BS EN 16590-1:2014 BSI Standards Publication Tractors and machinery for agriculture and forestry — Safety-related parts of control systems Part 1: General principles for design and development (ISO 25119-1:2010 modified) BS EN 16590-1:2014 BRITISH STANDARD National foreword This British Standard is the UK implementation of EN 16590-1:2014 It supersedes BS ISO 25119-1:2010 which is withdrawn The UK participation in its preparation was entrusted to Technical Committee AGE/6, Agricultural tractors and forestry machinery A list of organizations represented on this committee can be obtained on request to its secretary This publication does not purport to include all the necessary provisions of a contract Users are responsible for its correct application © The British Standards Institution 2014 Published by BSI Standards Limited 2014 ISBN 978 580 82327 ICS 35.240.99; 65.060.01 Compliance with a British Standard cannot confer immunity from legal obligations This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 April 2014 Amendments issued since publication Date Text affected BS EN 16590-1:2014 EN 16590-1 EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM April 2014 ICS 35.240.99; 65.060.01 English Version Tractors and machinery for agriculture and forestry - Safetyrelated parts of control systems - Part 1: General principles for design and development (ISO 25119-1:2010 modified) Tracteurs et matériels agricoles et forestiers - Parties des systèmes de commande relatives la sécurité - Partie 1: Principes généraux pour la conception et le développement (ISO 25119-1:2010 modifié) Sicherheit von Land- und Forstmaschinen Sicherheitsbezogene Teile von Steuerungen - Teil 1: Allgemeine Gestaltungs- und Entwicklungsleitsätze (ISO 25119-1:2010 modifiziert) This European Standard was approved by CEN on 23 February 2014 CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member This European Standard exists in three official versions (English, French, German) A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom EUROPEAN COMMITTEE FOR STANDARDIZATION COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels © 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members Ref No EN 16590-1:2014 E BS EN 16590-1:2014 EN 16590-1:2014 (E) Contents Page Foreword Introduction Scope Normative references Terms and definitions Abbreviated terms 14 5.1 5.2 5.2.1 5.2.2 5.3 5.4 5.4.1 5.4.2 5.4.3 5.4.4 5.4.5 5.4.6 5.4.7 5.5 Management during complete safety life cycle 15 Objectives 15 General 15 Introduction to the safety life cycle concept 15 External functional safety measures 15 Prerequisites 15 Requirements — Functional safety management activities across safety life cycle 17 Functional safety culture 17 Continuous improvement 17 Training and qualification 18 Safety management during development 18 Assignment of safety responsibilities 18 Assignment of tasks 18 Planning of all safety management activities during development 18 Work products 21 6.1 6.2 6.3 6.4 6.4.1 6.4.2 6.5 Assessment of functional safety 21 Objectives 21 General 21 Prerequisites 21 Requirements 21 Considerations for the assessment of the functional safety 21 Verification 22 Work products 23 7.1 7.2 7.3 7.4 7.4.1 7.4.2 7.4.3 7.5 Safety management activities after start of production (SOP) 24 Objectives 24 General 24 Prerequisites 24 Requirements 24 Management of production and modification procedures 24 Tasks for preparing and conducting production and end of line inspections 24 Tasks for safe machine operation and decommissioning 24 Work products 25 8.1 8.2 8.3 8.4 8.4.1 8.4.2 8.4.3 8.4.4 Production and installation of safety-related systems 25 Objectives 25 General 25 Prerequisites 25 Requirements 25 Production plan 25 Test plan 25 Production and testing 26 Process capability 26 BS EN 16590-1:2014 EN 16590-1:2014 (E) 8.4.5 8.4.6 8.4.7 8.4.8 8.4.9 8.5 Documentation 26 Non-compliance 26 Traceability 26 Storage and transport conditions 26 Modification 26 Work products 26 Annex A (informative) Example of the structure of a project-specific safety plan 27 A.1 General 27 A.2 Change log 27 A.3 Objective of overall project 27 A.4 Schedule 27 A.5 Project organisation 27 A.5.1 Project team organisation 27 A.5.2 Project team members 28 A.5.3 Safety management 28 Annex ZA (informative) Relationship between this European Standard and the Essential Requirements of EU Machinery Directive 2006/42/EC 30 Bibliography 31 BS EN 16590-1:2014 EN 16590-1:2014 (E) Foreword This document (EN 16590-1:2014) has been prepared by Technical Committee CEN/TC 144 “Tractors and machinery for agriculture and forestry”, the secretariat of which is held by AFNOR This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by October 2014, and conflicting national standards shall be withdrawn at the latest by October 2014 Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association, and supports essential requirements of EU Directive(s) For relationship with EU Directive(s), see informative Annex ZA, which is an integral part of this document EN 16590 Tractors and machinery for agriculture and forestry — Safety-related parts of control systems consists of the following parts: — Part 1: General principles for design and development — Part 2: Concept phase — Part 3: Series development, hardware and software — Part 4: Production, operation, modification and supporting processes The modifications to ISO 25119-1:2010 are indicated by a vertical line in the margin According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom