1sac103201h0201
TRANSCRIPT
-
8/6/2019 1SAC103201H0201
1/88
Saety Handbook
-
8/6/2019 1SAC103201H0201
2/88
2 1 SAC 103 201 H 0201
-
8/6/2019 1SAC103201H0201
3/88
1 SAC 103 201 H 0201 3
Saety handbookContents
Product overview 4
Regulations and StandardsGeneral inormation 8
Machine saety 10
Process industry 21
Furnaces 26
Push buttons
EMERGENCY OFF control devices 28
Signal towers and Signal beacons 30
Position switch LS-Series 31
Advant Controller 31-S
Sae intelligence 34
System data 35
Saety-related input/output modules 36
Saety control devices
Rules or application 38
EMERGENCY OFF control gear and saety door watchdog 41
Two-hand control, Dribbling inspection and test equipment 45Extension device, Monitoring relay 46
Technical data /Certifcations C 57x 47
Selection tables/Accessories C 57x 48
Dimension drawings (C 57x, C 580) 49
Electronic saety relay C 67xx 51
Selection table C 67xx 52
Terminology 53
Circuit examples
Switch saely 58
Saety contactor combinations C 57x 61Relay saety combinations C 57x 62
EMERGENCY OFF (EMERGENCY STOP) circuit 63
Protective door monitoring 67
Press control devices 72
Monitoring underspeed 76
Electronic saety relay 77
Appendix
Certifcates 80
-
8/6/2019 1SAC103201H0201
4/88
4 1 SAC 103 201 H 0201
Saety handbookProduct overview
Saety standards
Again and again, the practical implementation o sae-
ty requirements presents new challenges or plant de-
signers and machine manuacturers. What requently
makes the design and planning stage more di cult is
the act that the saety requirements are continuously
extended and tightened against the background o
the CE label and compliance with the machine guide-
lines. ABB STOTZ-KONTAKT GmbH oers a comprehen-
sive range o saety components or plant and machi-
ne manuacture. Depending on the type used, these
components ensure saety directly at the machine, as
well as in the switchgear cabinet.
But ABB STOTZ KONTAKT also has a suitable product
in stock or the saety o the complete system.
Apart rom ulilling the applicable standards and
requirements, ABB products are state o the art so
that the protection o people, machines and the envi-
ronment can be optimally realised in machines and
plants.
The saety components in ABB STOTZ-KONTAKTs pro-
duct range and their applications are exemplary:
Plant saety,
Machine saety,
Switchgear cabinet saety.
Controland Act
-
8/6/2019 1SAC103201H0201
5/88
1 SAC 103 201 H 0201 5
Saety handbookProduct overview
Evaluate
Detect
-
8/6/2019 1SAC103201H0201
6/88
6 1 SAC 103 201 H 0201
-
8/6/2019 1SAC103201H0201
7/88
1 SAC 103 201 H 0201 7
Regulations and Standards
-
8/6/2019 1SAC103201H0201
8/88
8 1 SAC 103 201 H 0201
Regulations and StandardsGeneral inormation
Goal
The goal o saety technology is to keep the potential
hazards or man and the environment as low as possible
by applying and utilizing technology. However, this
should be achieved without imposing unnecessary re-
strictions on industrial production, the use o machines
and the production o chemical products. By applying
internationally harmonized regulations, man and the
environment should be uniormly protected to the
same degree in all countries. At the same time, die-
rences in competitive environments, due to dierent
saety requirements, should be eliminated.
Basic principles o European legislation
Legislation states that we must ocus our eorts at
preserving and protecting the quality o the environ-
ment, and protecting human health through preventive
actions (Council Directive 96/82/EC on the control
o major-accident hazards involving dangerous sub-
stances). It also demands Health and saety at the
workplace (Workplace, health and saety legislation,
). Legislation demands that this and similar goals
are achieved or various areas (Areas which are legis-
lated) in the EC Directives. In order to achieve these
goals, legislation places demands on the operators
and users o plants, and the manuacturers o equip-
ment and machines. It also assigns the responsibility
or possible injury.
The EC Directives
Speciy demands placed on plants and systems
and their operators/users to protect the health
and saety o personnel and the quality o the
environment
Defne product eatures and characteristics to
protect the health and saety o users
Contain regulations about health and saety at the
workplace (minimum requirements).
A new, global concept orms the (new approach,
global approach) basis or the EC Directives:
EC Directives only contain generally valid saety
goals, and defne undamental saety require-
ments
Legislation no longer specifes that specifc stan-
dards have to be met
Standards Committees, which have received the
appropriate mandate rom the EC Commission,
can defne technical details in the Standards.
These Standards are harmonized under a specifc
Directive and are listed in the O cial Journal o
the EC. When the harmonized standards are ul-
flled, then it is assumed that the associated sae-
ty requirements o the Directive are ulflled.
EC Directives speciy that Member States recogni-
ze each others national regulations and laws.
The EC Directives have the same degree o impor-
tance, i.e. i several Directives apply or a specifc piece
o equipment, then the requirements o all o the rele-
vant Directives have to be met (e.g. or a machine with
electrical equipment, the Machinery Directive, Low-
Voltage Directive and EMC Directive apply).
Other regulations apply to equipment where the EC
Directives are not applicable. They include regulations
and criteria or voluntary tests and certifcation.
Workplace health and saety legislation
Health and saety at the workplace is subject to natio-
nal legislation, i.e. the national requirements must be
observed, as other saety requirements can be derived
rom these.
Note: The Directives and laws, mentioned in this Ma-
nual, represent a selection in order to provide inor-mation about the essential goals and principles. This
does not claim to be complete.
-
8/6/2019 1SAC103201H0201
9/88
1 SAC 103 201 H 0201 9
Regulations and StandardsGeneral inormation
Standardization goals
The demand to make plants, machines and other
equipment as sae as possible, in-line with state-o-
the-art technology, comes rom the responsibility
o the manuacturers and users o equipment and
products or their saety. State-o-the-art technolo-
gy regarding all aspects which are o signifcance or
saety, is described in the Standards. State-o-the-art
technology is ensured by ulflling the various relevant
standards. This also ensures that the erector o a plant
or system, or manuacturer o a machine or a piece o
equipment, has ulflled his responsibility or ensuring
saety.
Functional saety
From the perspective o the object to be protected,
saety can not be segregated. As the causes o hazards
and the technical measures applied to avoid them can
dier widely, a dierentiation is now made between
various types o saety, e.g. by speciying the cause o
the potential hazard. For instance, electrical saety is
used i protection has to be provided against hazards
due to electricity, or unctional saety, i the saety is
dependent on the correct unction.
This dierentiation is now reected in the new stan-
dardization in so much that there are special stan-
dards which are involved with unctional saety. Thearea o saety o machinery, EN 954 (or ISO 13489) deals
especially with saety-relevant parts o controls and
thereore concentrates on the unctional saety. IEC
handles, in the pilot standard IEC 61508, the unctio-
nal saety o electrical, electronic and programmable
electronic systems, independent o any special appli-
cation area.
In IEC 61508, unctional saety is defned as part o the
overall saety relating to the EUC* and the EUC control
system which depends on the correct unctioning o
the E/E/PE** saety-related systems, other saety-related
systems and external risk reduction acilities.
In order to achieve unctional saety o a machine or a
plant, the saety-relevant parts o the pro-tective- and
control devices must unction correctly and, when a
ault or ailure occurs, the plant or system must remain
in a sae condition or be brought into a sae state. To
realize this, specifc qualifed technology is required,
which ulflls the requirements specifed in the rele-
vant standards.
The requirements to achieve unctional saety are
based on the basic goals:
avoid systematic aults
control systematic aults
control random aults or ailures.
The measure or the achieved unctional saety is the
probability o dangerous ailures, the ault tole-
rance and the quality which should be guaranteed
by avoiding systematic aults. In the Standards, this is
expressed using various terms. In IEC 61508: Saety
Integrity Level (SIL), in EN 954 (ISO 13489): Categories
and in DIN V 19250 and DIN V VDE 0801: Requirement
class (AK).
* EUC: Equipment under control
** E/E/PE: Electrical, electronical, programmable electronical
-
8/6/2019 1SAC103201H0201
10/88
10 1 SAC 103 201 H 0201
Machinery Directive (98/37/EC)*
With the introduction o a common European market,
eective 01.01.1993, a decision was made to harmoni-ze the national standards and regulations o all o the
EC Member States. This meant that Machinery Direc-
tive, as an internal Directive, had to be implemented
in the domestic legislation o the individual Member
States. (For instance, in Germany, the contents o the
Machinery Directive were implemented as the 9th
Decree o the Equipment Saety Law.) For the Machi-
nery Directive, this was realized with the goal to have
unifed protective goals and to reduce trading barriers.
The application area o the Machinery Directive corre-
sponds to its defnition.
Machinery also means an assembly o machineswhich, in order to achieve the same end, are arranged
and controlled so that they unction as an integral
whole.
The application area o the Machinery Directive thus
ranges rom a basic machine up to a complete plant.
