Catalogs > Safety Products Catalog > Principles, Standards and Implementation > System Design According to ISO/EN 13849 and SISTEMA
System Design According to ISO/EN 13849 and SISTEMA
| SISTEMA Software PL Calculation Tool |  |
System Structure | |
Reliability Data | |
Methods of Data Determination | |
Diagnostic Coverage | |
Common-Cause Failure | |
Mission Time | |
| Systematic Faults | |
Fault Exclusion | |
Performance Level (PL) | |
Subsystem Design and Combinations | |
Validation | |
Machine Commissioning | |
One of the primary analysis tools for safety systems is failure analysis. The designer and user must understand how the safety system performs in the presence of faults. Many techniques are available to perform the analysis. Examples include Fault Tree Analysis; Failure Modes, Effects and Criticality Analysis; Event Tree Analysis; and Load-Strength reviews.
During the analysis, certain faults may be uncovered that cannot be detected with automatic diagnostic testing without undue economic costs. Further, the probability that these faults might occur may be made extremely small, by using mitigating design, construction and test methods. Under these conditions, the faults may be excluded from further consideration. Fault exclusion is the ruling out of the occurrence of a failure because the probability of that specific failure of the SRCS is negligible.
ISO13849-1:2006 allows fault exclusion based on the technical improbability of occurrence, generally accepted technical experience and the technical requirements related to the application. ISO13849-2:2003 provides examples and justifications for excluding certain faults for electrical, pneumatic, hydraulic and mechanical systems. Fault exclusions must be declared with detailed justifications provided in the technical documentation.
It is not always possible to evaluate Safety-related Control System without assuming that certain faults can be excluded. For detailed information on fault exclusions, see ISO 13849-2.
As the level of risk gets higher, the justification for fault exclusion gets more stringent. In general, where PLe is required for a safety function to be implemented by a safety-related control system it is not normal to rely upon fault exclusions alone to achieve this level of performance. This is dependent upon the technology used and the intended operating environment. Therefore it is essential the designer takes additional care on the use of fault exclusions as that PL requirement increases.
For example, a door interlocking system that has to achieve PLe will need to incorporate a minimum fault tolerance of 1 (e.g. two conventional mechanical position switches) in order to achieve this level of performance since it is not normally justifiable to exclude faults, such as, broken switch actuators. However, it may be acceptable to exclude faults, such as short circuits in wiring within a control panel designed in accordance with relevant standards.