circuit design for iso 13849
Post on 07-Nov-2014
143 Views
Preview:
DESCRIPTION
TRANSCRIPT
Design with ISO 13849page 1110401
Sensors
Safety
Vision
Motion
Automation
Controls A Single Source…A Total Solution
WELCOMEThe topic for today is:
Circuit Design for ISO13849-1-2006
Your presenter is:Heinz Knackstedthknackstedt@cesales.com(937) 434-8830 Office(937) 545-6494 Cell
Design with ISO 13849page 2110401
Sensors
Safety
Vision
Motion
Automation
Controls
Who we are and what we do
A Single Source…A Total Solution
Thirty+ years serving the automation industry
30 account representatives who live near their customers
12 Technical Support Specialists, both in the field & in the office
8 Customer Service Reps, quotes, delivery information, expediting
Large inventory; same day shipping on stock items
95% or better on time delivery
Order online, via EDI, Credit Card, Fax, or Phone
24 Hour emergency assistance
Lunch & Learns, Seminars, and in-depth training classes
Generic Technology or Product application specific
www.cesales.com 800-228-2790
Design with ISO 13849page 3110401
Circuits for ISO 13849-1-2006• Objective
– Functional over view of ISO 13849-1– Establish basis for further self study
• Contents– Background and safety with EN-954-1-1996– Basic Safety Circuit Structure from EN-954-1– Introduction to ISO13849-1– Component failure and MTTFd– Evaluation of sub-systems and systems– Explanation of DCavg and CCF– Example of simplified PL evaluation– Commercial PL Calculation programs– Simplified example
Design with ISO 13849page 4110401
The General Duty Clause 5(a) (1) of the
OSH Act-1970 Public Law 91-596
requires that:
A less well known part 5(b) further states that:
MACHINE SAFETYIS NOT AN OPTION!
Each employer shall furnish to each of his employees, employment and a place of employment, which is free from recognized hazards that are
causing or are likely to cause death or serious physical harm
Each employee shall comply with occupation safety and health standards and all rules, regulations and orders issued pursuant to this Act which are
applicable to his own actions and conduct
Design with ISO 13849page 5110401
Performance of the Safety Related Parts of the Control System
• U.S. – OSHA Control Reliable– No single fault shall cause the loss of the safety function– B11.0-2010 and RIA-15.06-1999 provided some guidance of
the construction and performance of the SRP/CS as a function of the level of risk reduction required
• International - Machinery Directive– ISO and EN consensus standards are “harmonized” so that if
a machine is designed to these standards, there is a “Presumption of Conformity” with the Machinery Directive.
– Standards describe a method of determining the performance and design requirements of a level of risk reduction as established by a Risk Assessment
• EN-954-1-1996• ISO-13849-1-2006• Hundreds of Machine specific “C” level standards
Design with ISO 13849page 6110401
Some Background
“Safety of Machinery”EN-954-1-1996
Was the Starting point
Design with ISO 13849page 7110401
EN-954-1-1996• Defined five Level of Risk categories each of which described a safety
control system with appropriate performance for its risk reduction• It is considered “Deterministic” or “Qualitative” so that conformance to
the requirement cannot not be positively established nor “substantiated”• Resulted in a “spectrum” of acceptable system performance within a
category• Specifically defined the categories as “Non Hierarchical”
– A system which meets the risk reduction requirements for one risk level, does not necessarily provide a greater risk reduction than one which meets the requirement for a lower risk level.
– In practice, the hierarchical approach has been quite successful when• Components of similar reliability are used• Exclusions used in a lower category are valid• Same preventive maintenance is applied• Environmental conditions have the same effect on the devices
• This system was adopted as a functional guide line in the US, asinitially, there was no similar U.S. system– “Control Reliable” term was used but not well defined.– RIA-15.06-1999 offered an alternative with both a risk assessment and risk
reduction strategy, with some specific guidelines, modeled after EN-954-1.– B11.0-2010 has a very qualitative description of the process.
Design with ISO 13849page 8110401
Example of the “spectrum” within a given category
Using standard Photo Electric sensors, this circuit has been certified by TUV as meeting Cat 2 if monitored by a DEDICATED, but non Safety Rated, PLCThe TYPE 2 Safety Light Curtain has been certified as meeting Cat 2The “probability” of the TYPE 2 safety light screen failing UNSAFELY is incredibly small due to internal testing (per IEC 61496 Type 2) while the chances of a P.E. sensor failing to ON is much higher. The external testing of the P.E. by the standard PLC is less positiveBoth been certified as meeting the same Category risk reduction requirements.
