raotm 2019 – t16 – ease your machine safety application design · root cause analysis let’s...

PUBLIC PUBLIC

Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 1

RAOTM 2019 – T16 – Ease Your Machine Safety Application Design Rajendran A Menon Product Manager – Safety, Sensing & Connectivity Business FS Eng (TUV Rheinland , #4597/11, Machinery) 22nd Jan 2019

Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 2 PUBLIC

Agenda

Rockwell Safety Solutions Rockwell Safety Solutions

System Validation

The Functional Safety Lifecycle The Functional Safety Lifecycle

Safety Functions

Agenda

The Functional Safety Lifecycle

Trends in Manufacturing Safety

System Validation

Safety Functions

Verification of Performance Level

PUBLIC

Rockwell Safety Solutions

Summary


Safety Trends

3

Safety as a Core System Function !! Safety as a Key Differentiator:

!! Global Compliance – Global Machines !! Reduced Costs & Common Designs !! Increased Productivity –

!! Systematic MTTR Reduction !! Improved Competitiveness

!! Reduced Floor Space and Direct Labor !! Improved Ergonomics !! Reduced Injuries!

Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 4 PUBLIC 4

Safety as a Core System Function!But How?

!! New Tools: !! Emergence of Global Specifications – ISO, IEC

!! Standard Machine Designs that are Globally Compliant !! New Safety Technologies – Tools for Improved

Machine Performance !! New Design approaches – Passive, Configurable and Lockable

!! “Design-In” Safety for user-friendly machines !! A Systematic Design Approach is Required. !! These systems don’t just happen!

!! The Rigor of The Functional Safety Lifecycle – Safety By Design

Safety is a “Way of Life”


5

Functional Safety Lifecycle

STEP 5 MAINTAIN & IMPROVE

SAFETY SYSTEM

STEP 1 RISK OR HAZARD

ASSESSMENT

STEP 4 SAFETY SYSTEM INSTALLATION &

VALIDATION STEP 3 SAFETY SYSTEM

DESIGN & VERIFICATION

STEP 2 SAFETY SYSTEM

FUNCTIONAL REQUIREMENTS

MAINTAIN & IMPROVE SAFETY SYSTEM RISK OR HAZARD RISK OR HAZARD RISK OR HAZARD

ASSESSMENT

STEP 4 STEP 4 SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM INSTALLATION &

STEP 2 STEP 2 SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM

FUNCTIONAL

Functional Safety Lifecycle


Risk Assessment – The Foundation

!! Provides Safety Performance Level – Design Target !! Creates the Foundation of the Safety System Functional

Requirements, System Design and Validation Protocol. !! Shows “Due Diligence” and Global Compliance (Ref. ISO 12100)

Steps Include: "! Identification of Cross-

Functional Team "! Determination of Machinery

Limits & Functions "! Identification of Tasks &

Associated Hazards "! Risk Estimation & Evaluation "! Risk Reduction and Mitigation "! Documentation


Hierarchy of Risk Reduction Measures

Design it out

Fixed enclosing guard

Monitoring Access / Interlocked Gates

Awareness Means, Training and Procedures (Administrative)

Personal protective equipment

Most Effective

Least Effective

Hierarchy of Protective Measures


Safety Functional Requirements Specification

!! Define and Document the Functional Requirements !! What is the Safety Level Required? (Performance Level) !! What does the Safety Function do under all Modes of Operation? !! What is the Triggering Event? Resetting Event? !! What is the Span of Control? !! Frequency of Actuation? !! Response Time Requirements? !! Priority of SF’s?

!! Document the Fault Behavior !! How do the SF’s behave in the presence of Faults and Failures? !! How are Faults and Failure Annunciated? !! Coordination with Standard Machinery Functions? !! Resetting after Faults & Failures?


Inputs Logic Outputs + + = Complete Safety Function

Safety Functions are a combination of input, logic and output devices

Safety Function Definition


!! Considerations: !! What Safety Level is indicated by the Risk Assessment? !! Fixed or Movable Guard? !! Interlocked Guard? Coded Guard? !! Guard Locking Required? !! Do you need a Separating or Non-Separating Guard? !! What are the Geometry Considerations?

