EN ISO 13849-1

EN 954-1 is the standard that OEMs have followed in order to ensure compliance with European safety legislation. However, this standard will be phased out and replaced with EN ISO 13849-1:2009 “Safety of machinery – Safety-related parts of control systems.” In contrast to EN 954-1, the new ISO 13849-1 standard incorporates the quantification of component reliability approach of the IEC EN 61508 standard. This is a more comprehensive and hence more time consuming method of system qualification.

While both standards (EN 954-1 & EN ISO 13849-1) require OEMs to conduct a hazard and risk analysis, it is only the EN 954-1 that allows a deterministic approach of selecting system architecture based on the result of the risk analysis. EN 954-1 does not require component statistical life data in order to validate the system category.

In contrast, the new EN ISO 13849-1 standard introduces a probabilistic approach to function verification. Here the hazard and risk assessment results in Performance Levels (a, b, c, d, and e), which are comparable to the Safety Integrity Levels (SIL: a,1,2,3) from IEC 61508. Based on the derived Performance Level, a system architecture (category) is chosen for the safety function, and then verified. The sum of the components must meet the statistical minimum MTTFd and diagnostic coverage (DCavg), required by the standard (see Figure 2).

The following aspects are evaluated:

1. The category (CAT) / designated architectures
2. The mean time to dangerous failure (MTTFd)
3. The level of diagnostic coverage (DC)
4. The common cause failures (CCF)
5. The software safety requirements

EN 954-1 vs. ISO 13849
Figure 1: EN 954-1 vs. ISO 13849

 

Example: If the risk analysis results in Performance Level d, as a minimum the Category 2 architecture must be used, and OEMs must prove MTTFd = High (>30 years), DCavg = Medium (see Figure 2).

(ISO 13839) Relationship between, Categories (Cat) and Diagnostic coverage (DCavg)
Figure 2: (ISO 13849) Relationship between, Categories (Cat) and Diagnostic coverage (DCavg)

 

Category 2 system architecture
Figure 3: Category 2 system architecture

The challenge for OEMs is to design and verify the vehicle functions in order to meet a specific Performance Level identified by the hazard and risk analysis, gather MTTFd data from the individual component suppliers, and check diagnostic coverage (DCavg) and common cause failures (CCF).

To help our customers meet this challenge, Sauer-Danfoss is developing new products, in some cases pre-qualified, to help OEMs comply with new state-of-the-art standards and European law. Providing Mean Time To Failure (MTTF) and MTTFd documentation as needed, we are working closely with our customers, to help speed up system development and qualification, reduce total costs, and bring vehicles to market faster.

Category B/1, total MTTFd budget (>30 years if Performance level: ”c” is needed)
Figure 4: Category B/1, total MTTFd budget (>30 years if Performance level: ”c” is needed)
Our new OSPE steering unit has been designed to comply with new safety legislation

OSPE Steering Unit

Our OSPE steering unit has been designed to comply with new safety legislation and provide the basis for a ‘safe state’ system architecture – for example, Category 2 (ISO 25119).

 
Our H1 Pump with Embedded Automotive Control

New H1 Automotive Control

Our SIL 2 certified Automotive Control (H1 AC) solution provides consistent and reliable vehicle performance.

 
Our new PVED-CX electrohydraulic actuator is SIL 2 certified according to IEC 61508

PVED-CX Actuator

Our new PVED-CX CAN bus actuator is SIL 2 certified according to IEC 61508.

 
Our team can help make your machines more efficient and productive while meeting new emissions standards

Solutions for Emissions Challenges

Sauer-Danfoss has a team dedicated to help make your machines efficient and productive while meeting new emissions standards.

 

Intelligent System 
Design 

Benefit from Sauer-Danfoss intelligent system competencies and application expertise.

 

Electronic Controls