s.steele functional safety ppt
TRANSCRIPT
Introduction to Functional Safety ISO 13849 and EN 62061
Module T3A specialist technical Training module from the Machine Safety training series
27.9.13 Replaces None Created by S.Steele
Why are we doing this?
The EU Machinery Directive (98/42/EC), As a European law, defines the targeted levels of Machine Safety.
Compliance with machinery directive is necessary to get the CE mark, and to Allow the free circulation of machinery
within the European Union.A new version will be effective at the end of 2009
The European harmonised standards Established technical specifications which comply with the
requirements of the related directives.Compliance with European Harmonised standard give compliance
with the related directive
Comply with the European harmonized Standards is the simplest way to comply with the Machinery Directive
European legislation and the standards
Why are we doing this? European legislation and the standards
If you are creating a complex assembly by interlinking a series of existing machines you are in effect creating
something new. • Therefore who ever is carrying out the work must ensure
that the whole assembly complies with the Directive. • Regardless of the age of the machines.
• If you are altering the function or performance of a machine or complex assembly you are again creating something new and must ensure that the Directive is
complied with.
Before we begin The TerminologyStandard types: A-B1-B2-C
Design architecture categories: B-1-2-3-4(PL) Performance level: A-B-C-D-E(SIL ) safety integrity level : 1-2-3-4
(CCF) Common cause failurefailures of different items, resulting from a single event, where these failures are not consequences of eachother
(SRP/CS) Safety-related part of a control systempart of a control system that responds to safety-related input signals and generates safety-related outputSignals
(MTTFd ) Mean time to dangerous failureexpectation of the mean time to dangerous failure
(DC) Diagnostic coveragemeasure of the effectiveness of diagnostics
Standards overview Safety circuit design
On the basis of the risk assessment, the designer has to define the safety related control system. To achieve that, the designer will chose one of the
two standards appropriate to the application:either standard EN/ISO 13849-1, which defines performance levels
(PL)or standard EN/IEC 62061, which defines safety integrity levels (SIL)
The table below gives relations between these two definitionsTo select the applicable standard, a common table in both standards gives
indications:
-
d
Standard EN/ISO 13849-1
• The Standard gives safety requirements for the design and integration of safety-related parts of control systems, including software design.
• The Risk Graph helps to determine the required PL (Performance Level) of each safety function
– S - Severity of injury> S1 Slight injury> S2 Serious or permanent injury or death
– F - Frequency and / or exposure to a hazard> F1 Seldom to less often and / or short time> F2 Frequent to continuous and / or long time
– P - Possibility of avoiding the hazard or limiting the harm> P1 Possible under specific conditions> P2 Scarcely possible
Standard EN/IEC 62061
• Specific to the machine sector within the framework of EN/IEC 61508:– gives rules for the integration of safety-related electrical, electronic and electronic programmable control
systems (SRECS)– does not specify the operating requirements of non-electrical control components in machine (ex.: hydraulic,
pneumatic)
• The probability of failure associated to the required SIL (Safety Integrity Level) depends on the frequency of usage of the safety function to be performed
Safety of Machineryapplication
EN/IEC 62061
Introduction to Functional Safety The standard EN ISO 13849
A basic std
EN ISO 12100Fundamental notions,Design main principles
EN 693hydraulic Presses
EN 692Mechanical presses
C specific class of machines
EN 1088Locking devices
EN 953Fixed and mobile protectors
EN/ISO 13850:2006Emergency
Stop equipment
EN 574Bi-manual
command devices
B2 safety devices
EN 1050 = EN/ISO 14121Risk assessment
EN 954-1 = ISO 13849-1:1999 EN ISO 13849Safety of machinerySafety-related part of ctrl sys
EN 60 204-1Machines electrical
equipment
EN 294 and 999Safety distances
B1 specific safety aspect
The 13849 standard
Parts of machinery control systems that are assigned to provide safety functions are called safety-relatedparts of control systems (SRP/CS) and these can consist of hardware and software and can either beseparate from the machine control system or an integral part of it. In addition to providing safety functions,SRP/CS can also provide operational functions (e.g. two-handed controls as a means of process initiation).
The ability of safety-related parts of control systems to perform a safety function under foreseeable conditionsThey are allocated one of five levels, called performance levels (PL). These performance levels are defined in terms of probability of dangerous failure per hour .
The probability of dangerous failure of the safety function depends on several factors, including hardware and software structure, the extent of fault detection mechanisms [diagnostic coverage (DC)], reliability ofcomponents [mean time to dangerous failure (MTTFd), common cause failure (CCF)], design process,operating stress, environmental conditions and operation procedures.
Safety Control function
Working example
Who is the designer who is the manufacturer?
We are as we are upgrading the control system
Is this a significant change to line 2 filler as defined in the directive?
