Safety of machinery - Guidelines on functional safety of safety-related control system

In the context of the safety of machinery, the sector standard IEC 62061 as well as ISO 13849 1 provide requirements to manufacturers of machines for the design, development and integration of safety-related control systems (SCS) or safety-related parts of control systems (SRP/CS), depending on technology used (mechanical, pneumatic, hydraulic or electrical technologies) to perform safety function(s). This document does not replace ISO 13849-1 and IEC 62061. This document gives additional guidance to the application of IEC 62061 or ISO 13849-1. This document:
   gives guidelines and specifies additional requirements for specific safety functions based on the methodology of ISO 12100, which are relevant in machinery and respecting typical boundary conditions of machinery;
   considers safety functions which are designed for high demand mode of operation yet are rarely operated, called rarely activated safety functions;
NOTE 1 IEC 62061:2021 completely covers high demand. However, other safety functions related to the protection of the machine itself and indirectly of persons are considered more in detail in this document.
   gives additional information for the calculation of failure rates using other (non-electronic) technologies based e.g. on Weibull distribution, because all the formula defined in IEC 62061 and ISO 13849-1 are based on exponential distribution.
Therefore, the basis for these guidelines and additional requirements is
   a typical classification of safety functions;
   a consideration of typical architectures used for designing safety functions;
   a consideration of modes of operation of safety functions;
   the derivation and evaluation of PFH formulas for subsystems considering the used technology.
NOTE 2 These guidelines can also be used for application of ISO 13849-1 for the design process of SRP/CS.
This document does not address low demand mode of operation according to IEC 61508.
This document does not take into account either layer of protection analysis (LOPA) or basic process control system (BPCS), according to IEC 61511 as a risk reduction measure.
This document considers all lifecycle phases of the machine regarding functional safety, and SCS or SRP/CS.
NOTE 3 The user of the machine needs information from the machine manufacturer for the safe operation of the machine, e.g. useful lifetime of components, maintenance information, testing of safety functions if necessary.

Sicherheit von Maschinen - Leitlinien zur funktionalen Sicherheit sicherheitsbezogener Steuerungssysteme

Sécurité des machines - Lignes directrices sur la sécurité fonctionnelle des systèmes de commande relatifs à la sécurité

Varnost strojev - Smernice za funkcionalno varnost varnostno vodenega sistema

V kontekstu varnosti strojev področna standarda IEC 62061 in ISO 13849-1 podajata zahteve za proizvajalce strojev v zvezi z načrtovanjem, razvojem in integracijo varnostno vodenih sistemov (SCS) ali varnostnih delov nadzornih sistemov (SRP/CS), glede na tehnologijo (mehansko, pnevmatsko, hidravlično ali električno), ki se uporablja za izvajanje varnostnih funkcij. Ta dokument ne nadomešča standardov ISO 13849-1 in IEC 62061. Ta dokument podaja dodatna navodila za uporabo standarda IEC 62061 oziroma ISO 13849-1. Ta dokument:
–   podaja smernice in določa dodatne zahteve za posebne varnostne funkcije na podlagi metodologije standarda ISO 12100, ki so relevantne za stroje, pri čemer se upoštevajo značilni mejni pogoji strojev;
–   obravnava varnostne funkcije, ki so zasnovane za način delovanja z visokimi zahtevami, vendar se redko uporabljajo (imenovane redko aktivirane varnostne funkcije);
OPOMBA 1: Visoke zahteve so v celoti zajete v standardu IEC 62061:2021. V tem dokumentu pa so podrobneje obravnavane druge varnostne funkcije, povezane z zaščito samega stroja in posredno oseb.
–   podaja dodatne informacije za izračun pogostosti okvar z uporabo drugih (neelektronskih) tehnologij, ki temeljijo na primer na Weibullovi porazdelitvi, saj vse formule, opredeljene v standardih IEC 62061 in ISO 13849-1, temeljijo na eksponentni porazdelitvi.
Podlaga za te smernice in dodatne zahteve je naslednja:
–   značilna razvrstitev varnostnih funkcij;
–   upoštevanje značilnih arhitektur, ki se uporabljajo za načrtovanje varnostnih funkcij;
–   upoštevanje načinov delovanja varnostnih funkcij;
–   izpeljava in vrednotenje formul PFH za podsisteme glede na uporabljeno tehnologijo.
OPOMBA 2: Te smernice je mogoče uporabiti tudi v povezavi s standardom ISO 13849-1 pri načrtovanju varnostnih delov nadzornih sistemov.
Ta dokument ne obravnava načina delovanja z nizkimi zahtevami v skladu s standardom IEC 61508.
Ta dokument ne obravnava analize varnostnih plasti (LOPA) ali osnovnega nadzornega sistema za proces (BPCS) kot ukrepa za zmanjšanje tveganja v skladu s standardom IEC 61511.
Ta dokument obravnava vse faze življenjskega cikla stroja v zvezi s funkcionalno varnostjo, vključno z varnostno vodenimi sistemi oziroma varnostnimi deli nadzornih sistemov.
OPOMBA 3: Uporabnik stroja mora od proizvajalca stroja prejeti informacije za njegovo varno delovanje (npr. uporabna življenjska doba sestavnih delov, informacije o vzdrževanju, preskušanje varnostnih funkcij, če je to potrebno).

General Information

Status
Published
Publication Date
13-Aug-2024
ICS
13.110 - Safety of machinery
 
25.040.99 - Other industrial automation systems
 
29.020 - Electrical engineering in general
Technical Committee
MOV - Measuring equipment for electromagnetic quantities
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
06-Feb-2024
Due Date
12-Apr-2024
Completion Date
14-Aug-2024
Ref Project
CLC IEC/TS 63394:2024 - Safety of machinery - Guidelines on functional safety of safety-related control system

Overview

CLC IEC/TS 63394:2024 - Safety of machinery: Guidelines on functional safety of safety-related control system provides practical guidance for applying IEC 62061 and ISO 13849‑1 when designing, developing and integrating safety‑related control systems (SCS) or safety‑related parts of control systems (SRP/CS). It supplements, but does not replace, IEC 62061 or ISO 13849‑1. The Technical Specification focuses on machinery contexts and typical boundary conditions across mechanical, pneumatic, hydraulic and electrical technologies.

