 8 – IEC TR 63161:2022 © IEC 2022
3.1
probability

real number in the interval 0 to 1 attached to a random event and expressing quantitatively how

likely the occurrence of that event is
Note 1 to entry: See 5.2.2 for more information.

[SOURCE: IEC 60050-103:2009, 103-08-02, modified – Notes 1 and 2 to entry have been

removed and replaced with a new Note 1 to entry.]
3.2
event rate
−1 −1 −1

frequency with the dimension of time , typically given in the units h or year , attached to a

random event and expressing quantitatively how frequently this event is expected to occur

Note 1 to entry: See 5.2.3 for more information.
3.3
tolerable risk

level of risk that is accepted in a given context based on the current values of society

Note 1 to entry: For the purposes of ISO/IEC Guide 51:2014, the terms "acceptable risk" and "tolerable risk" are

considered to be synonymous.
[SOURCE: ISO/IEC Guide 51:2014, 3.15]
3.4
tolerable risk limit

risk which is accepted in the context of a given hazard of machinery or process equipment and

which is quantified as an event rate for the occurrence of harm with a specified level of severity

as a consequence of the hazard
Note 1 to entry: See 5.9.5 for more information.

Note 2 to entry: The harm with the specified level of severity is a necessary attribute of a tolerable risk limit, however

it is not expressed in the limit itself.

Note 3 to entry: This definition adds the element of quantification to the general definition of "tolerable risk", which

is not necessarily implied in the term "tolerable risk" without the modifier "limit".

3.5
hazardous event
event that can cause harm
Note 1 to entry: See 4.3.2 for more information.

[SOURCE: ISO 12100:2010, 3.9, modified – The note to entry has been removed and replaced

by a new one.]
3.6
hazardous situation
circumstance in which a person is exposed to at least one hazard
Note 1 to entry: According to ISO 12100:2010, 3.10.
Note 2 to entry: See 4.3.2 for more information.

[SOURCE: ISO 12100:2010, 3.10, modified – The note to entry has been removed and replaced

by two new ones.]
---------------------- Page: 10 ----------------------
IEC TR 63161:2022 © IEC 2022 – 9 –
3.7
demand

event that causes the safety control system to perform the safety

control function
Note 1 to entry: See 5.9.2 for more information.

[SOURCE: IEC 62061:2021, 3.2.25, modified – The abbreviated term "SCS" has been replaced

by the words "safety control system", and "a safety function" has been replaced with "the safety

control function".]
3.8
initiating event

situation which, without the safety function, will result in damage

or harm of any sort or severity
Note 1 to entry: See 5.9.3 for more information.
3.9
safety demand

situation where, unless prevented by the safety control function

under assessment, an accident with a specified level of harm to people would occur

Note 1 to entry: See 5.9.4 for more information.
3.10
hazard rate

rate of accidents of a specific severity in conjunction with a specific hazard that occurs although

a safety control function has been installed to prevent this type of accident
3.11
probability of avoiding or limiting harm

probability that potentially exposed persons do not suffer harm of the specified level of severity

during a hazardous event
Note 1 to entry: See 5.8 for more information.
3.12
avoidability

probability that potentially exposed persons avoid exposure to the hazard during a hazardous

event
Note 1 to entry: See 5.8 for more information.
3.13
vulnerability

probability that exposed persons in a hazardous situation do suffer harm of the specified level

of severity
Note 1 to entry: See 5.8 for more information.
3.14
hidden failure
hidden fault

failure or fault in hardware or software that does not announce itself and is not detected by

dedicated methods when it occurs

Note 1 to entry: The term "hidden" in the given sense is complementary to the term "revealed" according to

IEC 61511-1:2016, 3.2.13.

Note 2 to entry: A hardware or software failure or fault announces itself, e.g. by a disturbance of the equipment

under control, its working process, or its surroundings.
---------------------- Page: 11 ----------------------
– 10 – IEC TR 63161:2022 © IEC 2022

Note 3 to entry: The "hidden status" of a hardware or software failure or fault is terminated when it is either detected

by a dedicated check or method, or when it becomes overt by disturbing the equipment under control, its working

process, or its surroundings. This may be related, e.g. to a change of the operation status or to a person approaching

the equipment. Failures that stay "hidden" without termination are not relevant.
4 Risk based quantitative approach
4.1 General

In a risk based approach, a safety control function can be specified to keep a risk that is caused

by a machine or process below a defined maximum level, the "tolerable risk limit".

