Machineontwerp volgens IEC 62061

Size: px

Start display at page:

Download "Machineontwerp volgens IEC 62061"

Miranda Crawford
8 years ago
Views:

1 Machineontwerp volgens IEC Insert Photo Here Safety solution Architect Safety Local Business Leader Benelux. Stephen Podevyn

2 Safety Solution Seminar Agenda deel 1 1. Richtlijnen en normen 2. Safety life cycle 3. Functional safety managment 4. Risicoanalyse volgens ISO Machine ontwerp volgens ISO Machine ontwerp volgens IEC 62061

3 Safety Solution Seminar Agenda deel 2 1. Software en validatie 3. Safety Solutions 2. Uitgewerkte voorbeelden volgens EN ; ISO ; IEC 62061

4 Safety Solution Seminar Agenda deel 1 1. Richtlijnen en normen 2. Safety life cycle 3. Functional safety managment 4. Risicoanalyse volgens ISO Machine ontwerp volgens ISO Machine ontwerp volgens IEC 62061

5 Functional safety standards Generic Electrical Control Systems Process Electrical Control Systems Machinery Electrical Control Systems Machinery Control Systems (All technologies) IEC/EN Published now IEC/EN Published now IEC/EN Published now EN/ISO : 2006 replaces EN SIL PL

Control Systems (All technologies) IEC/EN 61508 - Published now IEC/EN 61511

6 IEC EN 62061

7 IEC EN If the exposure duration < 10 minutes, then may you take a lower value of this table. Except with exposure frequency < 1 h

8 IEC EN Machine behaviour predictability, complexity etc Human beaviour stress, skills, experience etc Default selection - Very high

9 IEC EN Speed of occurrence of hazardous event Spatial possibility to withdraw Recognition of hazard

10 IEC EN May be different for different tasks

11 IEC EN Speed of occurrence of hazardous event Spatial possibility to withdraw Recognition of hazard Crushing

12 IEC EN / ISO :2006 EN/ISO Annex A requires PL d EN/ISO Annex A requires SIL 2 There is equivalency

13 Some definitions DESIGN AND INTEGRATION System level Probability of RANDOM HARDWARE FAILURE (PFH D ) is a reliability figure delivered by the manufacturer of the component (taking into account a certain time frame) Architectural constraints Architectural constraints is a check table which is mandatory before you can achieve your SIL and SIL calculations Diagnostic Coverage (DC) is the fraction of dangerous failures which will be detected by diagnostic tests. This figure is delivered by manufacturer. Probability of Dangerous Detected Failures / Lambda Dangerous) Safe Failure Fraction (SFF) Combines Diagnostic Coverage with the ratio of failures that are oriented to a safe state

$calculations Diagnostic Coverage (DC) is the fraction of dangerous failures which will be detected by diagnostic tests. This figure is delivered by manufacturer.$

14 Architectural Constraints Safe failure fraction 0 Hardware fault tolerance (see note 1) 1 2 < 60 % Not allowed (see note 3) SIL1 SIL2 60 % - < 90 % SIL1 SIL2 SIL3 90 % - < 99 % SIL2 SIL3 SIL3 (see note 2) 99 % SIL3 SIL3 (see note 2) SIL3 (see note 2) NOTE 1 A hardware fault tolerance of N means that N+1 faults could cause a loss of the safety function. NOTE 2 A SIL 4 claim limit is not considered in this standard. For SIL 4 see IEC NOTE 3 Exception see Provided by subsystem manufacturer The SIL achieved by the Safety Related Control System (SRECS) according cording to the architectural constraints is less than or equal to the lowest SIL L claim of any subsystem (see 6.7.6) involved in the performance of the Safety Related Control Function (SRCF).

NOTE 2 A SIL 4 claim limit is not considered in this standard. For SIL 4 see IEC 61508. NOTE 3 Exception see 6.7.

15 Types of hardware failures λ SU λ λ DD λ SD λ DU SFF = λsd+ λsu+ λdd / λsd+ λsu+ λdd+ λdu DC = λdd / λdd+ λdu

16 Probability of Random Hardware Failure Actual PFH D = 1,12x10-9 Position Sensor PFH D = 1 x 10-8

17 IEC EN SRECS = Safety related control system Safety loop divided in subsystems INPUT LOGIC SOLVING OUTPUT Sensing element Control element Final element or actuator

18 In our example In this case we have a requirement to achieve SIL 2 : SensaGuard MSR 300 Safe Off (Kinetics)

19 In our example Probability of Random Hardware Failure System level Interlock switch Sensorguard SensaGuard PFH = 1,12x10-9 D Configurable safety relay MSR 300 input PFH = 2,39x10-11 D MSR 300 Logic PFH = 1,2x10-9 D MSR 300 output PFH = 1x10-9 D Subsystem 4 Contactors Motion controller PFH D = 2x10-7 Kinetics Kinetix (safe off) PFH = 4,31x10-10 D (1x10-8 ) + (1x10-8 ) + (1x10-8 ) + (1x10-8 ) + (1 x 10-8 ) = 5 x 10-8 = SIL 3 (>10-8 to <10-7 )

300 output PFH = 1x10-9 D Subsystem 4 Contactors Motion controller PFH D = 2x10-7 Kinetics Kinetix (safe off)

20 IEC EN What data is available? New products - will have PFH D / MTTF D data Existing products it is in the new Safety manual (TUV approved!) Electronic devices data is usage independent Electro-mech device data is usage dependent It will conform to that given in EN/ISO

new Safety manual (TUV approved!) http://wwwdev.ab.

21 Functional Safety Data What data is available? Generic data from EN/ISO : 2006

22 Data?? No problem at RA It is in the manual

23 Conclusions: ISO13489 versus IEC62061 Insert Photo Here

24 IEC EN / ISO :2006 For IEC/EN B10d value PFHd = Probability of dangerous failure per hour β = factor common cause failures (redundant systems) T1 = proof test interval (Mission time) T2 = Diagnostic test interval DC = Diagnostic coverage SFF = Safe Failure fraction For ISO revision B10d value MTTF d = mean time to failure dangerous β = factor common cause failures (redundant systems) Mission time (proof test period) DC = Diagnostic coverage

25 IEC EN / ISO :2006 IEC/EN Relatively complex methodology More flexibility Less constraints Simplified modularity via subsystems Only applies to electrical technology ISO/EN : 2006 Simple methodology Builds on Categories More constraints System based Applies to all technologies Are there complex safety functions e.g. depending on logic decisions? or Will the system require complex or programmable electronics to a high level of integrity? If the answer to either question is YES it is probably most appropriate to use IEC/EN Can the system be designed simply using the designated architectures at figures 7.7 to 7.11 or Will the system include technologies other than electrical? If the answer to either question is YES it is probably most appropriate to use ISO/EN : 2006

IEC EN 62061 / ISO 13849-1:2006 Annex A EN/ISO 13849-1 Annex A EN/IEC

26 IEC EN / ISO :2006 Annex A EN/ISO Annex A EN/IEC Machinery Into the Liaison work For guidance and alignment SIL environment

27 IEC EN / ISO :2006 Category B PL A - Category 1 Category 2 PL B PL C SIL 1 Category 3 PL D SIL 2 Category 4 PL E SIL3 Approximate equivalency

28 Dank voor Uw aandacht Vragen? Insert Photo Here

PABIAC Safety-related Control Systems Workshop

Health and and Safety Executive PABIAC Safety-related Control Systems Workshop KEY STANDARDS FOR ELECTRICAL & FUNCTIONAL SAFETY OF PAPERMAKING MACHINES: APPLICATION & USE Steve Frost HM Principal Electrical