Key topics and technical requirements

  • Scope and intent: Clarifies how to apply IEC 62061 / ISO 13849‑1 in machine design, following ISO 12100 risk assessment and risk‑reduction methodology.
  • Classification of safety functions: Provides a typical classification relevant to machinery (person protection, machine integrity, other hazard prevention).
  • Modes of operation: Emphasises high‑demand / continuous modes, and introduces guidance for rarely activated safety functions (functions designed for high demand but seldom operated). Note: low‑demand mode per IEC 61508 is out of scope.
  • Architectures and subsystem design: Considers typical architectures, fault accumulation, undetected faults and architectural constraints when decomposing safety functions into subsystems.
  • PFH and failure‑rate calculation: Supplies additional information for calculating failure rates of non‑electronic technologies (e.g., using Weibull distribution) because IEC 62061 and ISO 13849‑1 base their formulae on exponential distributions.
  • Verification and lifecycle: Covers verification procedures including initial and periodic verification, test intervals, reporting and lifecycle considerations for safe operation, maintenance and component useful lifetime.
  • Design process and documentation: Recommends safety requirements specifications, functional decomposition, subsystem design and systematic integrity practices.
  • Limitations: Does not address Layer of Protection Analysis (LOPA), Basic Process Control Systems (BPCS) per IEC 61511, nor replace low‑demand IEC 61508 guidance.

Practical applications and users

Who benefits:

  • Machine manufacturers and OEMs designing SCS / SRP‑CS
  • Functional safety engineers and system integrators
  • Safety assessors, certification bodies and compliance teams
  • Maintenance planners and plant engineers responsible for verification and lifecycle management

Typical uses:

  • Applying IEC 62061 / ISO 13849‑1 to complex machinery with mixed technologies
  • Designing rarely‑activated high‑demand safety functions
  • Calculating PFH for mechanical/pneumatic/hydraulic subsystems using non‑exponential statistical models
  • Defining verification schedules, test intervals and maintenance information for safe machine operation

Related standards

  • IEC 62061 - Functional safety of safety‑related control systems
  • ISO 13849‑1 - Safety‑related parts of control systems - Part 1
  • ISO 12100 - General principles for design; risk assessment and reduction
  • IEC 61508 / IEC 61511 - (Not covered for low demand or LOPA/BPCS in this TS)

For implementation, consult the full CLC IEC/TS 63394:2024 text alongside IEC 62061 and ISO 13849‑1 to ensure compliant design, PFH calculation and verification of machinery safety‑related control systems.

SIST-TS CLC IEC/TS 63394:2024 - BARVE - Page 1 previewSIST-TS CLC IEC/TS 63394:2024 - BARVE - Page 2 previewSIST-TS CLC IEC/TS 63394:2024 - BARVE - Page 3 previewSIST-TS CLC IEC/TS 63394:2024 - BARVE - Page 4 preview
PreviousNext
Technical specification

SIST-TS CLC IEC/TS 63394:2024 - BARVE

English language
145 pages
Preview
Preview
e-Library read for
1 day

Frequently Asked Questions

SIST-TS CLC IEC/TS 63394:2024 is a technical specification published by the Slovenian Institute for Standardization (SIST). Its full title is "Safety of machinery - Guidelines on functional safety of safety-related control system". This standard covers: In the context of the safety of machinery, the sector standard IEC 62061 as well as ISO 13849 1 provide requirements to manufacturers of machines for the design, development and integration of safety-related control systems (SCS) or safety-related parts of control systems (SRP/CS), depending on technology used (mechanical, pneumatic, hydraulic or electrical technologies) to perform safety function(s). This document does not replace ISO 13849-1 and IEC 62061. This document gives additional guidance to the application of IEC 62061 or ISO 13849-1. This document:  gives guidelines and specifies additional requirements for specific safety functions based on the methodology of ISO 12100, which are relevant in machinery and respecting typical boundary conditions of machinery;  considers safety functions which are designed for high demand mode of operation yet are rarely operated, called rarely activated safety functions; NOTE 1 IEC 62061:2021 completely covers high demand. However, other safety functions related to the protection of the machine itself and indirectly of persons are considered more in detail in this document.  gives additional information for the calculation of failure rates using other (non-electronic) technologies based e.g. on Weibull distribution, because all the formula defined in IEC 62061 and ISO 13849-1 are based on exponential distribution. Therefore, the basis for these guidelines and additional requirements is  a typical classification of safety functions;  a consideration of typical architectures used for designing safety functions;  a consideration of modes of operation of safety functions;  the derivation and evaluation of PFH formulas for subsystems considering the used technology. NOTE 2 These guidelines can also be used for application of ISO 13849-1 for the design process of SRP/CS. This document does not address low demand mode of operation according to IEC 61508. This document does not take into account either layer of protection analysis (LOPA) or basic process control system (BPCS), according to IEC 61511 as a risk reduction measure. This document considers all lifecycle phases of the machine regarding functional safety, and SCS or SRP/CS. NOTE 3 The user of the machine needs information from the machine manufacturer for the safe operation of the machine, e.g. useful lifetime of components, maintenance information, testing of safety functions if necessary.

