Inherently Safe Design Inherently Safe Design: A Way Out for Engineers Squeezed by New Rules on Quantitative Analysis
The EU’s revised Machinery Directive 2006/42/EC specifies that machine controls should be designed to ensure that they do not present hazards. This requirement is not new — it also appeared in the previous (1998) version of the Directive — but what is new is how this safety is to be achieved. Engineers dealing with mechanical design and plant construction are now caught between two new safety standards, EN ISO 13849 and EN IEC 61508, both of which require quantitative risk analysis.
Until recently, for most safety functions engineers could refer to EN 954, which allowed them to use controls based on components and software that had been proven in practice. Many equipment manufacturers scarcely knew what to expect when EN ISO 13849 replaced EN 954; perhaps they also did not want to face up to the change. The transition period during which both standards were applicable was extended by a further year, but this extension expired in January 2012 and now the new standards have to be applied.
What Do The New Requirements Amount To?
Simply that software is now regarded as fundamentally unsafe. It is no longer possible to limit the failure of one piece of software using another software element, or even a further hardware control, whose design is potentially equally unsafe. From the moment a fault occurs, this becomes the “normal” state and the argument “double failure” has not to be considered.
According to EN ISO 13849, software can only be safe if it is programmed in accordance with strict rules and runs on hardware designed according to strict criteria. Only a very few specialist firms are in a position to devise and program safety controls of this nature.
A further new requirement is that risks should be assessed and classified quantitatively as well as qualitatively. This relates not only to EN ISO 13849, which applies to machines, but also to EN IEC 61508, which also applies to process-related technical systems. These new considerations have far-reaching consequences for risk analysis of machines and systems.