EN13849 Differences between Category B and 1

[MarcoVezzali]

Goodmorning, I'm working for truck crane builder company and within 1 and a half years our cranes will have to comply with EN 13849-1. For minimizing costs and reach PL "c" I've thought to use components with high MTTFd and category 1, here I am with my topic: if a component has high MTTFd, it means that its category si 1?

From picture 5 paragraph 4.5.4 of norm EN13849-1 it's shown that a component with medium MTTFd can reach only PL "b" considering DC 0 (if MTTFd is low maximum PL"a"), while a component with high MTTFd can reach PL "c", but the category changes from B to 1.

In the note 3 paragraph 6.2.4 of norm EN13849-1 it's written the following:"When a problem occurs, this could cause the safety function lost. But, the MTTFd of each channel in category 1 is higher then the MTTFd of a channel in category B. This means that the safety function lost is less possible". (I don't have the English version so i've translated it from Italian version).

So I think that for a component with high MTTFd, it's category is 1! Is it correct?

In a Sick document of 2010 there is an example: the target PL is "d", the proximity sensor used, at the beginning of the chain, has MTTd 83 years (it's an high MTTFd) but it is considered with PL "b".

Why, in the norm, isn't it considered either the case of category B with high MTTFd or category 1 with low-medium MTTFd?

Thanks

 

[binky]

welcome to the forum.

most of us on here haven't got a clue what you are talking about, but if you wait a little we do have some very knowledgeable machinery control members. It feels like something has got lost in translation from Italian, but what I do know is that you don't argue with standards, and cranes have a higher safety factor than other equipment.

 

[Andy™]

@Sidewinder will know more than most of us

 

[MarcoVezzali]

welcome to the forum.

most of us on here haven't got a clue what you are talking about, but if you wait a little we do have some very knowledgeable machinery control members. It feels like something has got lost in translation from Italian, but what I do know is that you don't argue with standards, and cranes have a higher safety factor than other equipment.

I'm sorry Binky, probably with some pictures it would be clearer to understand, but I didn't find the way to attach them.

Could you tell me how to do it?

 

[binky]

drop box link or similar usually works, or and Admin can reset your account to allow pictures to be uploaded - we have a 10 post rule to prevent spam.

 

[Sidewinder]

Goodmorning, I'm working for truck crane builder company and within 1 and a half years our cranes will have to comply with EN 13849-1. For minimizing costs and reach PL "c" I've thought to use components with high MTTFd and category 1, here I am with my topic: if a component has high MTTFd, it means that its category si 1?

From picture 5 paragraph 4.5.4 of norm EN13849-1 it's shown that a component with medium MTTFd can reach only PL "b" considering DC 0 (if MTTFd is low maximum PL"a"), while a component with high MTTFd can reach PL "c", but the category changes from B to 1.

In the note 3 paragraph 6.2.4 of norm EN13849-1 it's written the following:"When a problem occurs, this could cause the safety function lost. But, the MTTFd of each channel in category 1 is higher then the MTTFd of a channel in category B. This means that the safety function lost is less possible". (I don't have the English version so i've translated it from Italian version).

So I think that for a component with high MTTFd, it's category is 1! Is it correct?

In a Sick document of 2010 there is an example: the target PL is "d", the proximity sensor used, at the beginning of the chain, has MTTd 83 years (it's an high MTTFd) but it is considered with PL "b".

Why, in the norm, isn't it considered either the case of category B with high MTTFd or category 1 with low-medium MTTFd?

Thanks

Hello Marco,

Welcome to the forum, there are a few issues here.

IF you are using harmonised standards to justify your CE marking, and as a means to a presumption of conformity, then it is not acceptable to mix and match if you choose to comply with one standard, then you have to comply with all other standards which are normative to that and the normatives to those etc. ad-infiniutm.

Your equipment should already be complying with the full requirements of ISO13849, as of the 30th June 2016, so for nearly 2 years now.

Firstly, if there is a C type standard for your cranes, then your easiest route to market is to meet the requirements of that.

Is PLc adequate for the risk, there are 3 things to consider, first, severity of injury, if the control system fails can it cause an injury requiring more than first aid, and something fully reversible.