BS EN 16590-1:2014 EN 16590-1:2014 (E) Introduction EN 16590 sets out an approach to the design and assessment, for all safety life cycle activities, of safety-relevant systems comprising of electrical and/or electronic and/or programmable electronic systems (E/E/PES) on tractors used in agriculture and forestry, and on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture It is also applicable to municipal equipment It covers the possible hazards caused by the functional behaviour of E/E/PES safety-related systems, as distinct from hazards arising from the E/E/PES equipment itself (e.g electric shock, fire, nominal performance level of E/E/PES dedicated to active and passive safety) The control system parts of the machines concerned are frequently assigned to provide the critical functions of the safety-related parts of control systems (SRP/CS) These can consist of hardware or software, can be separate or integrated parts of a control system, and can either perform solely critical functions or form part of an operational function In general, the designer (and to some extent, the user) will combine the design and validation of these SRP/CS as part of the risk assessment The objective is to reduce the risk associated with a given hazard (or hazardous situation) under all conditions of use of the machine This can be achieved by applying various protective measures (both SRP/CS and non-SRP/CS) with the end result of achieving a safe condition EN 16590 allocates the ability of safety-related parts to perform a critical function under foreseeable conditions into five performance levels The performance level of a controlled channel depends on several factors, including system structure (category), the extent of fault detection mechanisms (diagnostic coverage), the reliability of components (mean time to dangerous failure, common-cause failure), design processes, operating stress, environmental conditions and operation procedures Three types of failures are considered: systematic, common-cause and random In order to guide the designer during design, and to facilitate the assessment of the achieved performance level, EN 16590 defines an approach based on a classification of structures with different design features and specific behaviour in case of a fault The performance levels and categories can be applied to the control systems of all kinds of mobile machines: from simple systems (e.g auxiliary valves) to complex systems (e.g steer by wire), as well as to the control systems of protective equipment (e.g interlocking devices, pressure sensitive devices) EN 16590 adopts a risk-based approach for the determination of the risks, while providing a means of specifying the required performance level for the safety-related functions to be implemented by E/E/PES safety-related channels It gives requirements for the whole safety life cycle of E/E/PES (design, validation, production, operation, maintenance, decommissioning), necessary for achieving the required functional safety for E/E/PES that are linked to the performance levels The structure of safety standards in the field of machinery is as follows a) Type-A standards (basic safety standards) give basic concepts, principles for design and general aspects that can be applied to machinery b) Type-B standards (generic safety standards) deal with one or more safety aspect(s), or one or more type(s) of safeguards that can be used across a wide range of machinery: — type-B1 standards on particular safety aspects (e.g safety distances, surface temperature, noise); — type-B2 standards on safeguards (e.g two-hand controls, interlocking devices, pressure sensitive devices, guards) c) Type-C standards (machinery safety standards) deal with detailed safety requirements for a particular machine or group of machines BS EN 16590-1:2014 EN 16590-1:2014 (E) This part of EN 16590 is a type-B1 standard as stated in EN ISO 12100 For machines which are covered by the scope of a machine specific type-C standard and which have been designed and built according to the provisions of that standard, the provisions of that type-C standard take precedence over the provisions of this type-B standard BS EN 16590-1:2014 EN 16590-1:2014 (E) Scope This part of EN 16590 sets out general principles for the design and development of safety-related parts of control systems (SRP/CS) on tractors used in agriculture and forestry and on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture It can also be applied to municipal equipment (e.g street-sweeping machines) It specifies the characteristics and categories required of SRP/CS for carrying out their safety functions This part of EN 16590 is applicable to the safety-related parts of electrical/electronic/programmable electronic systems (E/E/PES), as these relate to mechatronic systems It does not specify which safety functions, categories or performance levels are to be used for particular machines Machine specific standards (type-C standards) can identify performance levels and/or categories or they should be determined by the manufacturer of the machine based on risk assessment It is not applicable to non-E/E/PES systems (e.g hydraulic, mechanic or pneumatic) NOTE See also EN ISO 12100 for design principles related to the safety of machinery Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application For dated references, only the edition cited applies For undated references, the latest edition of the referenced document (including