The Machinery Directive has 14 Articles and 7 An-
nexes. The basic health and saety requirements in
Annex I o the Directive are mandatory or the saety
o the machine. The protective goals must be imple-
mented in a responsible ashion in order to ulfll the
requirements or conormance with the Directive. The
manuacturer o a machine must prove that the basic
requirements are ulflled. This proo is made easier by
applying harmonized standards.
A certifcation technique is required or machines li-
sted in Annex IV o the Machinery Directive, which repre-
sent a greater hazard potential.
Regulations and StandardsMachine saety
* substitute 89/392/EC, 91/368/EC, 93/68/EC
Overview o the Machinery Directive (rom 89/392/EC)
Application area, selling/marketing, free transfer of goods, protective clause Art. 1 Art. 7Certification technique Art. 8 Art. 9CE-marking, protection against arbitrary fulfillment Art. 10 Art. 12Coming into force, transitional regulations, cancellation of regulations Art. 13 Art. 14
Essential health and safety requirements relating to the design andconstruction of machinery and safety components
Contents of1. EC Declaration of Conformity for machinery andsafety components
2. Declaration by the manufacturer orhis authorized representatives established in the community
CE conformity marking
Types of machinery andsafety components which the procedure referred to in article 8 (2) (b) and(c) must be applied
EC Declaration of Conformity
EC type examination
Minimum criteria to be taken into account by the Member Statesfor the notification bodies
I
II
III
IV
V
VI
VII
35
10
45
84
10
8
8
8
9
Machinery Directive
Appendix Artikel
-
8/6/2019 1SAC103201H0201
11/88
1 SAC 103 201 H 0201 11
Regulations and StandardsMachine saety
Annex IV o the Machinery Directive
1. Electro-sensitive devices designed specifically to detect persons in order to ensure their safety(non-material barriers, sensor mats, electromagnetic detectors, etc.)
2. Logic units which ensure the safety functions of bimanual controls.
3. Automatic movable screens to protect the presses referred to in 9, 10 and 11
4. Roll-over protection structures (ROPS)
5. Falling-object protective structures (FOPS)
B. Safety components
1. Circular saws (single or multi-blade) for working with wood and analogous materials or for workingwith meat and analogous materials.
1.1. Sawing machines with fixed tool during operation, having a fixed bed with manual feed of the work-piece or with a demountable power feed.
1.2. Sawing machines with fixed tool during operation, having a manually operated reciprocating saw-bench or carriage.
1.3. Sawing machines with fixed tool during operation, having a built-in mechanical feed device for thework-pieces, with manual loading and/or unloading.
1.4. Sawing machines with movable tool during operation, with a mechanical feed device and manualloading and/or unloading.
2. Hand-fed surface planing machines for woodworking.
3. Thicknessers for one-side dressing with manual loading and/or unloading for woodworking.
4. Band-saws with a fixed or mobile bed and band-saws with a mobile carriage, with manual loadingand/or unloading, for working with wood and analogous materials or for working with meat andanalogous materials.
5. Combined machines of the types referred to in 1 to 4 and 7 for working with wood and analogousmaterials.
6. Hand-fed tenoning machines with several tool holders for woodworking.
7. Hand-fed vertical spindle molding machines for working with wood and analogous materials.
8. Portable chainsaws for woodworking.
9. Presses, including press-brakes, for the cold working of metals, with manual loading and/or un-loading, whose movable working parts may have a travel exceeding 6 mm and a speed exceeding30 mm/s.
10. Injection or compression plastics-molding machines with manual loading or unloading.
11. Injection or compression rubber-molding machines with manual loading or unloading.
12. Machinery for underground working or the following types: machinery on rails: locomotives and brake-vans hydraulic-powered roof supports internal combustion engines to be fitted to machinery for underground working.
13. Manually-loaded trucks for the collection of household refuse incorporating a compressionmechanism.
14. Guards and detachable transmission shafts with universal joints as described in Section 3.4.7.
15. Vehicles servicing lifts.
16. Devices for the lifting of persons involving a risk of falling from a vertical height of more than3 meters.
17. Machines for the manufacture of pyrotechnics.
A. Machinery
Types of machinery and safety components for which the procedure referred toin Article 8, Paragraph 2, letters b) and c) must be applied
-
8/6/2019 1SAC103201H0201
12/88
12 1 SAC 103 201 H 0201
Standards
To sell, market or operate/use products, these pro-
ducts must ulfll the basic saety requirements o theEC Directives. Standards can be extremely helpul
when it involves ulflling these saety requirements.
In this case, a dierentiation must be made between
harmonized European standards and other technical
rules and regulations which are known in the Directives
as National Standards.
Generally, all European Standards must be included,
unchanged in the national standards o the Member
States, independent o whether they are hamroni-
zed under the Machinery Directive or not. National
standards handling the same subject must then be
withdrawn.
Thus, within a period o time in Europe, a unifed set o
regulations will be created.
Harmonized European Standards
These are drawn-up by the two standards organiza-
tions CEN (Comit Europen de Normalisation) and
CENELEC (Comit Europen de Normalisation lectro-
technique) as mandate rom the EC Commission in or-
der to ulfll the requirements o the EU Directives or
a specifc product. And they must be published in the
o cial documentation o the European Communities.These Standards (EN Standards) are then transerred
into the national standards unchanged. They are used
to ulfll the basic health- and saety requirements and
the protective goals specifed in the Annex I o the Ma-
chinery Directive.
When using such standards, there is an automatic
presumption o conormity; i.e. the manuacturer can
be trusted to have ulflled all o the saety aspects o the
Directive as long as they are handled in the particular
Standard.
However, not every European Standard is harmoni-zed in this sense. The listing in the European docu-
mentation is decisive. The up-to-date version o these
lists can always be called-up in the Internet (Address:
http://www2.echo.lu/nasd/index.html).
The European Standards o CEN or the saety o ma-
chines are hierarchically structured as ollows
A Standards; also known as Basic Standards.
B Standards; also known as Group Standards.
C Standards; also known as Product Standards.
The diagram above shows the structure.
Type A Standards/Basic Standards
As Standards contain basic terminology and defni-
tions or all machines. This includes EN 292 Saety
o machinery Basic concepts, general principles or
design.
A Standards primarily address the party setting B- and
C Standards. The techniques or minimizing risks, spe-
cifed there, can however, also be helpul or manuac-
turers, i there are no relevant C Standards.
Type B Standards/Group Standards
These include all Standards with saety-related state-
ments, which can involve several types o machines.
The B Standards also primarily address the party set-
ting C Standards. However, they can also be helpul or
manuacturers when designing and building machine i
there are no relevant C Standards.
For B Standards, an additional subdivision was made,
and more precisely in:
Type B1 Standards or higher-level saety aspects,
e.g. ergonomic design principles, saety distances
rom potential sources o danger, minimum
clearances to prevent crushing o body parts.
Type B2 Standards or saety equipment are
specifed or various machine types, e.g.EMERGENCY STOP equipment, two-hand con-
trols,
interlocking/latching, contactless protective devices,
saety-related parts o controls.
Regulations and StandardsMachine saety
-
8/6/2019 1SAC103201H0201
13/88
1 SAC 103 201 H 0201 13
Type C Standards/Product Standards
These involve the Machine-Speciic Standards, e.g.
or machine tools, woodworking machines, elevators,
packaging machines, printing machines etc.
The European Standards are conceived, in order to
avoid repeating general statements, which are alrea-
dy included in type A, or type B standards; as ar as
possible, reerence to these are made in type C Stan-
dards.
In addition to machine-related requirements, Pro-
duct Standards can also include requirements which,
under certain circumstances, deviate rom the Basic-
and Group Standards. For the machine OEM, type C
Standard/Product standards have the highest priority.
It can be assumed that it thereore contains the basic
requirements o Annex I o the Machinery Directive
(automatic presumption o conormity).
I there is no Product Standard or a particular machi-
ne, then type B Standards can be applied as support
when building a machine.
National Standards
I harmonized European Standards are not available,
or they cannot be applied or certain reasons, then the
manuacturer can utilize the National Standards. All o
the other technical rules and regulations and European
Standards, not listed in the European oicial docu-
mentation (non-harmonized), all under this term o
the Machinery Directive. Those not listed in oicial
documentation can include, or example, still valid
DIN Standards and VDE Regulations and are declared,
also rom the German government as helpul to ulfll
the Machinery Directive.
However, when such standards are applied, the above
mentioned automatic presumption o conormity
does not apply. This means, that a risk analysis must
be carried-out and proven and i necessary, risk re-
duction measures applied which makes the whole
procedure more costly. These national standards are
or example, used by notifed bodies in order to iden-
tiy whether a specifc product ulflls the goals o the
Machinery Directive.
Regulations and StandardsMachine saety
European Standards or saety o machinery
Basic safety
standards
Basic design principles and
terminology for machines
Group safetystandards
General higher-level safetyaspects standards
Reference to special protectivedevicesGenerally handled safety-relateddevices
Specialist Standards Special safety features forindividual machine groups
TypB
TypB-1
TypB-2
TypA
TypC
Elevators: prEN 81-1 Woodworking machines: prEN 691 Presses + shears: prEN 692, prEN963 Injection molding machines: EN 201 Food preparation machines: prEN 1672-1 Printing and paper machines: pr EN 1010 Machining centers: prEN 12417
Cable railways: prEN 1709 Automated production systems: prEN 1921 etc.
