Functional Safety. Presented by Christian Dirmeier and Gerald Kupel from TÜV SÜD

Transcription

1 Functional Safety Presented by Christian Dirmeier and Gerald Kupel from

2 in numbers: Growing from strength to strength 1 One-stop technical solution provider 150 years of experience 800 locations worldwide 1,900 20,200 million Euro in sales revenue 2013 employees worldwide Note: Figures have been rounded off

3 Technical expertise & broad industry knowledge Testing & product certification Inspection Auditing & system certification Knowledge services Training Chemical, physical, mechanical, electrical and environmental testing and product certification. Product, system, building, plant and infrastructure inspection. Audits system certification in a variety of fields including quality, safety, energy, IT security, social compliance and environment. Safety, quality, risk, environmental protection and regulatory advisory. Training in work safety, technical skills, management systems and executive programs

4 Global expertise. Local experience. Global Headquarters: Munich, Germany Legend: Countries with offices Regional headquarters Note: Figures have been rounded off. GERMANY Euro 1,190 mio 10,400 staff INTERNATIONAL Euro 750 mio 9,800 staff

5 Your Presenters Christian Dirmeier Senior Expert Functional Safety at Rail in Germany Since 2004 Functional safety related Projects Simulation based RAMS analysis and optimization Technical Certifier for Industrial IT Security and INDA and member of IECEE Working Group 2B Industrial Automation Gerald Kupel Functional Safety Consultant for Product Service in the US Many years Experience as a control systems engineer Experience in the application of functional in multiple applications, Machinery, Process Control, Themepark rides Slide 5

6 US Machinery Division Assistance in meeting the requirements of machinery legislation CE marking for Machinery, Low Voltage & EMC Directives Comprehensive machinery risk hazard analysis Guidance on technical file construction and declaration of conformity/incorporation Field Labelling and Special Inspections Semiconductor Manufacturing Machinery Safety related control system verification/validation Seminars and Training Slide 6

7 Products in FS Safety-related generic components Scope of GSS Application PS HOUSE, Machinery (EN ISO13849, IEC 60335) AT Drive-by-wire systems (ISO 26262) PLC Sensors, drives, valves Operating systems Tools. (IEC 61508, EN ISO 13849, IEC 62061) IS i.e Pipeline, turbine, (IEC61511) Rail Signalling, Rolling stock (EN50128, EN 50129) 7

8 Accreditations - Functional Safety Deutsche Akkreditierungsstelle Technik (DATech) e.v., DAR DTI-P-G 001/91-02: Competence according to DIN EN ISO/IEC Die Zentralstelle der Länder für Sicherheitstechnik (ZLS): Accreditation as Notified Body according to 2006/42/EC (Machinery Directive) EU NR and DIN EN ISO/IEC

9 Involved in Qualification and Research is member of i.e. IEC committee IEC committee IEC maintainance group EN ISO maintainance group ISO committee IEC working group Several Network associations (i.e. PNO, Foundation Fieldbus, Safety over EtherCat, Safety alliance) 9

10 Certificate: Example 10

11 Introduction to Functional Safety..in order to protect... people and machines Safety has to be an integrated part of every automation 11

12 Definitions Safety = Free from unacceptable risks Risk = Combination of probability of occurrence of harm and the severity of that harm Goal is to reduce risk to a acceptable extent (see IEC Part 4 and 5, Annex A) 12

13 Risk Reduction Residual risk Acceptable risk EUC Risk Increasing Risk Necessary Risk Reduction Actual Risk Reduction Partial Risk covered by E/E/PE safety related systems Partial risk covered by other technology safety related systems Partial risk covered by external risk reduction facilities 13

14 Aspects for Risk reduction The combination of probability of occurrence and severity of hazardous events may not exceed the tolerable risk. Requirements of reliability of safety related functions necessary to sustain or fulfil the required safety = Functional Safety Control of dangerous failures during operation robust design Avoidance of systematic failures during design, production and operation of the system robust development process 14

15 Aim of Functional Safety The avoidance of systematic failures as well as the control of systematic and random failures in safety related functions reduces the expected risk to a tolerable extent, thereby the following will be prevented: injury or death of people catastrophic effects on the environment, destruction or damage of production facilities and producer goods, inclusive production deficit (optional) 15

16 Legal situation In case of an accident you will be asked: Has the development and planning been performed according to the state of the art? (not only with view to the company product liability, but with guilty causing of the developer [e.g. Germany: 823 BGB-Schadensersatzpflicht]) Safety related functions Legal requirements for the facility operation Requirements according to product liability (state of the art) 16

17 Legal requirements for production Laws and regulations have to be fulfilled to achieve and sustain the admission for operation Machinery directive 2006/42/EC Safety goal and elementary safety requirements Low Voltage Directive 2006/95/EC for devices within specific voltage ranges EMC Directive 2004/108/EC Electromagnetic compatibility 17

