SlideShare a Scribd company logo

Safety Standards for Machinery Control Systems

V
Vo Quoc Hieu

Safety of machinery

Education
1 of 19
Download to read offline
Safety of machinery Notes on the application of standards EN 62061 and EN ISO 13849-1 Automation
I M P R I N T Safety of machinery Notes on the application of standards EN 62061 and EN ISO 13849-1 German Electrical and Electronic Manufacturer’s Association Stresemannallee 19 60596 Frankfurt am Main Germany Professional Association Automation Specialist Area of Switchgears, Switchgears, Industrial Controls Technical Committee Safety System in Automation Autor: Gunther Bernd Phone: +49 69 6302-323 Fax: +49 69 6302-386 Mail: bernd@zvei.org www.zvei.org/automaton Despite utmost care no liability for contents June 2007
Safety of machinery Notes on the application of standards EN 62061 and EN ISO 13849-1 Are you a machine manufacturer or system integrator? Do you upgrade machinery? This is what you need to consider in future in terms of functional safety! Grundsätzliche Vorgehensweise um die Anforderungen der Maschinenrichtlinie zu erfüllen What do I need to do to place a machine on the market in compliance with the directives? The EU Machinery Directive stipulates that machinery should not present a risk (risk assessment in accordance with EN 1050 or EN ISO 14121-1). Given that there is no such thing as zero risk in technology, the aim is to achieve an acceptable residual risk. If safety is dependent on control systems, these must be designed so that the probability of functional errors is sufficiently low. If this isn’t possible, any errors that occur shall not lead to the loss of the safety function. To meet this requirement it makes sense to use harmonised standards that have been created in accordance with a mandate from the European Commission and are published in the Official Journal of the European Communities (presump- tion of conformity). This is the only way to avoid spending extra time and effort demonstrating conformity in the event of a claim. The two standards EN 62061 and EN ISO 13849-1 are compared below. 2. Warum reicht die heutige EN 954-1 zukünftig nicht mehr aus ? In the past, the safety-related parts of a machine’s control system were designed in accordance with EN 954-1. This was based on the calculated risk (formed into categories). The aim was to set an appropriate system behaviour (“control class”) against a category (deterministic approach). Once electronics, and programmable electronics in particular, had made their mark on safety technology, safe- ty could no longer be measured purely in terms of the simple category system found in EN 954-1. Furthermore, it was unable to provide infor- mation on probability of failure (probabilistic approach). Help is now available from EN 62061 and EN ISO 13849-1, the successor standard to EN 954-1. 3 1. Basic procedure for complying with the requirements of the Machinery Directive 2. Why is today’s EN 954-1 not sufficient for the future?
EN ISO 13849-1: “Safety-related parts of control systems, Part 1: General principles for design” This standard may be applied to SRP/CS (safety-related parts of control systems) and all types of machinery, regardless of the type of technology and energy used (electrical, hydraulic, pneumatic, mechanical, etc.). EN ISO 13849-1 also lists special requirements for SRP/CS with pro- grammable electronic systems. EN 62061: “Functional safety of safety-related electrical, electronic and programmable electronic control systems” This standard defines requirements and gives recommendations for the design, integration and validation of safety-related electrical, electronic and programmable electronic control systems (SRECS) for machinery. It does not define requirements for the performance of non-electrical (e.g. hydraulic, pneumatic, electromechanical) safety-related control elements for machinery. 2. Warum reicht die heutige EN 954-1 zukünftig nicht mehr aus ? EN ISO 13849-1 is based on the familiar categories from EN 954-1:1996. It examines complete safety functions, including all the components invol- ved in their design. EN ISO 13849-1 goes beyond the qualitative approach of EN 954-1 to include a quantitative assessment of the safety functions. A performance level (PL) is used for this, building upon the categories. Components/devices require the following safety parameters: • Category (structural requirement) • PL: Performance level • MTTFd: Mean time to dangerous failure • B10d: Number of cycles by which 10% of a random sample of wearing components have failed dangerously 4 3. Scopes of the two standards 4. Brief overview of EN ISO 13849-1:
