View
234
Download
2
Category
Preview:
Citation preview
Drives & Controls 2014 - Functional Safety of Machinery 1
Click to edit
Master text
styles
Functional Safety
Standards for
Machinery
Stewart Robinson
MIET MInstMC
Current Functional Safety Standards for Machinery
TÜV SÜD Product Service Slide 2 Drives & Controls 2014 - Functional Safety of Machinery
• Since 2007 there has been a choice of harmonised standards
to use for Functional Safety in the machinery sector.
• The choices are: – ISO standard EN ISO 13849-1
– IEC standard EN 62061.
• Whilst both standards have essentially the same basic
requirements there are differences in the detail of these
standards.
Current Functional Safety Standards for Machinery
TÜV SÜD Product Service Slide 3 Drives & Controls 2014 - Functional Safety of Machinery
• The intention is that the standards will be combined into a
single standard at some point?
• The new standard will be ISO/IEC 17305
• This presentation will explain some of the techniques and
approaches that can be used now to comply with the current
standards whilst preparing for the introduction of a single
standard.
ISO13849-1 and IEC 62061
4 Drives & Controls 2014 - Functional Safety of Machinery
References
TÜV SÜD Product Service Slide 5 Drives & Controls 2014 - Functional Safety of Machinery
Standards for Functional Safety
Source: BGIA Report 2/2008e
TÜV SÜD Product Service Slide 6 Drives & Controls 2014 - Functional Safety of Machinery
EN ISO 13849-1
Source: BGIA Report 2/2008e
TÜV SÜD Product Service Slide 7 Drives & Controls 2014 - Functional Safety of Machinery
ISO/IEC Technical reports
TÜV SÜD Product Service Slide 8 Drives & Controls 2014 - Functional Safety of Machinery
• Technical reports were issued by both the IEC and ISO in 2010
• ISO/DTR 23849 and IEC/TR 62061-1
• “Safety-related control systems can be designed to achieve acceptable levels of
functional safety using either of the two standards by integrating non-complex
SRECS (safety-related electrical control system) subsystems or SRP/CS (safety-
related parts of a control system) designed in accordance with IEC 62061 and
ISO 13849-1, respectively.
• “Both standards can also be used to provide design solutions for complex
SRECS and SRP/CS by integrating electrical/electronic/programmable electronic
subsystems designed in accordance with IEC 61508.”
ISO/IEC Technical reports
TÜV SÜD Product Service Slide 9 Drives & Controls 2014 - Functional Safety of Machinery
• “Both standards currently have value to users in the machinery sector and
benefits will be gained from experience in their use. Feedback over a reasonable
period on their practical application is essential to support any future initiatives to
move towards a standard that merges the contents of both IEC 62061 and
ISO 13849-1.”
• “Differences exist in detail and it is recognized that some concepts (e.g.
functional safety management) will need further work to establish equivalence
between respective design methodologies and some technical requirements.”
TÜV SÜD Product Service
IEC 62061 and ISO 13849 A cross reference guide
1 Concept
3 Hazard and risk analysis
4 Overall safety requirements
5 Overall safety requirements
allocation
2 Overall scope definition
Phases 1-5
Phases 6-16
This guide sets out to explain where the details for different safety lifecycle activities can be found in the standards for the Machinery Sector: IEC 62061 and ISO 13849. The overall safety lifecycle model contained in IEC 61508 has been used as the reference point.
To navigate click on one of the buttons below and then click on an individual phase
9 E/E/PE system safety requirements specification
10 E/E/PE Safety-related systems
Realisation (see E/E/PE system
safety lifecycle)
6
Overall operation
and maintenance planning
11 Other risk reduction measures
Specification and Realisation
7
Overall safety
validation
planning
8
Overall installation
and commissionin
g planning
Overall planning
12 Overall installation and commissioning
13 Overall safety validation
14 Overall operation, maintenance and repair
16 Decommissioning or disposal
15 Overall modification and retrofit
TÜV SÜD Product Service
Home Phases
1-5 Phases
6-16
5
Objectives To allocate the safety functions, contained in the specification for the overall safety requirements (both the safety functions requirements and the safety integrity requirements), to the designated E/E/PE safety related systems and other risk reduction measures; To allocate a safety integrity level to each safety function to be carried out by an E/E/PE safety-related system.