18 Fulfilling the directive (I) Technical realisation Requirements and the technical realisation are given in standards and have to be fulfilled. Presumption of conformity If a product complies with the relevant harmonized standards it may be presumed that the directive is fulfilled Harmonized standards are listed under the related directive. ( Deviation from standards Other technical solutions are allowed if equivalent safety is achieved. (Problem to show the evidence of compliance?) 18

19 Requirements resulting from product liability...state of the art at the point of installation (=commissioning).. is relevant in case of assessment of product liability IEC DIN EN IEC ISO Generic basic standard for functional safety of electric/ electronic systems Application specific standard of IEC for manufacturing industry 19

20 Definitions CEN CENELEC IEC ISO EN DIN VDE = European Committee for Standardization, Brüssel = European Committee for electrotechnical Standardization, Brüssel = International Electrotechnical Commission, Geneva = Internationale Organisation for Standardization, Geneva = European Standard = German Institute of Standardization (Deutsches Institut für Normung e.v.), Berlin = Verband der Elektrotechnik, Elektronik und Informationstechnik e.v., Frankfurt am Main Process of standardization: IEC EN DIN EN ISO EN ISO DIN EN ISO More: 20

21 Fulfilling the directive (II) Liability In case of compliance with the standards it is assumed that the manufacturer did not act grossly negligent. Thereby the legal consequences in case of damage will be reduced to a minimum. 21

22 Overview of valid key standards Harmonized under EU Machinery Directive: EN ISO Basic concepts, general principles for design and risk assessment EN Safety of machinery electrical equipment of machines Part 1: General requirements EN ISO Safety of machinery - Emergency stop Principles for design EN ISO /2 (EN 954-1) Safety of machinery - Safety-related parts of control systems EN Safety of machinery Functional safety of safety-related electrical, electronic and programmable electronic control systems EN Safety of machinery- Electro-sensitive protective equipment Part 1: General requirements and tests 22

23 Overview of valid key standards Not harmonized under any EU Directive: IEC Functional safety of electrical/electronic/programmable electronic safety-related systems IEC , -3, -4 Electro-sensitive protective equipment

24 Hierarchical Structure of EN Standards Basic Safety Standards TYPE A Basic design guidelines and basic terminology for machinery EN EN ISO EN ISO EN 954 (until 2011) EN Group Safety Standards B1 Standards General safety aspects TYPE B B2 Standards Reference to special protective devices EN ISO Emergency Stop Product standards TYPE C Specific safety features for individual machinery groups EN 692 Machine tools Mechanical presses 24

25 Link between FS Standards IEC Medical ISO Automobile ISO Agriculture DO-178B Aviation EN Railway IEC Nuclear Power IEC Furnaces IEC Generic IEC Household Appliances ISO IEC Machinery ISO Earth Moving M. IEC Process Ind. 25

26 Safety Reqiuerment Spec. (SRS) certification process FSM for all steps Einführung Checklist FSM IEC Safety plan Checklist Audit plan + reports Checklist V & V Plan Checklist Software Development Checklist SW Development Development guidelines Checklist Safety analysis Analysis guidelines Checklist Hardware Development Checklist HW Development Development guidelines Checklist Quotation Process Customer documents TÜV documents Technical Report (Concept Report) Hardware Spec. Hardware Design Hazard & Risk Analysis Safety goals with SIL X Checklist Risk Analysis Funktional Safety Concept Requirements for each function: SIL, operation mode/modi, process safety time, safe state, measure&method Technical Safety Concept HW-Test System-Analysis System-FMEA / FTA Checklist System Analysis HW/SW Interface SRS Safety Case Review Report Checklist Safety Case Validation System Test System Test Specification, System Test Reports HW-Verification Hardware SRS Test spec + report Software SRS Test spec. + report Checklist HW Spec. Checklist HW Verification Checklist Software Spec. Checklist SW Verification Hardware Analysis FMEDA, ZBD, Markov, SFF, PFH/PFD Checklist HW Analysis Checklist Safety Requirement Spec. (SRS) System architectur, interface, HFT, SFF goal, conditions of use, maintance, error handling & diagnosis Checklist Safety Requirement Spec. (SRS) System Design Hardware Integration Fault Insertion Tests Checklist HW Tests Certificate, Certificate Report Technical Report Software Spec. SW Design SW-Analysis Criticality Analysis Checklist SW-Analysis Validation Specification, Validation Reports Checklist Validation Checklist System Tests System Integration SW-Verification SW Modul-Integration SW-Tests SW-Modul Tests Checklist SW Tests 26

27 Thank you for listening For more information please contact: Christian Dirmeier: Gerald Kupel: Slide 27