Tractors and machinery for agriculture and forestry - Safety-related parts of control systems - Part 1: General principles for design and development (ISO 25119-1:2010 modified)

This part of FprEN 16590 sets out general principles for the design and development of safety-related parts of control systems (SRP/CS) on tractors used in agriculture and forestry and on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture. It can also be applied to municipal equipment (e.g. street sweeping machines). It specifies the characteristics and categories required of SRP/CS for carrying out their safety functions.
This part of FprEN 16590 is applicable to the safety-related parts of electrical/electronic/programmable electronic systems (E/E/PES), as these relate to mechatronic systems. It does not specify which safety functions, categories or performance levels are to be used for particular machines.
Machine specific standards (type-C standards) can identify performance levels and/or categories or they should be determined by the manufacturer of the machine based on risk assessment.
It is not applicable to non-E/E/PES systems (e.g. hydraulic, mechanic or pneumatic).
NOTE See also EN ISO 12100 for design principles related to the safety of machinery.

Sicherheit von Land- und Forstmaschinen - Sicherheitsbezogene Teile von Steuerungen - Teil 1: Allgemeine Gestaltungs- und Entwicklungsleitsätze (ISO 25119-1:2010 modifiziert)

Dieser Teil der FprEN EN 16590 stellt allgemeine Grundlagen und Leitsätze heraus für die Gestaltung und Entwicklung sicherheitsbezogener Teile von Steuerungen (SRP/CS) in land- und forstwirtschaftlichen Traktoren, selbstfahrenden Aufsitzmaschinen sowie Anbau-, Aufsattel- und Anhängemaschinen für landwirtschaftliche Geräte. Sie kann auch auf kommunale Geräte (z.B.z. B. Straßenkehrmaschinen) angewandt werden. Sie beschreibt Merkmale und Kategorien, die zur Ausführung sicherheitsrelevanter Funktionen durch SRP/CS Systeme erforderlich sind.
Dieser Teil der FprEN EN 16590 gilt für sicherheitsbezogene Teile elektrischer/elektronischer/programmierbarer elektronischer Systeme (E/E/PES) als Teil mechatronischer Systeme. Sie schreibt jedoch nicht vor, welche
Sicherheitsfunktionen, Kategorien oder Performance Levels für bestimmte Maschinen anzuwenden sind.
ANMERKUNG 1   Maschinensicherheitsnormen (Typ C-Normen) können entweder Performance Levels und/oder Kategorien selbständig identifizieren oder sie sollten durch den Maschinenhersteller auf Basis einer Risikobeurteilung festgelegt werden.
Sie ist nicht anzuwenden auf nicht-E/E/PES Systeme (z.B.z. B. hydraulische, mechanische und pneumatische).
ANMERKUNG   ANMERKUNG 2   Siehe auch EN EN ISO ISO 12100 zur Sicherheit von Maschinen –  — Grundbegriffe, allgemeine Gestaltungsleitsätze.

Tracteurs et matériels agricoles et forestiers - Parties des systèmes de commande relatives à la sécurité - Partie 1: Principes généraux pour la conception et le développement (ISO 25119-1:2010 modifiée)

La présente partie du FprEN 16590 établit des principes généraux pour la conception et le développement des parties relatives à la sécurité des systèmes de commande (SRP/CS) utilisées sur les tracteurs agricoles et forestiers, sur les machines automotrices à conducteur porté et sur les machines portées, semi-portées et remorquées utilisées en agriculture. Elle peut être également applicable aux équipements municipaux (par exemple machines de balayage des rues). Elle spécifie les caractéristiques et les catégories requises des SRP/CS pour réaliser leurs fonctions de sécurité.
La présente partie du FprEN 16590 est applicable aux parties relatives à la sécurité des systèmes électriques/électroniques/électroniques programmables (E/E/PES), dans la mesure où celles-ci sont liées aux systèmes mécatroniques. Elle ne spécifie ni les fonctions de sécurité ni les catégories censées être utilisées dans un cas particulier.
Les normes spécifiques (normes de type-C) peuvent identifier les niveaux de performance et/ou catégories ou il convient qu’ils soient déterminés par le fabricant de la machine sur la base de l’évaluation du risque.
Elle n'est pas applicable aux systèmes non-E/E/PES (par exemple hydraulique, mécanique et pneumatique).
NOTE   Pour les principes de conception relatifs à la sécurité des machines, voir également l'EN ISO 12100.