Input Device Selection


Safety Relays •! Standard I/O up to 40 I/O •! 1 Zone •! Local/Hardwired I/O •! Simple Safety Logic •! 1 to 2 dual channel Inputs •! Diagnostic by LED’s Safety Controllers & Expandable

Relays •! Standard I/O up to 150 I/O •! 1 to 3 Zones •! Local & Distributed I/O •! Simple & Complex Safety Logic •! 10 to 20 dual channel Inputs •! Basic Diagnostics through PLC

Safety PLCs •! More Than 3 Zones •! Distributed I/O •! Simple & Complex Safety &

Standard Logic •! More than 10 dual channel •! More than 10 dual channel Inputs •! Advanced HMI Diagnostics

Logic Selection Guidelines


Safety Servo’s Safety VFD’s Safety Contactors

Safety Contactors and safety control relays are used for simple on/off control.

Safety Drives have 2 types.

•! Variable speed drives with Safe-off functionality.

•! Safe-speed drives that monitor and control speed.

Safety Servo Systems

•! Variable speed •! Safe-speed •! Safety position •! Safe direction •! Safety Acceleration •! Safe Deceleration

Output Device Selection

Safety output control ranges from simple control to advanced control depending on the functionality requirements


Safety Function - Performance Level


Safety Functions: Characteristics & Block Diagram

!! Typical safety function diagram

!! The machine designer shall select an architecture – circuit structure

!! Cat B, 1, 2, 3 or 4 !! Determine MTTFd for the Channel !! Calculate Diagnostic Coverage (DC) !! Evaluate Common Cause Failure Protection !! Determine Performance Level – PLr =< PL? This is Verification.

INPUT LOGIC SOLVING OUTPUT

Sensing element

Final element or actuator Control element


Determine Category - Circuit Structure

15

Indicates monitoring on demand Indicates continuous monitoring

& B


Determine MTTFd for each channel


Determine Diagnostic Coverage - DC

dangerous, remains undetected (du)

Failure safe (s)

dangerous (d)

dangerous, but detected before it can result in a hazard (dd)

DC = Failure rate of the detected dangerous failures (!dd) Failure rate of all dangerous failures (!d)

Denotation of DC Level of DC

None DC < 60%

Low 60% " DC < 90%

Medium 90% " DC < 99%

High 99% " DC

All products fail. How well can we detect the dangerous failures?


Determination of CCF - Annex F Separation / Segregation Score

Physical separation between signal paths: Separation in wiring/piping, sufficient clearance and creepage distances on printed-circuit boards

15

Diversity

Different technologies/design or physical principles are used, for example: first channel programmable electronic and the second channel hardwired, etc.

20

Design / application / experience

Protection against overvoltage, overcurrent, over-pressure, etc. 15

Components used are well-tried 5

Assessment / analysis

Are the result of a failure mode and effect analysis taken into account to avoid common cause failures in design? 5

Competence / training

Have designers / maintainers been trained to understand the causes and consequences of common cause failures?

5

Environmental

Prevention of contamination and electromagnetic compatibility (EMC) against CCF in accordance with appropriate standards? Electric systems: Has the system been checked for electromagnetic immunity, e.g. as specified in relevant standards against CCF?

25

Other influences: Have the requirements for immunity to all relevant environmental influences such as temperature, shock, vibration, humidity (e.g. as specified in the relevant standards) been considered?

10 65


Determine Performance Level

19

Figure 5 ISO 13849 PLr =< PL?


Validation Testing

!! The standards require a documented Verification & Validation plan.

!! Verification and Validation plans include: !! Installation & Wiring verification !! Operational Verification & Validation !! Network Verification & Validation !! Controller Verification & Validation

!! Includes: !! Functional Testing !! Fault Injection Testing


Safety Checklists and Validation

Safety Checklists Sample checklists to help users develop verification and validation checklists. These checklists guide you through the evaluation process. !! Safety Services !! Safety Functions !! GuardLogix® users manuals

Copyright © 2012 Rockwell Automation, Inc. All rights reserved.

World’s Broadest and Most Complete Machine Safety Automation Portfolio

Scaled

Connectivity Inputs Logic Outputs Connectivity

All safety automation solutions require input, logic and output elements with the correct connectivity to complete a compliant “safety function”.

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION PUBLIC INFORMATIONPUBLIC INFORMATIONPUBLIC INFORMATION 24

Today connectivity is possible at all levels from relays to integrated controllers.

Software Configurable Hardware Configurable

Integrated Safety

Hardware Configurable

CIP Safety

End Packing Machine 3 was stopped by Operator at

Main Console. Bottling Machine 1 Door 2 has a low margin indication. Door 2

Closed position has moved by 5mm in last 45 minutes

Door 2 Opened at 4:30am. Door 2

sensor has reached end of life

Door Opened

at 4:30am

Filling Machine 1 Zone 1 was stopped by

Open door request. All safety devices in Zone 1 are in sleep mode.

Zone 2 and 3 will continue to run.