IEC 61508
Part 1 Clauses 7.6.1 7.6.2
IEC 62061
Clause 5 5.2.1.3 – Specifications
for each SRCF shall comprise the functional requirement (5.2.3)and
the safety integrity requirement (5.2.4)
ISO 13849
Clause 4 4.2.2 – For each safety
function the characteristics and the required performance level shall be specified
Overall safety requirements allocation
EN ISO 13849-1 Annex A risk graph
TÜV SÜD Product Service Slide 12 Drives & Controls 2014 - Functional Safety of Machinery
SIL Assignment Matrix
TÜV SÜD Product Service Slide 13 Drives & Controls 2014 - Functional Safety of Machinery
• Probability of occurrence of harm (Cl)
Cl = Fr + Pr + Av
Frequency
Fr
Probability of occurence
Pr
Avoidance
Av
≤ 1 per hr 5 Common 5
<1 per hr to ≥ I day 5 Likely 4
< 1per day to ≥ 1 per 2 weeks 4 Possible 3 Impossible 5
< 1 per 2 wks to ≥ 1 per yr 3 Rarely 2 Rarely 3
< 1 per yr 2 Negligible 1 Likely 1
PLr Determination by matrix
TÜV SÜD Product Service Slide 14 Drives & Controls 2014 - Functional Safety of Machinery
Consequences Severity Class Cl
4-5 6-7 8-9 10-11 12-13 14-15
Death, losing
an eye or arm 4 PLc PLc PLd PLd PLe PLe
Permanent,
losing fingers 3 PLc PLc PLc PLd PLd PLe
Reversible,
medical attn. 2 PLb PLb PLb PLc PLd PLd
Reversible, first
aid 1 PLa PLa PLb PLb PLc PLc
May require recalibration!
For discussion/consideration
PL and SIL
TÜV SÜD Product Service Slide 15 Drives & Controls 2014 - Functional Safety of Machinery
EN ISO 13849-1
Performance Level
(PL)
Average
probability of a
dangerous failure
per hour [1/h]
EN 62061
Safety Integrity
Level (SIL)
a ≥ 10-5 to < 10-4 no special safety
requirements
b ≥ 3 x 10-6 to < 10-5 1
c ≥ 10-6 to < 3 x 10-6 1
d ≥ 10-7 to < 10-6 2
e ≥ 10-8 to < 10-7 3
TÜV SÜD Product Service
Home Phases
1-5 Phases
6-16
10
Objectives To create E/E/PE safety related systems conforming to the specification for the E/E/PE system safety requirements (comprising the specification for the E/E/PE system safety functions requirements and the specification for the E/E/PE system safety integrity requirements).
IEC 61508
Part 1 Clauses 7.11.1; 7.11.2
Part 2 for Hardware Part 3 for Software
IEC 62061
Included in Clause 6. Control of systematic faults is part of this
clause. SRECS architecture is
described by subsystems detailing Hardware Fault Tolerance and Diagnostic
Coverage
ISO 13849
Clause 4.4 gives the overall requirements.
Clause 6 describes designated architectures as categories (B, 1 – 4).
Categories state the required behaviour of a SRP/CS in respect of it’s resistance to faults etc.
Realisation – Hardware design
EN ISO 13849-1 Categories
Designated Architectures
TÜV SÜD Product Service Slide 17 Drives & Controls 2014 - Functional Safety of Machinery
Cat B & Cat 1
Cat 2
Cat 3 Cat 4
EN 62061 Architectures
TÜV SÜD Product Service Slide 18 Drives & Controls 2014 - Functional Safety of Machinery
Subsystem A Subsystem B
Subsystem C
Subsystem D
PFHD of the Function
TÜV SÜD Product Service Slide 19 Drives & Controls 2014 - Functional Safety of Machinery
The PFHD of the Function is the sum of the PFHD of each of
the SRP/CS (subsystems) that make up the Function
DssnDssDssDssDtotal PFHPFHPFHPFHPFH ....321
Sensor Logic Actuator
Sensor
Sensor
Input Logic Output
Actuator
Actuator
Series alignment of Subsystems
TÜV SÜD Product Service Slide 20 Drives & Controls 2014 - Functional Safety of Machinery
DactuatoricDDsensorDtotal PFHPFHPFHPFH log
SIL or PL
PFH Verification
TÜV SÜD Product Service Slide 21 Drives & Controls 2014 - Functional Safety of Machinery
DeDeDeDssD TDCT
DC })]1([2
]2{[)1( 1
222 2
hPFH DD 1
8760
1
d
DMTTF
PFHCategory 1
Or
Subsystem A
Subsystem D
Verification by software – Object types
SISTEMA recognizes seven different types of objects.
