Functional safety standards_for_machinery

Drives & Controls 2014 - Functional Safety of Machinery 1
Click to edit
Master text
styles
Functional Safety
Standards for
Machinery
Stewart Robinson
MIET MInstMC

Current Functional Safety Standards for Machinery
TÜV SÜD Product Service Slide 2Drives & Controls 2014 - Functional Safety of Machinery
• Since 2007 there has been a choice of harmonised standards
to use for Functional Safety in the machinery sector.
• The choices are:
– ISO standard EN ISO 13849-1
– IEC standard EN 62061.
• Whilst both standards have essentially the same basic
requirements there are differences in the detail of these
standards.

Current Functional Safety Standards for Machinery
• The intention is that the standards will be combined into a
single standard at some point?
• The new standard will be ISO/IEC 17305
• This presentation will explain some of the techniques and
approaches that can be used now to comply with the current
standards whilst preparing for the introduction of a single
standard.

ISO13849-1 and IEC 62061
4Drives & Controls 2014 - Functional Safety of Machinery

References

Standards for Functional Safety
Source: BGIA Report 2/2008e

EN ISO 13849-1
Source: BGIA Report 2/2008e

ISO/IEC Technical reports
• Technical reports were issued by both the IEC and ISO in 2010
• ISO/DTR 23849 and IEC/TR 62061-1
• “Safety-related control systems can be designed to achieve acceptable levels of
functional safety using either of the two standards by integrating non-complex
SRECS (safety-related electrical control system) subsystems or SRP/CS (safety-
related parts of a control system) designed in accordance with IEC 62061 and
ISO 13849-1, respectively.
• “Both standards can also be used to provide design solutions for complex
SRECS and SRP/CS by integrating electrical/electronic/programmable electronic
subsystems designed in accordance with IEC 61508.”

ISO/IEC Technical reports
• “Both standards currently have value to users in the machinery sector and
benefits will be gained from experience in their use. Feedback over a reasonable
period on their practical application is essential to support any future initiatives to
move towards a standard that merges the contents of both IEC 62061 and
ISO 13849-1.”
• “Differences exist in detail and it is recognized that some concepts (e.g.
functional safety management) will need further work to establish equivalence
between respective design methodologies and some technical requirements.”

TÜV SÜD Product Service
IEC 62061 and ISO 13849 A cross reference guide
1 Concept
3 Hazard and risk analysis
4 Overallsafety requirements
5
Overallsafety requirements
allocation
2 Overallscope definition
Phases
1-5
Phases
6-16
This guide sets out to explain where
the details for different safety
lifecycle activities can be found in
the standards for the Machinery
Sector:
IEC 62061 and ISO 13849.
The overall safety lifecycle model
contained in IEC 61508 has been
used as the reference point.
To navigate click on one of the
buttons below and then click
on an individual phase
9 E/E/PE system safety
requirementsspecification
10 E/E/PE
Safety-related systems
Realisation
(see E/E/PE system
safety lifecycle)
6
Overall
operation
and
maintenan
ce planning
11 Other risk reduction
measures
Specificationand
Realisation
7
Overall
safety
validati
on
plannin
g
8
Overall
installation
and
commissionin
g planning
Overall planning
12 Overall installation and
commissioning
13 Overall safety validation
14 Overall operation,
maintenanceand repair
16 Decommissioning or
disposal
15 Overall modification
and retrofit

Home
Phases
1-5
Phases
6-16
5
Objectives
To allocate the safety functions, contained in the specification for the overall safety requirements
(both the safety functions requirements and the safety integrity requirements), to the designated
E/E/PE safety related systems and other risk reduction measures; To allocate a safety integrity
level to each safety function to be carried out by an E/E/PE safety-related system.
IEC 61508
Part 1 Clauses
7.6.1
7.6.2
IEC 62061
Clause 5
5.2.1.3 – Specifications
for each SRCF shall
comprise the functional
requirement (5.2.3)and
the safety integrity
requirement (5.2.4)
ISO 13849
Clause 4
4.2.2 – For each safety
function the
characteristics and the
required performance
level shall be specified
Overall safety requirements allocation

EN ISO 13849-1 Annex A risk graph

SIL Assignment Matrix
• Probability of occurrence of harm (Cl)
Cl = Fr + Pr + Av
Frequency
Fr
Probability of occurence
Pr
Avoidance
Av
≤ 1 per hr 5 Common 5
<1 per hr to ≥ I day 5 Likely 4
< 1per day to ≥ 1 per 2 weeks 4 Possible 3 Impossible 5
< 1 per 2 wks to ≥ 1 per yr 3 Rarely 2 Rarely 3
< 1 per yr 2 Negligible 1 Likely 1

PLr Determination by matrix
Consequences Severity
Class Cl
4-5 6-7 8-9 10-11 12-13 14-15
Death, losing
an eye or arm
4 PLc PLc PLd PLd PLe PLe
Permanent,
losing fingers
3 PLc PLc PLc PLd PLd PLe
Reversible,
medical attn.
2 PLb PLb PLb PLc PLd PLd
Reversible, first
aid
1 PLa PLa PLb PLb PLc PLc
May require recalibration!
For discussion/consideration