Traktorji ter kmetijski in gozdarski stroji - Varnostni deli krmilnih sistemov - 1. del: Osnovna načela za načrtovanje in razvoj (ISO 25119-1:2010, spremenjen)

Standard EN 16590-1 podaja splošna načela za projektiranje in razvoj varnostnih delov krmilnih sistemov (SRP/CS) za traktorje, ki se uporabljajo v kmetijstvu in gozdarstvu, in za samognane stroje s sedežem ter za priklopne, polpriklopne in vlečene stroje, ki se uporabljajo v kmetijstvu. Uporablja se lahko tudi za komunalno opremo (npr. za pometalne stroje). Določa lastnosti in kategorije, ki so zahtevane za SRP/CS, da lahko ti izvajajo svoje varnostne funkcije. Ta del standarda EN 16590 se uporablja za varnostne dele električnih/elektronskih/programirljivih elektronskih sistemov (E/E/PES), saj so ti povezani z mehatronskimi sistemi. Ne določa, katere varnostne funkcije, kategorije ali ravni delovanja je treba uporabiti za posamezne stroje. Standardi, značilni za stroje (standardi tipa C), lahko določajo ravni zmogljivosti in/ali kategorije oziroma naj bi jih določil proizvajalec stroja glede na oceno tveganja.

General Information

Status
Withdrawn
Public Enquiry End Date
09-Jan-2014
Publication Date
25-May-2014
Withdrawal Date
03-Jan-2019
Current Stage
9900 - Withdrawal (Adopted Project)
Start Date
04-Jan-2019
Due Date
27-Jan-2019
Completion Date
04-Jan-2019

Relations

Buy Standard

Standard
EN 16590-1:2014
English language
31 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.QMHQSicherheit von Land- und Forstmaschinen - Sicherheitsbezogene Teile von Steuerungen - Teil 1: Allgemeine Gestaltungs- und Entwicklungsleitsätze (ISO 25119-1:2010 modifiziert)Tracteurs et matériels agricoles et forestiers - Parties des systèmes de commande relatives à la sécurité - Partie 1: Principes généraux pour la conception et le développement (ISO 25119-1:2010 modifiée)Tractors and machinery for agriculture and forestry - Safety-related parts of control systems - Part 1: General principles for design and development (ISO 25119-1:2010 modified)65.060.01Kmetijski stroji in oprema na splošnoAgricultural machines and equipment in general35.240.99IT applications in other fieldsICS:Ta slovenski standard je istoveten z:EN 16590-1:2014SIST EN 16590-1:2014en,fr,de01-julij-2014SIST EN 16590-1:2014SLOVENSKI
STANDARD



SIST EN 16590-1:2014



EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM
EN 16590-1
April 2014 ICS 35.240.99; 65.060.01
English Version
Tractors and machinery for agriculture and forestry - Safety-related parts of control systems - Part 1: General principles for design and development (ISO 25119-1:2010 modified)
Tracteurs et matériels agricoles et forestiers - Parties des systèmes de commande relatives à la sécurité - Partie 1: Principes généraux pour la conception et le développement (ISO 25119-1:2010 modifié)
Sicherheit von Land- und Forstmaschinen - Sicherheitsbezogene Teile von Steuerungen - Teil 1: Allgemeine Gestaltungs- und Entwicklungsleitsätze (ISO 25119-1:2010 modifiziert) This European Standard was approved by CEN on 23 February 2014.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre:
Avenue Marnix 17,
B-1000 Brussels © 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 16590-1:2014 E SIST EN 16590-1:2014