any amendments) applies EN 16590-2:2014, Tractors and machinery for agriculture and forestry — Safety-related parts of control systems — Part 2: Concept phase EN 16590-3:2014, Tractors and machinery for agriculture and forestry — Safety-related parts of control systems — Part 3: Series development, hardware and software EN 16590-4:2014, Tractors and machinery for agriculture and forestry — Safety-related parts of control systems — Part 4: production, operation, modification and supporting processes Terms and definitions For the purposes of this document, the following terms and definitions apply 3.1 agricultural performance level AgPL level which specifies the ability of safety-related parts to perform a safety-related function under foreseeable conditions Note to entry: For the purposes of EN 16590, the performance for each hazardous situation is divided into five levels, a, b, c, d and e, where the functional safety contributed by the SRP/CS in “a” is low and in “e” is high 3.2 required agricultural performance level AgPLr performance level (AgPL) needed to achieve the required functional safety for each safety-related function BS EN 16590-1:2014 EN 16590-1:2014 (E) 3.3 category classification of the safety-related parts of a control system with respect to its resistance to faults and its subsequent behaviour in the fault condition, and which is achieved by the structural arrangement of the parts and/or by their reliability 3.4 channel series combination of input, logic, and output elements 3.5 common-cause failure CCF failures of different items, resulting from a single event, where these failures are not consequences of each other Note to entry: Common-cause failures ought not be confused with common mode failures (see EN ISO 12100) 3.6 controllability involved individual's possibility of avoiding harm in the situation that is putting him/her at risk 3.7 dangerous detected failure rate λdd dangerous failure rate of those components where fault detection is realised 3.8 dangerous failure failure in which an SRP/CS is no longer able to maintain the required performance level, even if the safety-related function is maintained by other (redundant) system components (due to reduction of the resulting performance level) 3.9 dangerous failure rate λd fraction of all components with dangerous failure per time unit 3.10 diagnostic coverage DC fraction of the probability of detected dangerous failures, λdd, and the probability of total dangerous failures, λd, expressed by: DC = ∑ λdd ∑ λd Note to entry: Diagnostic coverage can exist for the whole or parts of a high-risk functional system, e.g for sensors and/or logic system and/or final elements Note to entry: The value of DC is defined according to Table Note to entry: For SRP/CS consisting of several parts, an average value, DCavg, is used (see EN 16590-2:2014, Annex C) BS EN 16590-1:2014 EN 16590-1:2014 (E) — duration, deadline; — documentation of results 5.4.7.3.3 Format of safety plan The safety plan may be a stand-alone document or integrated into a general project plan; in the latter case, safety-related activities shall be labelled as such The safety plan may include references to other plans In general, it is preferable to have references rather than parallel descriptions of activities in multiple documents The safety plan shall be subject to version and change management 5.4.7.4 Tailoring activities within processes (to AgPL) The characteristic of all activities is always dependent on the AgPL and functional safety plan for each project In addition, activities and entire phases of the life cycle that not apply to specific projects may be omitted, with corresponding justification When compiling the safety plan, attention shall be paid to adapting the specific characteristic of all activities to the AgPL and the circumstances in the project A clear justification shall be specified if individual activities are omitted or performed in a scaled-down form 5.4.7.5 Verification of functional safety Activities for ensuring functional safety shall include the safety audit, safety review and safety assessment as set out in Table Table — Verification measures — Safety audit, safety review and safety assessment Verification measure Audit Review Assessment Subject Implementation of the Result of a specific Entire unit of observation, processes required for safety-related activity (see described in the “system functional safety review points in Table 4) definition” phase Scope and depth Set by the auditor To be performed life cycle Planned before Scope is complete performing review verification of all processes and technical measures required for functional safety Depth is determined by the assessor in During the After completion of each implementation of the safety-related activity required processes and before the completion of each activity In parallel with development, or in a block Completion prior to series release Responsibility For verifying the For proper Takes joint responsibility processes sufficiently implementation of review for functional safety Result Audit (can be part assessment) 20 report Review protocol Statement on the of an (can be part of an functional safety of the assessment) unit of observation BS EN 16590-1:2014 EN 16590-1:2014 (E) 5.5 Work products The work products from management during the complete safety cycle are the following: — verification measures — process instruction for auditing the processes during series development; — safety plan