No as we are not changing the functionality technically but we are improving the existing controls .
So re-CE Marking is not required
Working example Electrical control system upgrade
Note: Under PUWER assessment the electrical control system does not comply with BS EN 60204 Ref: General electrical requirements(Enacted in 17th edition).
Integrity assessment First step
Integrity assessment First step Alternative PL Tools
SISTEMA Software PL Calculation Tool
SISTEMA is a software tool for the implementation of EN ISO 13849-1. Its use will greatly simplify the implementation of the standard.
SISTEMA stands for "Safety Integrity Software Tool for the Evaluation of Machine Applications" It was developed by the BGIA in Germany and is free for use.
Second stepSAFETY FUNCTION DESIGN
Performance Level Data: When configured correctly, the safety system can achieve a safety rating of PLd, Cat. 3 according to EN ISO 13849.1 2008.
When modeled in SISTEMA, each safety E-stop string is treated as an individual safety function and can be modeled as follows. This diagram shows a single E-stop safety function. Calculations are based on 1 operation of the E-stop per month, with 12 operations per year; therefore 36 operations of contactors per year. The Diagnostic Coverage (Dcavg) is reduced to 60% for the E-stops because they are connected in series. SISTEMA File:
Subsystem 2 Subsystem 3Subsystem 1
EStopCh. 1
EStopCh. 2
SR1
K1
K2
Second stepSAFETY FUNCTION DIAGRAM
Process stop other equipment
Third step
PL FUNCTION VALIDATION OF DESIGN FOR THE SAFETY CONTROL SYSTEM
Function design Validation(Refer to training module T2 for EOL Tool kit to undertake assessments and validation of circuit designs)
First part Identifies the control systems required and their PL requirement
Each section is taken individual and circuit function generated to achieve PL requirement
Working exampleelectrical drawings Emergency stop
PONZ S4
PONZ S7
Working exampleelectrical drawings main drive inverter
Safety Relay activation
Working exampleDrive inverter Technical details
Working exampleDrive inverter Technical details
Working example
Working example
Old machinery in this context are machines which were placed on the market before the Machinery Directive came into force. The requirements of the directive were not applied to these machines. However, its application may become necessary should machines be extended, modified, modernized, etc. In such cases, assess- ment must be made for whether an essential change has occurred. Should this be the case, the requirements of the EC Machinery Directive apply to “old” machines in the same way as to new machinery. These requirements include the application of EN ISO 13849.
Treatment of old machinery
Design categories Architecture Overview
Design architecture and PL Overview
PL
Relationship Between Different Criteria
• Relationship between Categories, DCavg, MTTFd and PL
*In several application the realisationof performance level c by category 1 may not be sufficient. In this case a
higher category e.g. 2 or 3 should
be chosen.
Working exampleExample 1: Emergency stop Safe Stop - Category B, PL b
Design categories example Cat 2 Architecture
EMERGENCY STOP, Category 2 single-channel,with feedback circuit
Working exampleExample 2: Emergency stop with Safe Stop using safety relay - Category 3, PL d
Design category example CAT 3 architecture
EMERGENCY STOP, 2-channel,Category 3
Working exampleExample 3:Emergency Stop of frequency converter with Safe Stop, Safety
Relay and output contactor - Category 4, PL e
Safety Chain Principle for Design
Use devices that comply with safety
standards
Monitor & analyze the information
Safety-oriented signal processing
Catch the information
Safeguarding to protectpeople from hazard
Initializing & control of hazardous machine
Emergency stopoperations
Stop the dangerous machine
Signalling
Disconnectionand locking
power supply
Safe drive technology
Safe signal transmission
Safe connection & communication of functional units or segments
Functional Safety Life Cycle
Safety Life Safety Life CycleCycle
STEP 5STEP 5MAINTAIN & IMPROVE
SAFETY SYSTEM
STEP 1STEP 1RISK OR HAZARD
ASSESSMENT
STEP 4STEP 4SAFETY SYSTEM INSTALLATION &
VALIDATION
STEP 2STEP 2SAFETY SYSTEM
FUNCTIONALREQUIREMENTS
(Confidenti
al – For
Internal
Use Only) Copyright
© 2012 Rock
well Auto
mation,
Inc. All
rights reserved.
38
STEP 3STEP 3SAFETY SYSTEM
DESIGN & VERIFICATION
Other Modules in the S.Steele specialist technical Training module seriesT1 Introduction to EU Directive & Harmonization standardsT2 EHSR Compliance & EOL Tool kitT3 Functional safety of control system designT4 Guarding fixed and movableT5 Electrical systemsT6 EMCT7 RobotsT8 Hydraulic T9 PneumaticT10 HP Air systemsT11 EC Marking Equipment
END