1 optima o in control since 1995 safety update this presentation covers machinery directive...
TRANSCRIPT
1
OptimaoIn control since 1995
Safety Update
This presentation covers
Machinery Directive 2006/42/EC
BS/EN954-1
EN ISO 13849-1
EN/IEC 62061
2
OptimaoIn control since 1995
Introduction
Machinery Directive 2006/42/EC
Process of Risk Assessment
EN ISO 12100–2:2003 Safety of Machinery.Technical principles
Machine manufacturers are obligated to complete a Risk Assessment that is now defined within the directive as an iterative process of hazard identification, risk estimation, hazard elimination or risk reduction.
Safety system requirements
Machine designers are obligated to design control systems in such a way that a fault in the hardware or software of the control system and/or reasonably foreseeable human error does not lead to hazardous situations
3
OptimaoIn control since 1995
Current status
BS/EN954-1 Valid up to 29th December 2009 (Update from beginning September ’09: EN954-1 has been given a stay of execution until the end of 2011)
EN ISO 13849-1 is applicable for electrical/electronic/programmable electronic/hydraulic/pneumatic/mechanical systems.
EN/IEC 62061 is applicable for electrical/electronic/programmable electronic systems
4
OptimaoIn control since 1995
Usage of different standards
BS/EN954-1 was used for all safety systems using standard control circuits and tried and tested equipment. Higher levels of safety achieved by monitoring at various stages, once per shift, every reset etc.
EN ISO 13849-1 is applicable for: electrical/electronic/programmable electronic/hydraulic/pneumatic/mechanical systems.
EN/IEC 62061 is applicable for electrical/electronic/programmable electronic systems
5
OptimaoIn control since 1995
Safety Categories EN945-1
S severity of injury S1 slight (normally reversible injury)
S2 serious (normally irreversible injury or death)
F frequency and/or exposure to hazard F1 seldom-to-less-often and/or exposure time is short
F2 frequent-to-continuous and/or exposure time is long
P possibility of avoiding hazard or limiting harm
P1 possible under specific conditions
P2 scarcely possible
BS/EN954-1 Categories B,1,2,3,4
6
OptimaoIn control since 1995
Safety Categories EN13849-1
EN ISO13849-1 Performance Levels a-e
S severity of injury S1 slight (normally reversible injury)
S2 serious (normally irreversible injury or death)
F frequency and/or exposure to hazard F1 seldom-to-less-often and/or exposure time is short
F2 frequent-to-continuous and/or exposure time is long
P possibility of avoiding hazard or limiting harm
P1 possible under specific conditions
P2 scarcely possible
7
OptimaoIn control since 1995
Safety Categories EN62061
IEC/EN 62061 is the machine sector specific standard within the framework of IEC/EN 61508. EN 62061 is harmonised under the European Machinery Directive.
The Safety Integrity Level (SIL) is the new measure defined in IEC 61508 regarding the probability of failures in a safety function or a safety related system.
Safety integrity level
SIL
High demand or continuous mode of operation (Probability of a dangerous failure per hour)
PFHd
Low demand mode of operation (Average probability of failure to perform its design function on demand)
PFDaverage
4 >= 10-9 to < 10-8 >= 10-5 to < 10-4
3 >= 10-8 to < 10-7 >= 10-4 to < 10-3
2 >= 10-7 to < 10-6 >= 10-3 to < 10-2
1 >= 10-6 to < 10-5 >= 10-2 to < 10-1
For machinery, the probability of dangerous failures per hour of a control system is denoted in IEC/EN 62061 as the PFHd
8
OptimaoIn control since 1995
Safety Categories EN62061
EN/IEC 62061 requires each safety function to be assessed in the following manner
The required risk assessment graph is shown on the following pages
Risk relatedto the
identifiedhazard
Severity ofthe possible
harm= and
Frequency and durationof exposure Fr
Probability of occurrenceof a hazardous event Pr
Probability of avoidingor limiting harm Av
Probability ofoccurrence ofthat harm}
Se
9
OptimaoIn control since 1995
Consequences Severity (Se)Irreversible: death, losing an eye or arm 4Irreversible: broken limb(s), losing a finger(s) 3Reversible: requiring attention from a medical practitioner 2Reversible: requiring first aid 1
Frequency of exposureDuration> 10 min
<= 1 h 5> 1 h to <= 1 day 5
> 1 day to <= 2 weeks 4> 2 weeks to <= 1 year 3
> 1 year 2
Frequency and duration of exposure (Fr)
Probability of occurrence Probability (Pr)Very high 5
Likely 4Possible 3Rarely 2
Negligible 1
Impossible 5Rarely 3
Probable 1
Probability of avoiding or limiting harm (Av)
List all the possible hazards of the machine and
Determine the parameters according to the tables and fill in the values:
The Class Cl is the sum of: Fr + Pr + Av = Cl
Serial no. Hazard Se Fr Pr Av Cl1234
Safety of Machinery and Functional Safety
Machinery: Risk parameter examples of IEC/EN 62061
10
OptimaoIn control since 1995
Safety of Machinery and Functional Safety
Consequences Severity (Se)Irreversible: death, losing an eye or arm 4Irreversible: broken limb(s), losing a finger(s) 3Reversible: requiring attention from a medical practitioner 2Reversible: requiring first aid 1
Frequency of exposureDuration> 10 min
<= 1 h 5> 1 h to <= 1 day 5
> 1 day to <= 2 weeks 4> 2 weeks to <= 1 year 3
> 1 year 2
Frequency and duration of exposure (Fr)
Probability of occurrence Probability (Pr)Very high 5
Likely 4Possible 3Rarely 2
Negligible 1
Impossible 5Rarely 3
Probable 1
Probability of avoiding or limiting harm (Av)
Serial no. Hazard Se Fr Pr Av Cl1 hazard x 4 5 4 3 122
+ + =
Example according to IEC/EN 62061
Machinery: Determination of the required SIL (Safety Integrity Level).