EN 16590-1:2014 (E) 2 Contents Page Foreword .4 Introduction .5 1 Scope .7 2 Normative references .7 3 Terms and definitions .7 4 Abbreviated terms . 14 5 Management during complete safety life cycle . 15 5.1 Objectives . 15 5.2 General . 15 5.2.1 Introduction to the safety life cycle concept . 15 5.2.2 External functional safety measures . 15 5.3 Prerequisites . 15 5.4 Requirements — Functional safety management activities across safety life cycle . 17 5.4.1 Functional safety culture . 17 5.4.2 Continuous improvement . 17 5.4.3 Training and qualification . 18 5.4.4 Safety management during development . 18 5.4.5 Assignment of safety responsibilities . 18 5.4.6 Assignment of tasks . 18 5.4.7 Planning of all safety management activities during development . 18 5.5 Work products . 21 6 Assessment of functional safety . 21 6.1 Objectives . 21 6.2 General . 21 6.3 Prerequisites . 21 6.4 Requirements . 21 6.4.1 Considerations for the assessment of the functional safety . 21 6.4.2 Verification . 22 6.5 Work products . 23 7 Safety management activities after start of production (SOP) . 24 7.1 Objectives . 24 7.2 General . 24 7.3 Prerequisites . 24 7.4 Requirements . 24 7.4.1 Management of production and modification procedures . 24 7.4.2 Tasks for preparing and conducting production and end of line inspections . 24 7.4.3 Tasks for safe machine operation and decommissioning . 24 7.5 Work products . 25 8 Production and installation of safety-related systems . 25 8.1 Objectives . 25 8.2 General . 25 8.3 Prerequisites . 25 8.4 Requirements . 25 8.4.1 Production plan . 25 8.4.2 Test plan . 25 8.4.3 Production and testing . 26 8.4.4 Process capability . 26 SIST EN 16590-1:2014



EN 16590-1:2014 (E) 3 8.4.5 Documentation . 26 8.4.6 Non-compliance . 26 8.4.7 Traceability . 26 8.4.8 Storage and transport conditions . 26 8.4.9 Modification . 26 8.5 Work products . 26 Annex A (informative)
Example of the structure of a project-specific safety plan . 27 A.1 General . 27 A.2 Change log . 27 A.3 Objective of overall project . 27 A.4 Schedule . 27 A.5 Project organisation . 27 A.5.1 Project team organisation . 27 A.5.2 Project team members . 28 A.5.3 Safety management . 28 Annex ZA (informative)
Relationship between this European Standard and the Essential Requirements of EU Machinery Directive 2006/42/EC . 30 Bibliography . 31
SIST EN 16590-1:2014



EN 16590-1:2014 (E) 4 Foreword This document (EN 16590-1:2014) has been prepared by Technical Committee CEN/TC 144 “Tractors and machinery for agriculture and forestry”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by October 2014, and conflicting national standards shall be withdrawn at the latest by October 2014. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association, and supports essential requirements of EU Directive(s). For relationship with EU Directive(s), see informative Annex ZA, which is an integral part of this document. EN 16590 Tractors and machinery for agriculture and forestry — Safety-related parts of control systems consists of the following parts: — Part 1: General principles for design and development — Part 2: Concept phase — Part 3: Series development, hardware and software — Part 4: Production, operation, modification and supporting processes The modifications to ISO 25119-1:2010 are indicated by a vertical line in the margin. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. SIST EN 16590-1:2014



