PROFIsafe and Trends - Pete Brown

824 views

Published on

What is PROFIsafe and how does it work?

“The condition of being safe; freedom from danger, risk, or
injury.”
In the UK (and Europe) this can cover many areas and industries, for example:
Supply of Machinery (Safety) Regulations
Electromagnetic Compatibility Regulations
Electrical Equipment (Safety) Regulations
Pressure Equipment Regulations
Simple Pressure Vessels (Safety) Regulations
Equipment and Protective Systems Intended for Use in Potentially
Explosive Atmospheres Regulations
Lifts Regulations
Medical Devices Regulations
Gas Appliances (Safety) Regulations

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
824
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
18
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

PROFIsafe and Trends - Pete Brown

  1. 1. What is PROFIsafe and how does it work? Pete Brown Siemens I CS
  2. 2. What do we mean by “Safety” 2 “The condition of being safe; freedom from danger, risk, or injury.” In the UK (and Europe) this can cover many areas and industries, for example: Supply of Machinery (Safety) Regulations Electromagnetic Compatibility Regulations Electrical Equipment (Safety) Regulations Pressure Equipment Regulations Simple Pressure Vessels (Safety) Regulations Equipment and Protective Systems Intended for Use in Potentially Explosive Atmospheres Regulations Lifts Regulations Medical Devices Regulations Gas Appliances (Safety) Regulations Important: It is essential to have some form of risk assessment / risk analysis e.g. HAZAN / HAZID / HAZOP / RA to ISO 12100 Peter Brown / What is PROFIsafe?
  3. 3. PROFIsafe – The Vision 3 F-I/O F-Host/FPLC Standard-Host/PLC Standard-I/O Profibus DP Repeater Coexistence of standard and failsafe communication DP/PA PG/ES with secure access e.g. Firewall Standard-I/O F-Gateway TCP/IP Engineering Tool F = Failsafe Peter Brown / What is PROFIsafe? F-Sensor F-FieldDevice F-Actuator other SafetyBus Master-Slave Assignment
  4. 4. Cyclic Communication 4 F-Host / FPLC Bus cycle 1 1:1 Communication relationship between master and slave 2 Laserscanner Peter Brown / What is PROFIsafe? Standard-I/O F-I/O Drive with integrated Safety
  5. 5. PROFIsafe – ISO/OSI Model 5 e.g.. Diagnostics Safety Input Safety Control Safety Output Standard Control StandardI /O Safety-Layer Safety-Layer Safety-Layer 7 7 7 7 7 2 2 2 2 2 1 1 1 1 1 "Black Channel": ASICs, Links, Cables, etc. Not safety relevant Non safety critical functions, e.g. diagnostics "PROFIsafe": Safety critical communications systems: Addressing, Watch Dog Timers, Sequencing, Signature, etc. Safety relevant, Not part of the PROFIsafe: Safety I/O / Safety Control Systems Peter Brown / What is PROFIsafe?
  6. 6. PROFIsafe – Add-on Strategy 6 Standard engineering tool STEP 7 Failsafe engineering Tool Distributed Safety Standard CPU Failsafe Application Program F-Hardware Standard Remote I/O Standard PROFIBUS DP Peter Brown / What is PROFIsafe? Failsafe I/O Modules PROFIsafe
  7. 7. PROFIsafe - Program 7 Coexistence of standard program and safetyrelated program on one CPU Changes to the standard program have no effect on the integrity of the safety-related program section Standard program Safety program Standard program Peter Brown / What is PROFIsafe? Back-up
  8. 8. PROFIsafe – Coded Processing 8 Coded Processing Time redundancy and diversity replace complete redundancy Operators A, B Operation C Output AND Coding Comparison Stop by D /C OR Diverse Operators /A, /B Diverse Operation Time redundancy Peter Brown / What is PROFIsafe? D = /C Diverse Output Time
  9. 9. PROFIsafe - Introduction 9 Safety-oriented communication via PROFIsafe First standard of communication in accordance with safety standard IEC 61508 PROFIsafe supports safe communication for the open standard PROFIBUS and PROFINET The PROFIsafe meets possible faults like address error, delay, data loss with Fail-safe data Standard data PROFIsafe layer PROFIBUS PROFINET Peter Brown / What is PROFIsafe? Standard data PROFIsafe layer Standard bus protocol Standard bus protocol PROFIsafe supports standard- and failsafe Communication by one medium Fail-safe data “Black channel" Serial numeration of PROFIsafe-telegram Time monitoring Authenticity monitoring via unique addresses Optimized CRC-checking