3 - 4 5 - 7 8 - 10 11 - 13 14 - 15 4 SIL 2 SIL 2 SIL 2 SIL 3 SIL 33 OM SIL 1 SIL 2 SIL 32 OM SIL 1 SIL 21 OM SIL 1
Death, losing an eye or armPermanent, losing fingers
Severity(Se)
ConsequencesClass Cl
Reversible, medical attentionReversible, first aid
11
OptimaoIn control since 1995
Machinery: Risk assessment form given as an example in IEC/EN 62061
Product:Issued by:Date:
Black area = Safetymeasures required
Grey area = Safety mesures recommended
3 - 4 5 - 7 8 - 10 11 - 13 14 - 15 4 SIL 2 SIL 2 SIL 2 SIL 3 SIL 3 <= 1 hour 5 Common 53 OM SIL 1 SIL 2 SIL 3 > 1 h to <= 1 day 5 Likely 42 OM SIL 1 SIL 2 > 1 day to <= 2 wks 4 Possible 3 Impossible 51 OM SIL 1 > 2 wks to <= 1 year 3 Rarely 2 Possible 3
> 1 year 2 Negligible 1 Likely 1
No. Se Fr Pr Av Cl
Comments
Risk assessment and safety measures
SafeHazard
Reversible, medical attentionReversible, first aid
Safety Measure
AvoidanceAv
ConsequencesClass Cl Frequency and duration
FrDeath, losing an eye or armPermanent, losing fingers
Severity(Se)
Probability of hzd. EventPr
12
OptimaoIn control since 1995
Safety Level Comparison
SIL calculations can be approximately converted over to PL levels…
The relationship between the categories, the PL and the SIL is as follows:
CategoryEN 954-1
Performance level (PL)prEN ISO 13849-1
SILIEC 61508, EN 62061
B a no special safety requirements1 b 12 c 13 d 24 e 3
Not more than 1 dangerous failure of the safety function in 100 yearsNot more than 1 dangerous failure of the safety function in 1000 years
Not more than 1 dangerous failure of the safety function in 10 years
13
OptimaoIn control since 1995
Calculation of PL and SIL
To enable the value of PL or SIL to be calculated information must be available from equipment manufacturers.
Software Packages available to help with verification of PL or SIL
PILZ Pascal
SIEMENS “The Safety Evaluation Tool” online package
SISTEMA German BGIA organisation tool for calculating Performance Level to EN ISO 13849-1
FREE!
£
£
14
OptimaoIn control since 1995
Calculation of PL and SIL
Example calculation - Risk assessment for a rotary printing machineOn a web-fed printing press, a paper web is fed through a number of cylinders. High operating speeds and rotational speeds of the cylinders are reached, particularly in newspaper printing. Essential hazards exist at the zones where it is possible to be drawn in by the counter-rotating cylinders. This example considers the hazardous zone on a printing machine on which maintenance work requires manual intervention at reduced machine speeds. The access to the hazardous zone is protected by a guard door (safeguarding). The following safety functions are designated:
SF1 — Opening of the guard door during operation causes the cylinders to be braked to a halt.
SF2— When the guard door is open, any machine movements must be performed at limited speed.
SF3— When the guard door is open, movements are possible only whilst an inching button is pressed.
Example taken from BGIA report 2/2008e
Entrapment between the cylinders causes severe injuries (S2).
Since work in the hazardous area is necessary only during maintenance tasks, the frequency and duration of hazard exposure can be described as low (Fl).
At production speeds, no possibility exists of avoiding the hazardous movement (P2).
15
OptimaoIn control since 1995
Calculation of PL and SIL
Example calculation - Risk assessment for a rotary printing machine
Example taken from BGIA report 2/2008e
This therefore results in a required Performance Level PLr Of d for the
safety functions SF1 and SF2
The safety function SF3 can however be used only if the printing machine has first been halted (SF1) and the permissible rotational speed of the cylinders limited (SF2).
This results in the possible machine movements being predictable for the operator, who is thus able to evade hazardous movements (P1). A required performance level PLr of c is therefore adequate for SF3.
16
OptimaoIn control since 1995
Conclusions
EN ISO13849-1 is the default choice for systems that contain non-electrical systems and an overall summary is shown below:
Covered
All architectures andup to PL = e
All architectures andup to PL = e
Up to PL = e(PL = e without diversity:
design according toIEC 61508-3, clause 7)
UptoPL=e
Restrictionsas above
Not covered
All architectures andup to SIL 3
Up to SIL 3 when designedaccording to IEC 61508
Design according toIEC 61508-3
UptoSlL3
Restrictions as abovenon electrical parts acc. to
EN ISO 13849-1
Non electrical,e.g. hydraulics
Electromechanics,e.g. relays, or non
complex electronics
Complex electronics,e.g. programmable
Embedded software(SRESW)
Application software
Combination ofdifferent technologies
EN ISO 13849-1 IEC 62061