Overview of Safety Standards

Similar documents

PABIAC Safety-related Control Systems Workshop

Machineontwerp volgens IEC 62061

Presentation Safety Legislation and Standards

Contactor Monitoring Relay CMD Cost-Effective Solution for Safe Machines

How to design safe machine control systems a guideline to EN ISO

Safety and functional safety A general guide

SISTEMA - Sicherheit von Steuerungen an Maschinen

SAFETY MANUAL SIL Switch Amplifier

Introduction to Safety

Original instructions Tina 3A/Aps Adaptor unit

Your Advantages For safety application up to PL e / Cat. 4 e.g. SIL 3 Manual or automatic start * see variants. Applications.

Application Technique. Safety Function: Magnetic Door Switch Monitoring

CONFIGURABLE SAFETY RELAYS

Safe Machinery Handbook

The SISTEMA Cookbook 4

Standards which are relevant to the selection and use of electrical switches for safety related controls in mine shaft and winding systems HSL/2007/58

Risk Assessment in Accordance with EN ISO and EN ISO 12100:2010

Safety Manual BT50(T) Safety relay / Expansion relay

SAFETY MANUAL SIL SMART Transmitter Power Supply

Version: 1.0 Latest Edition: Guideline

Tina 2A/B Adaptor unit

Safe Torque Off Option (Series B) for PowerFlex 40P and PowerFlex 70 Enhanced Control AC Drives

SAFETY MANUAL SIL RELAY MODULE

SAFETY MANUAL SIL SWITCH AMPLIFIER

Safe Machinery Handbook

Safety Requirements Specification Guideline

Hardware safety integrity Guideline

CONFIGURABLE SAFETY RELAYS

Safety automation solutions

Safety Relays ESM/ESM-F

CE Marking and Technical Standardisation

Safety Function: Door Monitoring

Funktionale Sicherheit IEC & IEC 62443

SAFETY ENGINEERING SOFTWARE

Machinery Safety. Presented by Paul Laidler. TÜV SÜD Product Service

Safety PLC for rolling stock Safety Controller Pluto Harsh Environment

TRACTION NETWORK MONITORING AND PROTECTION SYSTEM SMTN-3 CITY ELECTRIC TRANSPORT RAILWAYS METRO INDUSTRY

Square D Clipsal DIN-Rail Four-Channel Auxiliary Input Unit

INTERNATIONAL REGULATIONS FOR SAFETY OF LASER PRODUCTS AND OF LASER PROCESSING MACHINES - AN OVERVIEW -

E-STOP relays, safety gate monitors

Selecting Sensors for Safety Instrumented Systems per IEC (ISA )

ELECTROTECHNIQUE IEC INTERNATIONALE INTERNATIONAL ELECTROTECHNICAL

Electronic overload relay EF19 and EF45

Failure Modes, Effects and Diagnostic Analysis

Electronic overload relay EF65, EF96 and EF146

CompactLogix Power Supplies Specifications

SIL manual. Structure. Structure

Installation and safety instructions for AC/DC built-in devices

Risk Assessment as the principal element of the CE Conformity Assessment of Wind Turbines

ABB industrial drives. Application guide ACS800-01/U1/04/04LC/04M/U4/11/U11/14/31/U31/104/104LC Safe torque off function (+Q967)

Three-phase monitoring relay CM-PFE

IEC Overview Report

DLP-PU/E Instruction Manual

aseries A13B Mini Bullet Camera User Manual

Application Technique. Safety Function: Door Monitoring

No. : EX##-OMF0004 OPERATION MANUAL. SI unit EX12#-SMB1

Functional safety. Essential to overall safety

CQM1-SF200/CS1W-SF200

PNOZsigma - Base units

Arc Terminator Active Arc-Resistant Switchgear

Safety technique. Emergency stop module BO 5988 safemaster

Arc Flash Avoidance and its Application to Overhead Traveling Cranes

Analog signal converters CC-E I/I Current / current isolators

Understanding Safety Integrity Levels (SIL) and its Effects for Field Instruments

Insulation resistance

Version: 1.0 Last Edited: Guideline

A holistic approach to Automation Safety

RISH EM 3490 DS Dual Source Energy Meter RISH EM 3490 DS. Application : Product Features:

SYSTEM DESCRIPTION Termination Boards

IEC Functional Safety Assessment. ASCO Numatics Scherpenzeel, The Netherlands

Type: EASY719 DC RC Article No.: Ordering information Relay outputs Quantity 6 Power supply V DC 24 V DC. Description