Two-hand circuit: prEN 81-1 Emergency stop equipment, functional aspects
design guidelines EN 418 Light barriers: prEN 61496
Minimum clearances to prevent parts of the bodybeing crushed: EN 349
Safety-relevant parts of control systems:EN 954-1
Safety clearances against accessing dangerouslocations with the upper limbs: EN 294
Electrical equipment of machines: EN 60204-1 Safety of machines inter-latching devices with and
without tumbler: prEN 1088
Safety of machines: DIN EN 292-1
Safety of machinery; basic terminology, generalprinciples for design; technical principles andspecifications: EN 292-2
Noteforusers:
Ifharm
onizedC
Standardsexistfortheparticularproduct,thentheassociatedB-
andifrelevant,alsotheAStandardscanbeconsideredassecondary
-
8/6/2019 1SAC103201H0201
14/88
14 1 SAC 103 201 H 0201
Risk analysis/evaluation
As a result o their general design and unctionality, ma-
chines and plants represent potential risks. Thus, theMachinery Directive requires a risk assessment or
every machine and, i relevant, risk reduction, so that
the remaining risk is less than the tolerable risk. The
ollowing Standards should be applied or the techni-
que to assess these risks:
EN 292 Saety o machinery Basic concepts,
general principles or design
EN 1050 Saety o machinery Principles or risk
assessment
EN 292 mainly handles the risks to be evaluated and
design principles to reduce risks. EN 1050 basically
handles the iterative process with risk assessment and
risk reduction to achieve saety.
Risk assessment
Risk assessment is a sequence o steps, which allows
hazards, which are caused by machines, to be systema-
tically investigated. Where necessary, the risk assess-
ment phase is ollowed by risk reduction. The iterative
process (reer to Graphic) is obtained by repeating
this procedure. This allows potential hazards to be
removed as ar as possible, and allows the appropriate
protective measures to be made.
The risk assessment includes:
Risk analysis
Determining the limits o the machine
(EN 292, EN 1050 Paragraph 5)
Identifcation o hazards
(EN 292, EN 1050, Paragraph 6)
Techniques to estimate risks
(EN 1050, Paragraph 7)
Risk evaluation (EN 1050, Paragraph 8)
Ater risk have been estimated, a risk evaluation is
made as part o an iterative process to achieve saety.
In this case, a decision has to be made whether it is
necessary to reduce a risk. I the risk is to be urther
reduced, suitable protective measures must be selec-
ted and applied. The risk evaluation must then be
repeated.
I the required degree o saety has still not been re-
ached, measures are required to reduce the risk. Risk
reduction and the selection o suitable protective
measures are not part o the risk evaluation. Suitable
protective measures must be used to reduce risks. I
the protective measures involve interlocking/latching-
control unctions, then these must be confgured inaccordance with EN 954.
Standard EN 1050 calls this operation an iterative pro-
cess to achieve saety.
Risk elements are defned as a support tool to evalu-
ate risks. Graphic shows the inter-relationship o these
risks elements.
Regulations and StandardsMachine saety
Iterative process to achieve saety in accordance with EN 1050
NO
YES
EN D
Risk reduction and the selection of appropriate safety measuresare not part of the risk assessment. For a further explanation, referto Section 5 of EN 292-1 (1991) and EN 292-2.
START
Determine the machine limits
Identify the hazard
Risk estimation
Risk evaluation
Reduce risk
Is the machine safe
RISKANALYSIS
RISKASSESSM
ENT
-
8/6/2019 1SAC103201H0201
15/88
1 SAC 103 201 H 0201 15
Residual risk (EN 1050)
Saety is a relative term in our technical environment.
Unortunately, it is not possible to implement the so-
called zero risk guarantee where nothing can happen
under any circumstance. The residual risk is defned
as: Risk, which remains ater the protective measures
have been implemented.
In this case, protective measures represent all o the
measures to reduce risks.
Reducing risks
In addition to applying structural measures, risk re-
duction or a machine can also be realized using saety-
relevant control unctions. For these control unctions,
special requirements must be observed, which are de-
scribed in EN 954-1, graduated according to the level
o risk.
The requirements placed on saety-relevant parts o
control systems are sub-divided into categories, gra-
duated according to the level o risk. Techniques to
select the suitable category as reerence point or con-
fguring the various saety-related parts o a control,
are recommended in Annex B o EN 954-1.
Regulations and StandardsMachine saety
Risk elements
Possible selection o the categories in accordance with EN 954-1
Risk
related to theconsidered hazard
Severity
of the possible harm forthe considered hazard
= +is a
function
of
and
Probability of OCCURRENCE of
that harm
Frequency and duration ofexposure
Probability of occurrence ofhazardous event
Possibility to avoid or limit theharm
S Severity of the injury
S1 Slight (normally reversible) injuryS2 Severe (normally irreversible) injury including
death
F Frequency and/or exposure time to the
hazardous condition
F1 Seldom up to quite often and/or the exposuretime is short
F2 Frequent up to continuous and/or the exposuretime is long
P Possibility of avoiding the hazard
P1 Possible under specific conditionsP2 Scarcely possible
Selecting the category
B, 1 to 4 Categories for safety-related parts ofcontrol systems
Preferred categories for reference points
Possible categories requiring furthersteps
Measures which can be over-dimen-sioned for the relevant risk
Starting point forestimating the riskof the safety-relatedpart of the control
Category
B 1 2 3 4
S1
S2
F1
F2
P1
P2
P1
P2
-
8/6/2019 1SAC103201H0201
16/88
16 1 SAC 103 201 H 0201
The adjacent table indicates a brie summary o the
requirements or the various categories. The complete
text or the requirements is contained in EN 954-1,
Section 6.
Basic requirements to confgure control systems are
defned in the various categories. These are intended
to make the systems tolerant to hardware aults. Ad-
ditional aspects must be observed or more complex
control systems, especially programmable electronic
systems, so that
random hardware ailures can be controlled,
systematic errors/aults in the hardware and sot-
ware are avoided, and
systematic errors/aults in the hardware and sot-
ware can be controlled,
so that su cient unctional saety is achieved or sa-
ety-critical tasks. The necessary requirements are de-
scribed in the German Drat Standard DIN V VDE 0801
and the International Standard IEC 61508. The scope o
the required measures is also graduated corresponding
to the risk reduction required.
Saety Integrated
The measures which are required to make a complex
control adequately unctionally sae or saety tasks are
extremely comprehensive and involve the complete
development- and manuacturing process. Thus, con-
trols such as these are specifcally developed as ail-
sae devices. Advant Controller CS 31-S with AC 31
Saety Fieldbus are examples o such control systems.
Regulations and StandardsMachine saety
Description o the requirements or the Categories in accordance with EN 954-1
Principles toachieve safety
System behaviour 2)Summary of requirementsCategory 1)
B Safety- related parts of control systems and/or theirprotective equipment, as well as their components,shall be designed, constructed, selected, assembledand combined in accordance with relevant standards sothat they can withstand the expected influence.
The occurrence of a fault can lead to theloss of the safety function.
Mainly characterized
by selectionof components.
Mainly characterizedby structure.
1 Requirements of B shall apply. Well- tried componentsand well-tried safety principles shall be used.
The occurrence of a fault can lead to theloss of the safety function but the probabilityof occurrence is lower than for category B.
2 Requirements of B and the use of well- tried safety prin-ciples shall apply. Safety function shall be checked atsuitable intervals by the machine control system.
The occurrence of a fault can lead tothe loss of the safety function between thechecks. The loss of safety function is detected bythe check.
3 Requirements of B and the use of well- tried safety prin-ciples shall apply. Safety-related parts shall be designed,so that:
a single fault in any of these parts does not lead tothe loss of the safety function; and whenever reasonably practicable the single fault isdetected.
When the single fault occurs the safetyfunction is always performed. Some but not all faults will be detected.
Accumulation of undetected faults canlead to the loss of the safety function.
4
1) The categories are not intended to be used in any given order or in any given hierarchy in respect of safety requirements.2) The risk assessment will indicate whether the total or partial loss of the safety function(s) arising from faults is acceptable.
Requirements of B and the use of well-tried safety prin-ciples shall apply. Safety-related parts shall be designed,so that: a single fault in any of these parts does not lead to aloss of the safety function; and the single fault is detected at or before the nextdemand upon the safety function. If this is not possible,then an accumulation of faults shall not lead to a loss ofthe safety function.
When the faults occur the safety functionis always performed. The faults will be detected in time to pre-vent the loss of the safety function.
-
8/6/2019 1SAC103201H0201
17/88
1 SAC 103 201 H 0201 17
Saety-related unctions
The saety-related unctions include, in addition to the
classic unctions
stop
actions in an emergency situation
in the meantime, also more complex unctions such
as
speed limiting
position limiting
speed deviation etc.