I would say that if a brake fails to engage or is released by a dangerous failure in the brake control system, then this could easily result in a fatality.

So, S2.

Now I am going to skip ahead to probability of avoidance, if the brake has failed and the load is falling what is the likelihood of the person underneath the load avoiding it, I would say almost impossible so P2.

Now we are only left with the frequency, how often is the crane used to lift loads,  pretty often so say F2.

That leads you to PLe, not PLc.

There is a lot more to this than you seem to have grasped, sorry.

Firstly you need to undertake a full and proper assessment of the PLr, for each safety function, I have used a bit of a short example of brake control here and specifically the possibility of the brake being released by mistake.

I've come up with PLe.

So I need to pick components and a system architecture that will meet the requirements of PLe, so likely a Cat 4 circuit design.

Then the statistical calculations come in, Sistema is your friend, and you can then determine if your Cat 4 system will meet PLe.

 

[MarcoVezzali]

Thank Sidewinder,

I appreciate your answer and that you are a great expert.

PLc has been decided by Technical Commission CEN/TC 147 “Cranes – Safety” (it is made by the technical department chiefs of the main cranes builder companies like Palfinger, Fassi, Amcoveba-Ferrari, Hiab, etc). So during last meeting this is what they defined:

Safety Function                                                                         PLr

Overload protection of load carrying structure                    c

Vehicle stability with respect to crane operation                 c

Operator platform protection                                                  c

Stabilizer extension clear view                                               b

We don't make platforms for carring people, in this case we should get PLd.

So I've started from this point.

About the introduction of ISO13849 since June 2016, the crane state of the art doesn't respect the EN 13849 (I used to work in tyre changers companies and even there the norms weren't fully respect, for example EN 60204), so within the end of 2019 we have to comply with it. We have some redundant components but the redundancy is not implemented for now.

I've downloaded Sistema and started using it.

If you don't mind I'd like to go back to my first doubt: a component with high MTTFd (higher than 30 years) belongs, at least, to category 1?

Thanks for you help

 

[SPECIAL LOCATION]

welcome to the forum.

most of us on here haven't got a clue what you are talking about, 

Can I nominate that as "Understatement of the year"?

It may as well have been written in Russian as far as I am concerned.....

BUT I can still say WELCOME!!

Guinness Guinness :Salute

 

[Sidewinder]

...

PLc has been decided by Technical Commission CEN/TC 147 “Cranes – Safety” (it is made by the technical department chiefs of the main cranes builder companies like Palfinger, Fassi, Amcoveba-Ferrari, Hiab, etc). So during last meeting this is what they defined:

...

About the introduction of ISO13849 since June 2016, the crane state of the art doesn't respect the EN 13849 (I used to work in tyre changers companies and even there the norms weren't fully respect, for example EN 60204), so within the end of 2019 we have to comply with it. We have some redundant components but the redundancy is not implemented for now.

I've downloaded Sistema and started using it.

If you don't mind I'd like to go back to my first doubt: a component with high MTTFd (higher than 30 years) belongs, at least, to category 1?

Thanks for you help

So once again it’s about cost rather than safety.

What a surprise, not.

It has nothing to do with what is state of the art, it has everything to do with the law.

The MD is the overarching legislation that must be complied with.

Ignoring the law is not an option really is it.

The category is not component specific it is more a systematic value.

A component of a hight MTTFd, capable of reaching PLe, if not integrated correctly may ony achieve PLa.

 

[binky]

thing is, decent system design and components usually ends up as a very reliable system, so over time a reputataion for safe and reliable operation can be good for business. I used to work for Superwinch whose H8 model was 'de-riguer' for vehicle recovery across Europe. Then some bright fool decided to re-design it to save costs that resulted in a weak brake mechanism and rapid decline in reputation - bad news travels fast! Result, the collapse of H8 sales!

 

[MarcoVezzali]

Sorry guys, I'm only trying to understand where is the edge, safety first I totally agree.

I've asked my boss more infos and he told me that for truck cranes they asked to postpone the introduction of 13849 to the end of 2019. This is why we have not intoduced it till now. I apologize for giving you wrong informations and wrong perception of our sector.