Technical Description. Transistor D.C. Chopper Controller Type GS 24 S

SF06. Machine Safety Solutions Overview

Magnetic field sensor for pneumatic cylinders BIM-INT-Y1X-H1141

E-STOP relays, safety gate monitors

Analog Servo Drive 25A8

Chrome DIN Rail Power Supply 24V 30W 1 Phase (Class II & NEC Class 2) / DRC-24V30W1AZ

SMS 4 / SMS 5 safety mat Product information

Instruction book IQAN-MDM. Publ. no. HY /UK Edition June, 2007

You Must Know About the New RIA Automation Standard

Multizone Application >3. MSR300 System. No Software configurable? GuardPLC. Enet RECOMMENDED PRODUCTS. Time Delay MSR138

R4D0-FB-IA* FieldBarrier. Features. Assembly. Function. Connection IN + - S OUT Spur 2. Spur 1. Zone 1. Zone 0

Guidelines. Safety Integrity Level - SIL - Valves and valve actuators. March Valves

NEC Class 2 Power Circuits and Power Supplies

SINEAX U553 Transducer for AC Voltage

Easy Multifunctional Safe

Kvaser Mini PCI Express User s Guide

Contact expansion modules

INTERNATIONAL STANDARD

Oil and Coolant Circulating Heating System. Model - OCSM

Automation, Software and Information Technology. Test report of the type approval safety-related automation devices

functional Safety UL Functional Safety Mark

Experience with taximeters with a look at the corresponding tables

FL ballasts Electronic dimming. PCA T5 BASIC lp Y II, W BASIC T5

E-STOP relays, safety gate monitors

psens Pressure Measurement

Contact expander modules

FMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

Transcription:

Overview of Safety Standards New Machinery Directive 2006/42/EG 2010 Europe AG

Machine Safety 2 EU Standards for Machine and Device Manufacturers Machinery Directive 2006/42/EG Low Voltage Directive 2006/95/EG EMC Directive 2004/108/EG Functional safety IEC/EN 61508-1 EN ISO 13849-1/2 IEC/EN 62061 Electrical safety EN 50178 EN 60950-1 EN 61131-2 Electromagnetic compatibility: - Radiation - Immunity - Conducted interference EN 61000 Series EN 550xx Series EN 61131-2 Depending on the product, additional harmonized standards may apply.

European Machinery Directive 3 MRL 2006/42/EG European Directive: Not legally binding (06/29/2006) All EU member states were required to incorporate the Machinery Directive into national law. (The deadline was 12/29/2009.) Example: In Germany, the Directive was implemented by the Equipment and Product Safety Law (GPSG, 9th edict). GPSG, Machinery Directive German National Law: In effect since 12/29/2009 Note: There was no transition period! - Product liability - Conformity assessment - Technical safety requirements - Documentation requirements - EC Declaration of Conformity (Machinery Directive)

When Is a Manufacturer Allowed to Affix a CE Marking on a Product? 4 Product requirements: Technical documents Technical construction file (TCF) Technical documentation for a product providing evidence of conformity with regard to the following points: Product name and description Construction and detail drawings Product description with explanation of specific purpose List of standards and technical specifications applied Documents on risk assessment and measures for preventing risk Technical reports detailing the results of tests conducted by the manufacturer or by an authorized testing agency Operating instructions EC Declaration of Conformity

Machine Safety: Overview 5 Machine construction and risk evaluation EN ISO 12100 EN ISO 14121 Basic terms, general principles Risk assessment Functional and safety requirements for the safety-related functions Design and implementation of safety-related functions IEC/EN 62061:2005 Safety of machines Functional safety of safety-related electrical, electronic, and programmable electronic control systems EN ISO 13849-1:2006 Safety of machines Safety-related parts of programmable electronic control systems and all types of machinery, regardless of the technology or energy type employed (electric, hydraulic, pneumatic, mechanical, etc.) Electrical safety aspects EN 60204-1 Safety of machines, electrical equipment of machines

Safety Goals Relating to Design: Risk Assessment (ISO 14121) 6 Start Iterative process Risk assessment Define machine limits Identify hazards Estimate risk Evaluate risk Was the risk adequately reduced? Yes Risk analysis Application limits = household, industry Spatial limits = interfaces, energy supply Time limits = estimated product durability What are the risks that must be dealt with? How serious are these risks? Do measures need to be taken to deal with these risks? End No Take measures to minimize risks in accordance with DIN EN ISO 12100

