IEC 62061– Safety Integrity Level (SIL) by PILZ
July 18, 2022
Functional safety in accordance with IEC 62061
IEC 62061 / EN IEC 62061 represents a sector-specific standard under IEC 61508. It describes the implementation of safety-related control systems on machinery and examines the whole lifecycle from the concept phase through to decommissioning.
The new edition of IEC 62061 was published in 2021. This new edition is not just an update of the existing standard. For a start, the standard is no longer limited to electrical systems but can be used for all types of technology, such as hydraulic or pneumatic systems for example.
IEC 62061:2021 harmonized as EU standard EN IEC 62061:2021!
In April 2022, IEC 62061 was published in the Official Journal of the EU as harmonized standard EN IEC 62061, the content being identical.
As a result, presumption of conformity has officially come into force within the EU. A manufacturer can assume that he meets the health and safety requirements of the Machinery Directive if he complies with the provisions of the EU standard. In the conformity assessment procedure, he can issue the declaration of conformity and so affix the CE mark to his plant or machinery.
Presumption of conformity for the previous version EN 62061:2005 ends on 11 October 2023 at the latest! After this transition period, new declarations of conformity can only be issued on the basis of EN IEC 62061:2021.
The European Commission announced the newly harmonized standards on the EU website with CID 2022/ 621, dated April 2022. As of May 2022, they have not yet been published by the EU Commission in the informal “Summary List”!
To read about thge procedure for publishing harmonized standards in the EU, click here
You can also listen to the PILZ podcast “For Your Safety” to hear about the “Updates to the Standard IEC 62061” by clicking here
Important changes to IEC 62061 / EN IEC 62061:
- •Changes to the methodology used to define the required SIL level
- •The need to draft a Safety Requirements Specification
- •The option to use devices developed in accordance with other standards
- •More details on safety-related application software
Contents of IEC 62061
IEC 62061 addresses the issue of how reliable a safety-related control system needs to be. In this case the estimation is based on a hybrid method, a combination of a matrix and a quantitative approach. It also addresses the validation of safety functions based on architectural and statistical methods.
As with EN ISO 13849-1, the objective is to establish the suitability of safety measures to reduce risks. Even with this standard, extensive calculations are required. You can significantly reduce the work involved by using appropriate software such as the Safety Calculator PAScal.
How do you determine the required safety integrity in accordance with IEC 62061?
For each risk requiring a safety-related control system, the risk must be estimated, and the risk reduction (SIL) defined, dependent on the control system. The risk associated with the safety function is estimated in accordance with IEC 62061, with consideration given to the following parameters:
- •Severity of injury (Se)
- •Frequency and duration of exposure (Fr)
- •Probability of occurrence of a hazardous event (Pr)
- •Probability of avoiding or limiting harm (Av)
SIL classification in accordance with IEC 62061
Classification of severity (Se)
|
Consequences |
Severity (Se) |
|
Irreversible: death, losing an eye or arm |
4 |
|
Irreversible: broken limb(s), losing a finger(s) |
3 |
|
Reversible: requiring attention from a medical practitioner |
2 |
|
Reversible: requiring first aid |
1 |
Classification of the frequency and duration of exposure (Fr)
|
Frequency of exposure |
Duration (Fr) <= 10 min |
Duration (Fr) > 10 min |
|
≥ 1 per h |
5 |
5 |
|
< 1 per h up to ≥ 1 per day |
4 |
5 |
|
< 1 per day up to ≥ 1 every 2 weeks |
3 |
4 |
|
< 1 every 2 weeks up to ≥ 1 per year |
2 |
3 |
|
< 1 per year |
1 |
2 |
Classification of probability (Pr)
|
Probability of occurrence |
Probability (Pr) |
|
Very high |
5 |
|
Likely |
4 |
|
Possible |
3 |
|
Rarely |
2 |
|
Negligible |
1 |
Classification of probability of avoiding or limiting harm (Av)
|
Probability of avoiding or limiting |
Avoiding and limiting (Av) |
|
Impossible |
5 |
|
Rarely |
3 |
|
Probable |
1 |
What is determination of the required Safety Integrity like in accordance with IEC 62061?
Assignment matrix for determining the required SIL (or Plr) for a safety function
EXAMPLE: For a specific hazard where Se = 3, Fr = 4, Pr = 5 and Av = 5, then:
Cl = Fr + Pr + Av = 4 + 5 + 5 = 14
Using this table would lead to a SIL 3 or PL e being assigned to the safety function that is intended to mitigate the specific hazard.
How do you design a safety function?
For each safety function it is necessary to identify the critical elements for performing the function, the so-called subsystems. The selection or design of these subsystems must cater for a SIL which is equal to or higher than the required level. The combination of all of these subsystems must also enable you to reach the required SIL.
Each subsystem must meet the following requirements:
– Architectural constraints for hardware safety integrity
– Probability of dangerous random hardware failures (PFH)
– Systematic safety integrity (requirements for avoiding failures and requirements for controlling systematic faults)
Architectural constraints of a subsystem
The SIL value that subsystems achieve is influenced by the architecture of the control system and the “Safe failure fraction” (SFF) or diagnostic level.
|
Safe failure fraction |
Hardware fault tolerance |
Hardware fault tolerance |
Hardware fault tolerance |
|
< 60 % |
Not permitted, unless well-tried components |
SIL 1 |
SIL 2 |
|
60 % to < 90 % |
SIL 1 |
SIL 2 |
SIL 3 |
|
90 % to < 99 % |
SIL 2 |
SIL 3 |
SIL 3 |
|
>= 99 % |
SIL 3 |
SIL 3 |
SIL 3 |
HFT: Hardware fault tolerance
SFF: Safe failure fraction
Requirements for the probability of dangerous random hardware failures
The probability of a dangerous failure of any safety-related control function (SRCF) because of dangerous random hardware failures shall be equal to or less than the failure threshold value defined in the safety requirements specification.
|
SIL level in accordance with IEC 62061 |
Probability of a dangerous failure per hour (PFHD) [1/h] |
|
SIL 3 |
>= 10 E-8 to < 10 E-7 |
|
SIL 2 |
>= 10 E-7 to < 10 E-6 |
|
SIL 1 |
>= 10 E-6 to < 10 E-5 |
Why not try PILZ’s calculation tool (PAScal), which you can use to determine the relevant characteristic values with ease?
Further information:
Their experts will be happy to support you with the implementation of IEC 62061, thereby ensuring safe operation of your plant and machinery.
To learn more about PILZ services for automation, plant, and machinery safety, click here
To use their Safety Calculator PAScal – Calculation tool for verifying functional safety, click here