EN 16590-1:2014 (E) 5 Introduction EN 16590 sets out an approach to the design and assessment, for all safety life cycle activities, of safety-relevant systems comprising of electrical and/or electronic and/or programmable electronic systems (E/E/PES) on tractors used in agriculture and forestry, and on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture. It is also applicable to municipal equipment. It covers the possible hazards caused by the functional behaviour of E/E/PES safety-related systems, as distinct from hazards arising from the E/E/PES equipment itself (e.g. electric shock, fire, nominal performance level of E/E/PES dedicated to active and passive safety). The control system parts of the machines concerned are frequently assigned to provide the critical functions of the safety-related parts of control systems (SRP/CS). These can consist of hardware or software, can be separate or integrated parts of a control system, and can either perform solely critical functions or form part of an operational function. In general, the designer (and to some extent, the user) will combine the design and validation of these SRP/CS as part of the risk assessment. The objective is to reduce the risk associated with a given hazard (or hazardous situation) under all conditions of use of the machine. This can be achieved by applying various protective measures (both SRP/CS and non-SRP/CS) with the end result of achieving a safe condition. EN 16590 allocates the ability of safety-related parts to perform a critical function under foreseeable conditions into five performance levels. The performance level of a controlled channel depends on several factors, including system structure (category), the extent of fault detection mechanisms (diagnostic coverage), the reliability of components (mean time to dangerous failure, common-cause failure), design processes, operating stress, environmental conditions and operation procedures. Three types of failures are considered: systematic, common-cause and random. In order to guide the designer during design, and to facilitate the assessment of the achieved performance level, EN 16590 defines an approach based on a classification of structures with different design features and specific behaviour in case of a fault. The performance levels and categories can be applied to the control systems of all kinds of mobile machines: from simple systems (e.g. auxiliary valves) to complex systems (e.g. steer by wire), as well as to the control systems of protective equipment (e.g. interlocking devices, pressure sensitive devices). EN 16590 adopts a risk-based approach for the determination of the risks, while providing a means of specifying the required performance level for the safety-related functions to be implemented by E/E/PES safety-related channels. It gives requirements for the whole safety life cycle of E/E/PES (design, validation, production, operation, maintenance, decommissioning), necessary for achieving the required functional safety for E/E/PES that are linked to the performance levels. The structure of safety standards in the field of machinery is as follows. a) Type-A standards (basic safety standards) give basic concepts, principles for design and general aspects that can be applied to machinery. b) Type-B standards (generic safety standards) deal with one or more safety aspect(s), or one or more type(s) of safeguards that can be used across a wide range of machinery: — type-B1 standards on particular safety aspects (e.g. safety distances, surface temperature, noise); — type-B2 standards on safeguards (e.g. two-hand controls, interlocking devices, pressure sensitive devices, guards). c) Type-C standards (machinery safety standards) deal with detailed safety requirements for a particular machine or group of machines. SIST EN 16590-1:2014



EN 16590-1:2014 (E) 6 This part of EN 16590 is a type-B1 standard as stated in EN ISO 12100. For machines which are covered by the scope of a machine specific type-C standard and which have been designed and built according to the provisions of that standard, the provisions of that type-C standard take precedence over the provisions of this type-B standard. SIST EN 16590-1:2014