The classic unctions are defned in EN 60204-1 and
are generally implemented using basic electromecha-nical components. Electronic programmable systems
can also be used to implement more complex unc-
tions, i they ulfll the relevant standards (IEC 61508,
EN 954 or DIN V VDE 0801).
Stop
Stop categories according to EN 60204-1
There are three stop categories, which are defned in EN
60204-1, independent o an emergency situation:
Stop Category 0
Uncontrolled stop; stopping by immediate removal opower to the machine actuators (e.g. motor).
Stop Category 1
Controlled stop; the power is only removed when the
machine has come to a standstill.
Stop Category 2
Controlled stop, where power is still ed to the ma-
chine when it is at a standstill.
Emergency operations
The new EN 60204-1/11.98 (IEC 60204-1), harmonized
with HD 384 (IEC 60364), has defned the ollowing pos-sible actions or emergency situations (EN 60204-1
Annex D):
Action in an emergency situation includes individu-
ally, or a combination o:
EMERGENCY STOP
EMERGENCY START
EMERGENCY OFF
EMERGENCY SWITCHING ON.
According to EN 60204-1 and EN 418, these unctions
are exclusively initiated by a conscious manual inter-
vention. In the ollowing text, only EMERGENCY OFF
and EMERGENCY STOP will be discussed.
The latter ully corresponds to the same terminology
in the EC Machinery Directive.
EMERGENCY OFF
This is an intervention (action) in an emergency situa-
tion, which disconnects the electrical power to a com-
plete system or installation or part o it i there is a risk
o electric shock or another risk caused by electricity
(rom EN 60204-1 Annex D).
Further, the ollowing is deined in 9.2.5.4.3 o EN
60204-1:
Functional aspects to disconnect the power in an
emergency situation are deined in IEC 60364-4-46
(identical to HD 384-4-46).
Power must be disconnected in an emergency situa-
tion, where
protection against direct contact (e.g. with con-
tact cables, slip ring assemblies, switch-gear in
electrical rooms) is only achieved by maintaining
a clearance or barriers;
other hazard or damage could occur as a result o
electric power.
In an emergency situation, the power supply is dis-
connected rom the machine which results in a Cate-
gory 0 Stop.
I a Category 0 Stop is not permissible or a machine,
then it may be necessary to provide other protection,
e.g. against direct contact, so that power does not
have to be disconnected in an emergency situation.
This means, that EMERGENCY OFF should be usedwhere the risk analysis indicates a hazard due to elec-
tric voltage/power and thereore requires that the
electric voltage is immediately disconnected rom the
complete machine.
Regulations and StandardsMachine saety
-
8/6/2019 1SAC103201H0201
18/88
18 1 SAC 103 201 H 0201
In the application area o the EC, EMERGENCY OFF de-
vices all under the Low-voltage Directive 73/23/EEC,
i they are not used in conjunction with machines. I
they are used in conjunction with machines, then they
come under the Machinery Directive 98/37/EC, as is
true or all o the other electrical equipment.
EMERGENCY STOP
This is an action, in an emergency situation, which
is defned to stop a process or movement which has
become hazardous (rom EN 60204-1 Annex D).
Further, in 9.2.5.4.2 o EN 60204-1 the ollowing is de-
fned:
Stop
In addition to the requirements or stop (reer to
9.2.5.3), the ollowing requirements apply or an emer-
gency stop:
It must have priority over all other unctions and
actions in all operating modes;
The power to the machine actuators, which could
cause hazardous conditions, must be disconnec-
ted as quickly as possible without creating other
hazards (e.g. using mechanical stopping/ braking
devices, which do not require an external supply
by using counter-current braking) or Stop Cate-
gory 1;
Resetting may not initiate a restart.
Stopping in an emergency situation must either be
eective as a Stop, Category 0 or Category 1 (reer to
9.2.2). The Stop Category in an emergency situation
must be defned as a result o the risk evaluation or
the machine.
To technically implement the EMERGENCY STOP, cor-
responding to the application recommendation in the
oreword o EN 60204-1, the requirements o either EN
60204-1 or EN 954 and IEC 61508 can be applied. EN
60204-1 primarily requires that this is implemented
using electromechanical components, as basic (pro-
grammable) electronic systems are not sae enough.
By correctly applying EN 954 and, i required, IEC
61508, electronic- and programmable electronic com-
ponents become unctionally sae enough, that they
can also be used to implement EMERGENCY STOP or
all Categories.
Devices or EMERGENCY OFF and EMERGENCY STOP
In order to ulill the protective goals, both o EN
60204-1 as well as EN 418, the ollowing require-
ments are valid or both unctions (also reer to 10.7
in EN 60204-1):
When contacts switch, even with just a brie ac-
tuation, the control device must positively latch.
It is not permissible that the machine can be re-
started rom a remote main operator control sta-
tion without the hazard or danger frst having
been removed. The emergency stop device must
be consciously released again locally.
Other saety-related unctions
For all other saety-related unctions, EN 60204-1 re-
commends that electromechanical components are
used. With the argument that it is presently di cult
to be able to secure the reliability o ault-ree opera-
tion o a single-channel programmable electronic unit
with su cient confdence. This expressly reers to the
time at which the associated text o the standard was
drawn-up.
The application recommendation in the oreword o
the new EN 60204-1 or this Chapter takes into ac-
count the progress which has been made in develo-ping saety-relevant technology. It recommends that
the dierent requirements o other relevant stan-
dards, e.g. IEC 61508, should be taken into conside-
ration. When taking into account the requirements
o these standards, it is possible to use electronic and
programmable electronics, or example, a ail-sae Ad-
vant Controller 31-S in a saety-related ashion, even
or complex unctions.
Regulations and StandardsMachine saety
-
8/6/2019 1SAC103201H0201
19/88
1 SAC 103 201 H 0201 19
Man Machine
In order to simpliy the interaction between man and
machines, reerence is made to Standards EN 60073an DIN EN 60204.
Switches, pushbuttons and signaling lamps are, in the
frst instance, the machine components which are used
as the interace between man and machine. These
operator control elements are clearly and uniormly
identifed using color coding which has a very spe-
cifc signifcance. This guarantees that the saety o
operating personnel is increased and it is easier to
handle and maintain the operating resources/plants
and systems.
The colors or pushbuttons, the signiicance o thecolors, explanations and application examples are
shown in Graphic.
According to DIN EN 60204-1 (VDE 0113 Part 1) the
ollowing inormation has to be observed:
The preerred colors or START/ON operator con-
trol devices should be White, Grey or Black, pre-
erably White, Green can be used, Red may not be
used.
Red must be used or EMERGENCY OFF operator
control devices. The colors or STOP/OFF operator
control devices should be Black, Gray or White,
preerably Black. Red is also permitted. It is not
permissible to use Green.
White, Grey and Black are the preerred colors or
pushbuttons, which can be used alternating as
START/ON- and STOP/OFF pushbuttons. It is not
permissible to use Red, Yellow or Green.
White, Grey and Black are the preerred colors or
pushbutton control elements which initiate an
operation while they are pressed, and end that
operation when they are released (e.g. jogging).
Green is reserved or unctions, which display a
sae or normal operating condition.
Yellow is reserved or unctions, which display an
alarm or a non-standard (abnormal) condition.
Blue is reserved or unctions which require a spe-
cifc action.
Reset pushbuttons must be Blue, White, Grey or
Black; i they also act as STOP/OFF pushbuttons,
White, Green or Black are preerred, but preeraly
Black. It is not permissible to use Green.
The colors or the indicating lamps, their signifcance
with reerence to the status o the machine as well as
their handling and application examples, are listed in
Graphic (Page 18).
For illuminated pushbuttons, the inormation in Gra-
phics (Page 17 and 18) applies. I problems are en-
countered when assigning suitable colors, White must
be used. For EMERGENCY OFF devices, the color Red
must not be dependent on the illumination status o
the device.
Coding cables
The color coding o switches, pushbuttons and indica-
tor lamps has been discussed in the previous Section.
EN 60204 oers a higher degree o exibility when
coding cables. It specifes that cables at every con-
nection must be able to be identifed in conormance
with the technical documentation .
It is su cient i terminals are numbered, correspon-
ding to the inormation in the circuit diagram, i the
cable can be easily visually tracked. For complex con-
trols, it is recommended that the internal wiring cables
as well as the outgoing cables are coded so that aterthe cable has been disconnected rom the terminal,
it can be easily re-connected later to the same termi-
nal. This is also recommended, or terminal locations
Regulations and StandardsMachine saety
Colors or pushbuttons and their signifcance in accordance with EN 60204-1 (VDE 0113 Part 1): 06.93
ExplanationMeaningColour
Red Emergency Actuate in the eventof a hazardous con-dition or emergency
Yellow Abnormal Actuate in the eventof an abnormal con-dition
Green Normal Actuate to initiate
normal conditions
Blue Mandatory Actuate for a con-dition requiringmandatory action
Black
Grey
White
Note Where a supplemental means of coding (e.g. shape, position, texture) is used for the identification of push-button actuators, then the same colour White, Grey or Black may be used for various functions (e.g. White forSTART/ON and for STOP/OFF actuators).
