SIST EN ISO 19014-1:2018

SLOVENSKI STANDARD
01-november-2018
Stroji za zemeljska dela - Funkcijska varnost - 1. del: Metodologija ugotavljanja
delov krmilnega sistema, ki so povezani z varnostjo in zahtevanimi lastnostmi (ISO
19014-1:2018, popravljena različica 2019-02)
Earth-moving machinery - Functional safety - Part 1: Methodology to determine safety-
related parts of the control system and performance requirements (ISO 19014-1:2018,
Corrected version 2019-02)
Erdbaumaschinen - Funktionale Sicherheit - Teil 1: Methodik zur Bestimmung
sicherheitsbezogener Teile der Steuerung und deren Leistungsanforderungen (ISO
19014-1:2018, korrigierte Fassung 2017-02))
Engins de terrassement - Sécurité fonctionnelle - Partie 1: Méthodologie pour la
détermination des parties relatives à la sécurité des systèmes de commande et les
exigences de performance (ISO 19014-1:2018, Version corrigée 2019-02)
Ta slovenski standard je istoveten z: EN ISO 19014-1:2018
ICS:
53.100 Stroji za zemeljska dela Earth-moving machinery
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN ISO 19014-1
EUROPEAN STANDARD
NORME EUROPÉENNE
August 2018
EUROPÄISCHE NORM
ICS 53.100
English Version
Earth-moving machinery - Functional safety - Part 1:
Methodology to determine safety-related parts of the
control system and performance requirements (ISO
19014-1:2018, Corrected version 2019-02)
Engins de terrassement - Sécurité fonctionnelle - Partie Erdbaumaschinen - Funktionale Sicherheit - Teil 1:
1: Méthodologie pour la détermination des parties Methodik zur Bestimmung sicherheitsbezogener Teile
relatives à la sécurité des systèmes de commande et les der Steuerung und deren Leistungsanforderungen (ISO
exigences de performance (ISO 19014-1:2018, Version 19014-1:2018)
corrigée 2019-02)
This European Standard was approved by CEN on 23 May 2018.

This European Standard was corrected and reissued by the CEN-CENELEC Management Centre on 06 February 2019.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATIO N

EUROPÄISCHES KOMITEE FÜR NORMUN G

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2018 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 19014-1:2018 E
worldwide for CEN national Members.

Contents Page
European foreword . 3

European foreword
This document (EN ISO 19014-1:2018) has been prepared by Technical Committee ISO/TC 127 "Earth-
moving machinery" in collaboration with Technical Committee CEN/TC 151 “Construction equipment
and building material machines - Safety” the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by February 2019, and conflicting national standards
shall be withdrawn at the latest by February 2019.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
Endorsement notice
The text of ISO 19014-1:2018, Corrected version 2019-02 has been approved by CEN as EN ISO 19014-
1:2018 without any modification.

INTERNATIONAL ISO
STANDARD 19014-1
First edition
2018-06
Corrected version
2019-02
Earth-moving machinery —
Functional safety —
Part 1:
Methodology to determine safety-
related parts of the control system and
performance requirements
Engins de terrassement — Sécurité fonctionnelle —
Partie 1: Méthodologie pour la détermination des parties relatives à
la sécurité des systèmes de commande et les exigences de performance
Reference number
ISO 19014-1:2018(E)
©
ISO 2018
ISO 19014-1:2018(E)
© ISO 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2018 – All rights reserved

