SIST EN ISO 13849-2:2013

SLOVENSKI STANDARD
oSIST prEN ISO 13849-2:2010
01-september-2010
Varnost strojev - Z varnostjo povezani deli krmilnih sistemov - 2. del: Potrjevanje
(ISO/DIS 13849-2:2010)
Safety of machinery - Safety-related parts of control systems - Part 2: Validation
(ISO/DIS 13849-2:2010)
Sicherheit von Maschinen und Geräten - Sicherheitsbezogene Teile von Steuerungen -
Teil 2: Validierung (ISO/DIS 13849-2:2010)
Sécurité des machines - Parties des systèmes de commande relatifs à la sécurité -
Partie 2: Validation (ISO/DIS 13849-2:2010)
Ta slovenski standard je istoveten z: prEN ISO 13849-2
ICS:
13.110 Varnost strojev Safety of machinery
oSIST prEN ISO 13849-2:2010 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN ISO 13849-2:2010

---------------------- Page: 2 ----------------------
oSIST prEN ISO 13849-2:2010


EUROPEAN STANDARD
DRAFT
prEN ISO 13849-2
NORME EUROPÉENNE

EUROPÄISCHE NORM

May 2010
ICS 13.110 Will supersede EN ISO 13849-2:2008
English Version
Safety of machinery - Safety-related parts of control systems -
Part 2: Validation (ISO/DIS 13849-2:2010)
Sécurité des machines - Parties des systèmes de Sicherheit von Maschinen und Geräten -
commande relatifs à la sécurité - Partie 2: Validation Sicherheitsbezogene Teile von Steuerungen - Teil 2:
(ISO/DIS 13849-2:2010) Validierung (ISO/DIS 13849-2:2010)
This draft European Standard is submitted to CEN members for parallel enquiry. It has been drawn up by the Technical Committee
CEN/TC 114.

If this draft becomes a European Standard, CEN members are bound to comply with the CEN/CENELEC Internal Regulations which
stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

This draft European Standard was established by CEN in three official versions (English, French, German). A version in any other language
made by translation under the responsibility of a CEN member into its own language and notified to the CEN Management Centre has the
same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to
provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without notice and
shall not be referred to as a European Standard.


EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2010 CEN All rights of exploitation in any form and by any means reserved Ref. No. prEN ISO 13849-2:2010: E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------
oSIST prEN ISO 13849-2:2010
prEN ISO 13849-2:2010 (E)
Contents Page
Foreword .3

2

---------------------- Page: 4 ----------------------
oSIST prEN ISO 13849-2:2010
prEN ISO 13849-2:2010 (E)
Foreword
This document (prEN ISO 13849-2:2010) has been prepared by Technical Committee ISO/TC 199 “Safety of
machinery” in collaboration with Technical Committee CEN/TC 114 “Safety of machinery” the secretariat of
which is held by DIN.
This document is currently submitted to the parallel Enquiry.
This document will supersede EN ISO 13849-2:2008.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association, and supports essential requirements of EU Directive(s).
Endorsement notice
The text of ISO/DIS 13849-2:2010 has been approved by CEN as a prEN ISO 13849-2:2010 without any
modification.

3

---------------------- Page: 5 ----------------------
oSIST prEN ISO 13849-2:2010

---------------------- Page: 6 ----------------------
oSIST prEN ISO 13849-2:2010
DRAFT INTERNATIONAL STANDARD ISO/DIS 13849-2
ISO/TC 199 Secretariat: DIN
Voting begins on: Voting terminates on:
2010-05-27 2010-10-27
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION • МЕЖДУНАРОДНАЯ ОРГАНИЗАЦИЯ ПО СТАНДАРТИЗАЦИИ • ORGANISATION INTERNATIONALE DE NORMALISATION
Safety of machinery — Safety-related parts of control
systems —
Part 2:
Validation
Sécurité des machines — Parties des systèmes de commande relatifs à la sécurité —
Partie 2: Validation
[Revision of first edition (ISO 13849-2:2003)]
ICS 13.110

ISO/CEN PARALLEL PROCESSING
This draft has been developed within the International Organization for Standardization (ISO), and
processed under the ISO-lead mode of collaboration as defined in the Vienna Agreement.
This draft is hereby submitted to the ISO member bodies and to the CEN member bodies for a parallel
five-month enquiry.
Should this draft be accepted, a final draft, established on the basis of comments received, will be
submitted to a parallel two-month approval vote in ISO and formal vote in CEN.
In accordance with the provisions of Council Resolution 15/1993 this document is circulated in
the English language only.
Conformément aux dispositions de la Résolution du Conseil 15/1993, ce document est distribué
en version anglaise seulement.
To expedite distribution, this document is circulated as received from the committee secretariat.
ISO Central Secretariat work of editing and text composition will be undertaken at publication
stage.
Pour accélérer la distribution, le présent document est distribué tel qu'il est parvenu du
secrétariat du comité. Le travail de rédaction et de composition de texte sera effectué au
Secrétariat central de l'ISO au stade de publication.
THIS DOCUMENT IS A DRAFT CIRCULATED FOR COMMENT AND APPROVAL. IT IS THEREFORE SUBJECT TO CHANGE AND MAY NOT BE
REFERRED TO AS AN INTERNATIONAL STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS BEING ACCEPTABLE FOR INDUSTRIAL, TECHNOLOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN NATIONAL REGULATIONS.
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT, WITH THEIR COMMENTS, NOTIFICATION OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPORTING DOCUMENTATION.
©
International Organization for Standardization, 2010

