Industrial Safety Control Systems: Performance Level Categories

Posted by Eric Olson on Mar 30, 2016 3:34:18 PM

Find me on:

Industrial Safety

When I was a kid, I thought it would be cool to be an architect.  I enjoyed freehand drawing and design and later took up drafting, first by hand, then with AutoCAD.  I guess it was the artist in me that was the driving force and not some vision of fame and fortune. Why do I say that? Well, because when I heard it would take 6 years of schooling to become an architect and even then you are starting out at the “ground floor” so to speak, I decided it wasn’t for me. Call me lazy, un-driven, whatever, but the truth is it was a long path and I didn’t understand why it would be necessary.

As I’m older and (hopefully) wiser, I realize that part of the long years of schooling that I forsook is also something that I take for granted every day of my life.  Yes, those long toiling hours, days, months and years would have put me in a position where people could rely on what I designed, that the house, bridge, or sky scraper would not collapse.

Years later as I am writing this Safety Blog, I came across an analogy that brought to mind this story. 

In January, I wrote a blog about understanding Industrial Safety Performance Levels. It focused on the latest ISO 13849-1 Standard and what Performance Levels meant. It was a broad overview of the terminology and I touched on the methods used to evaluate PL. 

  • Category
  • MTTFd (Mean Time to Dangerous Failure)
  • DCavg (Average Diagnostic Coverage)
  • CCF (Common Cause Failure)

I am going to focus on the first element of Performance Level today: Category. 

Category is defined asclassification of the safety-related parts of a control system in respect of their resistance to faults and their subsequent behavior in the fault condition, and which is achieved by the structural arrangement of the parts, fault detection and/or by their reliability."

Safety control systems have different designs depending on a machine’s purpose, the degree of hazards, the overall size of the equipment, how often the machine is being used, etc.  If we consider those different designs or architectures as structures we can use the analogy of housing.  Just as the safety systems on all types of equipment have ultimately the same purpose, that of ensuring the machine runs as safely as possible, all housing fulfills a similar purpose as well: to give us shelter from the elements. 

There are a variety of different types of structures that all accomplish that base need of shelter, but for this discussion we are going to look at just three: 

A tent, a wooden house and an office high rise. 

They all have a foundation, frame, walls and a roof but that is where the similarities end.  When we talk about categories in safety control systems they refer to basic classifications of architecture like these.

Industrial Safety Control Structures

 

In ISO 13849-1:2006, the safety control system requirements for each of the categories are the same as those found in EN 954-1:1996.  However, the revised standard offers a more detailed scheme of the safety control system and its characteristics for each of the categories focused on three sections.

  • I (Input Device)
  • L (Logic Device – like a PLC)
  • O (Output Device)

The safety control system of most machines can be described in terms of these types of structures.

Categories and Requirements

System Behavior per Category

CATEGORY B

 

Safety related parts of machine control systems and/or their protective equipment, as well as their components, shall be designed, constructed, selected, assembled and combined in accordance with relevant standards so that they can withstand the expected influence. Basic safety principles shall be applied.

When a fault occurs, it can lead to a loss of the safety function.

CATEGORY 1

 

The requirements of Category B, as well as, the use of well-tried safety components and safety principles.

As described for category B but with higher safety related reliability of the safety related function. (The higher the reliability, the less the likelihood of a fault).

CATEGORY 2

 

The requirements of category B and the use of well-tried safety principles apply. The safety function(s) shall be checked at machine start-up and periodically by the machine control system. If a fault is detected a safe state shall be initiated or if this is not possible a warning shall be given.

The loss of safety function is detected by the check. The occurrence of a fault can lead to the loss of safety function between the checking intervals.

CATEGORY 3

 

The requirements of category B and the use of well-tried safety principles apply. The system shall be designed so that a single fault in any of its parts does not lead to the loss of safety function. Where practicable, a single fault shall be detected.

When the single fault occurs the safety function is always performed.  Some but not all faults will be detected. An accumulation of undetected faults can lead to the loss of safety function.

CATEGORY 4

 

The requirements of category B and the use of well-tried safety principles apply. The system shall be designed so that a single fault in any of its parts does not lead to the loss of safety function. The single fault is detected at or before the next demand on the safety function. If this detection is not possible then an accumulation of faults shall not lead to a loss of safety function.

When the faults occur, the safety function is always performed. The faults will be detected in time to prevent the loss of safety functions.

 Industrial Safety

(The above is also used for Category 1)

Industrial Safety

Category 3 is a redundant system with monitored inputs and outputs (with other words a two channel system that has monitoring of inputs and outputs). This means that we have a single fault tolerant system with diagnostics. Basic requirements of category B shall apply and applicable well-tried safety principles shall be used. A designated architecture for category 3 is presented in the standard.

Industrial Safety

Though the architecture is similar (looks the same in fact) there is a key difference between Category 3 and Category 4.

Category 4 is a redundant system with monitored inputs and outputs (with other words a two channel system that has monitoring of inputs and outputs). Single faults does not lead to loss of safety function and accumulation of undetected faults shall not lead to the loss of the safety function. Category 4 offers a higher degree of resistance to faults in comparison with category 3. Basic requirements of category B shall apply and applicable well-tried safety principles shall be used.

I hope this has helped to shed some light on Performance Level Categories. Next time I will discuss a term that has been mentioned before and is the second step in determining Performance Levels.  I’ll continue to use the analogy of the three basic structures: the tent, the wooden house and the office high rise. 

It may be nothing more than me playing into my youthful dreams but hopefully it will help you understand machine safety a little more as well! If you're interested in learning more about Performance Level safety, preparing for a Risk Assessment, or you're thinking about industrial safety tools for your next project, speak to one of our experts and we'll be happy to guide you.

 Speak to an Expert

 

You may also be interested in reading:

Topics: Safety

ACD Connect

About the Blog

Welcome to ACD Connect! We will be bringing you the latest industry news in Industrial Automation, features on new products and manufacturers, helpful Engineering tips and how-to's, as well as exciting company updates. ACD Connect is where to go to read about the industry's newest technologies. 

Subscribe to ACD Connect!

Recent Posts