EN 16590-1:2014 (E) 7 1 Scope This part of EN 16590 sets out general principles for the design and development of safety-related parts of control systems (SRP/CS) on tractors used in agriculture and forestry and on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture. It can also be applied to municipal equipment (e.g. street-sweeping machines). It specifies the characteristics and categories required of SRP/CS for carrying out their safety functions. This part of EN 16590 is applicable to the safety-related parts of electrical/electronic/programmable electronic systems (E/E/PES), as these relate to mechatronic systems. It does not specify which safety functions, categories or performance levels are to be used for particular machines. Machine specific standards (type-C standards) can identify performance levels and/or categories or they should be determined by the manufacturer of the machine based on risk assessment. It is not applicable to non-E/E/PES systems (e.g. hydraulic, mechanic or pneumatic). NOTE See also EN ISO 12100 for design principles related to the safety of machinery. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. EN 16590-2:2014, Tractors and machinery for agriculture and forestry — Safety-related parts of control systems — Part 2: Concept phase EN 16590-3:2014, Tractors and machinery for agriculture and forestry — Safety-related parts of control systems — Part 3: Series development, hardware and software EN 16590-4:2014, Tractors and machinery for agriculture and forestry — Safety-related parts of control systems — Part 4: production, operation, modification and supporting processes 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 agricultural performance level AgPL level which specifies the ability of safety-related parts to perform a safety-related function under foreseeable conditions Note 1 to entry:
For the purposes of EN 16590, the performance for each hazardous situation is divided into five levels, a, b, c, d and e, where the functional safety contributed by the SRP/CS in “a” is low and in “e” is high. 3.2 required agricultural performance level AgPLr performance level (AgPL) needed to achieve the required functional safety for each safety-related function SIST EN 16590-1:2014



EN 16590-1:2014 (E) 8 3.3 category classification of the safety-related parts of a control system with respect to its resistance to faults and its subsequent behaviour in the fault condition, and which is achieved by the structural arrangement of the parts and/or by their reliability 3.4 channel series combination of input, logic, and output elements 3.5 common-cause failure CCF failures of different items, resulting from a single event, where these failures are not consequences of each other Note 1 to entry:
Common-cause failures ought not be confused with common mode failures (see EN ISO 12100). 3.6 controllability involved individual's possibility of avoiding harm in the situation that is putting him/her at risk 3.7 dangerous detected failure rate dd dangerous failure rate of those components where fault detection is realised 3.8 dangerous failure failure in which an SRP/CS is no longer able to maintain the required performance level, even if the safety-related function is maintained by other (redundant) system components (due to reduction of the resulting performance level) 3.9 dangerous failure rate d fraction of all components with dangerous failure per time unit 3.10 diagnostic coverage DC fraction of the probability of detected dangerous failures, dd, and the probability of total dangerous failures, d, expressed by: dddDCλλ=∑∑ Note 1 to entry: Diagnostic coverage can exist for the whole or parts of a high-risk functional system, e.g. for sensors and/or logic system and/or final elements. Note 2 to entry: The value of DC is defined according to Table 1. Note 3 to entry: For SRP/CS consisting of several parts, an average value, DCavg, is used (see EN 16590-2:2014, Annex C). SIST EN 16590-1:2014



EN 16590-1:2014 (E) 9 Table 1 — Diagnostic coverage (DC) Denotation Range Low DC < 60 % Medium 60 % ≤ DC < 90 % High 90 % ≤ DC 3.11 diagnostic test interval interval between online tests used to detect faults in a safety-related system that have a specified diagnostic coverage 3.12 E/E/PES-system architecture allocation of critical functions to electronic control units (ECU) and classification into hardware and software, including communication 3.13 environmental condition physical condition under which a system is used 3.14 exposure duration of time and frequency in which an individual is in a situation in which the potential hazard exists 3.15 failure termination of the ability of an item to perform a required function Note 1 to entry: Failures which do not affect the availability of the process under control are outside the scope of EN 16590. Note 2 to entry: After a failure, the item will have a fault. Note 3 to entry: “Failure” is an event, as distinguished from “fault”, which is a state. Note 4 to entry: The concept as defined does not apply to items consisting of software only. 3.16 fault state of an item characterised by inability to perform a required function, excluding the inability during preventive maintenance or other planned actions, or due to lack of external resources Note 1 to entry: A fault is often the result of a failure of the item itself, but may exist without prior failure. Note 2 to entry For the purposes of EN 16590, a fault is a random fault. 3.17 function defined behaviour of one or more electronic control units 3.18 functional concept basic functions and interactions necessary to achieve a desired behaviour Note 1 to entry:
It is developed during the concept phase of the safety life cycle. SIST EN 16590-1:2014