5 • DC: Diagnostic coverage • CCF: Common cause failure • TM: Mission time The standard describes how to calculate the performance level (PL) for safety-related parts of control systems, based on designated architectu- res, for the designated mission time TM. EN ISO 13849-1 refers any deviations to IEC 61508. Where several safe- ty-related parts are combined into one overall system, the standard des- cribes how to calculate the PL that can be achieved. For additional guidelines on validation EN ISO 13849-1 refers to Part 2, which was published at the end of 2003. This part provides information on fault considerations, maintenance, technical documentation and usage guidelines. The transition period from EN 954-1 to EN ISO 13849-1 is likely to end in October 2009. Until then, either standard may be app- lied. 2. Warum reicht die heutige EN 954-1 zukünftig nicht mehr aus ? EN 62061 represents a sector-specific standard under IEC 61508. It des- cribes the implementation of safety-related electrical and electronic con- trol systems on machinery and examines the overall lifecycle from the concept phase through to decommissioning. Quantitative and qualitative examinations of the safety-related control functions form the basis. The performance level is described through the safety integrity level (SIL). The safety functions identified from the risk analysis are divided into safe- ty subfunctions; these safety subfunctions are then assigned to actual devices, called subsystems and subsystem elements. Both hardware and software are handled this way. A safety-related control system is made up of several subsystems. The safety-related characteristics of these subsystems are described through parameters (SIL claim limit and PFHD). 5. Brief overview of EN 62061
Safety-related parameters for subsystems: • SILCL: SIL claim limit • PFHD: Probability of dangerous failure per hour • T1: Lifetime These subsystems may in turn be made up of various interconnected sub- system elements (devices) with parameters to calculate the subsystem’s corresponding PFHD value. Safety-related parameters for subsystem elements (devices): • ␭: Failure rate; for wearing elements: describe via the B10 value • SFF: Safe failure fraction On electromechanical devices the failure rate is indicated by the manu- facturer as a B10 value, based on the number of cycles. The time-based fai- lure rate and lifetime must be determined through the switching frequency for the respective application. 6 SIL Subsystem- element 1.1 ,T1 Subsystem- element 1.2 ,T1 DC, T2, Subsystem 1 (Sensor A) SILCL, PFHD,T1 Subsystem 1 Subsystem 2 (Sensor B) SILCL, PFHD,T1 Subsystem 3 (PLC to IEC 61508) SILCL, PFHD,T1 Subsystem 4 (Actuator) SILCL, PFHD,T1
7 Internal parameters to be established during design / construction for a subsystem comprised of subsystem elements: • T2: Diagnostic test interval • ␤: Susceptibility to common cause failure • DC: Diagnostic coverage • PFHD: The PFHD value of the safety-related control system is calcula- ted by adding the subsystems’ individual PFHD values. Users have the following options when designing a safety-related control system: • Use devices and subsystems that already comply with EN 954-1 and IEC 61508 or EN 62061. The standard specifies how to incorporate qualified devices when implementing safety func- tions. • Develop their own subsystems. – Programmable, electronic subsystems or complex subsystems: Apply IEC 61508. – Simple devices and subsystems: Apply EN 62061. The standard represents a comprehensive system for the implementation of safety-related electrical, electronic and programmable electronic con- trol systems. EN 62061 has been a harmonised standard since December 2005. EN 954-1, or alternatively EN ISO 13849-1, should be applied for non- electrical systems. 2. Warum reicht die heutige EN 954-1 zukünftig nicht mehr aus ? Step 1 – Risk assessment in accordance with EN 1050 / EN ISO 14121 It can be assumed that a hazard on a machine will result in harm sooner or later if safety measures are not put in place. Safety measures are a combination of these measures taken by the desi- gner and those implemented by the user. Measures taken at the design 6. Achieving safety, step-by-step – Basic procedure
8 phase are preferable to those implemented by the user, and generally they are also more effective. The designer must follow the sequence described below, bearing in mind the experience gained by users of similar machinery and information gai- ned from discussions with potential users (if this is possible): – Establish the limits and the intended use of the machinery; – Identify the hazards and any associated hazardous situations; – Estimate the risk for each identified hazard and hazardous situation; – Evaluate the risk and decide on the need for risk reduction. Step 2 – Define the measures required to reduce the calculated risks The objective is to reduce risk as much as possible, taking various factors into account. The process is iterative; making the best possible use of the available technologies it may be necessary to repeat the process several times in order to reduce the risk. When carrying out the process, the following priority ranking shall apply: 1. Safety of the machine in all phases of its lifetime; 2. The ability of the machine to perform its function; 3. User friendliness of the machine. Only then shall the machine’s manufacturing, operating and disassembly costs be taken into consideration. Yes END Hazard identification Risk estimation Risk evaluation Risk reductionMachinery safe? Limits of the machinery No Start Approach during the machine design Riskanalysis Riskassessment EN 1050 and EN ISO 14121