No specificmeaningassigned
for general initiationof functions exceptfor emergency stop(see note)
Examples of application
EMERGENCY OFF; Initiation ofemergency function
Intervention to suppress abnormalcondition; Intervention to restart aninterrupted automatic cycle
START/ON; however white should
be preferably used
Reset function
START/ON, STOP/OFF (preferred)
START/ON, STOP/OFF
START/ON (preferred), STOP/OFF
-
8/6/2019 1SAC103201H0201
20/88
20 1 SAC 103 201 H 0201
which have to be disconnected when the equipment
is transported.
Using the wording in IEC 60204-1 1997, Paragraph
14.2.1 conductor core coding/identifcation, the Stan-
dards Committee wanted to make the ollowing state-
ment:
1. Each individual cable must be able to be iden-
tifed, however, only in correspondence with the do-
cumentation. It is not necessary that every cable must
be able to be identifed without the documentation
2. The type o coding and also the identiicat ion
technique should be agreed between the manuactu-
rer and operator.
It is not the intention o the Standard to speciy a spe-cifc coding type worldwide. For instance, or saety
reasons, actory-internal speciications may have a
higher priority in order to avoid conusion in specifc
areas which are handled by the same personnel. These
defnitions cannot be generalized due to the wide ap-
plication range o the Standard, rom small individual
machines (high unit volume standard products) up to
large, complex machinery plants (unique equipment
and systems).
Primarily, the avoidance o installation/assembly
aults must be guaranteed using appropriate testing.
Instead o many dierent colors, a single color can be
used or the internal wiring. It should be color-coded
as ollows:
Black or main AC and DC circuits
Red or AC control circuits
Blue or DC control circuits
Orange or interlocking circuits, which are sup-
plied rom an external power source.
The above color assignment is recommended i a deci-
sion is made to just use color coding. The only manda-
tory specifcation is the color coding o the protective
conductor and the neutral conductor. For all other
cabling and wiring, one o the methods, listed in 14.2.4
can be selected (color, numbers or letters; or a combi-
nation o colors and numbers or colors and letters).
Protective conductor marking
The protective conductor must be uniquely identi-
fable as a result o its shape, location, coding or color.
I it is only identiied as a result o its color, then a
two-color combination o green/yellow must be used
along the whole length o the cable. The green/yellow
color combination is exclusively reserved or protecti-
ve conductors.
Neutral conductor marking
I a circuit has a color-coded neutral conductor, thenlight blue must be used. Light blue may not be used
to code other cables i there is a danger o accidentally
interchanging them.
I there is no neutral conductor, a light-blue conductor
may be used or other purposes, but not as protective
conductor.
Regulations and StandardsMachine saety
Colors or indicator lamps and their signifcance in accordance with EN 60204-1 (VDE 0113 Part 1): 06.93
ExplanationMeaningColour
Red Emergency Hazardous con-dition
Yellow Abnormal Abnormal condi-tion Impendingcritical condition
Green Normal Normal condit ion
Blue Mandatory Indication of acondition thatrequires actionby the operator
White Neutral Other condit ions;may be usedwhenever doubtexists about theapplication ofRed, Yellow,Green, Blue
Action by operator
Immediate actionto deal with hazar-dous condition(e. g. by operatingemergency stop)
Monitoring and/orintervention (e.g. byre-establishing theintended function)
Optional
Mandatory action
Monitoring
Examplesof application
Pressure/tempera-ture outside safelimits, voltagedrop, voltage in-terruption, passing
through a stopposition
Pressure/tempera-ture outside nor-mal operating ran-ges; Tripping aprotective device
Pressure/tempera-ture within the nor-mal operating ran-ges, permissivesignal to continue
Prompt to enter,specified values
Generalinformation
-
8/6/2019 1SAC103201H0201
21/88
1 SAC 103 201 H 0201 21
Regulations and StandardsProcess industry
Legislation Requirementsin Europe
For the process industry, essentially the ollowing ECDirectives must be applied:
Council Directive 96/82/EC o 9th o Dec. 1996 on
the control major-accident hazards involving dan-
gerous substances (Seveso Directive II).
Low-Voltage Directive
Machinery Directive (98/37/EC)
Pressure Equipment Directive (97/23/EC).
The latter is only relevant in so much that the devi-ces used must ulfll this Directive. The Directive on
the other hand is not valid or assembling pressured
devices at the users plant, or example, in industrial
system under his responsibility.
At the same time, the health and saety at work laws
(Reer to Page 1/2, Workplace Health and Saety Le-
gislation) and accident prevention regulations must
always be observed.
Seveso Directive
This EC Directive specifes, corresponding to the prin-ciples explained in the introduction, the saety goal.
preserving and protecting the quality o the en-
vironment, and protecting human health through
preventive action;
In order to achieve this goal, the ollowing basic re-
quirements have been drawn-up, which the Member
States must ensure are ulflled.
Concept to prevent severe accidents
The owner/operating company is responsible in dra-
wing up a document setting out his major-accidentprevention policy and to ensure that it is properly
implemented. The major-accident prevention policy
established by the owner/operating company shall
be designed to guarantee a high level o protection
or man and the environment by appropriate means,
structures and management systems (Article 7 Para-
graph 1).
The document must take into account the ollowing
basic principles.
The concept to prevent severe accidents must be
in written orm.
A saety management system, in which, among
others, the ollowing issues are regulated:
Determining and evaluating the risks defning
and applying techniques to systematically deter-
mine hazards
Operation monitoring defning and applying
techniques or sae operation, including the
maintenance and service o the plants and
systems.
Quality assurance defning and applying techni-
ques to continuously ensure that the goals are
achieved.
Saety report
The owner/operating company is responsible in ge-
nerating a saety report, in which the ollowing is de-
fned,
that the concept to prevent severe accidents has
been implemented,
that the hazards have been identifed and all o
the required measures to prevent these types o
accidents and limiting the results or man and the
environment, have been put in place, and
the implementation, erection and installation and
operation o all plants and systems is adequately
sae and reliable.
Inspection
The regulatory bodies must set-up a system o inspec-
tions to systematically check the operational-, orga-
nizational and management-specifc systems o the
operation which will allow these regulatory bodies to
confrm that the user can prove,
that he has undertaken measures to prevent se-
vere accidents, and
he has provided adequate measures to limit the
results o any accident
This EC Directive must be implemented on a national
basis.
-
8/6/2019 1SAC103201H0201
22/88
22 1 SAC 103 201 H 0201
Regulations and StandardsProcess industry
Technical measures toulfll the legislative goals
The frst priority is to design the process so that it isintrinsically sae. Where this is not possible, then ad-
ditional measures are required in order to reduce the
remaining risk, as a result o the process, to a tolerable
level. This can be realized using electronic controllers
i these are suitable or the particular task. Electronic
controllers are then suitable or securing the saety o
the plant, i they have been especially designed or this
purpose. The requirements are described in Standards.
Relevant standards or saety measuresusing process control technology
For saety measures using process control technology,e.g. in Germany, presently the ollowing national stan-
dards must be applied:
DIN V 19250 Basic saety issues or control and
instrumentation protective devices
DIN V 19251 Instrumentation and control protec-
tive devices requirements and measures or sa-
ety-related unctioning
DIN V VDE 0801 Basic rules or computers in sys-
tems with saety-related tasks. The standards
are also recognized in other European countriesand appropriately applied, but however, this
must be clarifed on a case-or-case basis. The in-
ternational standards or this application area are:
IEC 61508 Functional saety o electrical/electro-
nic/programmable electronic saety-related sys-
tems
Drat IEC 61511 Functional saety: saety instru-
mented systems or the process industry sector.
IEC 61508 is a basic standard, primarily or developing
sector-specifc standards. It can be directly applied, ithere is no specifc standard or the associated appli-
cation area.
Presently, in Germany, the above specifed national
standards are still valid. Today, instead o DIN V VDE
0801, IEC 61508 can be used. DIN V 19250 and 19251
are scheduled to be replaced by IEC 61511.
The national standard in the US is
ISA S 84 Application o Saety Instrumented Sys-
tems or the Process Industries with Technical
Report TR 84.
The process industry in the US and Canada is not inten-
ding to replace ISA S 84 by IEC 61508, but only with IEC
61511 (the principles o ISA S 84 correspond to those
o IEC 61508).
Further, or the equipment and deviced used, there
are additional standards which apply which are invol-
ved with specifc saety requirements. Also reer to the
Section on Machine Saety.
-
8/6/2019 1SAC103201H0201
23/88
1 SAC 103 201 H 0201 23
Regulations and StandardsProcess industry
Announcement o process control systems in saetyrelated/non-saety related confgurations
Principle o risk reduction (acc. to IEC 61508)
Reducing risks usingprocess control technology
Measures are required to reduce risks, i a ailure o
the basic process control system can lead to a dan-
gerous event or can cause the plant or system to go
into a hazardous condition and i the resulting risk is
unacceptably high. In this case, suitable protection
measures must be taken either to su ciently reduce
the probability o a hazardous event occurring, or to
reduce the extent o the damage. This can be realized
using electronic controller-based saety instrumented
systems, i these ulfll the saety requirements.