EN 16590-1:2014 (E) 10 3.19 functional requirement requirement for an intended function of the E/E/PES system 3.20 functional safety system that performs in a way that does not present an unreasonable risk of injury to operators or bystanders 3.21 functional safety concept entire collection of safety-related functions and interactions necessary to achieve a desired behaviour Note 1 to entry:
It is developed during the concept phase of the safety life cycle. 3.22 functional safety requirement requirement for a safety-related function of the E/E/PES system 3.23 hardware safety requirement requirement that applies to safety-related hardware and which is included as an element of a technical safety requirement 3.24 harm physical injury 3.25 hazard potential source of harm 3.26 hazardous situation circumstance in which a person is exposed to a hazard or hazards, exposure to which can have immediate or long-term effects 3.27 intended use Ãof a machineÄ use in accordance with the information provided in the operator's manual 3.28 inspection systematic, formal verification method used to review product quality Note 1 to entry:
During an inspection, the work product is checked by one or more assessors to see whether it complies with the requirements. The inspection is organised and moderated by an inspection leader. The author of the work product participates in the inspection but cannot lead the process. 3.29 life of the machine life cycle time between production and decommissioning 3.30 manual reset function within the safety-related parts of the control system used to manually restore one or more safety-related functions before restarting the machine SIST EN 16590-1:2014



EN 16590-1:2014 (E) 11 3.31 manufacturer machine manufacturer manufacturer of tractors for agriculture and forestry, self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture, and of municipal equipment cf. supplier (3.50) 3.32 mean time to dangerous failure MTTFd average value of the expected time to a dangerous failure Note 1 to entry: It is defined by the ranges low, medium and high. See Table 2. Note 2 to entry: For the purposes of EN 16590it is important that MTTFd be taken into account for each channel of an SRP/CS individually (MTTFdC). Note 3 to entry: MTTFd is the reciprocal value of d. Table 2 — Mean time to dangerous failure Denotation Range Low 3 years < MTTFd < 10 years Medium 10 years < MTTFd < 30 years High MTTFd > 30 years 3.33 monitoring automatic monitoring automatic function which ensures that a protective measure is initiated if the ability of a component or an element to perform its function is diminished, or if the process conditions are changed such that hazards are generated 3.34 muting temporary automatic suspension of a safety-related function by safety-related parts of the control system 3.35 programmable electronic system PES system for control, protection or monitoring which uses one or more programmable electronic devices Note 1 to entry:
It comprises all elements of the system, including power supplies, sensors and other input devices, data highways and other communication paths, and actuators and other output devices. 3.36 protective measure measure intended to achieve functional safety, as implemented by the designer (intrinsic design, safeguarding and complementary measures, information for use), and the user (organisation, safe working procedures, supervision, permit to work, systems, additional safeguards, personal protective equipment, training) SIST EN 16590-1:2014



EN 16590-1:2014 (E) 12 3.37 reasonably foreseeable misuse use of a machine in a way not intended by the designer, but which can result from readily predictable human behaviour 3.38 response time maximum time that can elapse between the occurrence of an error and the attainment of a safe state 3.39 risk combination of the probability of occurrence of harm and the severity of that harm 3.40 risk analysis combination of the specification of the limits of the machine, hazard identification and risk estimation 3.41 risk assessment overall process comprising risk analysis and risk evaluation 3.42 risk evaluation judgment on the basis of risk analysis as to whether a given risk is tolerable 3.43 safe state operating mode of a system with an acceptable level of risk EXAMPLE Intended operating mode, back-up operating mode, or switched-off modes. 3.44 safety goal description of how a given hazard is to be avoided Note 1 to entry: It is the top level safety requirement, derived from the hazard analysis and risk assessment. Note 2 to entry: The existence of several safety goals for one item is possible. 3.45 safety-related function function of the machine whose failure can result in an immediate increase of risk 3.46 safety-related part of a control system SRP/CS
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.