P.E. Switched Output
PLC
Safety Light Curtain Type 2
PLC Q1
SIM Cat 4
5
Design with ISO 13849page 9110401
EN-954-1 The Process• Perform a Task based Risk Assessment
– Identify all Hazards and the Tasks performed while exposed to them• For each Task/Hazard pair, qualify the three variables which together
determine the level of risk– Seriousness of the potential injury
• Serious• Slight
– Frequency of Exposure to the Hazard• Continuous• Seldom
– Ability to Avoid the Harm• Difficult, hardly possible• Easy, almost assured
• The Level of Risk identifies a reasonable minimum safety system’s functional performance appropriate to reduce that risk to a tolerable level– There are Five Risk Level Categories B, 1, 2, 3, and 4– Each has a functional description of the behavior of the safety system
under fault conditions, and a suggested circuit architecture to attain such performance.
Design with ISO 13849page 10110401
EN-954-1-1996B
2
4
S1
S2
P1
P2
3
F1
F2
P2
P1
PLr
a
b
c
d
e
F1
F2
P2
P1
B
P2
P11
<10-4
<10-5
<3x10-6
<10-6
<10-7
1/h=λ
h is Mean Time to Dangerous Failure MTTFd in hours
SIL
N/A
1
1
2
3
EN954-1 ISO13849-1-2006 IEC 62061
One year of 24/7=8736 hr or just under 104 hours
Risk Category
Design with ISO 13849page 11110401
What does the “category’s” structure look like?
Cat B
Cat B = Single Channel also often called “Simple”
Safety Block Diagram
LIInput Signal Output Signal
O
CR1
CR1CR1
Design with ISO 13849page 12110401
What does the “category’s” structure look like?
Cat 1 Cat 1 = Single Channel
Cat 1 uses “Better Stuff” than “B”
Components with longer mean time to DANGEROUS failure (MTTFd) and at least some are “Safety Rated”
Postpone but not prevent the failure to danger
Safety Block Diagram
LIInput Signal Output Signal
O
CR1
CR1
CR1
Design with ISO 13849page 13110401
Cat 2
Cat 2 = Single Channel with monitoring
Monitor at “suitable interval
May not always be able to shut down the hazard, but only warn and inhibit next hazardous cycle/situation
Safety Block Diagram
LI OInput Signal Control Signal
TE
Trig
ger S
igna
l
2nd Switchoff Path
Mon
itorin
g
MonitoringTest Stimulus
OTE
What does the “category’s” structure look like?
Dashed monitoring lines represent reasonably practicable fault detection
Design with ISO 13849page 14110401
What does the “category’s” structure look like?
Cat 3 = Dual Channel
No Single Fault causes loss of the Safety Function
w/ Conditional Monitoring (May not detect all failures)
Cat 3Safety Block Diagram
L2I2Input Signal
Output Signal
Monitoring
Cro
ss M
onito
ring
O2
L1I1Input Signal
Output Signal
Monitoring
O1
Dashed monitoring lines represent reasonably practicable fault detection
Design with ISO 13849page 15110401
Cat 4Cat 4 = Dual Channel No Single Fault causes loss of the Safety Function
w/ Complete Monitoring
Must detect first fault or continue to protect with this fault until the next fault, when it or the combination of faults, must be detected
Safety Block Diagram
L2I2Input Signal
Output Signal
Monitoring
Cro
ss M
onito
ring
O2
L1I1Input Signal
Output Signal
Monitoring
O1
What does the “category’s” structure look like?
Solid monitoring lines represent technically feasible fault detection
10
Design with ISO 13849page 16110401
Design with ISO 13849page 17110401
Then came the new Machinery Directive 2006/42/EC which drove the need for a new
Machinery Safety standard
ISO 13849-1-1999 2006Safety of Machines
Safety Related Parts Of Control SystemsGeneral Design Principles
Performance Defined in Performance Levels PL
IEC 62061 Safety of Machines
Functional Safety of Electrical, Electronic, and Programmable Electronic Control Systems
Performance Defined in Safety Integrity Levels SIL CL
Design with ISO 13849page 18110401
Current Standing• To meet the safety performance required for sale and use in the
European and some other International Markets, a machine must meet the current Machinery Directive
• When a standard is “harmonized” with the Machinery Directive, building the machine to that standard is presumed as proof of conformity to the Machinery Directive
• What is status– ISO 13849-1 has been listed as a Harmonized Standard with the M.D. – When a standard is superseded it is retired and can no longer be used
as proof of conformity– EN 954-1 has been extended through Dec 2011
• which means either may be used as presumption of conformity to M.D.– Machine Level “C” standards are still presumed to be in conformance,
but require adherence to EN-954-1 • At issue is can a machine be built to the “C” standard if its safety related
parts of the control system are designed to ISO13849-1• Or• Does a machine built to the “C” standard meet the Machinery Directive if
built to EN-954-1– The data and Third Party certification to the new standard of many
safety rated components are not available, which precludes their use in a system to the new standards
Design with ISO 13849page 19110401
Why worry about ISO13849 in the US, isn’t it a European problem?