---------------------- Page: 7 ----------------------
oSIST prEN ISO 13849-2:2010
ISO/DIS 13849-2
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall
not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the
unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.
Copyright notice
This ISO document is a Draft International Standard and is copyright-protected by ISO. Except as permitted
under the applicable laws of the user's country, neither this ISO draft nor any extract from it may be
reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, photocopying,
recording or otherwise, without prior written permission being secured.
Requests for permission to reproduce should be addressed to either ISO at the address below or ISO's
member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Reproduction may be subject to royalty payments or a licensing agreement.
Violators may be prosecuted.
©
ii ISO 2010 – All rights reserved

---------------------- Page: 8 ----------------------
oSIST prEN ISO 13849-2:2010
ISO/DIS 13849-2
Contents Page
Foreword .iv
Introduction.v
1 Scope.1
2 Normative references.1
3 Terms and definitions .1
4 Validation process.1
4.1 Validation principles.1
4.2 Validation plan.3
4.3 Generic fault lists .4
4.4 Specific fault lists.4
4.5 Information for validation .4
4.6 Validation record.6
5 Validation by analysis.7
5.1 General.7
5.2 Analysis techniques.7
6 Validation by testing .7
6.1 General.7
6.2 Measurement accuracy.8
6.3 Higher requirements.9
6.4 Number of test samples.9
7 Validation of safety requirements specification .9
8 Validation of safety functions .10
9 Validation of performance levels and categories .10
9.1 Analysis and testing of performance levels and categories.10
9.2 Validation of category specifications.11
9.3 Validation of MTTF , DC and CCF.13
d avg
9.4 Validation of measures against systematic failures related to performance level and
category of SRP/CS.13
9.5 Validation of safety-related software.14
9.6 Validation and verification of the performance level.14
9.7 Validation of combination of safety-related parts.15
10 Validation of environmental requirements .15
11 Validation of maintenance requirements.16
12 Validation of technical documentation and information for use.16
Annex A (informative) Validation tools for mechanical systems.17
Annex B (informative) Validation tools for pneumatic systems.22
Annex C (informative) Validation tools for hydraulic systems.34
Annex D (informative) Validation tools for electrical systems.44
Annex E (informative) Example of the validation of fault behaviour and diagnostic means .58
Bibliography.77

© ISO 2010 – All rights reserved iii

---------------------- Page: 9 ----------------------
oSIST prEN ISO 13849-2:2010
ISO/DIS 13849-2
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 13849-2 was prepared by Technical Committee ISO/TC 199, Safety of machinery.
This second edition cancels and replaces the first edition (ISO 13849-2:2003), which has been technically
revised in order to adapt to ISO 13849-1:2006. In addition the new Annex E provides an example for the
validation of fault behaviour and diagnostic means.
ISO 13849 consists of the following parts, under the general title Safety of machinery — Safety-related parts
of control systems:
⎯ Part 1: General principles for design
⎯ Part 2: Validation
Annexes A to D are informative and structured as given in Table 1.
Table 1 — Structure of the clauses of Annexes A to D
Annex Technology List of basic List of well-tried List of well-tried Fault lists and
safety principles safety principles components fault
exclusions
Clause
A Mechanical A.2 A.3 A.4 A.5
B Pneumatic B.2 B.3 B.4 B.5
C Hydraulic C.2 C.3 C.4 C.5
D Electrical (includes D.2 D.3 D.4 D.5
electronics)