ISO 19014-1:2018(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Method to determine MPLr for SRP/CS of earth moving machinery .5
4.1 General . 5
4.2 Machine Control System Safety Analysis (MCSSA) method . 5
5 Requirements for immediate action warning indicators. 6
5.1 General . 6
6 Performance level determination procedures . 6
6.1 General . 6
6.2 Participants in the risk assessment . 6
6.3 Assessment and classification of a potential harm . 6
6.4 Assessment of exposure in the situation observed . 7
6.5 Assessment of a possibility to avoid harm . 7
6.6 Determining the required MPL . 9
Annex A (informative) Process flow chart for machinery risk assessment .11
Annex B (informative) Table of warning/operation indicators .13
Annex C (informative) Example of MCSSA Process .14
Annex D (informative) List of possible safety control systems (SCS) of earth moving machines .18
Bibliography .20
ISO 19014-1:2018(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso
.org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 127, Earth-moving machinery,
Subcommittee SC 2, Safety, ergonomics and general requirements.
This first edition of ISO 19014-1, together with ISO 19014-2, ISO 19014-3, ISO 19014-4 and ISO/
TS 19014-5, cancels and replaces ISO 15998 and ISO/TS 15998-2, which have been technically revised.
The main changes compared to the previous documents are as follows:
— method for determination of performance levels and machine control system safety analysis,
— additional requirements for mobile machines,
— environmental test requirements for components of safety controls systems, and
— requirements for software validation and verification of machine performance levels.
This corrected version of ISO 19014-1:2018 incorporates the following corrections:
— in 4.2 c) 2), 4.2 d) 1), 6.1 and Annex C, the cross-references to the steps defined in 4.2 have been
corrected.
A list of all parts in the ISO 19014-series can be found on the ISO website. At the time of publication of
this document, Part 2, Design and evaluation of safety-related machine control systems, Part 4, Design and
evaluation of software and transmission for safety related parts of the control system, and Part 5, Tables of
performance levels, are under development.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO 2018 – All rights reserved

ISO 19014-1:2018(E)
Introduction
This document addresses systems of all energy types used for functional safety in earth-moving
machinery.
The structure of safety standards in the field of machinery is as follows.
Type-A standards (basis standards) give basic concepts, principles for design and general aspects that
can be applied to machinery.
Type-B standards (generic safety standards) deal with one or more safety aspects, or one or more types
of safeguards that can be used across a wide range of machinery:
— type-B1 standards on particular safety aspects (e.g. safety distances, surface temperature, noise);
— type-B2 standards on safeguards (e.g. two-hands controls, interlocking devices, pressure sensitive
devices, guards).
Type-C standards (machinery safety standards) deal with detailed safety requirements for a particular
machine or group of machines.
This document is a type C standard as stated in ISO 12100.
This document is of relevance, in particular, for the following stakeholder groups representing the
market players with regard to machinery safety:
— machine manufacturers (small, medium and large enterprises);
— health and safety bodies (regulators, accident prevention organisations, market surveillance etc.).
Others can be affected by the level of machinery safety achieved with the means of the document by the
above-mentioned stakeholder groups:
— machine users/employers (small, medium and large enterprises);
— machine users/employees (e.g. trade unions, organizations for people with special needs);
— service providers, e. g. for maintenance (small, medium and large enterprises);
The above-mentioned stakeholder groups have been given the possibility to participate at the drafting
process of this document.
The machinery concerned and the extent to which hazards, hazardous situations or hazardous events
are covered are indicated in the Scope of this document.
When requirements of this type-C standard are different from those which are stated in type-A or
type-B standards, the requirements of this type-C standard take precedence over the requirements of
the other standards for machines that have been designed and built according to the requirements of
this type-C standard.
INTERNATIONAL STANDARD ISO 19014-1:2018(E)
Earth-moving machinery — Functional safety —
Part 1:
Methodology to determine safety-related parts of the
control system and performance requirements
1 Scope
This document provides a methodology for the determination of performance levels required for earth
moving machinery (EMM) as defined in ISO 6165.
A Machine Control System Safety Analysis (MCSSA) determines the amount of risk reduction of hazards
associated with control systems, required for Safety Control Systems (SCS). This reduction is quantified
by the Machine Performance Level (MPL), the hazards are identified using the risk assessment principles
as defined in ISO 12100 or by other means.
NOTE 1 Step 2 as shown in Annex A demonstrates the relationship between ISO 12100 and ISO 19014 as a
complementary protective measure.
NOTE 2 ISO 19014 can also be used to assess the functional safety requirements of other off-road mobile
machinery.
For those controls determined to be safety-related, the characteristics for architecture, hardware,
software environmental requirements and performance are covered by other parts in ISO 19014.
ISO 19014 covers the hazards caused by the failure of a safety control system and excludes hazards
arising from the equipment itself (for example, electric shock, fire, etc.).
Other controls that are not safety control systems (SCS), that do not mitigate a hazard or perform a
control function and where the operator would be aware of a failure, are excluded from this standard
(e.g. windscreen wipers, head lights, cab light, etc.).
NOTE 3 A list of safety control systems is included in Annex D.
NOTE 4 Audible warnings are excluded from the requirements of diagnostic coverage.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 6165, Earth-moving machinery — Basic types — Identification and terms and definitions
ISO 12100:2010, Safety of machinery — General principles for design — Risk assessment and risk reduction
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 6165 and ISO 12100 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http: //www .electropedia .org/
ISO 19014-1:2018(E)
— ISO Online browsing platform: available at http: //www .iso .org/obp
3.1
Machine Performance Level
MPL
discrete level to specify the ability of safety-related parts of control systems (3.3.2) to perform a safety
function under reasonably foreseeable conditions
Note 1 to entry: The term MPL is used to describe the performance level required from a safety-related part of
a control system. The ‘M’ refers to machine and denotes Earth Moving Machinery covered by the scope of this
document and is used to differentiate from other functional safety standards (e.g. PL, AgPL, ASIL, etc.).
3.1.1
Machine Performance Level required
MPL
r
discrete level required as determined by processes in this document
3.1.2
Machine Performance Level achieved
MPL
a
discrete level achieved by the safety control systems (3.3.1) hardware, architecture and software
Note 1 to entry: Process for determination of MPLa will be covered in ISO 19014-2 and ISO 19014-4, under
development.
3.2
functional safety
part of the overall safety relating to the equipment under control and its control system that depends
on the correct functioning of the safety control system (SCS) (3.3.1) and other risk reduction measures
[SOURCE: IEC 61508-4:2010, 3.1.12, modified]
3.3
machine control system
MCS
system which responds to input signals from parts of machine elements, operators (3.4.1), external
control equipment or any combination of these and generates output signals causing the machine to
behave in the intended manner
[SOURCE: ISO 13849-1:2015, 3.1.32]
3.3.1
safety control system
SCS
sub-system or system used by a MCS (3.3) to achieve functional safety (3.2) by affecting machine
behaviour or mitigating a hazard
Note 1 to entry: A system which can fail in a way that creates a hazard is considered a SCS.
Note 2 to entry: For example, SCS for propulsion may include throttle, gear shift, start/stop, etc.
3.3.2
safety-related part of the control system
SRP/CS
part of a SCS (3.3.1) that responds to safety-related input signals and generates safety-related
output signals
Note 1 to entry: The combined safety-related parts of a control system start at the point where the safety-related
input signals are initiated (including, for example, the actuating cam and the roller of the position switch) and
end at the output of the power control elements (including, for example, the main contacts of a contactor).
Note 2 to entry: If monitoring systems are used for diagnostic coverage, they are also considered as SRP/CS.
2 © ISO 2018 – All rights reserved