• There are many aspects of the new standard which can help our industry understand the design of safer and perhaps more cost effective machines
• Provides a quantitative method to evaluate the impact of component, circuit or fault detection changes on the system performance
• This standard can manage “mixed” category construction• U.S. is theoretically bound by this international standard (ISO)
– EN-954-1 was a European Standard• Many organizations build machines for both markets, or purchase
them there• Although never part of our regulatory system, the Risk Categories of
EN-954-1 have become engrained in our safety vocabulary and in the machinery safety design for the U.S. market
• EN-954-1 has influenced both ANSI B11.0 and RIA 15.06• RIA is looking at adoption of the Robotic standards
ISO 10218-1 and -2 with National Deviations.
Design with ISO 13849page 20110401
Objectives of the new Machinery Safety standard
• Replace “Qualitative” with “Quantitative” SRP/CS performance– Based on Probabilistic Calculations of MTTFd of the
SRP/CS• Mean Time To Dangerous Failure
• For a required level of risk reduction, as determined by the Risk Assessment, DEFINE the MINIMUM:– Performance criterion of individual components, sub-systems and
channels in terms of MTTFd– Structure of the SRP/CS– Considerations for reduction of Common Cause Failures (CCF)– Requirements of Diagnostic Coverage (DCavg) component failure
discovery, capable of being detected, in terms of % of failures to danger.
15
Design with ISO 13849page 21110401
Objectives of the new Machinery Safety standard
• Continue the use of the general structure used in EN-954-1 Categories as the basis for circuit design– These standard structures have made it possible for many of the
simplifications of the statistical calculations of MTTFd in ISO 13849 to be made
– Alternative is to do complete FMEA calculations per IEC 61508• Based on safety circuit’s MTTFd performance
requirement, permit simpler structure for some level of risk reduction which otherwise would not meet the qualitative definition under EN-954-1– Using components with varying individual MTTFd values,
complete safety control systems may be capable of meeting system performance level with sub-systems of less complicated structures than is possible under EN-954-1
• May permit use of sub-system with mixed structure, not possible in the qualitative evaluation
Design with ISO 13849page 22110401
Organization of ISO 13849-1
• Safety of Machines– Risk assessment according to ISO 14121-1
now incorporated into just released ISO 12100– For a given risk as defined above:
• Determine the Performance Level of the Safety Related Parts of the Control System required to reduce the risk to a tolerable level
– Functional Safety• Divided into SIX steps• Performed Sequentially
Design with ISO 13849page 23110401
The Process, • 1 Definition of the safety-technological requirements
– Safety function characteristics and interface to the basic machine control• 2 Selection of required performance level
– From Risk Assessment results• PLa through PLe for Machine and electromechanical and mechanical devices• SIL 1 through 3 for electronic and programmable devices
• 3 Safety Design– Execution of the design requirements above with appropriate components
• 4 Definition of the achieved performance– Determine Safety System Mean Time To Dangerous Failure MTTFd
• Using vendor data for safety rated components• B10 life for components which have a wear out cycle
• 5 Verification – All Safety Functions meet risk reduction requirements PLr determined by
the risk assessment• 6 Validation
– All safety relevant parts meet the Qualitative reduction requirements
Design with ISO 13849page 24110401
Editorial Comment
In order for the value of ISO13849-1 to be realized, one must accept the validity of Statistical Mathematics
FACT
MTTFd is a statistical value and in NO WAY MEANS
“Guaranteed Lifetime, or “Failure-Free-Time”, “Time to First Failure” or any other such concept
It is a numerical value, usually stated in years, which permits the calculation of probability of failures in terms of % for a given period of use
MTTFd in years can be converted to Failure Rate in terms of failures per hour λd typically based on a 24/7 day 365 days per year