Risk reduction
As it is not possible to completely exclude certain risks,
both rom a technical and cost-eective standpoint, it
is necessary not only to determine the existing risk,
but also to defne and speciy a risk which can be tole-
rated. The measure or the saety integrity o the risk-
reducing unctions is then derived rom the dierence
between these two actors.
IEC 61508 defnes Saety Integrity Level (SIL) as a
target measure or the probability o ailure or
executing risk-reducing unctions.
Drat IEC 61511 uses the Saety Integrity Level
(SIL), defned in IEC 61508 as a target measure
or the probability o ailure o the execution o
the risk-reducing unctions.
Actual risk reduction
Partial risk coveredby other technologysafety-related systems
Partial risk coveredby E/E/PE safety-related systems
Risk reduction achieved by all safety-related systems andexternal risk reduction facilities
Partial risk coveredby external riskreduction facilities
Necessary risk reduction
Increasing risk
EUC riskResidual risk Tolerable risk
Prevention
Safety instrumented prevention system
Mitigation
Safety instrumented mitigation system
Basic Process Monitoring systems
Basic Process Control systems
Safety-related
Non-safety relevant
-
8/6/2019 1SAC103201H0201
24/88
24 1 SAC 103 201 H 0201
Regulations and StandardsProcess industry
Saety integrity levels according to IEC 61508: Target ailure measure or a saety unction, allocated toa saety-related system.
Comparison o the requirement categories(This comparison is or inormation purposes only, as the classi-fcations cannot be transerred one to one.
Evaluation unit, e.g. saety PLC
Risk graph and requirement classifcations to DIN V 19250
Selecting the equipment and basicso the required eatures
Saety unction
Risk reduction using electronic controllers is realized by
defning unctions or each possible hazardous event
or each possible dangerous condition o the plant or
system, which prevents the dangerous event occur-
ring. These so-called saety unctions are to maintain
the plant or system in a sae state or to re-establish
this sae state i a dangerous event could occur due to
a ailure or a disturbance in the plant or system. The
saety unction can also be used to reduce the extent
o damage due to a hazardous event.
The defnition o a saety unction always includes the
specifcation o the unction itsel (e.g. inhibiting the
eed to a container, i the level has reached the upper
limit), and the saety integrity, derived rom the risk
analysis.
Implementing the saety unctions
Every saety unction always includes the complete
chain, rom inormation acquisition, through inorma-
tion evaluation up to executing the required action.
Equipment involved, or example, ailsae PLCs, sen-
sors and actuators etc. must ulfll, as a total, the de-
termined SIL rom the risk evaluation. I a unit is used
at the same time or various saety unctions, it mustulfll the highest SIL o the individual unctions.
Safetyintegritylevel
High demand or continuous modeof operation(Probability of a dangerous failureper hour)
Low demand mode of operation(Average probability of failure toperform its design function ondemand)
4
3
2
1
109 to < 108
108 to < 107
107 to < 106
106 to < 105
105 to < 104
104 to < 103
103 to < 102
102 to < 101
Category(EN 954-1)
Safety class(SIL)(IEC 61508)
B1 22 334
01123344
Requirementcategories(DIN V 19250)
12345678
Acquireinformation
Evaluateinformation
Executeaction
Safety function
SensorEvaluation
unitActuator
Extent of loss
Injury1
Duration of stay Risk avoidance Probability
relativelyhigh
low verylow
2
3
4
5
6
7
8
1
2
3
4
5
6
7
1
1
2
3
4
5
6
Several fatalities
Fatality
Catastrophe
Riskparameters
possible
not possible
possible
not possible
seldom
frequent
seldom
frequent
-
8/6/2019 1SAC103201H0201
25/88
1 SAC 103 201 H 0201 25
Regulations and StandardsProcess industry
Maximum permissible SIL or a non-complex sub-systems dependent on its ault tolerance N and the achievedsae ailure raction (acc. to IEC 61508-2 FDIS)
Device characteristics and eatures
I PLCs are used or inormation processing, these
must ulill as Saety-PLC the requirements o the
relevant standards and ulfll the specifed SIL. They
must also be certifed by an independent tester. This
is also valid or other complex devices where not all
o the potential ault/ailure modes can be specifed,
because they use microprocessor technology. The es-
sential characteristics and eatures o a ail-sae PLC,
which are requested in the standards with various
graduated levels, are:
When developing, manuacturing and servicing,
specifc measures and techniques must be applied so
that systematic aults can be avoided.
The PLC must be able to control systematic ailu-
res which occur during operation.
The PLC must detect random hardware ailures
during operation and be able to control them.
To be able to control a ailure means that when
the system detects a ault or ailure, the saety unc-
tion, defned or this case (e.g. shutdown the plant), is
reliably executed.
Application
When using a ail-sae PLC, only the conditions, de-
ined in the associated Saety Manual, and i rele-
vant, additional conditions o the certifcate, must be
maintained. For the peripheral devices which are to
be connected (e.g. sensors and actuators), in addition,
the requirements in the standards (IEC 61508 and IEC
61511) must also be taken into account regarding the
ollowing aspects:
Systematic aults must be avoided, e.g. confgu-
ring-, installations- and handling aults
Random aults or ailures must be detected and
controlled.
Necessary ault tolerance. This is dependent on
the possibilities available to detect aults and
ailures.
Required service/maintenance.
IEC 61508 defnes the maximum permissible SIL o a
system or subsystem dependent on its ault tolerance
and the sae ailure raction over the total possible
ailures (reer to Graphic). Dangerous ailures must be
detected and a required response must be perormed
within a suitably short time. These time requirements
are defned in IEC 61508-2.
In order to detect aults or ailures in peripheral devi-
ces, test- and monitoring unctions can be integrated
into the saety PLC.
When using complex peripheral devices (e.g. trans-
mitters with microprocessor), it must be ensured that
these devices themselves ulfll the relevant standards
(e.g. IEC 61508 or IEC 61511).
The complete saety instrumented system must be
confgured, so that it ulflls the relevant standards or
all o its saety-relevant unctions. IEC 61508 and Drat
IEC 61511 are relevant regarding unctional saety.
Safe failure fract ion
< 60 %
6090%
9099%
99 %
SIL 1
SIL 2
SIL 3
SIL 4
SIL 2
SIL 3
SIL 4
SIL 4
SIL 3
SIL 4
SIL 4
SIL 4
Hardware fault tolerance (see note 2)
0 (see note 1) 1 2
NOTE 1: See IEC 61508-2 for details on interpreting this tableNOTE 2: A hardware fault tolerance of N means that N + 1 faults could cause a loss of the safety function.
-
8/6/2019 1SAC103201H0201
26/88
26 1 SAC 103 201 H 0201
Regulations and StandardsFurnaces
EC Directives
Furnaces and burners are subject to the relevant direc-
tives due to their application and the devices which areused. There are no specifc EC Directives or urnaces.
Furnaces are subject, where relevant, to applicati-
on-specifc directives. Industrial thermo-processing
equipment are, or example, classiied as machines
under the Machinery Directive.
Standards
Industrial thermo-processing equipment
There is a European drat standard or these systems,
which was drawn-up under a mandate o the Machin-
ery Directive, and more precisely, prEN 746 Industrial
thermo-processing equipment with
Part 1: General saety requirements o industrial
thermo-processing equipment
Part 2: Saety requirements or combustion and
uel handling systems.
prEN 746 can be applied to industrial thermo-proces-
sing equipment, or example
Metal producing and processing
Glassworks,
Ceramic plants,
Cement-, lime-, and gypsum plants,
Chemical plants,
Incinerators etc.
This reers to EN 60204-1 and EN 654-1 as well as, or
saety-relevant electronic systems, also to IEC 61508.
Furnaces
For urnaces, which do not belong to industrial ther-
mo-processing equipment, and are not used to heat
process liquids and gases in the chemical industry,
there are the ollowing general standards or electrical
equipment the European Drat Standard
prEN 50156 Electrical equipment or urnaces
Part 1: Requirements or application design and
installation
and the German Standard
DIN VDE 0116
The ollowing Standards are available or burners:
prEN 676 gas burners;
EN 230 oil-vapor burner in a mono-block design;
EN 267 oil burners;
EN 298 automation equipment or urnaces or
gas burners and gas units with and without blower.
EMERGENCY OFF or urnaces
For equipping urnaces with devices to switch-o in
an emergency situation, prEN 50156 specifes that EN
60204-1 and EN 954-1 must be observed so that the
appropriate EC Directives are ulflled.
The regulations are also involved with the associated
equipment or storage, preparation and pumping
uels.
-
8/6/2019 1SAC103201H0201
27/88
1 SAC 103 201 H 0201 27
Push buttons
-
8/6/2019 1SAC103201H0201
28/88
28 1 SAC 103 201 H 0201
Push buttonsEMERGENCY OFF control devices
Relevant standards
IEC 60947-5-5 (Requirements or ulflling the ma-
chine guidelines)
EN 60204-1 (Saety o machines Electrical equip-
ment o machines)
EN 60947-5-1 (Low-voltage switchgear with posi-
tive opening contacts)
EN 999 (Approach speed)
EN 292-1 (Saety o machines General design
guidelines)
EN 954-1 (Saety o machines Saety-related parts
o control systems)
Product saety through new standards
The EMERGENCY OFF operating devices rom ABB are
tested according to the new standard or electrical
EMERGENCY OFF devices with mechanical latching,
IEC 60947-5-5 (1997-11), and the corresponding gui-
delines EN 60204.
