Mission time of safety related control systems

(Translation of German Websites)

For safety related control systems a so-called Mission Time has to be considered. According to EN ISO 13849-1 normally a Mission Time of 20 years is assumed. What will happen when the Mission Time is exceeded?.

Safety related control systems of industrial robot systems are e.g.

  • Interlocking circuits of access doors to the robot working zone
  • Restricted spaces for safe limiting of robot motion
  • Emergency stop controls
  • Control systems for processing signals from safety mats or light curtains

In most cases these controls are electro-mechanic or electronic controls (e.g. Safety PLC). However, even hydraulic or pneumatic controls can be applied.

For industrial robot systems the standards EN ISO 10218-1 and ISO 10218-2 apply. Regarding control systems, these standards among others refer on EN ISO 13849-1. As long as not otherwise specified by the manufacturer EN ISO 13849-1 assumes a Mission Time of 20 years. Within these 20 years a specific reliability is allocated to the components of the control system.

However, robust designed machines can have a life time of even more then 20 years. It is self-understanding that wear and aging after such a time seize not only mechanical bearings and gears but also controls. For example, the nominal values of resistors and capacitors can change because of aging.

Shall the machine user replace specific components of the control? Shall machine user replace the whole control system? According to the standard mentioned above until now these questions are widely open. Newly, a VDI-Guideline provides help.

According to the VDI-Guideline the machine user shall generally accept the Mission Time provided by the manufacturer. However, the aspects for a possible extended Mission Time in a specific single case should be mentioned here:

  • “Close monitoring”
  • “Fail-safe-consideration”
  • “Providing of safety by different principles”
  • “Overhaul of relevant functional unit(s)”

The measures listed here are only an extract of the VDI-Guideline.

Many typical safety components are desined such that they will fail to a safe state in the event of a failure e.g. relais blocks for monitoring of safety door interlock. The Fail-Safe-Consideration mentioned above should not be hard in such a case.

Furthermore, the VDI-Guideline describes the basics and different cases according to year of put into service.

The measures according to the VDI-Guideline are foreseen to be applied in responsibility of the machine user. If the machine user company does not have enough capacity in assessment of control systems the machine user can instruct a qualified contractor.

Scroll to Top