Embed Size (px)
Citation preview
TÜV SÜD TÜV SÜD
Functional Safety
Presented by Matthias Ramold and
Stewart Robinson from TÜV SÜD
07/05/2014 Functional Safety
TÜV SÜD
Matthias Ramold
• Team leader Safety
components for
TÜV SÜD Rail in Germany
• Many years experience
in different Safety
applications
• Technical Certifier for machinery
directive and Safety components
• Member of the working group DKE/AK
914.0.4 - IEC 61508-2
Stewart Robinson MIET MInstMC
• Functional Safety Consultant for TÜV SÜD Product Service in the UK
• Many years Experience Industry
• Member of the IET • BSI Committee Member
for MCE/3 Safeguarding of machinery
• Chair of the Safety Panel of the Institute of Measurement and Control
Your Presenters
2
TÜV SÜD
• Assistance in meeting the requirements of machinery legislation – CE marking for Machinery, Low Voltage & EMC Directives
– PUWER Assessments for the Work Equipment Directive
• Comprehensive machinery risk assessments
• Guidance on technical file construction and declaration of
conformity/incorporation
• Pre-purchasing CE audits
• Safety related control system verification/validation
• Seminars, workshops and university accredited five day training courses
UK Machinery Division
3
TÜV SÜD
• Engineering design – Site survey and function design specification
– Factory acceptance test
– Installation and commissioning
• Machine guarding – Design, manufacture and installation of machine guarding and Safety Related
Control Systems
– Solutions include perimeter guarding, light curtains, scanners, interlocking etc.
Machinery Safety Engineering Services
4
TÜV SÜD
TÜV SÜD Rail
TÜV SÜD IS
TÜV SÜD PS
TÜV SÜD AT
• PLC
• Sensors, drives, valves
• Operating systems
• Tools
• ….
(IEC 61508, EN ISO 13849, IEC 62061)
Application
HOUSE, Machinery (EN
ISO13849, IEC 60335)
Drive-by-wire systems (ISO
26262)
Signalling, Rolling stock
(EN50128, EN 50129)
i.E Pipeline, turbine,
(IEC61511)
Safety-related generic
components
Products in FS
Scope of
Embedded Systems
5
TÜV SÜD
Certification Mark for Safety&Security
IEC 61508
security and
penetration testing
check of development
process according to
IEC 61508 and
IEC 62443 IEC 61508
IEC 62443
Safety according to IEC 61508
main focus in the project
Security handbook
(secured architecture) &
Gap-Analysis according to
IEC 62443
Safety & Security analysis
for our customers
certification mark
for Safety&Security
6
TÜV SÜD
Accreditations - Functional Safety
• Deutsche Akkreditierungsstelle Technik (DATech) e.V. , DAR DTI-P-G 001/91-02:
Competence according to DIN EN ISO/IEC 17020
• Die Zentralstelle der Länder für Sicherheitstechnik (ZLS): Accreditation as
Notified Body according to 2006/42/EC (Machinery Directive) EU NR. 0123 and DIN
EN ISO/IEC 17025
7
TÜV SÜD
TÜV SÜD Involved in Qualification and Research
TÜV SÜD is member of i.e.
• IEC 61508 committee
• IEC 61496 committee
• IEC 62061 maintainance group
• EN ISO 13849 maintainance group
• ISO 17305 committee
• IEC 61131 working group
• Several Network associations (i.e. PNO, Foundation Fieldbus, Safety
over EtherCat, Safety alliance)
8
TÜV SÜD
Certificate: Example
9
TÜV SÜD
Introduction to Functional Safety
10
..in order
to protect....
people
Safety has to be an
integrated part of
every automation
machines and
TÜV SÜD
Definitions
11
Free from unacceptable risks
Goal is to reduce risk to a acceptable
extent
Safety =
Risk = Combination of probability of occurrence of harm
and the severity of that harm
(see IEC 61508 Part 4 and 5, Annex A)
TÜV SÜD
Risk Reduction
Residual risk Acceptable risk
Increasing Risk
EUC Risk
Necessary Risk Reduction
Actual Risk Reduction
Partial Risk
covered by E/E/PE
safety related
systems
Partial risk covered by
other technology safety
related systems
Partial risk
covered by
external risk
reduction facilities
12
TÜV SÜD
Control of dangerous failures
during operation
robust design
The combination of probability of occurrence and severity of
hazardous events may not exceed the tolerable risk.