ISO 19014-1:2018(E)
Note 3 to entry: SRP/CS is a part or component within the specific MCS.
[SOURCE: ISO 13849-1:2015, 3.1.1, modified - Note 3 to entry has been added.]
3.4
person group
groups of people analyzed in the MCSSA (3.14)
3.4.1
operator
person operating the EMM and aware of associated risks or hazards
3.4.2
co-worker
person working in the vicinity of a machine and aware of associated hazards
3.4.3
bystander
person including non-employee, child, or member of the public with little or no awareness of machine
hazards and no training
3.4.4
maintainer
person whose function is to perform maintenance tasks on the machine
Note 1 to entry: A maintainer is trained and familiar with the machine.
3.5
controllability
ability to avoid harm to the person group (3.4) at risk through the timely reactions of the operator
(3.4.1), possibly with the support of alternative controls
3.6
exposure
percentage of time a person group (3.4) is exposed to the hazard
Note 1 to entry: The exposure is the product of the following dependent probabilities: application use case (3.11),
hazard time (3.12), and person group exposure (3.15).
3.7
severity
estimate of the extent of harm to one or more individuals that can occur in a potentially hazardous
situation
[SOURCE: ISO 26262-1:2011, 1.120]
3.8
operation indicator
means by which the state of the equipment or machinery is represented to an observer
...