functional safety standards for machinery miet minstmc · current functional safety standards for...

Drives & Controls 2014 - Functional Safety of Machinery 1

Click to edit

Master text

styles

Functional Safety

Standards for

Machinery

Stewart Robinson

MIET MInstMC

Current Functional Safety Standards for Machinery

TÜV SÜD Product Service Slide 2 Drives & Controls 2014 - Functional Safety of Machinery

• Since 2007 there has been a choice of harmonised standards

to use for Functional Safety in the machinery sector.

• The choices are: – ISO standard EN ISO 13849-1

– IEC standard EN 62061.

• Whilst both standards have essentially the same basic

requirements there are differences in the detail of these

standards.

Current Functional Safety Standards for Machinery


• The intention is that the standards will be combined into a

single standard at some point?

• The new standard will be ISO/IEC 17305

• This presentation will explain some of the techniques and

approaches that can be used now to comply with the current

standards whilst preparing for the introduction of a single

standard.

ISO13849-1 and IEC 62061

4 Drives & Controls 2014 - Functional Safety of Machinery

References


Standards for Functional Safety

Source: BGIA Report 2/2008e


EN ISO 13849-1

Source: BGIA Report 2/2008e


ISO/IEC Technical reports


• Technical reports were issued by both the IEC and ISO in 2010

• ISO/DTR 23849 and IEC/TR 62061-1

• “Safety-related control systems can be designed to achieve acceptable levels of

functional safety using either of the two standards by integrating non-complex

SRECS (safety-related electrical control system) subsystems or SRP/CS (safety-

related parts of a control system) designed in accordance with IEC 62061 and

ISO 13849-1, respectively.

• “Both standards can also be used to provide design solutions for complex

SRECS and SRP/CS by integrating electrical/electronic/programmable electronic

subsystems designed in accordance with IEC 61508.”

ISO/IEC Technical reports


• “Both standards currently have value to users in the machinery sector and

benefits will be gained from experience in their use. Feedback over a reasonable

period on their practical application is essential to support any future initiatives to

move towards a standard that merges the contents of both IEC 62061 and

ISO 13849-1.”

• “Differences exist in detail and it is recognized that some concepts (e.g.

functional safety management) will need further work to establish equivalence

between respective design methodologies and some technical requirements.”

TÜV SÜD Product Service

IEC 62061 and ISO 13849 A cross reference guide

1 Concept

3 Hazard and risk analysis

4 Overall safety requirements

5 Overall safety requirements

allocation

2 Overall scope definition

Phases 1-5

Phases 6-16

This guide sets out to explain where the details for different safety lifecycle activities can be found in the standards for the Machinery Sector: IEC 62061 and ISO 13849. The overall safety lifecycle model contained in IEC 61508 has been used as the reference point.

To navigate click on one of the buttons below and then click on an individual phase

9 E/E/PE system safety requirements specification

10 E/E/PE Safety-related systems

Realisation (see E/E/PE system

safety lifecycle)

6

Overall operation

and maintenance planning

11 Other risk reduction measures

Specification and Realisation

7

Overall safety

validation

planning

8

Overall installation

and commissionin

g planning

Overall planning

12 Overall installation and commissioning

13 Overall safety validation

14 Overall operation, maintenance and repair

16 Decommissioning or disposal

15 Overall modification and retrofit


Home Phases

1-5 Phases

6-16

5

Objectives To allocate the safety functions, contained in the specification for the overall safety requirements (both the safety functions requirements and the safety integrity requirements), to the designated E/E/PE safety related systems and other risk reduction measures; To allocate a safety integrity level to each safety function to be carried out by an E/E/PE safety-related system.

IEC 61508

Part 1 Clauses 7.6.1 7.6.2

IEC 62061

Clause 5 5.2.1.3 – Specifications

for each SRCF shall comprise the functional requirement (5.2.3)and

the safety integrity requirement (5.2.4)

ISO 13849

Clause 4 4.2.2 – For each safety

function the characteristics and the required performance level shall be specified

Overall safety requirements allocation

EN ISO 13849-1 Annex A risk graph


SIL Assignment Matrix


• Probability of occurrence of harm (Cl)

Cl = Fr + Pr + Av

Frequency

Fr

Probability of occurence

Pr

Avoidance

Av

≤ 1 per hr 5 Common 5

<1 per hr to ≥ I day 5 Likely 4

< 1per day to ≥ 1 per 2 weeks 4 Possible 3 Impossible 5

< 1 per 2 wks to ≥ 1 per yr 3 Rarely 2 Rarely 3

< 1 per yr 2 Negligible 1 Likely 1

PLr Determination by matrix


Consequences Severity Class Cl

4-5 6-7 8-9 10-11 12-13 14-15

Death, losing

an eye or arm 4 PLc PLc PLd PLd PLe PLe

Permanent,

losing fingers 3 PLc PLc PLc PLd PLd PLe

Reversible,

medical attn. 2 PLb PLb PLb PLc PLd PLd

Reversible, first

aid 1 PLa PLa PLb PLb PLc PLc

May require recalibration!