The concept of "risk" is defined in ISO 12100:2010, 3.12 as "combination of the probability of

occurrence of harm and the severity of that harm". Although both elements of the definition can

be understood quantitatively, "risk" is not necessarily understood as a quantifiable parameter

in the context of ISO 12100. That holds even more for the "tolerable risk", i.e. the risk which is

accepted in a given context based on the values of society.

On the other hand, the efficiency of a safety control function for mitigating risk, often indicated

as reliability of the control system, is described with the term "safety integrity". This expresses

the degree of reliance that is put on a safety control function. "Safety integrity" has a quantitative

aspect, which is clearly revealed by the complement of safety integrity, the unreliability of a

safety control function. The unreliability is quantified as "target failure measure", i.e. either as

average probability of the function to fail on demand PFD , or as the rate of dangerous

avg
function failures per hour, PFH.

SIL assignment is the process of deriving a target figure for the failure measure of a safety

control function from a risk assessment. As soon as a risk assessment is used as a basis for

specifying a required level of safety integrity, it is implied that elements of this risk assessment

are quantified. After all, a quantitative result is derived as output of the procedure and it is

generally assumed that this is in a logical relation to the assumptions which were used as inputs.

Consequently, there is a basic logical rationale of functional safety assignment, which captures

all relevant aspects of the application of a safety control function in quantified parameters and

sets them in a logical relation to the tolerable risk limit and the target failure measure for the

function.
NOTE Information on risk management can be found in ISO 31000:2018.
4.2 Sequence of steps in functional safety assignment

The following steps can be used to lead to a functional safety assignment in the context of a

risk analysis for a machine or process. In this context, "SIL" is used as generic placeholder for

any type of safety integrity indicator.
1) A hazard is identified by the analysis.

2) Accident scenarios with that hazard can be developed: It is stated which persons could

suffer which type of harm, by which parts or functions of the machine, in which operation

modes of the machine or process, etc. – see 4.3.2 for the elements of an accident scenario.

3) Mitigation measures can be devised conceptually. According to ISO 12100:2010, 6.1, the

priority of measures decreases from inherently safe design measures (step 1) over

safeguarding and/or complementary protective measures (step 2) to information for use

(step 3). Safety functions are a form of "safeguarding and/or complementary protective

measures".

4) The iteration of the overall design of the machine or process leads to the decision that an

instrumented control function will be implemented. At the latest at this point, the

functionalities of the control function are defined.
---------------------- Page: 12 ----------------------
IEC TR 63161:2022 © IEC 2022 – 11 –

5) The safety related parts of the instrumented control function can be identified. With respect

to the hazard in step 1 above, the function will be capable of preventing the given hazard

from causing harm, if it works as devised.

NOTE 1 The required SIL is relevant for the functionality according to step 5. With this step 5, the preconditions

for a SIL-assignment can be given. The following steps comprise the assignment in a strict sense. Typically, this

can be done using a graphical tool, table or scoring system. The current description assumes that no such pre-

designed tool is available, but the basic logic of the process can be followed in a "quantitative

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

IEC
IEC TR 62061-1:2010(Main)
Guidance on the application of ISO 13849-1 and IEC 62061 in the design of safety-related control systems for machinery

IEC/TR 62061-1:2010 is intended to explain the application of IEC 62061 and ISO 13849-1 in the design of safety-related control systems for machinery.

  • Technical report
    38 pages
    English and French language
    sale 15% off
IEC
IEC 60204-1:2016/AMD1:2021(Main)
Amendment 1 - Safety of machinery - Electrical equipment of machines - Part 1: General requirements
  • Standard
    20 pages
    English and French language
    sale 15% off
IEC
IEC 62061:2021(Main)
Safety of machinery - Functional safety of safety-related control systems