Assessment of functional safety 6.1 Objectives The objective of this phase is to examine and assess the functional safety attained by the unit of observation and the function implemented in it 6.2 General The organisational unit responsible for functional safety (e.g machine manufacturer or supplier) carries out an assessment of functional safety The implementation of this assessment may also be delegated to one person in charge The assessment shall cover all phases of the machine safety life cycle (system and safety concept, design, implementation, test for all integration levels, system release, production, operation) for each of the organisational units involved in the development of the unit of observation The involved organisational units shall disclose all relevant assessment documents to the machine manufacturer/supplier or to the person in charge 6.3 Prerequisites As a minimum, representatives from the following areas in the organisational unit in charge of development shall take part in the safety assessment: — the person responsible for the system; — the system developer; — the expert(s) on functional safety The result of the safety assessment shall be documented Documentation shall be retained in accordance with the manufacturer document retention policy and any relevant legal requirements 6.4 Requirements 6.4.1 Considerations for the assessment of the functional safety These consist of the following requirements a) Management requirements for verification measures shall be in accordance with 6.4.2 b) The organisational unit in charge of development shall provide an appropriate level of support for the safety assessment (sufficient preparation and availability of sufficient human resources) c) The person performing the safety assessment shall have access to all individuals performing activities in the entire hardware and software life cycle and to all relevant information and tools d) The safety assessment shall include all phases of the machine safety life cycle (system and safety concept, design, implementation, test for all integration levels, system release, production, operation) for each of the departments involved in the development of the unit of observation 21 BS EN 16590-1:2014 EN 16590-1:2014 (E) e) If tools are used for development, implementation or testing, their application shall be assessed or verified f) The safety assessment may be performed in parallel with development or in a block g) The safety assessment shall take the following aspects into account: 1) the work performed since the previous assessment, 2) the planning/strategy for performing further assessments, 3) recommendations for acceptance, conditional acceptance, or rejection, which shall be given at the conclusion of the safety assessment 6.4.2 Verification The following requirements apply to verification Verification measures shall be included in the safety plan The unit of observation as well as the form of the result shall be defined The independence of those performing verification shall be documented Planning for verification shall be done by those who perform the verification and accepted by those who are responsible for the scope to be verified The results of verification shall be documented In particular, a statement shall be made about acceptance, conditional acceptance or rejection Open items shall be documented, responsible individuals shall be appointed, and resolution shall be confirmed If the unit of observation is altered after the conclusion of reviews and assessments, the review or assessment shall be repeated or amended Reviews, audits and assessments shall be carried out with reference to the AgPL The following activities shall be reviewed a) For AgPL = a: hazard and risk analysis b) Additionally, for AgPL = b: — safety requirements, level of detail for safety-related functions; — safety analyses — system FMEA, component FMEA c) Additionally, for AgPL = c: — safety plan; — quantitative safety analyses; — safety tests and testing scope — validation and verification plan d) Additionally, for AgPL = d: — safety requirements — SRS; — safety analyses, e.g FTA, FMEA; — safety tests and testing scope — reference test cases to safety-related system (SRS); 22 BS EN 16590-1:2014 EN 16590-1:2014 (E) — safety audit; — assessment of functional safety e) Additionally, for AgPL = e: — safety analyses, using analytic techniques such as FMEA and FTA, taking the CCF mechanisms into account; — safety tests and testing scope — test case review (to determine if all cases are included) The degree of verification depends on the AgPL level (see Table 4) Table — Degree of verification Degree of verification AgPL = a AgPL = b AgPL = c AgPL = d AgPL = e Review of hazard analysis and risk assessment U2a U2 U2 U3 U3 — — U1 U2 U3 Review of safety requirements independent of author and implementer of safety requirements — U1 U1 U1 U1 Review of V & V (verification and validation) plan independent of plan author — — U1 U2 U2 — U1 U1 U1 U2 U1 U3 Review of safety tests and trials independent of planning and conducting of the tests — — U1 U1 U1 Review of safety independent of plan author — — U1 U2 U3 Safety audit independent of those who work in association with the processes required for functional safety — — — U2 U3 Assessment of safety plan — — — U2 U3 Review of independent of plan author safety plan Review of the safety analysis (FMEA, FTA) independent of author of analysis independent of developer of unit of observation documentation — No