λd(hr) = 1/(MTTFd(yr) *8760)hr/yr orMTTFd of one year of 24/7 is approximately a λd of 10-4 failures per hour
Design with ISO 13849page 25110401
Distribution of Failures to Danger
λ=1.9x10-5 PLb λ=6.3x10-6 PLc λ=1.9x10-6 PLd
37%63%
37%63%
Logarithmic
Scale
= tuse = 1/λd
20
Design with ISO 13849page 26110401
Individual Channel Performance
•Channel MTTFd of 3 years and less is not acceptable for safety controls•Channel MTTFd cap of 100 years is used to prevent overshadowing a lesser capable second channel
From “A New Approach to Machine SafetySchmersal IPEC Industrial Controls Ltd
3
t=1/λ63.2%
%f(t) = 1-e-λt
%f(t)
3y
10y
30y
100y
Design with ISO 13849page 27110401
ISO 13849-2006B
2
4
S1
S2
P1
P2
3
F1
F2
P2
P1
PLr
a
b
c
d
e
F1
F2
P2
P1
B
P2
P11
<10-4
<10-5
<3x10-6
<10-6
<10-7
1/h=λ
h is Mean Time to Dangerous Failure MTTFd
in hours
SIL
N/A
1
1
2
3
EN954-1 ISO13849-1-2006 IEC 62061
Note: Correlation of risk levels between EN-954-1 and ISO 13849 or IEC 62061 are not identities, but are given for relative comparisons only See also B11-TR4
One year of 24/7=8760 hr or just
under 104 hours
Design with ISO 13849page 28110401
PL of Safety Related Function of the Control System as a function of Risk Category
Syst
em
< 10-4
< 10-5
< 3x10-6
< 10-6
< 10-7
λ 1/h
SIL 1
SIL 2
SIL 3
ISO 62061
N/A
ISO 13849-1-2006PL
CCF=>65
Channel
d
A Cat 3 structure, with Medium MTTFD a Low DCavgand a CCF score ≥ 65, can achieve a PLc
Design with ISO 13849page 29110401
Safety Rated Components• Tested to product specific standards• Performance under failure modes
– Categorized by the different standards• SIL, PL, Cat, MTTFd , or B10d
– Older or legacy product may have only the category• Each product must be re-certified to the current standard by
a 3d party testing laboratory (NRTL) to obtain the PL or SIL• Products with only EN-954-1 Cat are not necessarily less
capable, just not re-tested to the latest standard• Were totally acceptable for the same risk category in the old
standard– The PL level describes the potential performance of
the device when correctly used following the manufacturer’s recommendation
– “Well Tried” are listed with industry or manufacturer developed B10d or B10
Design with ISO 13849page 30110401
Device Failure• Electronic (non wear) are assumed to have a linear failure
distribution– Life dependent on hours of use– Ignore the two ends of the “Bath Tub”
• Infant mortality due to manufacturers’ burn in• Component degradation is too far out
• Mechanical Devices– “Well Tried” proven performance in similar applications– Wear out typically driven by cycles under load– B10 Life, level of use where 10% of the population has failed
• Use 10xB10d or 2x10xB10 (assumes 50% of failures are to danger) to obtain Mean Cycles to Failure MCTF
– MTTFd is calculated using the Use Profile (nop) of the device – MTTFd = 10B10d / nop = 10 x B10d x tcycle(sec)
x xDaysYear
HoursDay
3600 secHour
• Replace after usage reaches B10d life at T10d = B10d / nopor 20 Years
25
Design with ISO 13849page 31110401
B10d examples of “Well Tried” components
When used per Manufacture’s or Designers use specification Some adjustment for duty cycle and loading is allowed/required. “Full Load” applies not only to electrical load but extreme conditions or marginal operating conditions
Loading variation provides a factor of 50x
From Appendix D BGIA Report 2/2008e
Table D.2partial table
Design with ISO 13849page 32110401
Safety Controller
Safety Light Curtain
Limit Switch
Note: These specifications certify the acceptable performance of specific logic safety functions
Design with ISO 13849page 33110401
Fault Exclusion• If a fault may be excluded, its occurrence does
not need to detected, thereby decreasing the system’s requirement to detect faults, DCavg– Technical improbability of certain faults– Generally excepted technical experience– Technical demands regarding the application and
special hazards– Design and construction may be used to exclude some
faults• Excluded faults must have a documented
explanation why the exclusion is valid
Design with ISO 13849page 34110401
Determination of PL
• Determine the structure and components of the three functions for each sub-system– Input, Logic, Output– Identify when failure occurs, which components will
