What justifies the choice of either ISO 13849 or IEC 62061?
There exist two different standards for evaluation the required and achieved safety level of a safety-related control system: ISO 13849 and IEC 62061.
Whether to use one or the other is a choice by the designer. This is supported by the fact the the overarching Type-A safety standard for risk assessment and risk reduction, ISO 12100:2010, specifies in section 6.2.11.1 that:
The design measures of the control system shall be chosen so that their safety-related performance provides a sufficient amount of risk reduction (see ISO 13849-1 or IEC 62061).
This wording is clearly an unconditional choice, hence it is justified to chose either of the two standards without specific justification.
It is also possible to choose different standards for different safety functions and even for different subsystems of a safety function. There is no hard requirement to use any justification why a specific standard is used. However, the author of this article recommends to use nominal justification for the alternating choices.
The following justifications are examples (informative - not listed in any of the relevant standards):
- Suitability: The chosen standard is more suitable for the specific safety function or subsystem, for example because it can evaluate the performance level or required SIL according to more defined criteria or with a higher degree of precision (this is a good justification for using
IEC 62061since it has more defined and more defined criteria especially for the severity of injury and frequency of exposure). - A common example of this is that severity S2 in
ISO 13849includes death, but generally must be used for any permanent injury, whileIEC 62061provides 4 different severity levels instead of 2, allowing the designer to choose a precisely risk-adjusted approach instead of just presuming that almost every incident requiring medical attention is equivalently severe to death. . - Software support: The chosen standard is better supported by a software tool that is used for the evaluation. The typical example to cite here is that SISTEMA supports
ISO 13849only (IEC 62061 is only supported when you calculate it externally). - Familiarity: The person performing the evaluation is more familiar with the chosen standard (this generally does not justify mixed use of both standards, unless there are multiple authors with different preferences)
- Precedent: For a given set of safety functions or subsystems, the evaluation is (loosely or strictly) based upon previous evaluation of similar functions or subsystems (either in the same company or performed by the author in the past)
- Quality Management: The quality management system of the company requires, or recommends, the use of a specific standard for evaluation (this is generally not a justification for mixed use of both standards, but it can be combined with a suitability or precedent justification)
- Customer Requirement: The customer requires the use of a specific standard for evaluation (this is generally a limited justification for mixed use of both standards, but it can be combined with a suitability, precedent or quality management justification)
The following justifications are not recommended by the author:
- Availability of pre-certified components: Some components are pre-certified according to one of the two standards but not the other - not recommended since you can, and should, just use the mapping table in both directions.
The following justifications should be considered forbidden justifications under all circumstances since using them would imply that the safety requirements specification is generated after the fact and can be interpreted as a negligent lack of due diligence in the design process:
- It is cheaper to implement one of the two standards over the other
- A given set of components fulfils the evaluation criteria of one of the two standards but not the other.
Source: ISO 12100:2010, Section 6.2.11.1, first paragraph.
Qualification of the author: Uli Köhler is a functional safety engineer and consultant and is certified as a CMSE® – Certified Machinery Safety Expert (TÜV NORD)