The hazard analysis and risk reduction process requires hazards to be elimina- ted or reduced through a hierarchy of measures: • Hazard elimination or risk reduction through design • Risk reduction through technical protection devices and potential additional protective measures • Risk reduction through the availability of user information about residual risk Step 3 – Risk reduction through control measures If safety-related control parts are used to control a protective measure in order to achieve the necessary risk reduction, the design of these control parts shall be an integral part of the whole design procedure for the machine. The safety- related control system provides the safety function(s) with a SIL or PL that achieves the necessary risk reduction. 9 Design and risk evaluation of the machine EN ISO 12100 Functional and safety requirements for safety related control systems Design and realisation of safety related electrical control systems EN 62061EN ISO 13849 Electrical safety aspects EN IEC 60204
10 Step 4 – Implementation of control measures using EN ISO 13849-1 or EN 62061 EN ISO 13849-1 1) Determination of the required performance level 2) Specification The specification of the functional requirements shall describe each safety function that is to be performed. Any interfaces with other control functions shall be defined and any necessary error reactions established. The required SIL or PL must be defined. 3) Design of the control architecture Part of the risk reduction process involves the definition of the machine’s safety functions. This includes the safety functions on the control system, e.g. to prevent unexpected start-up. When defining the safety functions it is always important to consider that a machine has different operating modes (e.g. automatic setup mode) and that the safety measures in these different modes may be totally different (e.g. safely limited speed in setup mode - two-hand in automatic mode). A safety function may be implemented via one or more safety-related control parts and several safety functions may be divided over one or more safety-related control parts (e.g. logic module, energy transmission element(s)). EN ISO 13849-1 EN 62061 EN 62061
11 The PL shall be estimated for each selected SRP/CS and/or combination of SRP/CS that per- forms a safety function. The PL of the SRP/CS shall be determined by the estimation of the following parameters: • The MTTFd value for single components • The DC • The CCF • The structure (category) • The behaviour of the safety function under fault condition(s) • Safety-related software • Systematic failures • The ability to perform a safety function under expected environmental conditions EN ISO 13849-1 EN 62061 The selection or design of the SRECS shall always meet the following minimum requirements: Requirements for hardware safety integrity, com- prising • Architectural constraints for hardware safety integrity • Requirements for the probability of dangerous random hardware failures plus requirements for systematic safety integrity, comprising • Requirements for avoidance of failures and • Requirements for the control of systematic failures. EN 62061 also describes requirements for imple- menting application programs. Safety-related parameters for subsystems: • SILCL: SIL claim limit • PFHD: Probability of dangerous failure per hour • T1: Lifetime 4) Determination of the achieved performance level
12 EN ISO 13849-1 EN IEC 62061 Note: The PFHD comparisons are an essential require- ment for determining the performance level. To complete the determination of the PL, CCF, category and DC shall also be considered. Safety-related parameters for subsystem ele- ments (devices): • ␭: Failure rate • B10 value: For wearing elements • T1: Lifetime • T2: Diagnostic test interval • ␤: Susceptibility to common cause failure • DC: Diagnostic coverage • SFF: Safe failure fraction • HTF: Hardware fault tolerance SFF HFT 0 HFT 1 HFT 2 60% Not allowed SIL 1 SIL 2 60% to 90% SIL 1 SIL 2 SIL 3 90% to 99% SIL 2 SIL 3 SIL 3 =99% SIL 3 SIL 3 SIL 3 Probability (average) of a failure to danger [1/h] SIL Level 10 -6 PFH 10 -5 SIL 1 10 -7 PFH 10 -6 SIL 2 10 -8 PFH 10 -7 SIL 3 Performance level Probability (average) of a failure to danger [1/h] a 10 -5 PFH 10 -4 b 3 ·10 -6 PFH 10 -5 c 10 -6 PFH 3 ·10 -6 d 10 -7 PFH 10 -6 e 10 -8 PFH 10 -7
13 EN ISO 13849-1 EN IEC 62061 5) Verification 6) Validation Note: The illustration describes the relationship between the standards’ two concepts (PL and SIL), based on probability of failure. Performance level SIL Level a -- b SIL 1 c SIL 1 d SIL 2 e SIL 3 For each individual safety function, the PL of the corresponding SRP/CS must match the “Required Performance Level”. Where various SRP/CS from part of a safety function, their PLs shall be equal to or greater than the perfor- mance level required for this function. Where several SRP/CS are connected in series, the final PL can be determined using Table 11 from the standard. The design of a safety-related control function shall be validated. The validation must show that the combination for each safety function of the safety-related parts meets the relevant requirements. The probability of dangerous failure of each safety-related control function (SRCF) as a result of dangerous random hardware failures shall be equal to or less than the failure thres- hold value defined in the specification of the safety requirements. The SIL that is achieved by the SRECS on the basis of architectural constraints shall be less than or equal to the lowest SILCL of any subsy- stem involved in performing the safety func- tion.
