1、BSI Standards PublicationBS EN 16590-1:2014Tractors and machinery foragriculture and forestry Safety-related parts of controlsystemsPart 1: General principles for design anddevelopment (ISO 25119-1:2010 modified)BS EN 16590-1:2014 BRITISH STANDARDNational forewordThis British Standard is the UK impl
2、ementation of EN 16590-1:2014.It was derived from ISO 25119-1:2010. It supersedes BS ISO 25119-1:2010 which is withdrawn.The UK participation in its preparation was entrusted to Technical Committee AGE/6, Agricultural tractors and forestry machinery.A list of organizations represented on this commit
3、tee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2014. Published by BSI Standards Limited 2014ISBN 978 0 580 82327 5 ICS 35.240
4、.99; 65.060.01 Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 April 2014.Amendments issued since publicationDate T e x t a f f e c t e dBS EN 16590-1:2014EUR
5、OPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 16590-1 April 2014 ICS 35.240.99; 65.060.01 English Version Tractors and machinery for agriculture and forestry - Safety-related parts of control systems - Part 1: General principles for design and development (ISO 25119-1:2010 modified) Tracteurs et
6、 matriels agricoles et forestiers - Parties des systmes de commande relatives la scurit - Partie 1: Principes gnraux pour la conception et le dveloppement (ISO 25119-1:2010 modifi) Sicherheit von Land- und Forstmaschinen - Sicherheitsbezogene Teile von Steuerungen - Teil 1: Allgemeine Gestaltungs- u
7、nd Entwicklungsleitstze (ISO 25119-1:2010 modifiziert) This European Standard was approved by CEN on 23 February 2014. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without
8、any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other lang
9、uage made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmar
10、k, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE F
11、OR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 16590-1:2014 E BS EN 16590-1:201
12、4EN 16590-1:2014 (E) 2 Contents Page Foreword 4 Introduction .5 1 Scope 7 2 Normative references 7 3 Terms and definitions .7 4 Abbreviated terms 14 5 Management during complete safety life cycle . 15 5.1 Objectives 15 5.2 General . 15 5.2.1 Introduction to the safety life cycle concept . 15 5.2.2 E
13、xternal functional safety measures 15 5.3 Prerequisites . 15 5.4 Requirements Functional safety management activities across safety life cycle 17 5.4.1 Functional safety culture . 17 5.4.2 Continuous improvement 17 5.4.3 Training and qualification 18 5.4.4 Safety management during development 18 5.4
14、.5 Assignment of safety responsibilities 18 5.4.6 Assignment of tasks . 18 5.4.7 Planning of all safety management activities during development 18 5.5 Work products . 21 6 Assessment of functional safety . 21 6.1 Objectives 21 6.2 General . 21 6.3 Prerequisites . 21 6.4 Requirements 21 6.4.1 Consid
15、erations for the assessment of the functional safety . 21 6.4.2 Verification 22 6.5 Work products . 23 7 Safety management activities after start of production (SOP) 24 7.1 Objectives 24 7.2 General . 24 7.3 Prerequisites . 24 7.4 Requirements 24 7.4.1 Management of production and modification proce
16、dures . 24 7.4.2 Tasks for preparing and conducting production and end of line inspections . 24 7.4.3 Tasks for safe machine operation and decommissioning . 24 7.5 Work products . 25 8 Production and installation of safety-related systems . 25 8.1 Objectives 25 8.2 General . 25 8.3 Prerequisites . 2
17、5 8.4 Requirements 25 8.4.1 Production plan . 25 8.4.2 Test plan 25 8.4.3 Production and testing . 26 8.4.4 Process capability 26 BS EN 16590-1:2014EN 16590-1:2014 (E) 3 8.4.5 Documentation 26 8.4.6 Non-compliance . 26 8.4.7 Traceability . 26 8.4.8 Storage and transport conditions 26 8.4.9 Modificat
18、ion . 26 8.5 Work products . 26 Annex A (informative) Example of the structure of a project-specific safety plan . 27 A.1 General . 27 A.2 Change log . 27 A.3 Objective of overall project 27 A.4 Schedule . 27 A.5 Project organisation 27 A.5.1 Project team organisation 27 A.5.2 Project team members 2
19、8 A.5.3 Safety management . 28 Annex ZA (informative) Relationship between this European Standard and the Essential Requirements of EU Machinery Directive 2006/42/EC . 30 Bibliography 31 BS EN 16590-1:2014EN 16590-1:2014 (E) 4 Foreword This document (EN 16590-1:2014) has been prepared by Technical C
20、ommittee CEN/TC 144 “Tractors and machinery for agriculture and forestry”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by October 2014, and conflicting
21、national standards shall be withdrawn at the latest by October 2014. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This document has
22、 been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association, and supports essential requirements of EU Directive(s). For relationship with EU Directive(s), see informative Annex ZA, which is an integral part of this document. EN 16590 Tractors and m
23、achinery for agriculture and forestry Safety-related parts of control systems consists of the following parts: Part 1: General principles for design and development Part 2: Concept phase Part 3: Series development, hardware and software Part 4: Production, operation, modification and supporting proc
24、esses The modifications to ISO 25119-1:2010 are indicated by a vertical line in the margin. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, C
25、zech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United King
26、dom. BS EN 16590-1:2014EN 16590-1:2014 (E) 5 Introduction EN 16590 sets out an approach to the design and assessment, for all safety life cycle activities, of safety-relevant systems comprising of electrical and/or electronic and/or programmable electronic systems (E/E/PES) on tractors used in agric
27、ulture and forestry, and on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture. It is also applicable to municipal equipment. It covers the possible hazards caused by the functional behaviour of E/E/PES safety-related systems, as distinct from hazards
28、arising from the E/E/PES equipment itself (e.g. electric shock, fire, nominal performance level of E/E/PES dedicated to active and passive safety). The control system parts of the machines concerned are frequently assigned to provide the critical functions of the safety-related parts of control syst
