Asia

Account

Menu
Menu
< Back to Articles
Machine Safety / Occupational Safety

ISO 13849-1 Safety Category Flight Formula

The safety category is a concept that represents the structure of safety-related parts, and is an important indicator that has a large impact on the PL (performance level). Although the structure of safety-related parts is diverse, the basic structure is often similar, and most structures existing in the mechanical field can be classified into one of the following categories.

For each category there is a typical representative drawing as a typical safety-related block diagram, and there is a specified "structure" which is not easily comprehensible.

Therefore, this time, I will use an airplane to tell you how to easily understand the superficial part of this safety category.

With this, I think it is easy to imagine how safe (how dangerous) each of the five categories is.

 

Category B

I'm flying in a homemade ultralight (airplane) plane. This airplane is an ultra-light (airplane) plane that I drew on the back of an envelope on my desk and built using an old-fashioned lawnmower engine that I found in the archives. It is not FAA (Federal Aviation Administration) certified.

Requirements Summary
Safety-related parts of control systems and protective devices shall be designed, constructed, selected and constructed in accordance with appropriate standards to withstand the expected external influences.

Here in ISO13849-1:2015: The SPR/CS ​​shall, as a minimum, be designed, constructed, selected, assembled and combined in accordance with the relevant standards and use basic safety principles for the specific application to withstand

  • the expected operating stresses, e.g. the reliability with respect to breaking capacity and frequency,
  • the influence of the processed material, e.g. detergents in a washing machine, and
  • other relevant external influences, e.g. mechanical vibration, electromagnetic interference, power supply interruptions or disturbances.

 

Category 1

It has one engine, but it is flying in a Cessna without engine instruments.

It doesn't come with engine instruments that monitor engine operation, but it's a Cessna 150 (manufactured by Cessna, USA) with one engine and built in a trusted airplane factory.

In the unlikely event that the engine fails and stops, you can notice it because the propeller is not spinning, but at that time you will be crashing to the ground at a very high speed. FAA inspected.


Requirements Summary
Meets Category B requirements. Use well-examined and highly reliable parts and follow safety principles.

Here in ISO 13849-1:2015: "SPR/CS of category 1 shall be designed and constructed using well-tried components and well-tried safety principles. A "Well-tried component" for a safety-related application is a component which has been either a) Widely used in the past with successful results in similar applications, or  b) Made and verified using principles which demonstrate its suitability and reliability for safety-related applications.

 

Category 2

In addition to the Category 1 Cessna, an engine failure lamp is included. In the event of an engine failure, a Cessna manufacturer-installed failure lamp in the cockpit will illuminate, letting you know that the engine is not running.
I realize I should be praying for a safe landing soon, but I don't really see the need for a failure ramp as I'm crashing to the ground at super-high speed.

 

Requirements Summary
Meet Category B requirements and follow safety principles. Safety functions should be checked at appropriate intervals by the machine's control system.

Here in ISO13849-1:2015: SPR/CS ​​of category 2 shall be designed so that their functions(s) are checked at suitable intervals by the machine control system.

  • at the machine start-up, and
  • prior to the initiation of any hazardous situation, e.g. start of a new cycle, start of other movements, immediately upon on demand of the safety function and/or periodically during operation if the risk assessment and the kind of operation shows that it is necessary.

 

Category 3

I fly a plane with two engines and complete engine instruments.

However, there is only one pilot. There is no co-pilot. The pilot drives the plane to the runway, revs the engine, checks the engine gauges, and takes off. After that, the pilot is too busy to check the engine instruments. If one engine fails, you can fly to the nearest airport and land with the other engine.


Requirements Summary
Meet Category B requirements and follow safety principles. Safety-related parts shall be designed according to the following policies:

  • Safety function shall not be lost due to a single failure
  • A single fault can be detected as much as possible

Here in ISO13849-1:2015: SPR/CS of category 3 shall be designed so that a single fault in any of these parts does not lead to the loss of the safety function.

NOTE 1
The requirement of single-fault detection does not mean that all faults will be detected. Consequently, the accumulation of undetected faults can lead to an unintended output and a hazardous situation at the machine. Typical examples of practical measures for fault detection are use of the Feedback of mechanically guided relay contacts and monitoring of redundant electrical outputs.
 

NOTE 3
Category 3 system behavior is characterized by
- continued performance of the safety function in the presence of a single fault,
- detection of some, but not all, faults,
- possible loss of the safety function due to accumulation of undetected faults.

 

Category 4

There are two pilots, a pilot and a co-pilot, on board a Category 3 aircraft, and the engine instruments are dynamically monitored. It has two engines and complete engine instruments, and the co-pilot keeps an eye on the engine instruments all the time to see if there is anything strange about the engine. If an engine fails or behaves abnormally, the other engine will carry you to the nearest airfield without any problems.


Requirements
Meet Category B requirements and follow safety principles. Safety-related parts shall be designed according to the following policies:

  • Safety functions shall not be lost due to a single failure
  • A single failure can be detected when or before the next safety function operates. If this is not possible, the accumulation of faults shall not result in loss of safety function.

Here in ISO13849-1:2015: SPR/CS of category 4 shall be designed such that

  • a single fault in any of these safety-related parts does not lead to a loss of the safety function, and
  • the single fault is detected at or before the next demand upon the safety functions, e.g. immediately, at switch on, or at end of a machine operating cycle

but if this detection is not possible, then an accumulation of undetected faults shall not lead to the loss of the safety function.

 

Did you understand the ISO13849-1 safety category? Machine safety is difficult to understand, but
why don't you try to understand it in an aerial way!?

ROSS Asia K.K. Uses Cookies


We utilize cookies to personalize and enhance your overall experience on our website. When you select "Accept All Cookies", you are agreeing to our use of cookies. You may customize what cookies you accept by selecting the "Settings" link below. Please read the Cookies Section in our Data Privacy Policy for more details or to make changes to your Settings selection.


California Residents: Please review the California Privacy Rights section in our Privacy Policy.


These cookies help us improve and optimize our website by tracking user behavior.

These cookies help you navigate our website by supplying optimized recommendations based on your preferences.

Functionality Cookies

These cookies enhance the functionality and convenience of our website, including experiences such as automatic log in which utilizes encrypted user data.

Settings