These can be regarded as the building- blocks from which a project is created.
TÜV SÜD Product Service Slide 22 Drives & Controls 2014 - Functional Safety of Machinery
IFA SISTEMA – PL – EN ISO 13849-1
TÜV SÜD Product Service Slide 23 Drives & Controls 2014 - Functional Safety of Machinery
Pilz PAScal – SIL – EN 62061 (and PL – EN 13849)
TÜV SÜD Product Service Slide 24 Drives & Controls 2014 - Functional Safety of Machinery
Out of control
Why control systems go wrong and how to prevent failure?
(Out of control, 2nd edition 2003, Health & Safety Executive HSE – UK)
TÜV SÜD Product Service Slide 25 Drives & Controls 2014 - Functional Safety of Machinery
Systematic failure
• Failure related in a deterministic way to a certain cause, which can only be
eliminated by a modification of the design or of the manufacturing process,
operational procedures, documentation or other relevant factors
– the safety requirements specification,
– the design, manufacture, installation, operation of the hardware, and
– the design, implementation, etc., of the software.
• Further information can be found in:
– EN ISO 13849-1, in particular in Annex G
– EN 62061, in particular Clause 6.4
TÜV SÜD Product Service Slide 26 Drives & Controls 2014 - Functional Safety of Machinery
Check Lists
TÜV SÜD Product Service Slide 27 Drives & Controls 2014 - Functional Safety of Machinery
Item Reference Yes No Have all risks been reduced as far as possible by safe design of the machine, and the use of fixed safeguards etc?
EN ISO 12100:2010
EN 953:1997
Have the consequences of systematic failures been fully taken
into account?
EN ISO 13849-1 Annex G
EN 62061 Clause 6.4
Have all risks that are to be reduced by Safety Related
Controls been identified?
EN ISO 13849-1 Clause 4.4
EN 62061 Clause 5.2
Have the Safety Requirements for each Safety Related Control
Function been correctly specified in terms of functional
requirements?
EN ISO 13849-1 Clause 5
EN 62061 Clause 6.6.2.1.6
Have the Safety Requirements for each Safety Related Control
Function been correctly specified in terms of performance
requirements?
EN ISO 13849-1 Clause 4.3 and Annex A
EN 62061 Clause 6.6.2.1.6 and Annex A
Check List part 2
TÜV SÜD Product Service Slide 28 Drives & Controls 2014 - Functional Safety of Machinery
Item Reference Yes No
Has an appropriate architecture for the design of the safety
related controls been chosen?
EN ISO 13849-1 Clause 6
EN 62061 Clauses 6.6.2.1.2,3,7
Is performance data available for safety related components from:
1) The component manufacturer.
2) Reliable generic data
EN ISO 13849-1 Clause 4.5.2 and
Annexes C and D
EN 62061 Clause 6.7.7.2
Has the Diagnostic Coverage provided by the automatic tests
been correctly established?
EN ISO 13849-1 Annex E
EN 62061 Clause 6.8
Have the effects of Common Cause Errors been examined and
adequate measures to mitigate the consequences put in place?
EN ISO 13849-1 Annex F
EN 62061 Clause 6.7.8.3 and Annex F
Has the performance of the safety related control functions been
verified as meeting the required PL or SIL?
EN ISO 13849-1 Clause 4.7
EN 62061 Clause 6.6.3
Have the requirements for validation been adequately planned
and prepared?
EN ISO 13849-2
EN 62061 Clause 8
TÜV SÜD Product Service
Thank you for listening
For more information
please visit our stand:
D261
TÜV SÜD Drives & Controls 2014 - Functional Safety of Machinery Slide 29
Recommended