14 Abbreviation Explanation B10d Number of cycles until 10% of components fail causing danger ␭ Failure Rate ␭s Failure Rate (failure to safe side) ␭d Failure Rate (failure to danger) CCF Common cause failure DC Diagnostic coverage DCavg Average diagnostic coverage Designated Architecture Designated architecture of an SRP/CS HFT Hardware fault tolerance MTBF Mean time between failures (during normal operation) MTTF Mean time to failure MTTFd Mean time to dangerous failure MTTR Mean time to repair (always significantly less than the MTTF) PFH Probability of failure per hour PFHD Probability of dangerous failure per hour PL Performance Level, Ability of safety- related parts to perform a safety function under foreseeable conditions, to achieve the expected risk reduction PLr Required performance level SIL Safety integrity level 7. Glossary
15 Abbreviation Explanation SILCL SIL claim limit (suitability) SRP/CS Safety-related parts of a control system SRECS Safety-related electrical control systems T1 Lifetime or proof test interval, assumed lifetime of safety system T2 Diagnostic test interval TM Mission time ␤ Susceptibility to common cause failure C Duty cycle (per hour) of an electromechanical component SFF Safe failure fraction Security Common term for protective guarding. A person or item is safeguarded through monitoring. Safety Collective term for functional safety and machinery safety, among others Machinery safety State achieved when measures have been taken to reduce the risk to an accepted residual risk after the hazard analysis has been carried out. Functional safety Part of the safety of the machine and the machine control system which depends on the correct functioning of the SRECS, other technology safety- related systems and external risk reduc- tion facilities
16 Do solenoid valves / contactors have a SIL or PL rating? No. Single components cannot have a SIL or PL rating. What is the difference between SIL and SILCL? The SIL rating always refers to a complete safety function while the SILCL refers to the subsystem. Is there an analogy between PL and SIL? A relationship between PL and SIL can be established through the PFH value. (See step 4: “Determination of the achieved performance level”). Performance level (EN13849-1) Probability of a dangerous failure per hour [1/h] SIL Level after EN IEC 62061 b 3 ·10 -6 PFH 10-5 SIL 1 c 10-6 PFH 3 ·10 -6 SIL 1 d 10-7 PFH 10-6 SIL 2 e 10-8 PFH 10-7 SIL 3 What diagnostic coverage can I claim for relays and contactors with positive-guided contacts? In accordance with both standards, a DC of 99% can be assumed due to the positive-guided contacts on contactors and relays. A diagnostic function with an appropriate error reaction is a prerequisite. 8. FAQ list
17 Can I achieve a hardware fault tolerance of 1 with a single door monitoring (safety gate) switch? No, just one error would cause the circuit to fail. Is there a probability of failure or PFHD value for wearing components? No. Users can calculate a PFH value for wearing components on the specific application using the B10 value in relation to the number of duty cycles. What is the difference between MTBF and MTTF? The MTBF describes the time between two failures, whereas MTTF describes the time to the first failure. What does the letter “d” mean on MTTFd? “d” stands for “dangerous” – the MTTFd describes the mean time to the first dangerous failure. May I apply EN ISO 13849-1 when integrating complex programmable electronics? Yes. However, for operating system software and safety functions in accordance with PL “e”, the requirements of IEC 61508-3 will need to be considered. What can I do if I do not receive any characteristic data from my component manufacturer? The annexes of both EN ISO 13849-1 and EN 62061 contain substitute reference values for frequently used components. Where available, however, manufacturer’s values should always be used.
18 Can I apply EN ISO 13849-1 to calculate the MTTF on process valves/armatures that are only switched once or twice a year (low demand)? No, EN ISO 13849-1 only describes high demand mode, so an MTTF assessment can only be made using additional measures such as “forced dynamisation”. Can I apply EN 62061 to calculate the failure rate on process valves/armatures that are only switched once or twice a year (low demand)? See question above. Does application software have to be certified? If “Yes”, to which standard? No. There is no mandatory certification for either standard. However, there may be mandatory certification for Annex IV machines under the Machinery Directive (e.g. presses). Requirements for software production can be found in both EN 62061 and EN ISO 13849-1.
German Electrical and Electronic Manufacturers’ Association Stresemannallee 19 60596 Frankfurt am Main Germany Professional Association Automation Specialist Area of Switchgears, Switchgears, Industrial Controls Technical Committee Safety System in Automation