This document includes a Bibliography.
iv © ISO 2010 – All rights reserved

---------------------- Page: 10 ----------------------
oSIST prEN ISO 13849-2:2010
ISO/DIS 13849-2
Introduction
This document is a type-B standard as stated in ISO 12100-1.
The requirements of this document can be supplemented or modified by a type-C standard.
For machines which are covered by the scope of a type-C standard and which have been designed and built
according to the requirements of that standard, the requirements of that type-C standard take precedence.
This International Standard specifies the validation process, including both analysis and testing, for the safety
functions, categories and performance levels for the safety–related parts of control systems. Most of the
procedures and conditions in this International Standard are based on the assumption that the Simplified
Procedure described in ISO 13849-1:2006, 4.5.4 is used for the estimation of Performance Level (PL). When
a different procedure is used (e.g. Markov modelling), then some parts of this standard can not be applicable
and additional requirements can be necessary. This standard does not provide guidance specifically for the
case when other procedures are used to estimate PL.
Descriptions of the safety functions and the requirements for the categories and performance levels are given
in ISO 13849-1 which deals with the general principles for design. Some requirements for validation are
general and some are specific to the technology used. ISO 13849-2 also specifies the conditions under which
the validation by testing of the safety-related parts of control systems should be carried out.
ISO 13849-1 specifies the safety requirements and gives guidance on the principles for the design (see
ISO 12100-1) of the safety-related parts of control systems. For these parts it specifies categories and
performance levels and describes the characteristics of their safety functions, regardless of the type of energy
used.
The achievement of the requirements can be validated by any combination of analysis (see Clause 5) and
testing (see Clause 6). The analysis should be started as early as possible within the design process.

© ISO 2010 – All rights reserved v

---------------------- Page: 11 ----------------------
oSIST prEN ISO 13849-2:2010

---------------------- Page: 12 ----------------------
oSIST prEN ISO 13849-2:2010
DRAFT INTERNATIONAL STANDARD ISO/DIS 13849-2

Safety of machinery — Safety-related parts of control
systems —
Part 2:
Validation
1 Scope
This International Standard specifies the procedures and conditions to be followed for the validation by
analysis and testing of:
⎯ the safety functions provided, and
⎯ the category achieved, and
⎯ the performance level achieved
of the safety-related parts of the control system (SRP/CS) in compliance with ISO 13849-1, using the design
rationale provided by the designer.
NOTE Requirements for programmable electronic systems, including embedded software, are given in
ISO 13849-1:2006, 4.6 and also IEC 61508-series.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 12100-1, Safety of machinery — Basic concepts, general principles for design — Part 1: Basic
terminology, methodology
ISO 13849-1:2006, Safety of machinery — Safety-related parts of control systems — Part 1: General
principles for design
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 13849-1 apply.
4 Validation process
4.1 Validation principles
The purpose of the validation process is to confirm the specification and the conformity of the design of the
SRP/CS within the overall safety requirements specification of the machinery.
The validation shall demonstrate that each SRP/CS meets the requirements of ISO 13849-1, in particular:
⎯ the specified safety characteristics of the safety functions provided by that part, as set out in the design
rationale;
⎯ the requirements of the specified performance level (see ISO 13849-1:2006, 4.5);
© ISO 2010 – All rights reserved 1

---------------------- Page: 13 ----------------------
oSIST prEN ISO 13849-2:2010
ISO/DIS 13849-2
⎯ the requirements of the specified category (see ISO 13849-1:2006, 6.2);
⎯ the measures for control and avoidance of systematic failures (see ISO 13849-1:2006, Annex G);
and
⎯ if applicable, the requirements of the software (see ISO 13849-1:2006, 4.6);
⎯ the ability to perform a safety function under expected environmental conditions.
NOTE Validation of the design of SRP/CS includes review activities. Validation and review should be made by
person(s) other than designer(s) of the relevant item. Review should be based on the safety requirements specification
and design documentation.
Validation consists of applying analysis and executing functional tests under normal conditions in accordance
with the validation plan. Figure 1 gives an overview of the validation process. The balance between the
analysis and testing depends on the technology and performance level. Where necessary for Category 2, 3
and 4 the safety function shall be validated by testing also under fault conditions.
The analysis should be started as early as possible and in parallel with the design process, so that problems
can be corrected early whilst they are still relatively easy to correct, i. e. during steps “design and technical
realisation of the safety function” and “evaluate the performance level PL” [box 4 and 5 of Figure 3 in
ISO 13849-1:2006]. It can be necessary for some parts of the analysis to be delayed until the design is well
developed.
For large systems, due to the size, complexity or integrated form (with the machinery) of the control system,
special arrangements may be made for:
⎯ validation of the SRP/CS separately before integration including simulation of the appropriate input and
output signals;
⎯ validation of the effects of integrating safety-related parts into the remainder of the control system within
the context of its use in the machine.
2 © ISO 2010 – All rights reserved

---------------------- Page: 14 ----------------------
oSIST prEN ISO 13849-2:2010
ISO/DIS 13849-2

NOTE The block "modification of the design" refers to the design process. If the validation cannot be successfully
completed, changes in the design are necessary. Afterwards the validation concerning the changed parts should be
repeated. This process should be iterated until all parts are successfully validated.
Figure 1 — Overview of the validation process
4.2 Validation plan
The validation plan shall identify and describe the requirements for carrying out the validation process of the
specified safety functions, their categories and performance levels.
The validation plan shall also identify the means to be employed to validate the specified safety functions,
categories and performance levels. It shall set out, where appropriate:
© ISO 2010 – All rights reserved 3

