Technology

Safety Certifications for Industrial Wireless Control Equipment

Guest blog by MHI member Tele Radio 

By Alex Téllez, Deputy Managing Director at Tele Radio Spain. Originally published in Spanish on LinkedIn, this article has been adapted for an international audience.

Industrial wireless control equipment, like any electronic component used in industry, requires safety certifications, among other things. In this case, it is essential for the emergency stop function when the application demands it. Depending on the application type and required safety level, these certifications may be recommended or mandatory. These standards ensure the reliability and safety of integration with the machine being controlled. The most common in industry are EN ISO 13849-1 (PL, Performance Level) and EN 62061 (SIL, Safety Integrity Level).

While PL can be applied to safety systems that are electrical, electronic, programmable, mechanical, pneumatic, or hydraulic, SIL applies only to electrical, electronic, or programmable safety solutions, making it more complex.

The EN ISO 13849-1 standard is based on probabilistic data to evaluate control systems related to safety. It considers the average probability of a dangerous failure per hour.

To calculate the PL level, which measures reliability based on safety, there are five levels (a–e). To determine this level, the following parameters must be considered:

•  System architecture, categories B, 1–4

•  Mean time to dangerous failure (MTTFd)

•  Diagnostic coverage (DC)

•  Common cause failure (CCF)

In parallel, the required Performance Level (PLr) for the system is determined. PLr is calculated based on the severity of potential harm, the frequency or exposure time to the hazard, and the probability of avoiding or limiting the hazard. PLr is divided into five levels, from “a” (low risk) to “e” (high risk).

Finally, the system’s defined Performance Level (PL) must be compared with the required Performance Level (PLr). Only if PL ≥ PLr can the safety-related control system be used in the machine’s design. For example, in load lifting systems, the standard indicates that the minimum PLr must be PLc, so any PL certification used must be PLc / PLd / PLe.

Usually, the CAT certification (now obsolete) is equated with PL certification as they correspond to the same levels. Therefore, you may see industry requirements listed as “PLc CAT3” as the minimum safety requirement (showing both references together).

According to UNE-EN 13557:2004+A2:2008, regarding the stop function of remote control systems, the minimum required level is PLc. The standard lifting equipment PN-T19-2 and its receivers PN-R15 and PN-R23 comply with a higher level, PLd. The Tiger range and some Puma models reach level PLe.

Mean Time to Dangerous Failure (MTTFd) and System Diagnostics (DC)

MTTFd is the expected average time until a dangerous failure occurs in the system.

It is calculated based on the MTTF when the danger percentage of all components in the application is known. The wireless control system is just one of the components that must be included by the manufacturer or integrator, who should request the appropriate certifications, ideally issued by independent and recognized entities for greater credibility and system reliability.

DC in wireless control systems

The Diagnostic Coverage (DC) value is the ratio between the rate of detected failures and the total rate of dangerous failures. This value determines the MTTFd.

Simply put, the DC process monitors the electronics in wireless control receivers through two microprocessors on the PCB, constantly checking that both receive the same power voltage. If the value is not within a certain safe margin, a STOP command is sent immediately.

The safety of the stop function lies in the fact that it has a dual channel: both physically (contacts, PCB, relays, etc.) and via radio communication. The stop function ends in two independent stop relays.

SIL standard and its relationship with PL

The SIL standard (Safety Integrity Level) is based on two basic concepts:

•  Operational Safety Management

•  Safety Integrity Level

To assign SIL, the following factors must be evaluated:

•  Severity (Se) of potential damage

•  Frequency and duration (Fr) of exposure to the hazard

•  Probability (Pr) of a hazardous event, depending on how the machine operates

•  Avoidability (Av) of the hazard. The harder it is to avoid the hazard, the higher this factor

An exact equivalence between PL and SIL is not possible, though they can be compared based on the probabilistic factor they both use: the average probability of dangerous failure per hour, which defines failure resistance.

International safety standards, widely recognized in the US, define three SIL levels — with level 3 being the most stringent and level 1 the least. Similarly, Performance Level (PL) is rated from ‘a’ (lowest) to ‘e’ (highest). These standards, originally developed by IEC and ISO, are also applied in the US through certification bodies such as UL or TÜV.

The following table shows the relationship between these two concepts:

It is possible to obtain a SIL certification from a PL process, but not the other way around. This is because the PL level can be verified after the product has been designed, while SIL requires verification at each step of the process and is more complex.

These basic concepts help provide a general understanding of current industry requirements for safety-certified equipment. This need is growing and increasingly spans other sectors.

References

•  “Machine safety. Guards and interlock devices. Parts of control systems related to safety.” Cantabrian Institute for Occupational Safety and Health. October 25, 2018.

•  UNE-EN ISO 13849-1. Machine Safety. September 2016

•  Tele Radio: www.tele-radio.com/us/

•  EN IEC 62061. “Safety of machinery – Functional safety of safety-related electrical, electronic and programmable electronic control systems”

facebookShare on Facebook
TwitterTweet
.