requirement for verification The verification measures that will have to be carried out are governed in 6.4.2 U1 Another person U2 Another team (not the same direct supervisor) U3 Another department or third party (independent of the developing department, e.g independent management, independent resources, independent from release responsibilities, independent organisation) a Independent review is required, especially in situations assessed as C0 or S0 See EN 16590-2 6.5 Work products The work products from the assessment of functional safety comprise the document verification measures: — acceptance; — conditional acceptance; 23 BS EN 16590-1:2014 EN 16590-1:2014 (E) — rejection; — open items; — responsible persons Safety management activities after start of production (SOP) 7.1 Objectives The objective of this phase is to define the responsibilities of the persons, departments and organisations responsible for functional safety after SOP This relates to general activities necessary to ensure the required level of functional safety for the item and to the confirmation measures endorsing that level of functional safety 7.2 General See Clause 7.3 Prerequisites The manufacturer shall implement a quality management system 7.4 Requirements 7.4.1 Management of production and modification procedures In the life cycle phases following SOP, organisational measures shall be taken in order to achieve the functional safety of all produced units and to maintain it for the life of the machine The technical requirements for achieving and maintaining functional safety in all produced units for the life of the machine are generally specified during the development of the unit of observation, and may be modified in accordance with a modification process 7.4.2 Tasks for preparing and conducting production and end of line inspections The implementation of requirements for production/installation/adjustment and training of factory staff shall be listed and monitored In addition, series conformity with respect to safety requirements and documentation shall be checked 7.4.3 Tasks for safe machine operation and decommissioning The following tasks shall be carried out — Draw up and include special content and warnings in the operating instructions — List requirements implementation — Provide feedback on faults observed — List safety requirements for decommissioning (see EN 16590-4:2014, Clause 9) — In the quality management system, consider attaching milestones to the V model (see EN 16590-3:2014, Figure 1) — A verification measure shall exist for every phase of the V model 24 for maintenance and manufacturer maintenance staff, and monitor their BS EN 16590-1:2014 EN 16590-1:2014 (E) — Consider refining the existing V model over the course of the project 7.5 Work products The work products from the safety management activities after SOP are special content and warnings for operating instructions Production and installation of safety-related systems 8.1 Objectives The objectives in this phase are to develop a production and an installation plan for SRS Another objective is to ensure that the required functional safety is maintained during the production process by the relevant product manufacturer or the person/organisation in charge of the process (machine manufacturer, supplier, sub-supplier, etc.) 8.2 General By including safety-relevant characteristics in production planning and checking, this phase defines the steps required to ensure that functional safety is maintained during the production process as well 8.3 Prerequisites The following information shall be available: — assembly notes — the documentation of the parts or functions that can be affected by assembly; — test notes and criteria — documents related to testing procedures and the criteria to be tested for the safety-related functions; — product release — the release documents for production, testing and installation; — product monitoring — required for safety-related characteristics and ensuring that the safety-related characteristics of components are maintained in line with their specifications in the machine manufacturer's production process 8.4 Requirements 8.4.1 Production plan A production plan taking the assembly instructions into account shall be drawn up and include the following: — identification of safety-related components and characteristics; — sequence and methods of production steps; — equipment/tools 8.4.2 Test plan A test plan taking instructions for testing into account shall be written and shall include the following: — identification of safety-related components and characteristics — sequence and methods of testing steps; — testing of equipment/tools, test criteria 25 BS EN 16590-1:2014 EN 16590-1:2014 (E) 8.4.3 Production and testing Production and testing shall be carried out by suitably qualified staff according to the production and testing plans 8.4.4 Process capability Process capability shall be ensured by means of standard industry requirements Process capability of equipment/tools and testing equipment is also to be ensured by customary industry practices Testing equipment shall undergo a suitable process of test equipment inspection 8.4.5 Documentation The implementation of testing according to the test plan shall be documented As a minimum, test documentation shall include the following information: date of testing, tester, unique part identification and test results, including any deviations of observed from expected behaviour 8.4.6 Non-compliance A