In the context of the safety of machinery, the sector standard IEC 62061 as well as ISO 13849 1 provide requirements to manufacturers of machines for the design, development and integration of safety-related control systems (SCS) or safety-related parts of control systems (SRP/CS), depending on technology used (mechanical, pneumatic, hydraulic or electrical technologies) to perform safety function(s). This document does not replace ISO 13849-1 and IEC 62061. This document gives additional guidance to the application of IEC 62061 or ISO 13849-1. This document:  gives guidelines and specifies additional requirements for specific safety functions based on the methodology of ISO 12100, which are relevant in machinery and respecting typical boundary conditions of machinery;  considers safety functions which are designed for high demand mode of operation yet are rarely operated, called rarely activated safety functions; NOTE 1 IEC 62061:2021 completely covers high demand. However, other safety functions related to the protection of the machine itself and indirectly of persons are considered more in detail in this document.  gives additional information for the calculation of failure rates using other (non-electronic) technologies based e.g. on Weibull distribution, because all the formula defined in IEC 62061 and ISO 13849-1 are based on exponential distribution. Therefore, the basis for these guidelines and additional requirements is  a typical classification of safety functions;  a consideration of typical architectures used for designing safety functions;  a consideration of modes of operation of safety functions;  the derivation and evaluation of PFH formulas for subsystems considering the used technology. NOTE 2 These guidelines can also be used for application of ISO 13849-1 for the design process of SRP/CS. This document does not address low demand mode of operation according to IEC 61508. This document does not take into account either layer of protection analysis (LOPA) or basic process control system (BPCS), according to IEC 61511 as a risk reduction measure. This document considers all lifecycle phases of the machine regarding functional safety, and SCS or SRP/CS. NOTE 3 The user of the machine needs information from the machine manufacturer for the safe operation of the machine, e.g. useful lifetime of components, maintenance information, testing of safety functions if necessary.

SIST-TS CLC IEC/TS 63394:2024 is classified under the following ICS (International Classification for Standards) categories: 13.110 - Safety of machinery; 25.040.99 - Other industrial automation systems; 29.020 - Electrical engineering in general. The ICS classification helps identify the subject area and facilitates finding related standards.

You can purchase SIST-TS CLC IEC/TS 63394:2024 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of SIST standards.

Standards Content (Sample)


SLOVENSKI STANDARD
01-september-2024
Varnost strojev - Smernice za funkcionalno varnost varnostno vodenega sistema
Safety of machinery - Guidelines on functional safety of safety-related control system
Sicherheit von Maschinen - Leitlinien zur funktionalen Sicherheit sicherheitsbezogener
Steuerungssysteme
Sécurité des machines - Lignes directrices sur la sécurité fonctionnelle des systèmes de
commande relatifs à la sécurité
Ta slovenski standard je istoveten z: CLC IEC/TS 63394:2024
ICS:
13.110 Varnost strojev Safety of machinery
25.040.99 Drugi sistemi za Other industrial automation
avtomatizacijo v industriji systems
29.020 Elektrotehnika na splošno Electrical engineering in
general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL SPECIFICATION CLC IEC/TS 63394

SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION February 2024
ICS 13.110; 29.020; 25.040.99
English Version
Safety of machinery - Guidelines on functional safety of safety-
related control system
(IEC/TS 63394:2023)
Sécurité des machines - Lignes directrices sur la sécurité Sicherheit von Maschinen - Leitlinien zur funktionalen
fonctionnelle des systèmes de commande relatifs à la Sicherheit sicherheitsbezogener Steuerungssysteme
sécurité (IEC/TS 63394:2023)
(IEC/TS 63394:2023)
This Technical Specification was approved by CENELEC on 2024-01-22.

CENELEC members are required to announce the existence of this TS in the same way as for an EN and to make the TS available promptly
at national level in an appropriate form. It is permissible to keep conflicting national standards in force.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Türkiye and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2024 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. CLC IEC/TS 63394:2024 E

European foreword
This document (CLC IEC/TS 63394:2024) consists of the text of IEC/TS 63394:2023 prepared by
IEC/TC 44 "Safety of machinery - Electrotechnical aspects".
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national committee. A
complete listing of these bodies can be found on the CENELEC website.
Endorsement notice
The text of the International Technical Specification IEC/TS 63394:2023 was approved by CENELEC
as a European Technical Specification/Technical Report without any modification.
In the official version, for Bibliography, the following notes have to be added for the standard indicated:
IEC 60204-1:2016 NOTE Approved as EN 60204-1:2018
IEC 60947-5-3:2013 NOTE Approved as EN 60947-5-3:2013 (not modified)
IEC 60947-5-8:2020 NOTE Approved as EN IEC 60947-5-8:2021 (not modified)
IEC 60947-7-1 NOTE Approved as EN 60947-7-1
IEC 60947-7-2 NOTE Approved as EN 60947-7-2
IEC 61000-6-7 NOTE Approved as EN 61000-6-7
IEC 61025:2006 NOTE Approved as EN 61025:2007 (not modified)
IEC 61496-1 NOTE Approved as EN IEC 61496-1
IEC 61508-1:2010 NOTE Approved as EN 61508-1:2010 (not modified)
IEC 61508-4:2010 NOTE Approved as EN 61508-4:2010 (not modified)
IEC 61508-5:2010 NOTE Approved as EN 61508-5:2010 (not modified)
IEC 61508-6:2010 NOTE Approved as EN 61508-6:2010 (not modified)
IEC 61508-7:2010 NOTE Approved as EN 61508-7:2010 (not modified)
IEC 61800-5-2:2016 NOTE Approved as EN 61800-5-2:2017 (not modified)
IEC 61511 (series) NOTE Approved as EN 61511 (series)
IEC 61649:2008 NOTE Approved as EN 61649:2008 (not modified)
ISO 11161:2007 NOTE Approved as EN ISO 11161:2007 (not modified)
ISO 13855:2010 NOTE Approved as EN ISO 13855:2010 (not modified)

Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
NOTE 1  Where an International Publication has been modified by common modifications, indicated by (mod), the
relevant EN/HD applies.
NOTE 2  Up-to-date information on the latest versions of the European Standards listed in this annex is available
here: www.cencenelec.eu.
Publication Year Title EN/HD Year
IEC 62061 2021 Safety of machinery - Functional safety of EN IEC 62061 2021
safety-related control systems
IEC/TR 63074 2019 Safety of machinery - Security aspects related - -
to functional safety of safety-related control
systems
ISO 12100 2010 Safety of machinery - General principles for EN ISO 12100 2010
design - Risk assessment and risk reduction
ISO 13849-1 2015 Safety of machinery - Safety-related parts of - -
control systems - Part 1: General principles for
design
ISO 13850 2015 Safety of machinery - Emergency stop function EN ISO 13850 2015
- Principles for design
ISO 13851 2019 Safety of machinery - Two-hand control devices EN ISO 13851 2019
- Principles for design and selection
ISO 14118 2017 Safety of machinery - Prevention of unexpected EN ISO 14118 2018
start-up
ISO 14119 2013 Safety of machinery - Interlocking devices EN ISO 14119 2013
associated with guards - Principles for design
and selection
IEC TS 63394 ®
Edition 1.0 2023-02
TECHNICAL
SPECIFICATION
colour
inside
Safety of machinery – Guidelines on functional safety of safety-related control

system
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 13.110; 29.020; 25.040.99 ISBN 978-2-8322-6533-8

– 2 – IEC TS 63394:2023 © IEC 2023
CONTENTS
FOREWORD . 9
INTRODUCTION . 11
1 Scope . 12
2 Normative references . 12
3 Terms and definitions . 13
3.1 Terms and definitions . 13
3.2 Alphabetical list of terms, definitions and abbreviated terms . 26
4 Typical classification of safety functions in safety of machinery . 28
4.1 General . 28
4.1.1 Overview . 28
4.1.2 Risk assessment and risk reduction according to ISO 12100 . 28
4.1.3 Risk reduction and interconnection to SCS and SRP/CS . 29
4.1.4 Basic assumptions for risk reduction in machinery . 29
4.2 Basic safety assumptions for the design and integration of the SCS or
SRP/CS . 29
4.3 Safety functions . 30
4.3.1 General . 30
4.3.2 Risk reduction process by safety functions . 30
4.3.3 Typical classification of safety functions . 31
4.4 Interrelation between ISO 12100 and IEC 62061 or ISO 13849-1 . 32
4.4.1 General . 32
4.4.2 Input information in accordance with IEC 62061 or ISO 13849-1 . 32
4.4.3 Output information from IEC 62061 or ISO 13849-1 . 33
4.5 Safety functions for protection of persons . 34
4.5.1 General . 34
4.5.2 Safety functions for protection of persons based on guards and
protective devices . 34
4.6 Other safety functions to prevent hazardous situations . 35
4.6.1 General . 35
4.6.2 Other safety functions . 35
4.7 Safety functions for protection of the integrity of the machine . 36
4.7.1 General . 36
4.7.2 Safety functions for the protection of integrity of the machine . 36
4.8 Safety functions and Type-C standards . 36
5 Demand mode of operation related to safety functions . 37
5.1 General . 37
5.2 High demand or continuous mode of operation . 37
5.2.1 General . 37
5.2.2 Approach of IEC 62061 and ISO 13849-1 . 38
5.2.3 Rarely activated safety functions . 38
5.3 Low demand mode of operation . 39
5.3.1 General . 39
5.3.2 Approach of IEC 62061 and ISO 13849-1 . 40
6 Design process of safety functions . 40
6.1 General . 40
6.2 Design procedure . 40
6.3 Evaluation of required safety integrity . 41

IEC TS 63394:2023 © IEC 2023 – 3 –
6.4 Decomposition of a safety function . 41
6.5 Subsystem design . 41
6.5.1 Architectural constraints . 41
6.5.2 Fault accumulation and undetected faults . 43
6.5.3 Evaluation of PFH . 43
6.6 Examples of safety functions. 45
7 Verification procedures for safety functions . 45
7.1 General . 45
7.2 Verification of the test interval of a safety function . 45
7.3 Verification procedures . 46
7.4 Initial verification . 46
7.5 Periodic verification . 47
7.5.1 General . 47
7.5.2 Frequency of periodic verification . 48
7.6 Verification reporting . 49
Annex A (informative) Risk assessment and risk reduction according to ISO 12100 . 50
A.1 General . 50
A.2 Risk assessment principles . 50
A.2.1 General . 50
A.2.2 Basic information to be available (as input to risk assessment) . 50
A.2.3 Risk analysis . 51
A.3 Risk reduction by means of safeguarding and complementary protective
measures . 55
A.3.1 General . 55
A.3.2 Inherently safe design measures . 56
A.3.3 Selection of safeguarding and complementary protective measures . 56
A.4 Other protective measures (procedure based) . 58
A.4.1 General . 58
A.4.2 Procedures for maintenance . 58
A.4.3 Organizational work procedures. 58
A.5 Guards and protective devices according to ISO 12100 . 59
A.5.1 General . 59
A.5.2 Interlocking guard with a start function, with manual reset function . 59
A.5.3 Protective device according to ISO 12100. 60
A.5.4 Manual local control device (and procedure) . 60
A.5.5 Manual parameter selection device (and procedure) . 61
A.5.6 Manual operating mode selection device (and procedure) . 61
A.5.7 Energy control device (and procedure) . 61
A.6 Matrix assignment approach . 61
A.6.1 Overview . 61
A.6.2 General . 62
A.6.3 Methodology of IEC 62061:2021, Annex A . 62
A.7 Risk graph approach . 63
A.7.1 General . 63
A.7.2 Methodology of ISO 13849-1:2015, Annex A with assigned SIL . 63
Annex B (informative) Methodology of SCS or SRP/CS design . 65
B.1 General . 65
B.2 Functional safety plan . 65
B.3 Safety requirements specification . 66