Avoidance of systematic
failures during design, production and
operation of the system
robust development
process
Aspects for Risk reduction
Requirements of reliability of safety related functions
necessary to sustain or fulfil the required safety
= Functional Safety
13
TÜV SÜD
Aim of Functional Safety
The avoidance of systematic failures as well as the control of
systematic and random failures in safety related functions reduces the
expected risk to a tolerable extent,
thereby the following will be prevented:
injury or death of people
catastrophic effects on the environment,
destruction or damage of production facilities and producer goods,
inclusive production deficit (optional)
14
TÜV SÜD
Planning completed
Industrial facilities under operation
Possible scenario
punching machine
15
TÜV SÜD
Legal situation
In case of an accident you will be asked:
Has the development and planning been performed
according to the state of the art? (not only with view to the company product liability, but with guilty causing of the developer
[Germany: §823 BGB-Schadensersatzpflicht])
Safety related functions
Legal requirements
for the facility operation
Requirements according to
product liability
(state of the art)
16
TÜV SÜD
Legal requirements for production
Laws and regulations have to be fulfilled to achieve and
sustain the admission for operation
Machinery directive 2006/42/EC Safety goal and elementary safety
requirements
Low Voltage
Directive
2006/95/EC for devices within specific voltage
ranges
EMC
Directive 2004/108/EC Electromagnetic compatibility
17
TÜV SÜD
Fulfilling the directive (I)
Technical realisation – Requirements and the technical realisation are given in standards and have to be fulfilled.
Presumption of conformity – If a product complies with the relevant harmonized standards it may be presumed that the directive is
fulfilled
– Harmonized standards are listed under the related directive.
(http://www.newapproach.org/Directives/DirectiveList.asp)
Deviation from standards – Other technical solutions are allowed if equivalent safety is achieved. (Problem to show the evidence of
compliance?)
18
TÜV SÜD
Requirements resulting from product liability
„...State of the art at the point of installation (=commissioning)..“
is relevant in case of assessment of product liability
IEC 61508
DIN EN 61508
Generic basic standard for functional safety of
electric/ electronic systems
IEC 62061
ISO 13849
Application specific standard of IEC 61508 for
manufacturing industry
19
TÜV SÜD
Definitions
Process of standardization:
IEC → EN → DIN EN
ISO → EN ISO → DIN EN ISO
More: http://www.dke.de/DKE_en/Abbreviations.htm
CEN = European Committee for Standardization, Brüssel CENELEC = European Committee for electrotechnical Standardization,
Brüssel IEC = International Electrotechnical Commission, Geneva ISO = Internationale Organisation for Standardization, Geneva EN = European Standard DIN = German Institute of Standardization
(Deutsches Institut für Normung e.V.), Berlin VDE = Verband der Elektrotechnik, Elektronik und
Informationstechnik e.V., Frankfurt am Main
20
TÜV SÜD
Fulfilling the directive (II)
Liability
In case of compliance with the standards it is assumed that the
manufacturer did not act grossly negligent.
Thereby the legal consequences in case of damage will be reduced
to a minimum.
21
TÜV SÜD
Overview of valid key standards
Harmonized under EU Machinery Directive:
EN ISO 12100
Basic concepts, general principles for design and risk assessment
EN 60204-1
Safety of machinery – electrical equipment of machines
Part 1: General requirements
EN ISO 13850
Safety of machinery - Emergency stop — Principles for design
EN ISO 13849-1/2 (EN 954-1)
Safety of machinery - Safety-related parts of control systems
EN 62061
Safety of machinery – Functional safety of safety-related electrical,
electronic and programmable electronic control systems
EN 61496-1
Safety of machinery- Electro-sensitive protective equipment –
Part 1: General requirements and tests“
http://www.newapproach.org/Directives/DirectiveList.asp
22
TÜV SÜD
Overview of valid key standards
Not harmonized under any EU Directive:
IEC 61508
Functional safety of electrical/electronic/programmable
electronic safety-related systems
IEC 61496-2, -3, -4
Electro-sensitive protective equipment - ...
23
TÜV SÜD
Hierarchical Structure of EN Standards
Basic design guidelines and basic
terminology for machinery
TYPE A Basic Safety Standards
TYPE B
B1 Standards General safety aspects
B2 Standards Reference to special
protective devices
Group Safety Standards
TYPE C
Specific safety features for individual machinery groups
Product standards
EN ISO 12100
EN ISO 13849
EN 954 (until 2011)
EN 62061
EN 692 Machine tools– Mechanical presses
EN ISO 13850 Emergency Stop
EN 61508
24
TÜV SÜD
Link between FS Standards
IEC 60601
Medical
ISO 26262
Automobile ISO 25119
Agriculture
ISO 13849
IEC 62061
Machinery
ISO 15998
Earth Moving M.
IEC 61511
Process Ind. IEC 60335
Household
Appliances
IEC 50156
Furnaces
IEC 61513
Nuclear
Power
EN 50129
Railway
DO-178B
Aviation
IEC 61508 Generic
25
TÜV SÜD
HW-Test
Saf
ety
Req
iuer
men
t Sp
ec. (
SR
S)
Einführung
Validation
Safety Case
Funktional Safety Concept
Hazard & Risk Analysis
Safety goals with SIL X
Technical Safety Concept
Hardware Spec.
Hardware Design
Process
HW/SW Interface SRS
Requirements for each function: SIL, operation mode/modi, process safety time,
safe state, measure&method
System-Analysis System-FMEA / FTA
Review Report
System Test System Test Specification,
System Test Reports
Hardware SRS
Hardware Analysis
FMEDA, ZBD, Markov, SFF, PFH/PFD
HW-Verification Test spec + report
Fault Insertion Tests
Software Spec.