Risk Minimization (ISO 12100) Measures taken to minimize risks in accordance with DIN EN ISO 12100 OK 7 EXAMPLE: Punching tool No Intrinsically safe design Protective equipment (SRP/CS) User information Does the selected safety measure depend on a control system? (SRP/CS) Yes e.g.: Modifying product shape e.g.: Protective covers Safety beam sensors Safety-related functions e.g.: User s manual Design of the control system s safety-related parts in accordance with DIN EN ISO 13849 Residual risk; will new risks emerge? SRP/CS = safety-related parts of the control system

Risk and Hazard Assessment 8 EN ISO 14121 Mechanical hazards Electrical hazards Heat-related hazards Hitting Crushing Clipping Cutting Puncture EN ISO 12100 Risk minimization Material- and substancerelated hazards Noise hazards Risk reduction through protective equipment Risk reduction through intrinsically safe design Radiation hazards Vibration-related hazards Ergonomics-related hazards DIN EN ISO 13849 Safety-related parts of control systems (SRP/CS): functional safety

Risk Minimization According to DIN EN ISO 13849 9 Design process for safety-related parts of a control system (SCP/CS) in accordance with ISO 13849: 1. Determine required performance level (PL r) 2. Choose category 3. Determine components used 4. Perform evaluation / consider diagnostic coverage (DC) 5. Perform evaluation / consider control system s robustness (CCF) 6. Verify PL for safety-related functions PL Pl r 7. Validation: Have all requirements been met?

Determining the Required Machine Performance Level (PL r ) 10 Risk graph F1 P1 PL r a Low risk Severity of injury (S) S1: Slight (usually reversible) injury S1 P2 P1 b S2: Heavy (usually irreversible) injury, including death F2 P2 P1 c Frequency and/or duration of stay (exposure to hazard) (F) F1: Seldom to infrequent, and/or short exposure to hazard S2 F1 F2 P2 P1 d F2: Frequent to continuous, and/or long exposure to hazard Feasibility of preventing harm or limiting damage (P) P2 Machine must meet PL d requirement e High risk P1: Possible under certain conditions P2: Hardly possible

Achieving the Required Performance Level (PL) 11 The performance level (for SRP/CS design) is a measure of several factors that determine the system s safety and reliability. The PL principle measures 4 auxiliary quantities: Designated architecture (category) Hardware quality (MTTF d ) Mean time to dangerous failure Diagnostic coverage (DC) Common cause failure (CCF) Performance level

Risk Assessment, Categories, Bar Graph 12 Relationship between category, MTTF d, DC, and CCF Low Medium High Without CCF With CCF At least 65 points MTTF d Performance level a 10-5 to < 10-4 [h -1 ] Performance level b 3*10-6 to < 10-5 [h -1 ] Performance level c 10-6 to < 3*10-6 [h -1 ] Performance level d 10-7 to < 10-6 [h -1 ] Performance level e 10-8 to < 10-7 [h -1 ] PFH D values DC Cat. B Cat. 1 Cat. 2 Cat. 2 Cat. 3 Cat. 3 Cat. 4 none none low medium low medium high

Category B and Category 1 13 I L O I = Input unit L = Logic O = Output unit Category Requirement (summary) System performance MTTF d DC avg CCF The safety related parts of control systems Fault occurrence can Low None Not and/or their protective equipment, as well lead to failure of the to relevant as their components, must be designed, built, selected, combined, and mounted in safety related function. medium B compliance with the relevant standards, and be capable of withstanding the expected strain. Fundamental safety principles must be applied. 1 The requirements for category B must be fulfilled. Well proven components and well tested safety principles must be applied. Fault occurrence can lead to failure of the safety related function; however, the probability of fault occurrence is lower than in category B. High None Not relevant Safety principle for these categories: Main determinant: choice of components

Category 2 14 I L O m TE = Testing device OTE = TE output m = Monitoring TE OTE Dotted lines = feasible fault detection Category Requirement (summary) System performance MTTF d DC avg CCF 2 The requirements for category B must be met, and Fault occurrence can lead well proven safety principles must be applied. to failure of the The safety related function must be tested at suitable safety related function intervals by the machine s control system; the between tests. mandatory monitoring points include machine startup The test will detect any and the start of any high risk step in the production such failure. process (e.g., start of a new cycle, start of a different motion type). Low to high Low to medium Must be monitored Safety principle for this category: Main determinant: system architecture Testing device; monitoring

