- on General
Meeting the safety-rated monitored stop function requires the implementation of a safety control system as shown in figure 1. It will contain at least one material part, or Safety Related Part of Control System (SRP/CS), and possibly some software. Two standards, EN ISO 13849-1 and IEC 62061, can be used to define control system requirements. Both standards give guidance on using risk assessment to define the required Performance Level, (PL) – EN 13849-1 - or Safety Integrity Level, (SIL) - EN 62061. EN ISO 13849-1 also defines architectural categories (B, 1 – 4) which state the required behaviour of an SRP/CS in respect to items such as its resistance to faults. It should be noted that designers of safety systems can choose to follow either standard but, once the choice has been made, the standard must be followed in its entirety - “mixing and matching” of the two standards is not possible.
Figure 1: Overview of a Safety Control System
The performance level of the overall control system is dependent upon the performance levels of the individual SRP/CSs and guidance for calculating the overall performance level is given in EN ISO 13849-1. EN ISO 13849-1 specifies that, as a general requirement, safety-related control systems for robots shall meet performance level d, with architecture category 3 - or SIL 2.
Choice of performance level is therefore important. Conformance is ultimately simplified when all of the selected SRP/CSs are off-the-shelf components with performance levels included in their data sheets. When designing a safety control system where one of more of the components does not have a performance level, or is designed using discrete methods, then the above standards give guidelines on how to ascertain the performance levels.