This connectivity in the beginning of the Connected Enterprise.

Light Curtain on Palletizer 2 has an internal recoverable fault.

We found a recent Tech Note on this fault and a new firmware

revision. Would you like to view the Tech Note or would you like

to Chat with Tech Support?

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION PUBLIC INFORMATIONPUBLIC INFORMATIONPUBLIC INFORMATION 25

New technology / products + GuardLink, EtherNet/IP based new products

New in 2018!


Root Cause Analysis

Let’s look at how we can use safety data to improve productivity.

Added Safety Data Existing Line Stop Data Added Networked Safety System

Networked Production Line

Reduced downtime & increased productivity

Corrective Active


Safety System Design Tools

27

Safety Function

s

Safety Functions Program The Safety Functions Program is building block approach to designing safety systems. Each building block has a complete documentation package that includes a description of each safety function, an electrical schematic, a bill of material, a SISTEMA verification calculation and a verification and validation plan.

Safety Accelerato

r Toolkit

Safety Accelerator Toolkit This toolkit provides easy to use system design, programming, and diagnostic tools to assist you in the rapid development and deployment of your safety systems using GuardLogix, Compact GuardLogix, or SmartGuard 600 Controllers, Guard I/O, and Safety Devices. The toolkit includes a risk assessment and system design guide, hardware selection guide, CAD drawings, safety logic routines, and operator status and diagnostic faceplates.

Connected Component

s BB

Connected Components Building Blocks These building blocks are tools that help customers develop safety solutions that utilize component class safety solutions. These building blocks include sample programs, electrical schematics and configuration documents that help in the configuration and start-up of safety systems.

SAB Safety Automation Builder The Safety Automation Builder software package that allows users to import images of their machines. Users can identify hazardous access points and the associated hazards in order to develop a list of safety products that will be used to mitigate the risk. This gives the customer a complete drawing, a bill of material and SISTEMA calculation.


!! Assessments !! Arc Flash Analysis !! Risk Assessment !! Hazard Assessment !! Safety Audit

!! Validation !! Safety circuit analysis !! Machine stop time services !! Conformance audits !! Safety system validation

!! Compliance Consulting !! CE conformance !! Functional safety (i.e., ISO

13849-1 and IEC 62061 ISO, ANSI, IEC, CE, OSHA, NFPA, CSA, AS

Supported World Wide by Safety Professionals

Safety Services Portfolio

To Schedule or Obtain Information on Safety Services, Contact your local distributor or Rockwell Automation Sales Office

!! Training !! Safety product

training !! Safety standards

training !! Arc Flash training !! TUV Certification

training

!! Integration / Start Up !! Circuit/logic design !! Installation !! Arc flash remediation !! MCC arc flash

upgrades !! Project Management


Rockwell Automation Solutions Machine Safety Lifecycle & Services

Copyright ©

2007 Rockw

ell Automa

tion, Inc. All rights

reserved.

29

STEP 5 MAINTAIN & IMPROVE SAFETY SYSTEM

STEP 1 RISK OR HAZARD ASSESSMENT

STEP 4 SAFETY SYSTEM INSTALLATION & VALIDATION

STEP 3 SAFETY SYSTEM DESIGN & VERIFICATION

STEP 2 SAFETY SYSTEM FUNCTIONAL REQUIREMENTS

Safety Life Cycle

RISK OR HAZARD RISK OR HAZARD RISK OR HAZARD ASSESSMENT Risk Assessment

Guarding Evaluation Conformity Audit

STEP 2 STEP 2 SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM FUNCTIONAL

Functional Specification Stop Time Calculation

STEP 3 STEP 3 SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM DESIGN & VERIFICATION

Safety Circuit Design Stop Time Measurement Safety Circuit Analysis

STEP 4 STEP 4 SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM INSTALLATION & VALIDATION

Validation Services Stop Time Measurement Safety Circuit Analysis

STEP 5 STEP 5 MAINTAIN & IMPROVE MAINTAIN & IMPROVE MAINTAIN & IMPROVE SAFETY SYSTEM Functional Safety Training


Summary !! Safety Standards, Design Methods and Technologies define Contemporary

Safety Systems. !! The Functional Safety Lifecycle outlines the Critical Activities. !! Safety Functions have Systematic Characteristics critical to their ability to

Reduce Risks. !! The Analysis of Designs (Verification) and Testing of our Installations

(Validation) help document Compliance. !! Well Engineered Safety System can help reduce Floorspace, Direct Labor,

and Reduce MTTR.

raotm 2019 – t16 – ease your machine safety application design · root cause analysis let’s...

Documents