Category 3 15 I1 L1 O1 c I2 L2 O2 m c = Cross-validation m = Monitoring Dotted lines = feasible fault detection Category Requirement (summary) System performance MTTF d DC avg CCF The requirements for category B must be met, and If a single fault occurs, the Low Low Must well proven safety principles must be applied. Safetyrelated safety related function to to be parts must be designed always high medium monitored in such a way that: remains intact. 3 1. a single fault in any of these parts will not lead to Some but not all faults loss of the safety related function, and will be detected. 2. if detection is feasible, the individual fault will be detected. An accumulation of unknown faults can lead to failure of the safety related function. Safety principle for this category: Main determinant: architecture Dual channel / redundancy

Category 4 I1 L1 O1 c I2 L2 O2 m c = Cross-validation m = Monitoring Lines = feasible fault detection 16 Category Requirement (summary) System performance MTTF d DC avg CCF The requirements for category B must be met, and well proven safety principles must be If a single fault occurs, the safety related function High High Must be monitored applied. Safety related parts must be designed in such a way that: 1. a single fault in any of these parts will not always remains intact. If fault accumulation is detected, the safetyrelated function will be less lead to loss of the safety related function, and 4 2. the individual fault will be detected on or before the next occasion on which the safetyrelated function is in demand. If this is not possible, an accumulation of faults must not lead to failure of the safety related function. likely to fail (high diagnostic coverage). Safety principle for this category: Main determinant: architecture Dual channel / redundancy

MTTF d Component Quality 17 Definition: The MTTF d value specifies the mean time to dangerous failure for every channel This is a statistical value; it does not represent a guarantee of product durability. The MTTF d value is divided into 3 categories: MTTF d category for every channel Low Medium High MTTF d range for every channel 3 to 10 years 10 to 30 years 30 to 100 years The PFH D value is almost the equivalent: it specifies the probablility of a dangerous failure per hour i.e., the inverse of MTTF d NOTE: A value >100 years would not be a desirable means of reaching a better PL; rather, the emphasis should be placed on improving the designated architecture. This value is specified by the component manufacturer.

DC Diagnostic Coverage 18 Definition: The diagnostic coverage value specifies the ratio of dangerous failures detected to the total number of dangerous failures. DC = Dangerous failures detected Total number of dangerous failures The DC value is divided into 4 categories: DC category DC range None < 60% Low 60% to < 90% Medium 90% to < 99% High 99% and more Diagnostic measures for determining DC values from Standard 13849-1, Annex E.1 For additional measures, please refer to IEC 61508-2, Tables A.2 to A.15.

Diagnostic Coverage: Sample Safety Measures 19 Excerpt from EN ISO 13849-1, Table E.1: Safety measure Cyclical test impulse generated by a dynamic modification of input signals Plausbility test, e.g., use of 1c and breaker contacts belonging to forcibly guided relays Cross validation of input signals without dynamic testing Cross validation of input signals with dynamic testing if short circuits cannot be detected (used for multiple inputs/outputs) Cross validation of input signals with immediate and intermediate results in the logic (L), as well as time and logic related program run monitoring and detection of static failures and short circuits (used for multiple inputs/outputs) Indirect monitoring (e.g., monitoring via pressure tanks; electrical position monitoring of control elements) Direct monitoring (e.g., electrical position monitoring of control valves, monitoring of electromechanical units through forced operation) Fault detection by the process Monitoring of certain sensor characteristics (response time, analog signal area, e.g., electrical resistance, capacitance) DC 90% 99% 0% to 99%, depending on how often a signal is modified by the application 90% 99% 90% to 99%, depending on the application 99% 0% to 99%, depending on the application. Used alone, this measure is not sufficient to meet performance level e criteria! 60%

CCF: Common Cause Failure 20 Definition: Failure of several different units resulting from a single event, where these failures are not consequences of each other Measures to prevent CCF are required for Categories 2, 3, and 4. Table with measures to prevent CCF: Standard 13849-1, Annex F.1 A total of at least 65 points is required! EXAMPLE: Because of overheating, two sensors malfunction independently of each other.