Since I have to reach PLc and I saw this combination (high MTTFd and Cat.1), I wanted understand if it was a feasible solution. I thought that the Category was a feature specific of the component since for many components it's specified the category and the MTTFd (i.e. IFM proximity sensor is cat.2 and PFHd 1.0E-07 or our control unit is cat.2 and MTTFd 54 years). Am I wrong?

Talking to some suppliers they are introducing 13849, they told me that the only way to reach PLc is redunding the safety components. Is it correct? I hope that there could be a "middle way" between my first idea and the one of suppliers.

You know it's like in Formula 1, there are rules but there are teams very conservative that they stick to safety zone, and there are teams that they find solutions close to the edge and feasible, this is what I'd like to do and of course not step over the edge.

 

[Sidewinder]

Marco,

Do you have a copy of ISO 13849-1 & -2?

 

[MarcoVezzali]

Yes.

I guess your answer: "Read them carefully!!!"

 

[binky]

 very carfully.  I am assuming your boss wants things done as cheap as possible - jusr remember if someone gets injured or killed, you will have to stand up in court and defend your design.

 

[MarcoVezzali]

Sorry guys for bothering you.

I did an analisys of each component deciding if it was necessary double it or not. About the output something is not clear to me.

I have an hydraulic unit with solenoids for the different crane movements and there is a dump valve that when it is supplied, by the control unit, it allows the oil to flow giving pressure to the hydraulic system (it is an ON/OFF valve). This valve is supplied only if the movement required is allowed. This valve doesn't have any feedback, so in case that the control unit doesn't supply it, the system doesn't know if the valve is close or stuck in open position.

My question is the following: for reaching PLc, considering that all components of the safety chain have PLc or higher, can I add a spool control on this valve? I mean a NO contact that, every time my valve is supplied, it will be close by the valve spool. Other option is using 2 dump valves in series, without spool control, supplied with 2 different output lines by the control unit.

In our opinion which solution would be better?

 

[Sidewinder]

Hello Marco,

You would need to put two hydraulic dump valves in parallel, if a dump valve is required.

Have you used the manufacturers information for modelling the safety system?

It is legitimate to use the data in 13849, but it can be optimistic, or pessimistic depending on which devices you are looking at.

You can real PLc with Cat. 1 & high MTTFd, combined with no DCavg.

TBH I wouldn't bother with Cat 2, I would use either 1 or 3.

With 3 you could use the feedback as spool position, which most safety dump valves have the facility for anyway, or you could perhaps use a pressure transducer.

Remember you need to keep an eye on your MTTFd figures to ensure that your reliability is there.

Your simplest route to PLc is Cat. 1, high MTTFd, well tried safety principles, and well tried components.

If you go Cat. 2, then your test cycles vs demand would be ridiculous, hence my suggestion to jump to Cat 3.

 

[MarcoVezzali]

Thanks Sidewinder,

if I use Cat. 3, I guess that I have to double the dump valve (I think that they should be in series, in this way the pressure goes up only if both dump valves are ON and if one get stuck in close position the other can stop the pressure) and put 2 feedback signals (it could be a spool control on both valves or 2 pressure switches). Is it correct?

If I put one dump valve with 1 feedback signal I don't understand which kind of Category is the system: Cat.1 or 2 no because there is the feedback,  Cat.3 no because the second channel is missing.

 

[Sidewinder]

Hello Marco,

Your dump valves need to be in parallel, if you put them in series and the last one fails closed, the first cannot dump to tank.

Think about it.

You need both valves to be able to dump to tank independently.

That is one, or, the other dumping.

If you put them in series, then they both must actuate, which is an, &, function which would not be acceptable.

The safe condition is dumping to tank yes?

Lets sort this first before we look at anything else.

 

[MarcoVezzali]

Siderwinder,

you're absolutely right!!!

I'm and electronic engineer and I was thinking about switches.....big mistake!!!

So let's put them in parallel, what about the feedback signal?

 

[Rob.]

Feedback is to prove that the dump valves have opened and should be monitored in such a way, that if one fails to open when requested the system locks out. 

It goes into the diagnostic coverage portion of your safety calculations.