cause failure of the entire sub-system• Determine the PL of each Channel, System,
and Subsystem using– Published manufacturer’s data – Estimates from Standard’s Appendix of Safety and
Well Tried devices– Summation of 1/MTTFd of series components or
Sub-systems– Commercial programs for complex sub-systems
30
Design with ISO 13849page 35110401
SRP/CS SRP/CS SRP/CSiab iix PL
SensorDetect
ActuatorActuation
LogicProcess
Safety Functions are implemented by the Safety Related Parts of the Control System
(SRP/CS)
The design presented here is based on the simplifications to thestatistical analysis allowed by the use of the structures required for given PL. Deviation from these structures will require full analysis using FMEA and full statistical methods.Any failure modes in the interconnection iix between sub systems must be included on one of the sub-systems
Safety Related Parts of the Control System
Any Sub-System or Channel
Design with ISO 13849page 36110401
Sub-SystemsSimplification by Re-arrangement
Note One of the advantages of ISO13849-1, allows the evaluation of mixed risk category solutions
MTTFdS MTTFdQMTTFdL
From BGIA Report 2-2008e
I1
I2L1
O1
O2
I1
I2
O1
O2L1=
Design with ISO 13849page 37110401
Here comes the math
• The MTTFd of a single channel with N series failure components is:
• The MTTFd of two channels, each with a MTTFd with no monitoring is:
1MTTFd Chnl
1MTTFdi Comp= Σ
N
i=1
MTTFd= ⅔ MTTFdC1+MTTFdC2 1MTTFdC1
+1
MTTFdC2
1
Ex: if MTTFdC1=50 years and MTTFdC2 =100 years MTTFd= 77.8 years
Design with ISO 13849page 38110401
• Determine the PL of each sub system connected in Series using MTTFd data
• Determine lowest PL=PLlow• Count number of PLlow in the series string• Use table 6.6 to determine PL of the string• This table is a simplified method of the mathematical
summation of the probabilities of failure using sub system mid-point 1/MTTFd values
Table 6.6 BGIA2/2008e
1MTTFd Chnl = Σ
N
i=1
1
MTTFd (Subsystem)i
Or
Design with ISO 13849page 39110401
Average Diagnostic Coverage• Is typically very difficult to calculate, it depends on
– The ratio of undiscovered to discovered faults to danger– The mean time of occurrence of each of these faults
• The standards provide some guidance tables of the average achievable, given certain design considerations and features.– These allow for the DCavg groupings of 60% to 90%,
90% to 99%, and greater than 99%
• Estimate DCavg of n components of a sub-system
Σ 1MTTFd(i)
DC(i)MTTFd(i)
i=1
n
DCavg =
Design with ISO 13849page 40110401
From Table E.1 Diagnostic Coverage ISO 13849-1-2006Partial listing
Design with ISO 13849page 41110401
Common Cause Failure CCF• Especially important where the same cause results in
dangerous failures in both channels of a dual channel system
• Common Cause could result in the failure of one system and its failure to be incapable of being detected by the other channel, negating the value of dual channel monitoring– “One lies, and the other swears to it !”– Two door closed limit switches mounted in a positive mode, but
on the same mounting plate. If the plate becomes detached, neither limit switch will detect that the door is open
– To assure that common cause failures do not negate the value of dual channel systems and their monitoring function, they must be designed with the following characteristics to amass a point total of at least 65 points
OpenHazard
Access
Design with ISO 13849page 42110401
Reducing Common Cause Failures
5Components used are “WELL TRIED”3.2
15Protection against over-voltage, over-pressure, over-current etc
3.1
10Temperature, Humidity, Dust, Shock, Vibration6.2
25Pertaining to the power source for electrical and fluid power
EMI, RFI, Filtration, Drainage, Dirt Entry (All according to Manufacturer’s Specifications)
6.1Environmental6
5Competence/training55Assessment/analysis4
Design/application/experience320Diversity215Separation/Segregation1
ScoreScoreMeasure Against CCFMeasure Against CCFClauseClause
Must reach a score of at least 65 for Cat 2, 3, or 4 structureAll devices/components in channel must meet requirement to get score >0 No partials
CCF are Failures of different devices, resulting from the same single eventFailures are not consequences of each other ISO 13849-1-2006