The ollowing tests have to be passed in order or the
standard to be ulflled:
Category B, 1, 2: acc. to EN 954-1
Using a contact block
Use o two switching elements. A dual-channel control
is absolutely necessary or this category when used or
ail-sae evaluation and diagnostics equipment.
Continuous 6,050 cycles. This is not a test oftest: the mechanical service life, which
is 100,000 operations.
Robustness: A force of 113 N on three axes.
Environmen- Heat and cold, high air humiditytal test: and 5 % NaCl solution
High voltagetest: 2,500 V
Reset test: Tensile force 50 N
Shock test: 15 g
Vibration
test: 2 h at 50 m/s2
Positiveopeningcontacts: according to IEC 947-5-1, K.2.2
Using with a fail-safe Advant 31-S
evaluation unitAdvant 31-S07 EB 91 S
EmergencyOFF
Using with safety combination C 57x
safety combinationC 57x (Cat.2)
EmergencyOFF
Using with a fail-safe Advant 31-S
evaluation unitAdvant 31-S07 EB 91 S
EmergencyOFF
Using with safety combination C 57x
safety combinationC 57x (Cat. 3, 4)
EmergencyOFF
-
8/6/2019 1SAC103201H0201
29/88
1 SAC 103 201 H 0201 29
Push buttonsEMERGENCY OFF control devices
Assembled stations
ABB has two enclosure systems or the installation o
pushbuttons in situ:
Insulated enclosure providing protection-rating IP65
Metal enclosure providing protection-rating IP67
While the insulated enclosure can withstand all nor-
mal internal and external loads, the metal enclosure
made o lightweight metal provides increased loa-
ding capacity with respect to leaks and mechanical
stresses.
Apart rom the individual enclosures, ABB also oers
a range o the most common combinations o in-situ
controls ready assembled ex stock. Furthermore, it is
also possible or customer specifc, tailor made and
pre-assembled in-situ controls to be produced to or-
der.
Accessories
ABBs comprehensive range o accessories enables
virtually all the combinations o pushbuttons ound in
practice to be simply and inexpensively realised.
The ollowing in-situ controls are available pre-assem-
bled ex stock:
Insulated enclosure with 1 control (grey/black
enclosure)
1x pushbutton with 1NO or 2NO
1x mushroom button 2NC
EMERGENCY OFF controls 2NC (yellow/black
enclosure)
Insulated enclosure with 2 controls (grey/black
enclosure)
2x pushbutton with 1NO or 2NO
Insulated enclosure with 3 controls (grey/black
enclosure)
3x pushbutton with 1NO or 2NO
2x pushbutton with 1x indicator light
Metal enclosure with 1 control (grey enclosure)
EMERGENCY OFF pushbutton 2NC
-
8/6/2019 1SAC103201H0201
30/88
30 1 SAC 103 201 H 0201
Push buttonsSignal towers and signal beacons
Signal Tower K 70
Rapid assembly o the signal elements due to
bayonet system
Simple replacement o deective bulbs in every
stage
Flexible composition o the signal elements pos-
sible
Up to 5 elements possible max. 10 elements
with double angle
Lightening elements can be ftted at every stage
Use o up to 5 lightening elements
High protection rating, IP54 or all optical and
acoustic signal elements
LED elements or long service lie
Colour selection to IEC 73, Version 4, 1991 Descrip-
tion and colours or pushbuttons/Signal beacons and
inormation with respect to use o the colours (extract
rom the standard):
Signal Beacons K SB
Tamper-proo design withstands all mechanical
and natural conditions both indoors and out-doors
High protection rating IP65
Cap consists made o high-impact polycarbonate
(up to 20 yrs)
Rapid bulb change rom the inside o the switch-
gear cabinet
Colour Pushbutton/Significance Indicator light/Significance
Serious risk: Dangerous condition
Attention/Imminentcritical state
Normal condition or safe
Status, which requires a definedaction
No special significance
Risk: Act urgently
Attention: Measures necessary
Normal condition, Measures fornormalisation or securing
Predetermined significance
No special significance
Red
Amber
Green
Blue
White, grey, b lack
-
8/6/2019 1SAC103201H0201
31/88
1 SAC 103 201 H 0201 31
Push buttonsPosition switches LS-Serie
Relevant standards
EN 1088 (Latching devices in conjunction with
isolating protective devices)
EN 60947-5-1 (Low-voltage switchgear with posi-
tive opening contacts)
prEN 999 (Approach speed)
EN 292-1 (Saety o machines General design
guidelines)
EN 954-1 (Saety o machines Saety-related
parts o control systems)
EN 60204-1 (Saety o machines Electrical equip-
ment o machines)
Product spectrum
Position switches LS-Series can be used or:
Monitoring protective equipment with hinges,
such as hinged doors, aps, covers etc.
Monitoring protective equipment which can be
moved sideways, or example, sliding doors, pro-
tective screens etc.
Detecting hazardous movements o machine
parts.
Every category can be achieved by using
ABB position switches LS-Series are optimally harmo-
nized with the requirements or the highest degree o
saety and oer the ollowing advantages:
Positive opening o the NC contacts
Version with/without separate actuator
Increased saety using additional latching
(tumbler mechanism)
High degree o protection IP 65/67
Standard enclosure, also in accordance withDIN EN 50047 and 50041
Dierent actuators
Electrically insulated contacts with moving doub-
le contacts.
Position switches LS-Series are supplied with
separate actuators or without actuator. The actuator
elements are shown or the particular switch types.
Positive opening operation o the contacts
(EN 60947-5-1)
Positive opening operation is specifed in accordance
with DIN VDE 0660 Part 200 and is the same as IEC
947-5-1-3 and EN 60947-5-1.
For the electrical equipment o machines, the positive
opening o NC contacts is expressively speciied in
all saety circuits. It is designated according to IEC
947-5-1-3 by the ollowing character (personnel
protective unktion).
-
8/6/2019 1SAC103201H0201
32/88
32 1 SAC 103 201 H 0201
Push buttonsPosition switches
Product spectrum
Plastic casing
Double casing
IP 65 protection degree
Complying with:
EN 50047 standard or 30 mm width 1 cable
conduit Pg11
EN 50041 standard or 40 mm width 1 cabel
conduit Pg13.5
Metal casing
IP 66 protection degree
Complying width
EN 50041 standard or 40 mm width 1 cableconduit Pg 13.5
Without normalisation or 60 mm width 3
cable conduits Pg 13.5
Actuators
Saety key, plunger, roller plunger, roller lever,
adjustable lever, or spring rod
Contact blocks
Two electrically separated moving contacts,
Zb shape Snap action or slow contact dependent action
Positive opening operation o N.C. contact(s)
The limit switches are delivered completely as-
sembled, ready or installation.
Many variants (Casing, actuators or contact blocks) are
available on request.
Foot switches
Foot switches with cover
Double insulation
IP 65 protection degree
Actuation: ree movement; locked in normal posi-
tion; latched in low position
Mini oot switches
IP 40 protection degree
Free movement
-
8/6/2019 1SAC103201H0201
33/88
1 SAC 103 201 H 0201 33
Advant Controller 31-S
-
8/6/2019 1SAC103201H0201
34/88
34 1 SAC 103 201 H 0201
Advant Controller 31-SSave intelligence
A control or saety and restart unctions
The Advant Controller 31-S can be used to design and
standardise small, decentralised control units. With
a control centre, the saety and restart unctions are
supported simultaneously. Saety signals are locally
linked with the saety control centre via the AC31 sa-
ety feld bus.