SW Design
Software SRS
SW-Analysis Criticality Analysis
SW-Verification Test spec. + report
SW-Tests SW-Modul Tests
System architectur, interface, HFT, SFF goal, conditions of use, maintance,
error handling & diagnosis
FSM for all steps
Safety plan
Audit plan + reports
Hardware Integration SW Modul-Integration
System Design System Integration
Customer documents
Validation Specification, Validation Reports
V & V Plan
Software Development
Safety analysis
Development guidelines
Analysis guidelines
Checklist FSM IEC 61508
Checklist
Checklist
Checklist
Checklist SW Development
Checklist
Checklist
Hardware Development
Development guidelines
Checklist HW Development
Checklist
TÜV documents
Checklist Risk Analysis
Checklist Safety Requirement Spec. (SRS)
Checklist Safety Requirement Spec. (SRS)
Checklist Safety Case
Checklist Validation
Checklist System Tests
Checklist System Analysis
Checklist HW Verification Checklist HW Spec. Checklist Software Spec. Checklist SW Verification
Checklist HW Analysis Checklist HW Tests Checklist SW-Analysis Checklist SW Tests
Technical Report (Concept Report)
Certificate, Certificate Report Technical Report
Quotation
TÜV SÜD certification process
26
TÜV SÜD
Certification: Necessary documentation from the manufacturer
V&V Phase Document
2.1 Safety requirement specification SRS
2.2 Planning of validation Validation plan, safety plan
3.1 System plan System-Specification and system architecture
(hard- and software)
System-FMEA and block diagrams
3.2 System test concept System test plan
4.1 Hardware design and implementation Hardware description and schematics, part lists,
layouts and information on the components and
materials used
Component FMEA (FMEDA)
MTTFd/DC/CC calculation according to ISO
13849-1
SFF/PFH/PFD calculation according to IEC 61508-
2
4.2 Hardware test concept Hardware test plan
27
TÜV SÜD
Certification : Necessary documentation from the manufacturer
V&V Phase Document
5.1 Software design Software architecture and design specification
(structured or semi-formal) (according to IEC 61508-3)
Documentation of the software tool qualification
Coding standards
Software criticality analyse
5.2 Software test concept Software test plan
6 Realization: implementation / coding Graphical explanation, source code
7 Software test: verification of all SW
requirements
Documentation of test results
8 Hardware test / fault insertion tests Documentation of hardware fault insertion tests
9 System integration / integration test
HW/SW
Documentation of system integration tests
10 Validation of the safety Protocols of accredited test laboratories for EMC,
environmental conditions and primary safety
Available certificates of other competent bodies
Safety - related user documentation
28
TÜV SÜD
Certification : Test steps phase 1
Task
Audit of the safety organisation and the functional safety management
(FSM) according to EN 61508-1
Concept Review based on
System specification
SW architecture
System FMEA
Plan for Verification and Validation (V&V-Plan)
Phase 1: Concept Review and functional safety management (FSM)
The analysis of functional safety management (FSM) is mandatory to fulfil
the requirements of EN 61508 part 1.
29
TÜV SÜD
Certification : Test steps phase 2
Task
Hardware design and implementation
Hardware design: architecture
Review of component FMEDA (block level and component level incl. mechanical
aspects)
Probabilistic
Review PFH/PFD- and SFF-Calculation
Hardware tests / fault insertion tests
Review test reports
Execution of representative FITs
Phase 2: Detail
Following table gives an overview of the activities of TUV in the detail phase of
a type testing.
30
TÜV SÜD
Certification : Test steps phase 2
Task
Software design and module design
Review software requirements
Review software design
Review software analysis
Reviews tool qualification
Software module test
Review module test concept and module test report
Execution of representative FIT tests
Realization: implementation / coding
Review design- and coding guidelines
Coding review (spot-checks)
External communication (if applicable)
Review of probabilistic calculations and analysis of the qualitative error models
ASIC Design (if applicable)
Review ASIC design
Review ASIC analysis
Review tool qualification
31
TÜV SÜD
Certification : Test steps phase 2
Task
System integration / integrations test HW
execution of representative fault insertion tests
Review integration test report / system test report
Audit safety life cycle
Testing of electrical safety
Review of EMC test reports
Review of application tests results (if applicable)
Validation of the safety – review of
Validation
Requirement tracking
Optional – support for other test certificates (e.g. UL listing)
Review of the user manual
Factory inspection
Technical report
Certificate
Generating the certificate
Report to the certificate (if needed)
32
TÜV SÜD
Conclusion: Advantage of certified products
• Third party assessment
• No evaluation by the end user necessary
• Conformity to the relevant standards
• Supervision of the production
• Comparability between products
33
TÜV SÜD
Thank you for
listening For more information please contact: Matthias Ramold: [email protected] Stewart Robinson: [email protected]
Slide 34