IEC 62061:2021 specifies requirements and makes recommendations for the design, integration and validation of safety-related control systems (SCS) for machines. It is applicable to control systems used, either singly or in combination, to carry out safety functions on machines that are not portable by hand while working, including a group of machines working together in a co-ordinated manner.
This document is a machinery sector specific standard within the framework of IEC 61508 (all parts).
The design of complex programmable electronic subsystems or subsystem elements is not within the scope of this document.
The main body of this sector standard specifies general requirements for the design, and verification of a safety-related control system intended to be used in high/continuous demand mode.
This document:
– is concerned only with functional safety requirements intended to reduce the risk of hazardous situations;
– is restricted to risks arising directly from the hazards of the machine itself or from a group of machines working together in a co-ordinated manner;
This document does not cover
– electrical hazards arising from the electrical control equipment itself (e.g. electric shock – see IEC 60204-1);
– other safety requirements necessary at the machine level such as safeguarding;
– specific measures for security aspects – see IEC TR 63074.
This document is not intended to limit or inhibit technological advancement.
IEC 62061:2021 cancels and replaces the first edition, published in 2005, Amendment 1:2012 and Amendment 2:2015. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
– structure has been changed and contents have been updated to reflect the design process of the safety function,
– standard extended to non-electrical technologies,
– definitions updated to be aligned with IEC 61508-4,
– functional safety plan introduced and configuration management updated (Clause 4),
– requirements on parametrization expanded (Clause 6),
– reference to requirements on security added (Subclause 6.8),
– requirements on periodic testing added (Subclause 6.9),
– various improvements and clarification on architectures and reliability calculations (Clause 6 and Clause 7),
– shift from "SILCL" to "maximum SIL" of a subsystem (Clause 7),
– use cases for software described including requirements (Clause 8),
– requirements on independence for software verification (Clause 8) and validation activities (Clause 9) added,
– new informative annex with examples (Annex G),
– new informative annexes on typical MTTFD values, diagnostics and calculation methods for the architectures (Annex C, Annex D and Annex H).

  • Standard
    304 pages
    English and French language
    sale 15% off
IEC
IEC 61496-2:2020(Main)
Safety of machinery - Electro-sensitive protective equipment - Part 2: Particular requirements for equipment using active opto-electronic protective devices (AOPDs)

IEC 61496-2:2020 specifies requirements for the design, construction and testing of electro-sensitive protective equipment (ESPE) designed specifically to detect persons as part of a safety-related system, employing active opto-electronic protective devices (AOPDs) for the sensing function. Special attention is directed to features which ensure that an appropriate safety-related performance is achieved. An ESPE can include optional safety-related functions, the requirements for which are given in Annex A of IEC 61496-1:2020 and of this document.
This document does not specify the dimensions or configurations of the detection zone and its disposition in relation to hazardous parts for any particular application, nor what constitutes a hazardous state of any machine. It is restricted to the functioning of the ESPE and how it interfaces with the machine.
Excluded from this document are AOPDs employing radiation at wavelengths outside the range 400 nm to 1 500 nm.
This document can be relevant to applications other than those for the protection of persons, for example, the protection of machinery or products from mechanical damage. In those applications, additional requirements can be necessary, for example, when the materials that are to be recognized by the sensing function have different properties from those of persons.
This document does not deal with electromagnetic compatibility (EMC) emission requirements.
IEC 61496-2:2020 cancels and replaces the third edition published in 2013. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) Requirements and test procedures in Part 2 that were found to be common to all ESPEs have been moved to Part 1. Test procedures that are dependent on the sensing technology remain in Part 2.

  • Standard
    47 pages
    English language
    sale 15% off
  • Standard
    95 pages
    English and French language
    sale 15% off
IEC
IEC 61496-1:2020(Main)
Safety of machinery - Electro-sensitive protective equipment - Part 1: General requirements and tests