procedure for non-compliance with a test criterion shall be available Reworking is permissible only upon proof of process control 8.4.7 Traceability Traceability of a given configuration of safety-related parts in a product shall be maintained throughout production 8.4.8 Storage and transport conditions Safety-related criteria shall be taken into account when defining the conditions for storing and preparation for transporting the product (see EN 16590-4:2014, 9.4.6) 8.4.9 Modification For modifications to the products initiated by production, an impact analysis shall be used to determine the life cycle step to which to return and the steps that are to be repeated (EN 16590-4:2014, Clause 10) NOTE For modifications to the process — without modifications to the product — see EN 16590-4:2014, Clause 8.5 Work products The work products from the production and installation of safety-related systems are — documentation of safety-related production steps (production plan), — test and adjustment criteria (safety-related), — documentation of non-compliance, and — traceability of products for safety-related criteria 26 BS EN 16590-1:2014 EN 16590-1:2014 (E) Annex A (informative) Example of the structure of a project-specific safety plan A.1 General Title: Project/safety plan (“Project identification”) The author and editor (project manager, project safety manager) for the project plan are appointed by the management at the beginning of the system concept phase A.2 Change log The stipulations in the safety plan are binding on all departments and people involved with implementing the project This document is not retracted when changed Table A.1 presents an example of a change record Table A.1 — Change log No Version Change Name Department Date … A.3 Objective of overall project A short description of functions with a detailed project objective specification is available For cooperation with component suppliers, general conditions are defined and accepted A.4 Schedule Schedules are possible as a link to other schedules or documents A.5 Project organisation A.5.1 Project team organisation A link to a project team list is possible The project team list presents all involved persons (including customer and subcontractor) with their functions and relationships to one another Alternatively, the list is included directly in the safety plan (see 5.4.7) A graphical visualisation of the relationship between customer and sub-suppliers is possible 27 BS EN 16590-1:2014 EN 16590-1:2014 (E) A.5.2 Project team members The persons involved in the project and their tasks are named, as shown in Tables A.2 and A.3 Table A.2 — Project team members Name Task Department Location Telephone Project manager for the overall project System definition/system specification Person in charge of system analysis Person in charge of hardware development Person in charge of hardware development of sensor system Person in charge of software development Field trials Table A.3 — Tasks Name Task of person in charge of safety Support the project safety manager Qualification Location Telephone E.g Experience in project management; refer to team member CV Project safety manager (like overall project manager) Maintain the safety plan Safety manager on supplier side Contact person at supplier for topic of functional safety Contact person at subcontractor for topic of (functional safety) risk reduction A.5.3 Safety management A.5.3.1 General The requirements for safety management are included under A.5.3.2 or described in the “Management Guide”, if present, and are applied in a binding manner to this project A.5.3.2 Functional safety management activities above the project level The following activities are assigned to the person in charge of functional safety management: — ensure the availability of applicable standards; — audit processes and standard operating procedures; — monitor and analyse error messages (from the field); — make comparisons between the calculated failure rate and experience in the field; — modify and improve processes; 28 BS EN 16590-1:2014 EN 16590-1:2014 (E) — training schedule; — train staff for quality management or FSM system; — initiate safety-related changes A.5.3.3 Functional safety management activities related to the project level The following activities are assigned to the project manager in charge of functional safety management: — assist in defining the project team; — define the areas of responsibilities for team members; — update project templates; — use project templates; — assess fault-prevention measures; — assess fault-detection measures (in FMEA); — observe test coverage (hardware and software) for module, integration and system tests; — track the requirements; — check completed reviews; — check and fulfil the requirements of this European Standard 29 BS EN 16590-1:2014 EN 16590-1:2014 (E) Annex ZA (informative) Relationship between this European Standard and the Essential Requirements of EU Machinery Directive 2006/42/EC This European Standard has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association to provide a means of conforming to Essential Requirements of the New Approach Machinery Directive 2006/42/EC Once this standard is cited in the Official Journal of the European Union under that Directive and has been implemented as a national standard in at least one Member State, compliance with the normative clauses of this standard confers, within the limits of the scope of this standard, a presumption of conformity