From ISO 13849-1:2006 Table F.1
Design with ISO 13849page 43110401
System PL performance using:• The performance level of dual channel monitored systems can
only be calculated using FMEA and complicated statistics
• Simplifications can be permitted in calculation of system MTTFdusing:– Category Structure– PL, or MTTFd of the components and sub systems– DCavg %– Common Cause Failure scoring system
• This statistical treatment of failure and detection results in complete systems whose performance exceeds that of the individual components or channels
• Means available to the average, non-mathematician, user– Use of PL estimation wheel– Commercial and Free SIL and PL Computer Programs
• Vendors’ contain library of components of their product’s SIL, PL, or MTTFd• Most will permit import of user library data
OR
Design with ISO 13849page 44110401
PL of Safety Related Function of the Control System as a function of Risk Category
1MTTFdi Comp
Syst
em
< 10-4
< 10-5
< 3x10-6
< 10-6
< 10-7
λ 1/hMTTFd Sys
1
1λ
MTTFd=d
% failure @ time t f =1-e- λ td
SIL 1
SIL 2
SIL 3
ISO 62061
N/A
ISO 13849-1-2006PL
CCF=>65
Each Channel with MTTFd of:
3<=MTTFd<10 4*10-5 > λ > 10-5
10<=MTTFd<30 10-5 > λ > 4*10-6
30<=MTTFd<100 4*10-6 > λ > 10-6
Years 1/Hour
D= Faults to danger D*=Faults detected
1MTTFd Chnl= Σ
N
i=1
DC avg probability of fault discovery as % of occurrence
Low 60% <= DC < 90%Med 90% <= DC < 99%High 99% <= DC
[(Ddi Ddi) λdi]*
(t)
(t)
If t=1/λ then f = 63%d (t)
d
Σ λdii-1
N= i-1
N
Σ
35
Design with ISO 13849page 45110401
Circular CalculatorCalculation Estimate by PL Wheel
Channel MTTFd of 30 yearsDC High (Cat4)CCF ≥ 65
Align 30 years in disk’s bottom window
Locate Characteristic in slot Cat 4 DC High 9.54
Identify color and locateExponent 10-8
Control System is :9.54x10-8 equal to PLe
Design with ISO 13849page 46110401
from BGIA
Design with ISO 13849page 47110401
Safety Evaluation Tool
Required Achieved
Design with ISO 13849page 48110401
PAScal Demo Version 1.5.2
Design with ISO 13849page 49110401
Example of the “spectrum” within a given category•The dedicated PLC monitors the function of the three photoelectric sensors and the follower relay K1•Since the PLC is not a Serial device in the system, i.e. its failure does not result in the loss of the safety function, its MTTFd is not included in the safety channel calculation•MTTFd of the PLC is 50 years and is >2x the MTTFd of the system being monitored, it meets the minimum requirement for a test component for this system
•The Type 2 Safety Light Curtain is certified by a Third Party Test Laboratory to meet the required standards and is certified as a PLd safety component.•The Safety Interface module is a certified PLe safety component
•The solenoid valve is a Well Tried component with a MTTFd of 100 years at this operation rate
•See following page for estimated PLr
P.E. Switched Output
PLC
Safety Light Curtain Type 2
PLC Q1
SIM Cat 4
40
Design with ISO 13849page 50110401
System Performance LevelComparison of Three P.E. and PLC
vs.Type 2 SLC and SIM
At the end of 20 years of use, the P.E. and PLC has a 44% chance of failure to danger, while the Type 2 SLC with SIM has a 6.6% failure rate Note: Some of the data is estimated and is intended only as an example of the impact of multiple series components and DC coverage in a Cat 2 configuration.
Cat 2 DCavg Low
Cat 2 DCavg Med
3 P.E. with PLC monitor.
Type 2 SLC with SIM.
Design with ISO 13849page 51110401
Appendix A• References
– BGIA Report 2/2008e– ISO 13849-1-2006– BGIA Report 6/2004 “Untersuchung des Alterungsprozesses
von hydraulischen Vegeventilen” (Study of the ageing process of hydraulic valves)
• Links to Calculation Programs– BGIA FIA Performance Level Calculator (Disc Calculator
• http://www.dguv.de/ifa/en/pra/drehscheibe/index.jsp– BGIA FIA SISTEMA “Safety Integrity Software Tool for the
Evaluation of Machine Applications”• http://www.dguv.de/ifa/en/pra/softwa/sistema/index.jsp
– Siemens “Safety Evaluation Tool”• https://eb.automation.siemens.com/registration/login.aspx?ret=https
%3a%2f%2feb.automation.siemens.com%2fspice%2fsid%2fmain%2fsid.jsf
– Pilz Demo copy of PAScal• http://www.pilz.com/login.jsp?restricted=true
top related