For discussion/consideration

PL and SIL


EN ISO 13849-1

Performance Level

(PL)

Average

probability of a

dangerous failure

per hour [1/h]

EN 62061

Safety Integrity

Level (SIL)

a ≥ 10-5 to < 10-4 no special safety

requirements

b ≥ 3 x 10-6 to < 10-5 1

c ≥ 10-6 to < 3 x 10-6 1

d ≥ 10-7 to < 10-6 2

e ≥ 10-8 to < 10-7 3


Home Phases

1-5 Phases

6-16

10

Objectives To create E/E/PE safety related systems conforming to the specification for the E/E/PE system safety requirements (comprising the specification for the E/E/PE system safety functions requirements and the specification for the E/E/PE system safety integrity requirements).

IEC 61508

Part 1 Clauses 7.11.1; 7.11.2

Part 2 for Hardware Part 3 for Software

IEC 62061

Included in Clause 6. Control of systematic faults is part of this

clause. SRECS architecture is

described by subsystems detailing Hardware Fault Tolerance and Diagnostic

Coverage

ISO 13849

Clause 4.4 gives the overall requirements.

Clause 6 describes designated architectures as categories (B, 1 – 4).

Categories state the required behaviour of a SRP/CS in respect of it’s resistance to faults etc.

Realisation – Hardware design

EN ISO 13849-1 Categories

Designated Architectures


Cat B & Cat 1

Cat 2

Cat 3 Cat 4

EN 62061 Architectures


Subsystem A Subsystem B

Subsystem C

Subsystem D

PFHD of the Function


The PFHD of the Function is the sum of the PFHD of each of

the SRP/CS (subsystems) that make up the Function

DssnDssDssDssDtotal PFHPFHPFHPFHPFH ....321

Sensor Logic Actuator

Sensor

Sensor

Input Logic Output

Actuator

Actuator

Series alignment of Subsystems


DactuatoricDDsensorDtotal PFHPFHPFHPFH log

SIL or PL

PFH Verification


DeDeDeDssD TDCT

DC })]1([2

]2{[)1( 1

222 2

hPFH DD 1

8760

1

d

DMTTF

PFHCategory 1

Or

Subsystem A

Subsystem D

Verification by software – Object types

SISTEMA recognizes seven different types of objects.

These can be regarded as the building- blocks from which a project is created.


IFA SISTEMA – PL – EN ISO 13849-1


Pilz PAScal – SIL – EN 62061 (and PL – EN 13849)


Out of control

Why control systems go wrong and how to prevent failure?

(Out of control, 2nd edition 2003, Health & Safety Executive HSE – UK)


Systematic failure

• Failure related in a deterministic way to a certain cause, which can only be

eliminated by a modification of the design or of the manufacturing process,

operational procedures, documentation or other relevant factors

– the safety requirements specification,

– the design, manufacture, installation, operation of the hardware, and

– the design, implementation, etc., of the software.

• Further information can be found in:

– EN ISO 13849-1, in particular in Annex G

– EN 62061, in particular Clause 6.4


Check Lists


Item Reference Yes No Have all risks been reduced as far as possible by safe design of the machine, and the use of fixed safeguards etc?

EN ISO 12100:2010

EN 953:1997

Have the consequences of systematic failures been fully taken

into account?

EN ISO 13849-1 Annex G

EN 62061 Clause 6.4

Have all risks that are to be reduced by Safety Related

Controls been identified?

EN ISO 13849-1 Clause 4.4

EN 62061 Clause 5.2

Have the Safety Requirements for each Safety Related Control

Function been correctly specified in terms of functional

requirements?

EN ISO 13849-1 Clause 5

EN 62061 Clause 6.6.2.1.6

Have the Safety Requirements for each Safety Related Control

Function been correctly specified in terms of performance

requirements?

EN ISO 13849-1 Clause 4.3 and Annex A

EN 62061 Clause 6.6.2.1.6 and Annex A

Check List part 2


Item Reference Yes No

Has an appropriate architecture for the design of the safety

related controls been chosen?

EN ISO 13849-1 Clause 6

EN 62061 Clauses 6.6.2.1.2,3,7

Is performance data available for safety related components from:

1) The component manufacturer.

2) Reliable generic data

EN ISO 13849-1 Clause 4.5.2 and

Annexes C and D

EN 62061 Clause 6.7.7.2

Has the Diagnostic Coverage provided by the automatic tests

been correctly established?

EN ISO 13849-1 Annex E

EN 62061 Clause 6.8

Have the effects of Common Cause Errors been examined and

adequate measures to mitigate the consequences put in place?

EN ISO 13849-1 Annex F

EN 62061 Clause 6.7.8.3 and Annex F

Has the performance of the safety related control functions been

verified as meeting the required PL or SIL?

EN ISO 13849-1 Clause 4.7

EN 62061 Clause 6.6.3

Have the requirements for validation been adequately planned

and prepared?

EN ISO 13849-2

EN 62061 Clause 8


Thank you for listening

For more information

please visit our stand:

D261

TÜV SÜD Drives & Controls 2014 - Functional Safety of Machinery Slide 29

functional safety standards for machinery miet minstmc · current functional safety standards for...

Documents