– 4 – IEC TS 63394:2023 © IEC 2023
B.3.1 General . 66
B.3.2 Functional requirements . 66
B.3.3 Safety integrity requirements . 66
B.4 Protection against unexpected start-up . 67
B.5 Decomposition of the safety function . 67
B.5.1 General . 67
B.5.2 Subsystem architecture based on top-down decomposition. 67
B.6 Design of the SCS by using subsystems . 67
B.7 Requirements for systematic safety integrity . 68
B.7.1 General . 68
B.7.2 SCS level . 68
B.7.3 Subsystem level . 70
B.8 Electromagnetic immunity . 71
B.9 Software-based manual parameterization . 71
B.10 Security aspects . 73
B.11 Aspects of testing . 73
B.12 Design and development of a subsystem . 74
B.12.1 General . 74
B.12.2 Subsystem architecture design . 74
B.12.3 Fault consideration and fault exclusion . 76
B.12.4 Architectural constraints of a subsystem . 76
B.12.5 Subsystem design architectures . 78
B.12.6 PFH value of subsystems . 78
B.13 Validation . 78
B.14 Documentation . 80
Annex C (informative) Examples of MTTF values for single components . 83
D
Annex D (informative) Examples for diagnostic coverage (DC) . 84
D.1 General . 84
D.2 Influence of cabling, wiring and interconnections . 85
D.2.1 General . 85
D.2.2 "Serial wiring" . 85
D.3 Use of manufacturing process information . 86
D.3.1 General . 86
D.3.2 Use of expected timing or awaiting of signal status . 86
D.4 Typical DC measures . 86
Annex E (informative) Measures for the achievement of functional safety with regards
to electromagnetic phenomena . 88
E.1 General . 88
E.2 Measures . 88
E.2.1 General . 88
E.2.2 Recommendation for electrical/electronic items of equipment (devices

or apparatus) . 88
E.2.3 Recommendation for the integration of an SCS or SRP/CS into the
electrical equipment of the machine . 89
Annex F (informative) Guidelines for software . 90
F.1 General . 90
F.2 Documentation . 90
F.3 Activities . 92
Annex G (informative) Examples of safety functions. 97

IEC TS 63394:2023 © IEC 2023 – 5 –
G.1 General . 97
G.2 Safety functions . 97
G.2.1 Basic information . 97
G.2.2 Detailed description of safety requirements . 98
G.2.3 Example of interlocking guard . 99
Annex H (informative) Evaluation of PFH value of a subsystem . 101
H.1 General . 101
H.2 Table allocation approach (IEC 62061) . 101
H.3 Simplified formulas for the estimation of PFH value (IEC 62061) . 101
H.4 Approaches of IEC 61508, IEC 62061 and ISO 13849-1 . 101
H.4.1 General . 101
H.4.2 Approach of IEC 61508 . 102
H.4.3 Approach of IEC 62061 . 103
H.4.4 Approach of ISO 13849-1:2015, Annex K . 103
H.5 Basic considerations regarding exponential and Weibull distributions . 107
H.5.1 Exponential distribution . 107
H.5.2 Weibull distribution . 107
H.6 T and B . 109
10 10
H.6.1 General . 109
H.6.2 T with exponential distribution . 109
H.6.3 T with Weibull distribution . 110
H.7 Overview of PFH formulas . 112
H.7.1 Definitions . 112
H.7.2 Formulas . 112
H.7.3 Examples. 114
H.8 Methodology for the estimation of CCF . 116
H.9 Basic subsystem architecture A (1oo1) . 117
H.9.1 General . 117
H.9.2 PFH . 118
H.9.3 Simplified Weibull approach . 118
H.10 Basic subsystem architecture C (1oo1D) . 119
H.10.1 General . 119
H.10.2 Fault reaction performed by another subsystem . 119
H.10.3 Fault reaction to be considered in the subsystem. 120
H.10.4 PFH . 122
H.10.5 Influence of CCF. 122
H.11 Basic subsystem architecture B (1oo2) . 123
H.11.1 General . 123
H.11.2 PFH . 124
H.11.3 Influence of CCF. 124
H.12 Basic subsystem architecture D (1oo2D) . 124
H.12.1 General . 124
H.12.2 PFH evaluation of Term A . 126
H.12.3 PFH evaluation of Term B . 126
H.12.4 PFH evaluation of Term C and Term D . 126
H.12.5 PFH . 127
H.12.6 Influence of CCF. 127

– 6 – IEC TS 63394:2023 © IEC 2023
H.13 Basic subsystem architecture D (1oo2D) with two periods of time
consideration . 127
H.13.1 General . 127
H.13.2 PFH evaluation of Term A . 128
H.13.3 PFH evaluation of Term B . 128
H.13.4 PFH evaluation of Term C and Term D . 128
H.13.5 PFH . 129
H.13.6 Influence of CCF. 129
Annex I (informative) Commented examples of current regulations . 130
I.1 General . 130
I.2 European Union . 130
I.2.1 General European legislation . 130
I.2.2 New proposed machinery regulation (under preparation) . 130
I.2.3 Relevant legislation . 131
I.2.4 Duties of the manufacturer of the machine . 131
I.3 North America – USA . 132
I.4 North America – Canada . 132
I.5 South America – Brazil . 132
I.6 China . 133
I.7 Japan. 133
Annex J (informative) Combination of modes of operation . 134
J.1 General . 134
J.2 Basic approaches with different modes of operation . 134
J.2.1 General . 134
J.2.2 Risk reduction measures on low demand mode of operation . 135
J.3 Use of subsystems in different modes of operation . 136
J.3.1 General . 136
J.3.2 Example with different modes of operation. 136
J.3.3 Subsystem(s) used for different modes of operation . 138
Bibliography . 141