  10. 10. PROFIsafe - Introduction 10 Overview: Possible Errors and detection mechanism Remedy: Failure type: Repetition Deletion Insertion Resequencing Data Corruption Delay Masquerade (standard message mimics failsafe) Revolving memory failure within switches Peter Brown / What is PROFIsafe? Consecutive Number Time Out with Receipt Codename for Sender and Receiver Data Consistency Check
  11. 11. PROFIsafe safety PDU 11 Standard PROFINET IO messages S F Input/Output Data S S Status / Control Byte S CRC2 across F I/O data, Status or Control Byte, F-Parameter, and Vconsnr_h Max. 12 / 123 Bytes 1 Byte PROFIsafe container = Safety PDU Peter Brown / What is PROFIsafe? 3/4 Bytes *) *) 3 Bytes for a max. of 12 Byte F I/O data 4 Byte for a max. of 123 Bytes F I/O data
  12. 12. Extended Consecutive Number (24 Bit) 12 Synchronization via "Toggle Bit" Example: Status Byte F Input data CRC2 across F Input data, Status Byte, F-Parameter, and Vconsnr_d Max. 12 / 123 Bytes CRC1 Vconsnr_d Toggle_h (Bit 5 of the Control Byte) Increment 1 R_cons_nr (Bit 2 of the Control Byte) Reset . (F-Device) Consecutive Number (not transmitted) 0,1...0FFFFFFh 1 Byte 3 / 4 Bytes Change Toggle_d 0 1or 1 0 when incremented 24/32 Bit CRC Signature include Vconsnr_d within CRC2 calculation (see calculation details) 3 3 Bytes Bytes 24 Bit consecutive number Virtual consecutive numbering = pa Peter Brown / What is PROFIsafe?
  13. 13. PROFIsafe - Introduction 13 Which protocol must be supported ? Encapsulation IOC Local bus FHost PROFINET PROFINETSWITCH Modular Device PROFINET -IO Peter Brown / What is PROFIsafe? PROFIBUS Device F D O Encapsulation Encapsulation Sensor Fail-safe digital input Fail-safe digital output PROFINET IO-Controller Link F F D D I O Device F-DI F-DO IO-C PROFIBUS. PROFIBUS Actuator
  14. 14. PROFIsafe - Introduction 14 Which protocol version applies when ? Goal: 100% compatability A PROFIsafe slave which supports the v2 mode must be able to replace an older version of this PROFIsafe slave which only supports the v1 mode without the need of any adaption PROFIsafe V2 Slave used in PROFIBUS network only PROFINET network only PROFIBUS / PROFINET network Peter Brown / What is PROFIsafe? Protocol with 8Bit-Counter (= PROFIsafe V1 mode) Protocol with 24Bit-Counter (= PROFIsafe V2 mode) mandatory mandatory - mandatory mandatory mandatory
  15. 15. PROFIsafe - Introduction 15 Which protocol version applies when ? PROFINET – PROFIsafe V2 Proxy Only DP Slave V2 I/OI/O-Device V2 DP Master PROFIBUS – PROFIsafe V1 or V2 DP Slave V1 DP Slave V2 DP Slave V1 V1 = PROFIsafe Profil V1 V2 = PROFIsafe Profil V2 Peter Brown / What is PROFIsafe?
  16. 16. Handling Functional Safety Modern Requirements and Best Practice
  17. 17. ‘Drivers’ for Safety 17 Legislation: “I need to do something.…..but what?” Fear: “What are my responsibilities and am I doing enough…. Or too much?” Compliance: “Can I prove I have done as much as is reasonably practicable” Operational Efficiency: “Can I produce products safely with maximum efficiency?” Cost: “Am I getting the best return on my investment” (FFI) Support: “I want advice based on solutions not products” Peter Brown / Handling Functional Safety
  18. 18. What is Functional Safety? 18 Functional safety is part of the overall safety that depends on a system or equipment operating correctly in response to its inputs. Functional safety is achieved when every specified safety function is carried out and the level of performance required of each safety function is met. Functional safety relies on active systems. Safety achieved by measures that rely on passive systems is not functional safety. Safety Instrumented System (SIS) Inputs Outputs Reactor Peter Brown / Handling Functional Safety Basic Process Control System (BPCS) Inputs Outputs
