Safety First

Safety

Machinery Directive

EMC-e11

Unique codes

Achieve the greatest level of safety with Tyro Remotes

Safety standards

NEN-EN 954-1

NEN-EN-ISO 13849-1

Emergency stop category (NEN-EN-ISO 13850)

Functionality and safety go hand in hand at Tyro Remotes. Tyro leads the field of radiographic remote controls with this successful match and sets the standard for safety.

Contents
Machinery Directive
EMC-e11
Unique codes
Achieve the greatest level of safety with Tyro Remotes
Safety standards
NEN-EN 954-1
NEN-EN-ISO 13849-1
Emergency category
 

The Machinery Directive is the legal document that names the European safety standards (NEN standards). These safety standards indicate the requirements an installation must meet.

The following safety categories can be achieved with the Tyro Remotes radiographic remote controls, naturally depending on the connection by the installer. Please note: the remote control is only one link in the chain of the entire machine.

Since 2002 the RDW Centre for Vehicle Technology and Information has made the European EMC-e11 certificate compulsory for radiographic remote controls in the automative industry.

Having electronics that function properly without interference is literally a matter of life and death in vehicles. So for the motorist and the manufacturer it is very important that devices do not interfere with each other and naturally also that they are immune to external interference. The EMC requirements of the Automotive Directive must be met. You can prove that your equipment functions correctly if it has the EMC-e11 quality label. (source: KEMA)

Tyro Remotes’ entire range or products is EMC-e11 certified. Unfortunately there are still radiographic remote control systems on the market that are not certified whilst this is necessary in order to ensure a safe situation.

An identification code is transmitted along with the communication between the transmitter and the receiver.
Whereas providers with 8 dipswitches let the client set their own code, Tyro works with a 24-bit or 64-bit code. This means that whereas others let the client choose from only 256 different codes, Tyro itself chooses from at least 16 million codes. What is more, Tyro guarantees that the code is unique, so that a receiver cannot be operated by a transmitter that does not belong with it.

As of the end of 2009, NEN-EN-ISO 13849-1 is the only standard valid for the functional safety of safety-oriented controls. The standard replaces EN 954-1 with the well-known safety categories (1 to 4). The ‘old’ EN 954-1 standard was above all criticised with regard to reliability and the risk of failure of parts. It neglected an essential part of machine safety, namely the risk of failure. These parts have been included in the new ISO 13849-1 standard and it speaks of the “Performance Level”

The most important (practical) differences between the EN 954-1 & ISO 13849-1 standards:

• The categories B 1 to 4 no longer appear as reliability levels but do remain as system structures
• The introduction of the Performance Level (PL)
• A new risk chart
• Different performance levels can be obtained within a system category using different types of components
• The entire safety system is taken into consideration
• Calculations

See also ‘NEN-EN 954-1’ and ‘NEN-EN-ISO 13849-1’
From safety category to performance level.
(former EN 954-1 standard, category B,1,2,3,4) to (new NEN-EN-ISO 13849-1 standard, level A to E)

Colour = MTTF: (mean time to failure) the time between failures (black= high, medium, low)

Mean time to dangerous failure (MTTFd) of each channel

‘Safety of machinery - Safety-related parts of control systems’

Since the safety varies per machine and per situation, a risk analysis has to be carried out.
This risk analysis leads to safety category 1 through 4 (in accordance with EN 954-1). The schedule below shows you how to determine the safety category of your machine.

Risk = probability x effect        

S1: slight injury
S2: serious injury

F1: short stay in danger zone
F2: constant stay in danger zone

P1: danger can be eliminated
P2: danger can hardly be eliminated

‘Safety of machinery - Safety-related parts of control systems’

The new risk chart

Keywords
1              Starting point for evaluation of the contribution of safety functions to the reduction of risk
L              Low contribution to the reduction of risk
H             High contribution to the reduction of risk
PLr          (Required) performance level

Risk parameters
S Severity
                S1           Slight injury
                S2           Serious injury
F Frequency
                F1           Rare to often / short exposure
                F2           Often to continuous / long exposure
P Possibility of occurrence
                P1           Possibility of elimination
                P2           No elimination possible

Phased plan
The phased plan below comprises, albeit in concise form, the entire process to investigate whether your installation complies with the standard.

The builder / producer of the machine must apply the following phased plan for the design of safety-related parts of the controls:

1. Definition of the demands on the safety functions
2. Determination of the required Performance Level (Performance Level PLr)
3. Design and technical realisation of safety functions
4. Determination of the Performance Level (testing after production)
5. Verification
6. Validation

1. The first step entails the determination of the required properties of each safety function. For example: in accordance with EN953, specific demands are made on a moving guard at a production facility. These requirements form the starting point for determining the properties of the safety function.

2. In step two you determine the desired performance level on the basis of a risk assessment with the aid of the risk chart. The higher the risks are assessed, the stricter it will be necessary to be with regard to the performance level of the safety circuit. So greater demands will have to be made on the control system.
As can be deduced from the risk chart, the control function’s contribution to risk reduction is low in case of performance level “a”, whereas it is high for performance level “e”. 

3. In the third step, a way to execute the safety system is chosen. This is a continuation of the safety function chosen in step 1. A certain type of safety switch, the form of cabling and the relay is chosen.

4. When the required performance level has been charted in step 2 and the safety function for your application has been developed, research must be carried out to determine whether the required performance level will actually be achieved.
The Performance Level is calculated using the following parameters:

• Category B,1,2,3,4 (structural requirements)
• Mean Time to Dangerous Failure (MTTFd)
• Diagnostic Coverage  (DC)
• Common Cause Failures (CCF)

5. Verification
This step checks whether the performance level achieved corresponds with the required performance level. The performance level achieved (PL) must be equal to or greater than the required performance level (PLr). If so, it means the go-ahead is given for the safety function elaborated. If not, the safety function has to be designed again.

6. Validation
In addition to the qualitative demands on safety systems, it is also important to avoid systematic errors. After all, the functional safety depends on the software functioning properly. The ISO 13849-1 standard gives a brief impetus for the validation of software functions. A distinction is made between various programming languages with full or limited order volume.

The PL value can be read in the table below. The safety categories from the ‘old EN 954-1 standard’ (Category B,1,2,3,4) can be recognised.

Depending on the safety category (the risk), the emergency stops can be placed on various levels (categories). The rule of thumb is that every machine must have an emergency stop in order to avoid possible danger.  The way in which the emergency stop is incorporated into the machine and how extensive the measure has to be depends on the risk.