Figure 1 – Integration within the risk reduction process of ISO 12100 . 29
Figure 2 – Decomposition of an SCS or SRP/CS . 30
Figure 3 – Risk reduction process by safety functions . 31
Figure 4 – High demand mode of operation . 38
Figure 5 – Process for determining high demand mode of operation . 39
Figure 6 – Low demand mode of operation . 40
Figure A.1 – SIL assignment approach . 63
Figure A.2 – Risk graph approach of ISO 13849-1:2015, Figure A.1 with assigned SIL . 64
Figure B.1 – Example of decomposition of a safety function . 68
Figure B.2 – Possible effects of security risk(s) to a SCS
(IEC TR 63074:2019, Figure 2) . 73
Figure B.3 – Rarely activated safety functions and mode of operation of subsystems . 76
Figure H.1 – Cumulative distribution functions (CDF) . 111
Figure H.2 – Common cause failure . 117
Figure H.3 – Basic subsystem architecture A (1oo1) reliability block diagram . 117
Figure H.4 – Unavailability function of basic subsystem architecture A (1oo1) . 117

IEC TS 63394:2023 © IEC 2023 – 7 –
Figure H.5 – 1oo1 reliability block diagram, simplified Weibull approach . 118
Figure H.6 – Basic subsystem architecture C (1oo1D) logical view with safe state
initiation using another subsystem . 119
Figure H.7 – Basic subsystem architecture C (1oo1D) reliability block diagram with
safe state initiation using another subsystem . 119
Figure H.8 – Unavailability functions of basic subsystem architecture C (1oo1D) . 120
Figure H.9 – Basic subsystem architecture C (1oo1D) logical view with fault reaction . 120
Figure H.10 – Basic subsystem architecture C (1oo1D) reliability block diagram with
fault reaction . 121
Figure H.11 – Unavailability functions of basic subsystem architecture C (1oo1D) . 121
Figure H.12 – Basic subsystem architecture B (1oo2) reliability block diagram . 123
Figure H.13 – Unavailability functions of basic subsystem architecture B (1oo2) . 123
Figure H.14 – Basic subsystem architecture D (1oo2D) reliability block diagram . 125
Figure H.15 – Unavailability functions of basic subsystem architecture D (1oo2D) . 125
Figure J.1 – Basic approach in high demand or continuous mode of operation based on
IEC 61508 (and IEC 62061) . 134
Figure J.2 – Basic approach in low demand mode of operation based on IEC 61508

(and IEC 61511) . 135
Figure J.3 – Functional view . 137
Figure J.4 – Logical view . 137
Figure J.5 – Decomposition view. 138
Figure J.6 – Quantitative SIL evaluation using the approach of ratio of probability of
failures of each subsystem. 139
Figure J.7 – Example of quantitative SIL evaluation using the approach of ratio of
probability of failures of each subsystem . 140

Table 1 – Terms used in this document . 26
Table 2 – Input information for the safety requirements specification (SRS) . 33
Table 3 – Output information from SCS or SRP/CS design on overall risk assessment . 33
Table 4 – Safety functions for protection of persons . 34
Table 5 – Other safety functions . 35
Table 6 – Safety functions for the protection of integrity of the machine . 36
Table 7 – Architectural constraints for high demand mode of operation . 42
Table A.1 – Basic information for risk assessment according to ISO 12100 . 51
Table A.2 – Determination of limits of machinery according to ISO 12100 . 52
Table A.3 – Principles of hazard identification according to ISO 12100 . 53
Table A.4 – Risk estimation according to ISO 12100 . 54
Table A.5 – Additional considered aspects during risk estimation according to
ISO 12100 . 54
Table A.6 – Guards according to ISO 12100 . 59
Table A.7 – Examples of protective devices according to ISO 12100 . 60
Table B.1 – Overview functional safety plan . 65
Table B.2 – Overview of basic functional requirements . 66
Table B.3 – SIL and limits of PFH values . 67
Table B.4 – Avoidance of systematic failures (SCS or SRP/CS level) . 69
Table B.5 – Control of systematic failures (SCS or SRP/CS level). 69

– 8 – IEC TS 63394:2023 © IEC 2023
Table B.6 – Avoidance of systematic failures (subsystem level) . 70
Table B.7 – Control of systematic failures (subsystem level) . 71
Table B.8 – Software-based manual parameterization . 72
Table B.9 – Cause and effects of rarely activated safety functions . 76
Table B.10 – Architectural constraints and basic requirements on a subsystem . 77
Table B.11 – Overview of validation process with required information . 79
Table B.12 – Technical documentation based on the design process (Table 9 of
IEC 62061:2021, modified) . 81
Table B.13 – Overview of documentation . 82
Table C.1 – MTTF or B values for components (derived from ISO 13849-1:2015) . 83
D 10D
Table C.2 – Relationship of λ , MTTF and B . 83
D D 10D
Table D.1 – Measures to prevent of short circuit . 85
Table D.2 – DC values and recommended measures . 87
Table E.1 – Non-exhaustive list of recommendations regarding EMI measures for
integration of devices or equipment into the electrical equipment of the machine . 89
Table F.1 – Documents for SW level 1 and SW level 2 . 90
Table F.2 – Coding guidelines. 91
Table F.3 – Overview of protocols . 92
Table F.4 – SW level 1 – Overview of basic activities . 93
Table F.5 – SW level 2 – Overview of basic activities (1/2) . 94
Table F.5 – SW level 2 – Overview of basic activities (1/2) (continued) . 95
Table F.6 – SW level 2 – Overview of basic activities (2/2) . 96
Table G.1 – Examples of safety functions and associated safety-related devices . 97
Table G.2 – Basic information related to the safety requirements specification . 98
Table G.3 – Example of safety-related parameters for a safety function with required
SIL 1 . 100
Table G.4 – Example of safety-related parameters for a safety function with required
SIL 3 . 100
Table H.1 – Formulas for basic subsystem architecture A (1oo1) . 112
Table H.2 – Formulas for basic subsystem architecture C (1oo1D) . 113
Table H.3 – Formulas for basic subsystem architecture B (1oo2) . 113
Table H.4 – Formulas for basic subsystem architecture D (1oo2D) . 114
Table H.5 – Examples of PFH values based on B . 115
10D
Table H.6 – Examples of PFH values based on T and B . 116
10D 10D
Table J.1 – PFD and PFH for respective target SIL . 140
avg max max
IEC TS 63394:2023 © IEC 2023 – 9 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
SAFETY OF MACHINERY – GUIDELINES ON FUNCTIONAL
SAFETY OF SAFETY-RELATED CONTROL SYSTEMS