Measures to Prevent CCF 21 No. Measures to prevent CCF Points 1 Separation / disconnection Physical separation between signal paths 15 2 Diversity Various different technologies are used (programmable electronic systems and hardwiring) 20 3 Design / application / experience Protection against overvoltage, positive pressure, overcurrent 15 Use of well tested components 5 4 Evaluation / analysis Have the results of an FMEA been taken into account? 5 5 Competence / education CCF training for developers and technicians 5 6 Environment Protection against contamination; electromagnetic compatibility 25 Other influences (temperature, shock, vibration) 10 A total of at least 65 points is required! Maximum number of points 100

Risk Assessment, Categories, Bar Graph 22 Relationship between category, MTTF d, DC, and CCF Low Medium High Without CCF With CCF At least 65 points MTTF d Performance level a 10-5 to < 10-4 [h -1 ] Performance level b 3*10-6 to < 10-5 [h -1 ] Performance level c 10-6 to < 3*10-6 [h -1 ] Performance level d 10-7 to < 10-6 [h -1 ] Performance level e 10-8 to < 10-7 [h -1 ] PFH D values DC Cat. B Cat. 1 Cat. 2 Cat. 2 Cat. 3 Cat. 3 Cat. 4 none none low medium low medium high

Safety-Related Functions: Examples (1) 23 Emergency stop button, emergency pull cord, or safety door opener When any of these safety-related functions is triggered, a stop signal is transmitted via safety relay. This signal shuts down the system. The subsequent reset signal must not trigger a machine restart. Laser scanner and safety light curtain If the area monitored by the laser scanner is penetrated, or if the safety light curtain is disturbed, the hazardous part of the machine must be shut down.

Calculating the PL for a Safety-Related Function: 2 Methods 24 Method 1: Detection (Input) Processing (Logic) Reaction (Output) Block method: Required for the exact calculation Safety-related function Considers the entire SRP/CS Most appropriate for complex, interconnected SRP/CS Method 2: Subsystem method Simplified form for determining the PL by means of combination tables IfthePFH D of the subsystems is a known value, the PL can be estimated quickly. ThePFH D value is specified by the manufacturer

Total Performance Level (Method 1: Block Calculation) 25 Impact of the PFH D value on the total performance level Detection (Input) Processing (Logic) Reaction (Output) Case #1 PLe PFH D = 2.2 x 10-9 PLe PFH D = 8.7 x 10-9 PLe PFH D = 2.1 x 10-9 PFH D total = 2.2 x 10-9 + 8.7 x 10-9 + 2.1 x 10-9 = 13 x 10-9 = 1.3 x 10-8 = PLe Case #2 PLe PFH D = 2.2 x 10-8 PLe PFH D = 6.78 x 10-8 PLe PFH D = 2.2 x 10-8 PFH D total = 2.2 x 10-8 + 6.78 x 10-8 + 2.2 x 10-8 = 11.18 x 10-8 = 1.12 x 10-7 = PLd PLe = > 10-8 to < 10-7 (SIL3)

Determining the PL for a Series Connection (Method 2: Table Lookup) 26 Subsystem method This procedure is used to determine the PL of the entire combined SRP/CS that execute the safety-related function. Pl low N low PL Steps: 1. Determine the lowest PL; this is PL low 2. Determine the numberl N low N of the SRP/CS, with Pl i = PL low 3. Look up the PL in the table PLe + PLe + PLe PLe a b c d e > 3 Not possible 3 a > 2 a 2 b > 2 b 2 c > 3 c 3 d > 3 d 3 e

DIN EN ISO 13849-1/2 & IEC/EN 62061 27 DIN EN ISO 13849-1 Applies to safety-related parts of programmable electronic control systems and all types of machinery, regardless of the technology or energy type employed (electric, hydraulic, pneumatic, mechanical, etc.) versus IEC/EN 62061 Applies to safety-related electric, electronic, and programmable electronic control systems (SRECS) for machines

Comparison Between PL and SIL 28 PL and SIL can be mapped onto each other via the PFH D value. Performance level ISO 13849 PL Probability of dangerous failures per hour (1/h) PFH D Safety integrity level IEC 62061 SIL a 10-5 to < 10-4 Not defined b 3*10-6 to < 10-5 1 c 10-6 to < 3*10-6 1 d 10-7 to < 10-6 e 10-8 to < 10-7 2 3

Thank You! Panasonic Your Automation Partner

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information