Certifcation
The Advant Controller 31-S is certifed to international
standards:
DIN V 19250: Basic saety issues or control and
instrumentation protective devices Requirements
category (AK) 1-4
EN 954-1: Saety o machines, Category 3
DIN VDE 0116: Electrical equipment or burner
systems. Requirements or saety-oriented elec-
tronic components, Item 8.7
DIN EN 298: Automation equipment or urnaces
or gas burners and gas units with and without
blower, Items 8, 9 ,10
NFPA 8501: Standard or boiler unctions with a
burner
NFPA 8502: Standard or the prevention o urnace
explosions/implosions in boilers with several
burners
Areas o application
The Advant Controller 31-S is a saety-orientated con-
trol system which is suitable or a diverse range o uses
in plant and machines. Typical applications are e.g.:
Burner and boiler controls
Fuel engineering, gas consumption equipment
Storage and conveying equipment, mixing tech-
nology
Machine manuacture, e.g. or printing and pac-
kaging machines
Construction and container cranes
Plant manuacture, environmental engineering
Road tra c signal systems, tunnel construction
Process locks and saety devices
System topology with modular construction
AC31 Safety Fieldbus
AC31-S Controller
E/A Module
0 V +24 V +
-
8/6/2019 1SAC103201H0201
35/88
1 SAC 103 201 H 0201 35
Advant Controller 31-SSystem data
Saety-oriented automation device or programming sotware 907 PC 33/331/338
Type 07 KT 94-S 07 KT 93-S
Order number GJR 525 2100 R 2161 GJR 525 1300 R 2171
Weight per item 0.25 kg 0.25 kg
Programm memory 480 kbyte 56 kbyte
Processing time 0.2 ms 0.7 ms(35% word, 65% bit)
Integrated digital I/O 24/16/8 24/16
Decentralised digital I/O max. 992 max. 992
Integrated Al (not-S) 8 (10 V, 5 V 0 10 V, 0 5 V0 20 mA, 4 20 mA
50 C + 400C30C + 70Cor as DI)
Integrated AO (not-S) 4 (10 V, 0 20 mA 4 20 mA or as DO)
Decentralised analogue I/O max. 96/96 max. 96/96
MODBUS connection 2 x integrated via coupler
ARCNET connection integrated integrated
Integrated safety field bus AC31 safety field bus AC31 safety field bus
Smart Media Card Secures user program and data
Sequencers per 16 steps 128 128
Number of times free via software free via software
Number of counters free via software free via software
Real time clock 1 1
Supply voltage 24 V DC 24 V DC
Safety field bus AC31 safety field bus, RS 485-BUS, 2 wire cable (twisted, screened)max. 31 in-situ modules, max. cable length 500 m (2000 m with Re-peater), also via optical fibre (via converter) Cycle time for 31 modu-les with 8 digital inputs or outputs: 12 ms
Mechanical construction Modules in plastic enclosure, fixing via top-hat rail 35 mm to DINEN 50 022 or using screws on assembly panel
Diagnostics Cycle monitoring, battery monitoring, identification of syntax errors,check sum monitoring
Dimensions (W x H x D) 240 x 140 x 85 mm 240 x 140 x 85 mm
COM1
COM2
5
230
230240
65
130
140
65
170
111
Depth of device: 85 mmCOM 1 interface jack isplaced lower so that therequired installation depthdoesnt increase even forplugged in interfacecables. If top-hat rails areused the installationdepth increases by theoverall depth of the rails.
(Dimensions for assemblydrill holes are printed inbold type.)
-
8/6/2019 1SAC103201H0201
36/88
36 1 SAC 103 201 H 0201
Advant Controller 31-SSaety-related input/output modules
Programming and test sotware, additional package
Type 07 DI 90-S 07 DO 90-S 07 Al 90-SSafe inputs Safe outputs Safe analogue inputs
Order number GJR 525 0900 R 0202 GJR 525 0800 R 0202 GJR 525 1200 R 0202Weight kg 0.25 0.25 0.25
Number of digital channels 8 8
Number of analogue inputs 4
Supply voltage 24 V DC 24 V DC 24 V DC
Signal level/Measuring range Short circuit after ZP: 0-Signal: 0 3 V 4 20 mA0 15 % of UP 1-Signal: > UP 2.5 V Error message Range -(0 3.6 V at UP = 24 V) Monitoring 0-Signal: underflow: if input current0-Signal: 1535% of UP Output level > 8 V (5 V typical) < 3.6 mA(+ 3.6 8.4 V at UP = 24 V) at starting state 0 (0-Signal) Error message overrange:undefined level: lead to internal error if input current > 20.4 mA35 65 % of UP (device switches off)(+ 8.4 15.6 V at UP = 24 V)
1-Signal: 65 85% of UP(+ 15.6 20.4 V at UP = 24 V)Short circuit after UP:85 100 % of UP(+ 20.4 24,0 V at UP = 24 V)
Potential separationagainst system bus yes yes yes
Number of modules per line max. 8 max. 16 max. 6
max. switching currentof the transistor outputs 0.5 A, short-circuit proof
Resolution 12 bit
Dimensions 120 x 140 x 85 mm 120 x 140 x 85 mm 120 x 140 x 85 mm
65
130
65
140
94
120
20
85
25
111
75
5
94
Depth of device: 85 mmIf top hat rails are used,the installation depthincreases by the overalldepth of the rails.
(Dimensions for assemblydrill holes are printed inbold type.)
Type 907 PC 33 907 PC 331 907 PC 338 907 PC 339
Order No. German GJP 520 3900 R 0302 GJP 520 4500 R 0402 GJP 520 6700 R 0102 GJP 520 7500 R 0102
English GJP 520 4000 R 0302 GJP 520 4600 R 0402 GJP 520 6800 R 0102 GJP 520 7600 R 0102
Description Programming and test Programming and test Additional package of Additional package of
software General des- software in AWL, FBS, safety functions for safety functions forcription of the program- KOP, system-specific 07 KT93-S incl. 07 KT94-S incl.ming interface exc l. soft - part inc l. software on safety manual safety manualware disc, documentation(SW s. 907 PC 331)
-
8/6/2019 1SAC103201H0201
37/88
1 SAC 103 201 H 0201 37
Saety control devices
-
8/6/2019 1SAC103201H0201
38/88
38 1 SAC 103 201 H 0201
Saety control devicesRules or application
Saety Combinations types C 57x und C 581
The complete program o saety combinations has been
especially designed or the requirements o state-o-
the as saety technology. Saety combinations can be
simply used to confgure saety circuits, as the devices
ulfll EN 60204-1 (VDE 0113 Part 1) and are certifed
by the German Trade Association (BG), German Sta-
tutory Industrial Accident Insurance Association (BIA)
and the Swiss Accident Insurance Institution (SUVA).
Applications
Saety combinations cover wide range o possible
applications. These include monitoring EMERGENCY-
STOP and protective door devices. It is also possible to
monitor press control systems.
Saety Combinations tend to be used or some-what
less complex saety circuits as conventional switching
technology used with electromechanical contacts. Sa-
ety circuits using PLC technology (Advant Controller
31-S) can be used or more complex plants and sy-
stems with a high unctional scope (e.g. with a diagno-
stics unction when an EMERGENCY OFF is initiated). A
ail-sae Advant Controller 31-S is requently used i a
Advant Controller is used or the non-saety-relevant
control o the plant or system.
Positively-driven contacts, a plus or saety
Relays are oten used or saety circuits. The special
eature o ABB saety combinations is the act that con-
tactors or saety relays use positively driven contacts. In
this case, ABB oer two Versions o saety combinati-
ons, and more specifcally, using contactors (CC 570) or
relays (C 571C 581).
Contactor-type saety combinations (C 570)
Contactors have a high switching capacity. For sa-
ety combinations, rated operating currents o
6 A are possible or AC-1, and or DC-13, up to6 A, and a thermal continuous current up to 10 A.
This is also valid up to 55C when mounted in a ca-
binet without having to derate the devices. With this
perormance data, you can optimally confgure every
saety circuit, and it is even possible to switch smaller
drives directly using a saety combination. With a
saety combination, additional main contactors are
not required to switch higher ratings. That naturally
saves costs.
Furthermore, high switching currents also mean more
saety and saety combinations use auxiliary contactors
with an extremely high contact reliability. Statistically,only 1 contact ault occurs every 100 million switching
operations. These low ault statistics signifcantly in-
crease the plant availability.
Relay-type saety combinations(C 571C 581)
In recent years, the trend in low-voltage technology
has been towards miniaturization o the switching de-
vices. With newly-developed, smaller devices, it was
possible to increasingly accommodate more unc-
tionality in a cabinet. It was thereore a logical step
that when it came to saety technology, that there
would also be demand or smaller, more compact sa-
ety combinations. ABB ulflled this enhanced saety
demand by using space-saving saety relays with po-
sitively-driven contacts. These saety relays switch so
that they are intrinsically ail-sae. In this case, 2 con-
tacts, which are independent o one another, have to
be switched in series; normally so-called NO contacts
o monostable relays are used. I a contact was to weld,
then the 2nd contact, connected in series, is used to
disconnect the circuit. A positively-driven NC contact
is used to signal the ault, in this case the welded NO
contact. This NC contact is actuated in synchronism
with the NO contact. For example, i the NO contact
is closed, then the NC contact, which is provided or
monitoring, must be open and vice versa. Using these
paired, positively-driven contacts, it is ensured that
the saety relay also drops-out, i all o the contacts o
the circuit to be protected are welded.
With this new-type o contact arrangement, the saety
relay has positively-driven contacts, which are testedand recognized by SUVA and which ully conorm to
Standard ZH1/457.
The relay saety combinations C57x and 581 can be
used in ambient temperatures o up to 60C, up to
70C with some restrictions when mounted in-line.
Many switching unctions can be implemented using
the series o C 57x and 581 saety combination. The
ollowing program overview shows the spectrum o
devices available:
-
8/6/2019 1SAC103201H0201
39/88
1 SAC 103 201 H 0201 39
Saety control devicesRules or application
The saety combinations Series C 57x and C 581 con-
sist o:
Basic units Expansion units, and
Press-control units.
Basic units
These are used to saely monitor EMERGENCY OFF
devices and protective doors. The basic units have,
in addition to instantaneous enabling contacts, also
o-delayed enabling contact