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

Die Norm SIST-TS CLC IEC/TS 63394:2024 stellt eine wichtige Richtlinie zur funktionalen Sicherheit von sicherheitsrelevanten Steuerungssystemen (SCS) und sicherheitsrelevanten Teilen von Steuerungssystemen (SRP/CS) im Bereich der Maschinensicherheit dar. Sie ergänzt die bestehenden Anforderungen der Normen IEC 62061 und ISO 13849-1 und bietet zusätzliche Leitlinien, die für die praktische Anwendung von großem Wert sind. Ein zentrales Merkmal dieses Dokuments ist der umfassende Rahmen, den es für die Entwicklung und Integration sicherheitsrelevanter Steuerungssysteme bietet. Es legt besonderen Wert auf sicherheitsrelevante Funktionen, die oft im Hochbedarf-Betriebsmodus entworfen, jedoch selten aktiviert werden. Diese Berücksichtigung der „selten aktivierten Sicherheitsfunktionen“ ist ein bedeutender Vorteil, da sie häufig vernachlässigt wird und in vielen industriellen Anwendungen kritisch sein kann. Die Norm erhebt auch den Anspruch, zusätzliche Informationen zur Berechnung von Ausfallraten zu bieten. Dies ist besonders relevant für nicht-elektronische Technologien, bei denen die üblichen Formeln auf einer exponentiellen Verteilung basieren. Die Anwendung der Weibull-Verteilung zur Bewertung von Ausfallraten ist eine willkommene Erweiterung, die den Anwendern in der Maschinenindustrie hilft, präzisere Daten für ihre sicherheitsrelevanten Anlagen zu erhalten. Darüber hinaus berücksichtigt die Norm alle Lebenszyklusphasen einer Maschine in Bezug auf die funktionale Sicherheit. Dies stellt sicher, dass die Richtlinien von der Planung über die Entwicklung bis hin zum Betrieb und zur Wartung der Maschinen durchgängig relevant sind. Der Benutzer wird umfassend aufgeklärt, einschließlich wichtiger Informationen wie der nützlichen Lebensdauer von Komponenten und Wartungsanweisungen. Ein weiterer erheblicher Vorteil liegt in der typischen Klassifizierung von Sicherheitsfunktionen sowie der Berücksichtigung typischer Architekturen für deren Design und den Betriebsmodi. Die Ableitung und Bewertung der PFH-Formeln für Teilsysteme in Abhängigkeit von der verwendeten Technologie ist ein praktischer Ansatz, der den Anwendern hilft, die geforderten Sicherheitslevel zu erreichen. Zusammenfassend lässt sich sagen, dass die SIST-TS CLC IEC/TS 63394:2024 herausragende Stärken aufweist, die sie zu einer relevanten Ressource für Hersteller von Maschinen machen, die an der Entwicklung und Umsetzung sicherheitsrelevanter Steuerungssysteme arbeiten. Die Norm fördert nicht nur die Sicherheit im Maschinenbetrieb, sondern unterstützt auch die Umsetzung von regulatorischen Anforderungen auf einem praktikablen Niveau.

Le document SIST-TS CLC IEC/TS 63394:2024 fournit un cadre essentiel pour la sécurité des machines, en particulier en ce qui concerne la sécurité fonctionnelle des systèmes de contrôle liés à la sécurité (SCS). Son champ d'application est pertinent et se positionne comme un complément utile aux normes telles que IEC 62061 et ISO 13849-1, en offrant une guidance supplémentaire pour l'application de ces standards bien établis. Parmi les forces majeures de ce document, on note sa capacité à proposer des lignes directrices et à spécifier des exigences additionnelles pour des fonctions de sécurité spécifiques. En se basant sur la méthodologie d'ISO 12100, le document respecte les conditions typiques des machines, ce qui le rend applicable dans divers contextes industriels. Cette adaptation aux conditions réelles d'utilisation des machines est un atout de taille, car elle contribue à l'amélioration de la sécurité opérationnelle. Une autre force notable de SIST-TS CLC IEC/TS 63394:2024 est son approche des fonctions de sécurité conçues pour des modes de fonctionnement à forte demande, bien que rarement activées. En abordant ces fonctions de sécurité rarement activées de manière détaillée, le document répond à un besoin souvent négligé dans d'autres normes, en garantissant que même les fonctions de sécurité moins fréquentes sont adéquatement prises en compte dans le processus de conception. De plus, le document fournit des informations précieuses pour le calcul des taux de défaillance en utilisant d'autres technologies que l'électronique, comme la distribution de Weibull. Cela permet de diversifier les approches et de s'adapter aux différents types de technologies utilisées dans la conception de machines, élargissant ainsi la portée de la norme et facilitant l'application pour les fabricants. En outre, le cadre proposé par ce texte inclut une classification typique des fonctions de sécurité et prend en compte les architectures de conception courantes ainsi que les modes de fonctionnement des fonctions de sécurité. Ce niveau de détail permet aux concepteurs de mieux comprendre et évaluer les systèmes en fonction des exigences spécifiques de leur environnement de travail. Cependant, il est important de noter que cette norme ne couvre pas le mode de fonctionnement à faible demande et ne prend pas en compte les analyses de couches de protection (LOPA) ou les systèmes de contrôle de processus de base (BPCS) selon l’IEC 61511. Cela peut limiter son application dans certains contextes où ces éléments sont cruciaux pour l'évaluation des risques. En somme, le document SIST-TS CLC IEC/TS 63394:2024 se distingue par sa pertinence et sa capacité à enrichir les connaissances sur la sécurité fonctionnelle des SCS en fournissant des directives pratiques et adaptées aux besoins des fabricants de machines.