PL and SIL
EN ISO 13849-1
Performance Level
(PL)
Average
probability of a
dangerous failure
per hour [1/h]
EN 62061
Safety Integrity
Level (SIL)
a ≥ 10-5 to < 10-4 no special safety
requirements
b ≥ 3 x 10-6 to < 10-5 1
c ≥ 10-6 to < 3 x 10-6 1
d ≥ 10-7 to < 10-6 2
e ≥ 10-8 to < 10-7 3

Home
Phases
1-5
Phases
6-16
10
Objectives
To create E/E/PE safety related systems conforming to the specification for the E/E/PE system
safety requirements (comprising the specification for the E/E/PE system safety functions
requirements and the specification for the E/E/PE system safety integrity requirements).
IEC 61508
Part 1 Clauses
7.11.1; 7.11.2
Part 2 for Hardware
Part 3 for Software
IEC 62061
Included in Clause 6.
Control of systematic
faults is part of this
clause.
SRECS architecture is
described by subsystems
detailing Hardware Fault
Tolerance and Diagnostic
Coverage
ISO 13849
Clause 4.4 gives the
overall requirements.
Clause 6 describes
designated architectures
as categories (B, 1 – 4).
Categories state the
required behaviour of a
SRP/CS in respect of it’s
resistance to faults etc.
Realisation – Hardware design

EN ISO 13849-1 Categories
Designated Architectures
Cat B & Cat 1
Cat 2
Cat 3 Cat 4

EN 62061 Architectures
Subsystem A
Subsystem B
Subsystem C
Subsystem D

PFHD of the Function
The PFHD of the Function is the sum of the PFHD of each of
the SRP/CS (subsystems) that make up the Function
DssnDssDssDssDtotal PFHPFHPFHPFHPFH  ....321
Sensor Logic Actuator
Sensor
Sensor
Input Logic Output
Actuator
Actuator

Series alignment of Subsystems
DactuatoricDDsensorDtotal PFHPFHPFHPFH  log
SIL or PL

PFH Verification
DeDeDeDssD TDCTDC   })]1([
2
]2{[)1( 1
222 2
hPFH DD 1 
8760
1


d
D
MTTF
PFHCategory 1
Or
Subsystem A
Subsystem D

Verification by software – Object types
SISTEMA recognizes seven different types of objects.
These can be regarded as the building- blocks from which a project is created.

IFA SISTEMA – PL – EN ISO 13849-1

Pilz PAScal – SIL – EN 62061 (and PL – EN 13849)

Out of control
Why control systems go wrong and how to prevent failure?
(Out of control, 2nd edition 2003, Health & Safety Executive HSE – UK)

Systematic failure
• Failure related in a deterministic way to a certain cause, which can only be
eliminated by a modification of the design or of the manufacturing process,
operational procedures, documentation or other relevant factors
– the safety requirements specification,
– the design, manufacture, installation, operation of the hardware, and
– the design, implementation, etc., of the software.
• Further information can be found in:
– EN ISO 13849-1, in particular in Annex G
– EN 62061, in particular Clause 6.4

Check Lists
Item Reference Yes No
Have all risks been reduced as far as possible by safe design
of the machine, and the use of fixed safeguards etc?
EN ISO 12100:2010
EN 953:1997
Have the consequences of systematic failures been fully taken
into account?
EN ISO 13849-1 Annex G
EN 62061 Clause 6.4
Have all risks that are to be reduced by Safety Related
Controls been identified?
EN ISO 13849-1 Clause 4.4
EN 62061 Clause 5.2
Have the Safety Requirements for each Safety Related Control
Function been correctly specified in terms of functional
requirements?
EN ISO 13849-1 Clause 5
EN 62061 Clause 6.6.2.1.6
Have the Safety Requirements for each Safety Related Control
Function been correctly specified in terms of performance
requirements?
EN ISO 13849-1 Clause 4.3 and Annex A
EN 62061 Clause 6.6.2.1.6 and Annex A

Check List part 2
Item Reference Yes No
Has an appropriate architecture for the design of the safety
related controls been chosen?
EN ISO 13849-1 Clause 6
EN 62061 Clauses 6.6.2.1.2,3,7
Is performance data available for safety related components from:
1) The component manufacturer.
2) Reliable generic data
EN ISO 13849-1 Clause 4.5.2 and
Annexes C and D
EN 62061 Clause 6.7.7.2
Has the Diagnostic Coverage provided by the automatic tests
been correctly established?
EN ISO 13849-1 Annex E
EN 62061 Clause 6.8
Have the effects of Common Cause Errors been examined and
adequate measures to mitigate the consequences put in place?
EN ISO 13849-1 Annex F
EN 62061 Clause 6.7.8.3 and Annex F
Has the performance of the safety related control functions been
verified as meeting the required PL or SIL?
EN ISO 13849-1 Clause 4.7
EN 62061 Clause 6.6.3
Have the requirements for validation been adequately planned
and prepared?
EN ISO 13849-2
EN 62061 Clause 8

Thank you for listening
For more information
please visit our stand:
D261
TÜV SÜD Drives & Controls 2014 - Functional Safety of Machinery Slide 29

Functional safety standards_for_machinery

More Related Content

What's hot

Similar to Functional safety standards_for_machinery

More from ie-net ingenieursvereniging vzw

Recently uploaded

Functional safety standards_for_machinery