---------------------- Page: 15 ----------------------
oSIST prEN ISO 13849-2:2010
ISO/DIS 13849-2
a) the identity of the specification documents;
b) the operational and environmental conditions during testing;
c) the analyses and tests to be applied;
d) the reference to test standards to be applied;
e) the persons or parties who are responsible for each validation part.
Safety-related parts which have previously been validated to the same specification need only a reference to
that previous validation.
4.3 Generic fault lists
The validation process involves consideration of behaviour of the SRP/CS for all faults to be considered. A
basis for fault consideration is given in the fault lists in the informative annexes (A.5, B.5, C.5 and D.5) which
are based on experience. The generic fault lists contain:
⎯ the components/elements to be included, e. g. conductors/cables (see D.5.2);
⎯ the faults to be taken into account, e. g. short circuits between conductors;
⎯ the permitted fault exclusions taking into account environmental, operating and application aspects;
⎯ a remarks section giving the reasons for the fault exclusions.
In the fault lists only permanent faults are taken into account.
4.4 Specific fault lists
A specific product-related fault list shall be generated as a reference document for the validation process of
the safety-related part(s). The list can be based on the appropriate generic list(s) found in the annex(es).
Where the specific product-related fault list is based on the generic list(s) it shall state:
⎯ the faults taken from the generic list(s) to be included;
⎯ any other relevant faults to be included but not given in the generic list (e. g. common cause failures);
⎯ the faults taken from the generic list(s) which may be excluded on the basis that the criteria given in the
generic list(s) (see ISO 13849-1:2006, 7.3) are satisfied;
and, exceptionally
⎯ any other faults for which the generic list(s) do not permit an exclusion, but for which justification and
rationale for an exclusion is presented (see ISO 13849-1:2006, 7.3).
Where this list is not based on the generic list(s) the designer shall give the rationale for fault exclusions.
4.5 Information for validation
The information required for validation will vary with the technology used, the category(ies) and performance
level(s) to be demonstrated, the design rationale of the system and the contribution of the SRP/CS to the
reduction of the risk. Documents containing sufficient information from the list below shall be included in the
validation process to demonstrate the performance level(s), the category(ies) and the safety function(s) of the
safety-related parts which have been achieved:
4 © ISO 2010 – All rights reserved

---------------------- Page: 16 ----------------------
oSIST prEN ISO 13849-2:2010
ISO/DIS 13849-2
a) specification of the required characteristics of each safety function, and its required category and
performance level;
b) drawings and specifications, e. g. for mechanical, hydraulic and pneumatic parts, printed circuit boards,
assembled boards, internal wiring, enclosure, materials, mounting;
c) block diagram(s) with functional description of the blocks;
d) circuit diagram(s) including interfaces/connections;
e) functional description of the circuit diagram(s);
f) time sequence diagram(s) for switching components, signals relevant for safety;
g) description of the relevant characteristics of components previously validated;
h) for other safety-related parts (excluding those listed in g)) component lists with item designations, rated
values, tolerances, relevant operating stresses, type designation, failure rate data and component
manufacturer and any other data relevant for safety;
i) analysis of all relevant faults (see also 4.2) listed e. g. in A.5, B.5, C.5 and D.5, including the justification
of any excluded faults;
j) an analysis of the influence of processed materials;
k) information for use, e.g. installation and operation manual.
Where software is relevant to the safety function(s), the software documentation shall include:
1) a specification which is clear and unambiguous and states the safety performance the software is
required to achieve, and
2) evidence that the software is designed to achieve the required performance level, and
3) details of tests (in particular test reports) carried out to prove that the required safety performance is
achieved.
Information is required on how the performance level and average probability of a dangerous failure per hour
is determined. The documentation of the quantifiable aspects shall include:
1) the safety-related block diagram (see ISO 13849-1:2006, Annex B) or designated architecture (see
ISO 13849-1:2006, 6.2);
2) the determination of MTTF , DC and CCF;
d (avg)
3) the determination of category (see Table 2).
Information is required for documentation on systematic aspects of the SRP/CS.
Information is required how the combination of several SRP/CS fulfils the performance level requirements.
© ISO 2010 – All rights reserved 5

---------------------- Page: 17 ----------------------
oSIST prEN ISO 13849-2:2010
ISO/DIS 13849-2
Table 2 — Documentation requirements for categories as part of the performance levels
Documentation requirement Category for which
documentation is required
B 1 2 3 4
Basic safety principles X X X X X
Expected operating stresses X X X X X
Influences of processed material X X X X X
Performance during other relevant external influences X X X X X
Well–tried components – X – – –
Well–tried safety principles – X X X X
Mean time to dangerous failure (MTTF) of
...