29、ems (SRP/CS). These can consist of hardware or software, can be separate or integrated parts of a control system, and can either perform solely critical functions or form part of an operational function. In general, the designer (and to some extent, the user) will combine the design and validation o
30、f these SRP/CS as part of the risk assessment. The objective is to reduce the risk associated with a given hazard (or hazardous situation) under all conditions of use of the machine. This can be achieved by applying various protective measures (both SRP/CS and non-SRP/CS) with the end result of achi
31、eving a safe condition. EN 16590 allocates the ability of safety-related parts to perform a critical function under foreseeable conditions into five performance levels. The performance level of a controlled channel depends on several factors, including system structure (category), the extent of faul
32、t detection mechanisms (diagnostic coverage), the reliability of components (mean time to dangerous failure, common-cause failure), design processes, operating stress, environmental conditions and operation procedures. Three types of failures are considered: systematic, common-cause and random. In o
33、rder to guide the designer during design, and to facilitate the assessment of the achieved performance level, EN 16590 defines an approach based on a classification of structures with different design features and specific behaviour in case of a fault. The performance levels and categories can be ap
34、plied to the control systems of all kinds of mobile machines: from simple systems (e.g. auxiliary valves) to complex systems (e.g. steer by wire), as well as to the control systems of protective equipment (e.g. interlocking devices, pressure sensitive devices). EN 16590 adopts a risk-based approach
35、for the determination of the risks, while providing a means of specifying the required performance level for the safety-related functions to be implemented by E/E/PES safety-related channels. It gives requirements for the whole safety life cycle of E/E/PES (design, validation, production, operation,
36、 maintenance, decommissioning), necessary for achieving the required functional safety for E/E/PES that are linked to the performance levels. The structure of safety standards in the field of machinery is as follows. a) Type-A standards (basic safety standards) give basic concepts, principles for de
37、sign and general aspects that can be applied to machinery. b) Type-B standards (generic safety standards) deal with one or more safety aspect(s), or one or more type(s) of safeguards that can be used across a wide range of machinery: type-B1 standards on particular safety aspects (e.g. safety distan
38、ces, surface temperature, noise); type-B2 standards on safeguards (e.g. two-hand controls, interlocking devices, pressure sensitive devices, guards). c) Type-C standards (machinery safety standards) deal with detailed safety requirements for a particular machine or group of machines. BS EN 16590-1:2
39、014EN 16590-1:2014 (E) 6 This part of EN 16590 is a type-B1 standard as stated in EN ISO 12100. For machines which are covered by the scope of a machine specific type-C standard and which have been designed and built according to the provisions of that standard, the provisions of that type-C standar
40、d take precedence over the provisions of this type-B standard. BS EN 16590-1:2014EN 16590-1:2014 (E) 7 1 Scope This part of EN 16590 sets out general principles for the design and development of safety-related parts of control systems (SRP/CS) on tractors used in agriculture and forestry and on self
41、-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture. It can also be applied to municipal equipment (e.g. street-sweeping machines). It specifies the characteristics and categories required of SRP/CS for carrying out their safety functions. This part of EN 1
42、6590 is applicable to the safety-related parts of electrical/electronic/programmable electronic systems (E/E/PES), as these relate to mechatronic systems. It does not specify which safety functions, categories or performance levels are to be used for particular machines. Machine specific standards (
43、type-C standards) can identify performance levels and/or categories or they should be determined by the manufacturer of the machine based on risk assessment. It is not applicable to non-E/E/PES systems (e.g. hydraulic, mechanic or pneumatic). NOTE See also EN ISO 12100 for design principles related
44、to the safety of machinery. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced d
45、ocument (including any amendments) applies. EN 16590-2:2014, Tractors and machinery for agriculture and forestry Safety-related parts of control systems Part 2: Concept phase EN 16590-3:2014, Tractors and machinery for agriculture and forestry Safety-related parts of control systems Part 3: Series d
46、evelopment, hardware and software EN 16590-4:2014, Tractors and machinery for agriculture and forestry Safety-related parts of control systems Part 4: production, operation, modification and supporting processes 3 Terms and definitions For the purposes of this document, the following terms and defin
47、itions apply. 3.1 agricultural performance level AgPL level which specifies the ability of safety-related parts to perform a safety-related function under foreseeable conditions Note 1 to entry: For the purposes of EN 16590, the performance for each hazardous situation is divided into five levels, a
48、, b, c, d and e, where the functional safety contributed by the SRP/CS in “a” is low and in “e” is high. 3.2 required agricultural performance level AgPLrperformance level (AgPL) needed to achieve the required functional safety for each safety-related function BS EN 16590-1:2014EN 16590-1:2014 (E) 8
49、 3.3 category classification of the safety-related parts of a control system with respect to its resistance to faults and its subsequent behaviour in the fault condition, and which is achieved by the structural arrangement of the parts and/or by their reliability 3.4 channel series combination of input, logic, and output elements 3.5 common-cause failure CCF failures of different items, resulting from a single event, where these failures are not consequences of each other Note 1 to entry: Common-cause failures ought not be confused with com
