ISO 3691-4:What it Means for Your Products
Updated: Oct 25
This blog is part of our series on ISO (International Organization for Standardization) standards.
The International Organization for Standardization (ISO) produces standards for quality management (i.e., ISO 9001), environmental management (ISO 14001), and information security management (ISO 27001). These standards describe best practices for their respective areas, and although they are voluntary (unlike OSHA regulations), they are often required (and always appreciated) by customers.
In this blog series, we are exploring the various standards that apply to autonomous and semi-autonomous systems. We share: who the standard applies to; what the requirements are; our thoughts as to the completeness of these standards for ensuring safety in practice.
If you own, operate, or produce an automated guided vehicle (AGV) or autonomous mobile robot (AMR), you are the target audience of the ISO 3691-4 standard.
This standard applies to driverless industrial trucks, which covers a wide range of mobile robots, although it does not apply to remotely-operated vehicles. It is a variation of ISO 13849, which applies to safety-related parts of more general control systems.
Aspects of Safety
At a high level, ISO 3691-4 covers 3 main areas of safety:
The environmental zone
The associated hazards and risks
The safety protective measures
We will briefly cover the first two areas, before diving more deeply into the safety protective measures described in the standard.
While many of the requirements specified by this standard apply to the control system, it is critical to note that the safety of the operating zones of the vehicle is just as important. Annex A in this standard is dedicated to preparations of the operating zones. There are five zones described:
Operating hazard zone
Load transfer area
Each of these zones has its own requirements for clearances, as well as considerations for speed, pedestrian access, and visual markings. For example, there must be a minimum clearance of 0.5m along each side of the operating zone, which must extend upwards for 2.1m.
Hazards and risks
Annex B contains a list of the hazards, potential consequences, and corresponding requirements considered in ISO 3691-4. Mechanical hazards, for example, include things like the kinetic energy of the vehicle, which can result in serious injury for personnel. Therefore, there are requirements for the braking system, speed control, steering, stability, and more to prevent injuries and deaths. Electrical, thermal, material, and other categories of hazards are also detailed by the standard.
While many possible hazards are addressed in this standard, it does not give requirements for issues that can occur while operating in public spaces, like roads. This standard is focused on machines that operate in factories and deliver loads from one place or another.
Protective safety measures
The following categories of safety requirements are described in this standard. Each of these protective measures has required performance levels according to ISO ISO 13849-1, which must be met to ensure satisfaction.
This includes electrical requirements, guards, hydraulic systems, etc. Of particular note, systems cannot restart themselves automatically after events such as emergency stops or manual interventions. For this reason, it is critical that these failsafes are not triggered in the interest of maximizing robot up-time.
The braking system must activate in case of interruption of power or loss of control. It must always be able to stop the truck within the specified operating range of a personnel detection system.
The speed of the vehicle must be monitored during operations. If the speed exceeds its maximum rated speed, the truck must activate its emergency stop.
Automatic battery charging
Any automatic charging system must be designed such that charging contacts are only active when the truck is charging, to prevent shock hazards.
Load should stay within predefined limits during all operation modes.
Steering and stability
The steering speed should be regulated to ensure the stability of the truck. Stability in this case refers to a lack of tipping, sliding, or any other hazard involving the unintended motion of the vehicle.
The emergency stop must stop all of the movements. It should conform to ISO 13850, which outlines functional requirements for e-stops specifically.
The personnel detection system must be able to detect people in the intended path of the truck. It must be able to detect personnel in the direction of travel for the entire width of the truck and its load. It also must be outfitted with pressure sensors (e.g., bumpers) that can detect if a person has collided with the truck.
Verification of safety
ISO 3691-4 defines several test cases meant to verify the integrity of the safety protective measures. Each test is performed independently, and the verification of the performance level of safety-related parts is done in accordance to ISO 13849-2.
Where ISO 3691-4 Falls Short
ISO 3691-4 paints a full picture of what safety looks like for driverless industrial trucks. In some areas, however, it is lacking. It does not account for dynamic environments – for example, the detection of personnel in the path of a vehicle that is turning – even though these environments are becoming increasingly common as factories increase automation. Examples would include humans approaching the truck or its intended path is out of the scope of the standard.
Including dynamic environments in the scope of the standard would make testing and verification significantly more difficult as the array of failure modes would increase dramatically. While the difficulty is notable, a more complete standard for safety in dynamic environments would surely allow for more productive factories.