IEC 61496-1:2020 specifies general requirements for the design, construction and testing of non-contact electro-sensitive protective equipment (ESPE) designed specifically to detect persons or part of a person as part of a safety-related system. Special attention is directed to functional and design requirements that ensure an appropriate safety-related performance is achieved. An ESPE can include optional safety-related functions, the requirements for which are given in Annex A.
This document is intended to be used with a subsequent part of IEC 61496 that provides particular requirements based on the sensing technology.
Where a part covering the sensing technology does not exist, IEC TS 62998-1 is used.
Where the IEC 61496 series does not contain all necessary provisions, IEC TS 62998-1 is used.
It is an additional possibility to combine those aspects covered by the IEC 61496 series in addition to IEC TS 62998-1.
This document does not specify the dimensions or configuration of the detection zone and its disposition in relation to hazards in any particular application, nor what constitutes a hazardous state of any machine. It is restricted to the functioning of the ESPE and how it interfaces with the machine.
While a data interface can be used to control optional safety-related ESPE functions (Annex A), this document does not provide specific requirements. Requirements for these safety-related functions can be determined by consulting other standards (for example, IEC 61508 (all parts), IEC TS 62046, IEC 62061, and ISO 13849-1).
This document can be relevant to applications other than those for the protection of persons, for example for the protection of machinery or products from mechanical damage. In those applications, different requirements can be appropriate, for example when the materials that have to be recognized by the sensing function have different properties from those of persons.
This document does not deal with requirements for ESPE functions not related to the protection of persons (e.g. using sensing unit data for navigation).
This document does not deal with electromagnetic compatibility (EMC) emission requirements.
IEC 61496-1:2020 cancels and replaces the third edition published in 2012. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) It has been clarified that some requirements for ESPEs that are dependent on sensing technology are not included in IEC 61496-1. They are provided in a subsequent part of IEC 61496.
b) Requirements for protection against environmental influences from subsequent parts of IEC 61496 that are common to all ESPEs have been consolidated into IEC 61496-1.
c) Some test procedures in IEC 61496-1 were incomplete. They have been expanded with more detail and step by step procedures.
d) Some requirements and procedures in IEC 61496-1 are now covered by new generic machine safety standards. The requirements in IEC 61496-1 have been harmonized with references to the new generic standards.

  • Standard
    120 pages
    English and French language
    sale 15% off
IEC
IEC TR 62998-2:2020(Main)
Safety of machinery - Part 2: Examples of application

IEC TR 62998-2:2020 establishes guidance for the application of IEC TS 62998-1:2019.
It provides examples of:
– application for which SRS/SRSS are relevant,
– use of SRS/SRSS information from an application point of view,
– fusion of SRS into SRSS for given applications, and
– appropriate information for use for given applications.

  • Technical report
    37 pages
    English language
    sale 15% off
IEC
IEC TS 62998-1:2019(Main)
Safety of machinery - Safety-related sensors used for the protection of persons

IEC TS 62998-1:2019 gives requirements for the development and integration of safety related sensors (SRS) and safety related sensor systems (SRSS) used for protection of persons with special attention to systematic capabilities.
This generic standard only applies if
– protection of persons is to be performed by using sensors, and
– standards for functional safety of electrical control systems address sensor(s) as subsystem or subsystem element, and
– product specific sensor standards (e.g. IEC 61496 (all parts), IEC 60947-5-2) do not contain all necessary provisions, or product specific sensor standards are not developed.
The approach of examination of systematic capabilities by using different safety related sensor standards is described in Annex A.
The requirements and methods within this document are limited to the purpose of protection of persons
– by detection of potentially hazardous objects,
– by detection of a body, parts of a body and objects associated to parts of a body entering a hazardous area, or
– by classification respective discrimination of these against other objects.
Special attention is given to the sensing function and dependability of the detection capability. Environmental influences and tests for indoor and outdoor use are defined which influence the sensing function and dependability of the detection capability.
IEC TS 62998-1:2019 can be relevant to applications other than those for the protection of persons in industries, for example, for the protection of persons in public like agriculture or metro stations.
IEC TS 62998-1:2019 does not consider and address proven in use (e.g. processes or elements) as done in IEC 61508-2.

  • Technical specification
    91 pages
    English language
    sale 15% off
IEC
IEC TR 63074:2019(Main)
Safety of machinery - Security aspects related to functional safety of safety-related control systems

IEC TR 63074:2019 gives guidance on the use of IEC 62443 (all parts) related to those aspects of security threats and vulnerabilities that could influence functional safety implemented and realized by safety-related control systems (SCS) and could lead to the loss of the ability to maintain safe operation of a machine.
Considered security aspects of the machine with potential relation to SCS are:
– vulnerabilities of the SCS either directly or indirectly through the other parts of the machine which can be exploited by security threats that can result in security attacks (security breach);
– influence on the safety characteristics and ability of the SCS to properly perform its function(s);
– typical use case definition and application of a corresponding threat model.