  19. 19. Systematic Failures 19 Definition of a systematic failure: failure related in a deterministic way to a certain cause, which can only be eliminated by a modification of the design or of the manufacturing process, operational procedures, documentation or other relevant factors Examples of systematic failures include human error in: The safety requirement specification; The design, manufacture, installation or operation of the hardware; The design and / or implementation of the software. Peter Brown / Handling Functional Safety
  20. 20. International Standards 20 Define / measure the functional safety required / achieved using prescribed parameters Manage the design process of the required functional safety in a prescribed manner Manage the design activities using a prescribed process Realise the design using a prescribed design methodology Produce and maintain prescribed documents relating to the specification, realisation, verification, modification, installation, commissioning and validation Peter Brown / Handling Functional Safety
  21. 21. ‘Best Practice’ Focus Product Manufacture 21 IEC 61508 Harmonized standards IEC 61511 Relevant good practice IEC 62061 ISO 13849 Focus Integration EN 954 (until 2011) Process Industry Peter Brown / Handling Functional Safety Manufacturing Industry
  22. 22. Basic Lifecycle Concept 22 Functional Safety Control of dangerous failures during operation through Robust Design Control and avoidance of systematic failures through Robust Processes Safety Lifecycle Requirement Engineering / Design System Architecture Failure Probability Peter Brown / Handling Functional Safety Planning / Processes Safety Management Verification / Responsibilities
  23. 23. Verification and Validation 23 Verification (in general) = “Are you making it right?" Verification is the process used to evaluate whether or not a system complies with regulations / specifications / conditions imposed at the start of a phase. Validation (in general) = "Are you making the right thing?“ Validation is the process of establishing evidence (including functional testing) that provides a high degree of assurance that a system accomplishes its intended requirements (Fit for purpose). Peter Brown / Handling Functional Safety
  24. 24. Simplified Safety Lifecycle 24 Hazard and Risk Assessment Installation, Validation and Start-up Operation and Maintenance Modernisation and Upgrade Peter Brown / Handling Functional Safety Verification Design and Engineering
  25. 25. Example Specific Requirements 25 Support in setting up management of functional safety Support in designing or standardising a safety plan (defining responsibilities) Understanding the reliability calculations to ensure they are correct Defining suitable mission times for the safety functions Understanding limitations of safety circuits and what they mean (e.g. separate wiring) Understanding fault exclusions and how they should be used Has a Failure Mode and Effect Analysis (FMEA) been done (or similar)? Have all the appropriate elements been verified? Has validation been completed and all the appropriate documentation created? Peter Brown / Handling Functional Safety
  26. 26. Consultancy / Services 26 Process Industry Manufacturing Industry Manufacturing Industry IEC 61511 IEC 62061 ISO 13849-1 Management and assessment of functional safety and audits Management and assessment of functional safety Management and assessment of functional safety Safety planning Safety planning Safety planning Hazard and risk assessment (HAZID / HAZOP) Hazard and risk assessment (ISO 12100) Hazard and risk assessment (ISO 12100) Allocations of safety functions to protection layers SIL assessments PL assessments Safety requirement specifications Safety requirement specifications Assessment of safety-related application code Assessment of safety-related application code Verification & Validation Verification & Validation Modification Modification Training Training SIL assessments (risk graph, LOPA) Safety requirement specifications Assessment of safety-related application code Verification & Validation Modification Training Peter Brown / Handling Functional Safety
  27. 27. Questions? 27 27 Author / Title of the presentation

×