The SIST-TS CLC IEC/TS 63394:2024 standard provides essential guidelines on the functional safety of safety-related control systems (SCS) within the broader context of machinery safety. Its scope is notably aligned with existing standards such as ISO 13849-1 and IEC 62061, offering supplementary guidance rather than replacing these vital documents. This establishes a clear framework for manufacturers tasked with the design, development, and integration of safety-related parts of control systems (SRP/CS) across various technologies including mechanical, pneumatic, hydraulic, and electrical systems. One of the primary strengths of this standard is its comprehensive approach to high demand mode and rarely activated safety functions. While existing standards comprehensively cover high demand, this document delves deeper into other critical safety functions that protect the machinery itself and indirectly safeguard operatives. By including guidelines around the lifecycle phases of machines in relation to functional safety, the document underscores the importance of ongoing safety considerations beyond initial installation. The standard also enhances the methodology offered by ISO 12100, introducing additional requirements for specific safety functions and presenting calculated measures tailored for various operational contexts. This is particularly valuable as it embraces a broader spectrum of technologies for failure rate calculations, employing alternative distributions like Weibull, which can provide more nuanced insights into risk management compared to the conventional exponential distributions specified in existing accords. Furthermore, by addressing typical architectures used in safety function design and providing a classification of safety functions, the standard facilitates a more structured approach to compliance and safety assurance. This contributes significantly to operational safety and risk reduction strategies, fostering an environment where machinery can be reliably operated with lower risk profiles. In terms of relevance, the document serves as an invaluable resource for machinery manufacturers, guiding them through necessary safety considerations that are critical in today's risk-conscious operational landscapes. Its utility for applying ISO 13849-1 in the SRP/CS design process amplifies its significance, making it an essential companion standard. Overall, the SIST-TS CLC IEC/TS 63394:2024 stands out for its rigorous examination of functional safety, its accommodating nature towards multiple safety technologies, and the clarity it provides for industry stakeholders in enhancing safety-related control systems.

SIST-TS CLC IEC/TS 63394:2024は、機械の安全性における安全関連制御システムの機能安全に関するガイドラインを示した標準です。この標準は、IEC 62061およびISO 13849-1の要求事項を補完し、製造業者に対して安全関連制御システム(SCS)や安全関連部分制御システム(SRP/CS)の設計、開発、統合に関する追加の指針を提供します。そのため、機械の安全性を確保するために非常に重要な文書です。 この標準の強みの一つは、安全機能のための特定の追加要件を具体的に定義し、ISO 12100の方法論に基づいて明示的な指導を行っている点です。また、「高需要モード」で設計されたが稀に稼働する安全機能に特有の考慮を行っており、これにより高需要に関連する安全機能の理解が深まります。特に、IEC 62061:2021が高需要を完全にカバーしている一方で、機械自身の保護や間接的に人々を守るための他の安全機能に関しても詳細に扱っているのが特徴です。 さらに、SIST-TS CLC IEC/TS 63394:2024は、非電子技術に基づく故障率の計算に関する追加情報を提供し、これによりウィーブル分布に基づく新たな評価方法が導入されています。このアプローチは、DCSやSRP/CSの設計プロセスにおけるISO 13849-1の適用にも有用であり、ユーザーが抱える安全性に関する疑問を解決する手助けをします。 全てのライフサイクルフェーズにおいて機能安全の観点から考慮されている点も重要で、機械のユーザーが安全に機械を操作するために必要な情報を提供しています。この標準は、操作時の部品の有用寿命、メンテナンス情報、必要に応じて安全機能の試験についても言及されています。 このように、SIST-TS CLC IEC/TS 63394:2024は、機械の安全性に関する包括的で実用的な指針を提供するものであり、安全関連制御システムの設計・実装における重要なリファレンスとなっています。

SIST-TS CLC IEC/TS 63394:2024 표준은 기계의 안전성에 대한 필수 가이드라인을 제공하고, 안전 관련 제어 시스템(SCS) 및 안전 관련 제어 시스템의 일부(SRP/CS)의 설계 및 개발을 돕는 중요한 문서입니다. 이 표준은 ISO 13849-1 및 IEC 62061의 요구 사항을 보완하는 추가 지침을 제공하며, 기계의 안전 기능 설계에 있어 필수적인 역할을 합니다. 이 문서의 강점은 안전 기능에 대한 구체적인 추가 요구 사항을 제시하고, ISO 12100의 방법론에 따라 기계의 전형적인 경계 조건을 고려한 지침을 제공한다는 점입니다. 특히, 높은 요구 수준의 작동 모드에서 설계된 안전 기능이 드물게 작동되는 경우에 대한 고려가 포함되어 있어, 이러한 드물게 활성화되는 안전 기능에 대한 깊이 있는 분석이 가능합니다. 또한, 실패율 계산을 위한 추가 정보도 제공되어, 비전자적 기술을 기반으로 한 Weibull 분포와 같은 다양한 접근 방식을 사용할 수 있게 해줍니다. 표준의 범위는 기계의 기능적 안전성에 대한 모든 라이프사이클 단계를 포괄하며, 기계 사용자에게 안전한 작동을 위해 제조업체로부터 필요한 정보를 얻을 수 있도록 하는 데 중점을 두고 있습니다. 이러한 정보에는 구성 요소의 유용한 수명, 유지보수 정보 및 필요 시 안전 기능 테스트에 대한 내용이 포함됩니다. SIST-TS CLC IEC/TS 63394:2024 표준은 기능적 안전성을 위한 구조적인 접근 방식을 통해 안전 시스템의 설계 및 평가를 위한 틀을 제공합니다. 이는 기계 제조업체와 사용자가 신뢰할 수 있는 안전 관련 제어 시스템을 구축하는 데 큰 도움이 됩니다. 따라서 이 문서는 기계의 안전성을 높이는 데 있어 매우 중요한 자료로, 해당 분야의 전문가들에게 필수적으로 참고해야 할 기준이 됩니다.