  • Technical report
    23 pages
    English language
    sale 15% off
IEC
IEC 61496-3:2018(Main)
Safety of machinery - Electro-sensitive protective equipment - Part 3: Particular requirements for active opto-electronic protective devices responsive to diffuse Reflection (AOPDDR)

IEC 61496-3:2018 is available as IEC 61496-3:2018 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.
IEC 61496-3:2018 specifies additional requirements for the design, construction and testing of electro-sensitive protective equipment (ESPE) designed specifically to detect persons or parts of persons as part of a safety-related system, employing active opto-electronic protective devices responsive to diffuse reflection (AOPDDRs) for the sensing function. Special attention is directed to requirements which ensure that an appropriate safety-related performance is achieved. An ESPE can include optional safety-related functions, the requirements for which are given both in Annex A of this document and in Annex A of IEC 61496-1:2012. IEC 61496-3:2018 not specify the dimensions or configurations of the detection zone and its disposition in relation to hazardous parts for any particular application, nor what constitutes a hazardous state of any machine. It is restricted to the functioning of the ESPE and how it interfaces with the machine. AOPDDRs are devices that have either
– one or more detection zone(s) specified in two dimensions (AOPDDR-2D), or
– one or more detection zone(s) specified in three dimensions (AOPDDR-3D)
wherein radiation in the near infrared range is emitted by an emitting element(s). When the emitted radiation impinges on an object (for example, a person or part of a person), a portion of the emitted radiation is reflected to a receiving element(s) by diffuse reflection. This reflection is used to determine the position of the object. Opto-electronic devices that perform only a single one-dimensional spot-like distance measurement, for example, optical proximity switches, are not covered by this document. IEC 61496-3:2018 does not address those aspects required for complex classification or differentiation of the object detected. IEC 61496-3:2018 does not address requirements and tests for outdoor application. Excluded from IEC 61496-3:2018 are AOPDDRs employing radiation with the peak of wavelength outside the range 820 nm to 950 nm, and those employing radiation other than that generated by the AOPDDR itself. For sensing devices that employ radiation of wavelengths outside this range, this document can be used as a guide. IEC 61496-3:2018 is relevant for AOPDDRs having a minimum detectable object size in the range from 30 mm to 200 mm. IEC 61496-3:2018 can be relevant to applications other than those for the protection of persons, for example, for the protection of machinery or products from mechanical damage. In those applications, different requirements can be appropiate, for example when the materials that have to be recognized by the sensing function have different properties from those of persons and their clothing. IEC 61496-3:2018 does not deal with electromagnetic compatibility (EMC) emission requirements. IEC 61496-3:2018 cancels and replaces the second edition published in 2008. This edition constitutes a technical revision. IEC 61496-3:2018 includes the following significant technical changes with respect to the previous edition:
a) extension of the scope from AOPDDR-2D to AOPDDR-3D;
b) extension of the scope from Type 3 ESPE to Type 2 ESPE;
c) implementation of requirements and test procedures for AOPDDR-3D and Type 2 ESPE;
d) listing of reference boundary monitoring as an optional function of the ESPE;
e) implementation of instructions for positioning of AOPDDR-3D in respect of parts of the human body;
f) revised requirement for combinations of single faults with conditions for no failure to danger, see for example 4.2.2.4, last paragraph.
IEC 61496-3:2018 is to be used in conjunction with IEC 61496-1:2012.

  • Standard
    183 pages
    English and French language
    sale 15% off
IEC
IEC 60204-11:2018(Main)
Safety of machinery - Electrical equipment of machines - Part 11: Requirements for equipment for voltages above 1 000 V AC or 1 500 V DC and not exceeding 36 kV

IEC 60204-11:2018 is now available as IEC 60204-11:2018 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.
IEC 60204-11:2018 applies to electrical and electronic equipment and systems to machines, including a group of machines working together in a co-ordinated manner, which operate at nominal voltages above 1 000 V AC or 1 500 V DC and not exceeding 36 kV AC or DC with nominal frequencies not exceeding 60 Hz. IEC 60204-11:2018 cancels and replaces the first edition, published in 2000. This edition constitutes a technical revision. This edition contains significant technical changes with respect to the previous edition regarding the following:
– aspects of risk assessment, which are mirrored from ISO 12100;
– equipotential bonding and earthing;
– EMC and power quality;
– HV switchgear and controlgear;
– creepage distances for conductors and slip-ring assemblies;
– a list of machinery using HV equipment, in Annex A.
IEC 60204-11:2018 has been updated and improved to reflect the experience gained with the first edition and the evolution of high-voltage equipment reflected in the relevant standards. Regarding formal requirements, IEC 60204-11 has been aligned with
– IEC 60204-1:2016,
– IEC 61936-1:2010 and IEC 61936-1:2010/AMD1:2014,
– IEC 62271 (all parts). This document is intended to be used in conjunction with IEC 60204-1.

  • Standard
    120 pages
    English and French language
    sale 15% off