with the relevant Essential Requirements 1.2.1 and 1.7 of Annex I of that Directive and associated EFTA regulations NOTE Compliance with the normative clauses of parts 1, 2, and of EN 16590:2014is required to achieve the presumption of conformity indicated in this annex WARNING — Other requirements and other EU Directives may be applicable to the product(s) falling within the scope of this standard 30 BS EN 16590-1:2014 EN 16590-1:2014 (E) Bibliography [1] ISO 3600:1996, Tractors, machinery for agriculture and forestry, powered lawn and garden equipment — Operator's manuals — Content and presentation [2] EN ISO 9001:2008, Quality management systems - Requirements (ISO 9001:2008) [3] EN ISO 12100, Safety of machinery - General principles for design - Risk assessment and risk reduction (ISO 12100) [4] ISO/TS 16949:2009, Quality management systems — Particular requirements for the application of ISO 9001:2008 for automotive production and relevant service part organizations [5] EN 61000-4-1, Electromagnetic compatibility (EMC) — Part 4-1: Testing and measurement techniques — Overview of IEC 61000-4 series (IEC 61000-4-1) [6] EN 61496-1, Safety of machinery — Electro-sensitive protective equipment — Part 1: General requirements and tests (IEC 61496-1) [7] HSE Guidelines on Programmable Electronic Systems in Safety-related Applications, Part (ISBN 11 883906 6) and Part (ISBN 11 883906 3) 31 This page deliberately left blank This page deliberately left blank NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW British Standards Institution (BSI) BSI is the national body responsible for preparing British Standards and other standards-related publications, information and services BSI is incorporated by Royal Charter British Standards and other standardization products are published by BSI Standards Limited About us Revisions We bring together business, industry, government, consumers, innovators and others to shape their combined experience and expertise into standards -based solutions Our British Standards and other publications are updated by amendment or revision The knowledge embodied in our standards has been carefully assembled in a dependable format and refined through our open consultation process Organizations of all sizes and across all sectors choose standards to help them achieve their goals Information on standards We can provide you with the knowledge that your organization needs to succeed Find out more about British Standards by visiting our website at bsigroup.com/standards or contacting our Customer Services team or Knowledge Centre Buying standards You can buy and download PDF versions of BSI publications, including British and adopted European and international standards, through our website at bsigroup.com/shop, where hard copies can also be purchased If you need international and foreign standards from other Standards Development Organizations, hard copies can be ordered from our Customer Services team Subscriptions Our range of subscription services are designed to make using standards easier for you For further information on our subscription products go to bsigroup.com/subscriptions With British Standards Online (BSOL) you’ll have instant access to over 55,000 British and adopted European and international standards from your desktop It’s available 24/7 and is refreshed daily so you’ll always be up to date You can keep in touch with standards developments and receive substantial discounts on the purchase price of standards, both in single copy and subscription format, by becoming a BSI Subscribing Member PLUS is an updating service exclusive to BSI Subscribing Members You will automatically receive the latest hard copy of your standards when they’re revised or replaced To find out more about becoming a BSI Subscribing Member and the benefits of membership, please visit bsigroup.com/shop With a Multi-User Network Licence (MUNL) you are able to host standards publications on your intranet Licences can cover as few or as many users as you wish With updates supplied as soon as they’re available, you can be sure your documentation is current For further information, email bsmusales@bsigroup.com BSI Group Headquarters 389 Chiswick High Road London W4 4AL UK We continually improve the quality of our products and services to benefit your business If you find an inaccuracy or ambiguity within a British Standard or other BSI publication please inform the Knowledge Centre Copyright All the data, software and documentation set out in all British Standards and other BSI publications are the property of and copyrighted by BSI, or some person or entity that owns copyright in the information used (such as the international standardization bodies) and has formally licensed such information to BSI for commercial publication and use Except as permitted under the Copyright, Designs and Patents Act 1988 no extract may be reproduced, stored in a retrieval system or transmitted in any form or by any means – electronic, photocopying, recording or otherwise – without prior written permission from BSI Details and advice can be obtained from the Copyright & Licensing Department Useful Contacts: Customer Services Tel: +44 845 086 9001 Email (orders): orders@bsigroup.com Email (enquiries): cservices@bsigroup.com Subscriptions Tel: +44 845 086 9001 Email: subscriptions@bsigroup.com Knowledge Centre Tel: +44 20 8996 7004 Email: knowledgecentre@bsigroup.com Copyright & Licensing Tel: +44 20 8996 7070 Email: copyright@bsigroup.com