Recommended

Complying with New Functional Safety Standards
Complying with New Functional Safety StandardsComplying with New Functional Safety Standards
Complying with New Functional Safety StandardsDesign World
 
S.steele functional safety ppt
S.steele functional safety pptS.steele functional safety ppt
S.steele functional safety pptSimon Steele
 
W09 safety risk-assessments-pls-and-sils
W09 safety risk-assessments-pls-and-silsW09 safety risk-assessments-pls-and-sils
W09 safety risk-assessments-pls-and-silsVo Quoc Hieu
 
7 1 r14
7 1 r147 1 r14
7 1 r14Imran Farooq
 
T89 introductiontofunctionalsafetyformachinery
T89 introductiontofunctionalsafetyformachineryT89 introductiontofunctionalsafetyformachinery
T89 introductiontofunctionalsafetyformachineryVo Quoc Hieu
 
Shb900 rm001 -en-p
Shb900 rm001 -en-pShb900 rm001 -en-p
Shb900 rm001 -en-pVo Quoc Hieu
 
Brochure triconex emergency_shutdownsystemssolutions_03-10
Brochure triconex emergency_shutdownsystemssolutions_03-10Brochure triconex emergency_shutdownsystemssolutions_03-10
Brochure triconex emergency_shutdownsystemssolutions_03-10Risman BizNet
 
When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?ISA Interchange
 

Recommended

Complying with New Functional Safety Standards
Complying with New Functional Safety StandardsComplying with New Functional Safety Standards
Complying with New Functional Safety StandardsDesign World
 
S.steele functional safety ppt
S.steele functional safety pptS.steele functional safety ppt
S.steele functional safety pptSimon Steele
 
W09 safety risk-assessments-pls-and-sils
W09 safety risk-assessments-pls-and-silsW09 safety risk-assessments-pls-and-sils
W09 safety risk-assessments-pls-and-silsVo Quoc Hieu
 
7 1 r14
7 1 r147 1 r14
7 1 r14Imran Farooq
 
T89 introductiontofunctionalsafetyformachinery
T89 introductiontofunctionalsafetyformachineryT89 introductiontofunctionalsafetyformachinery
T89 introductiontofunctionalsafetyformachineryVo Quoc Hieu
 
Shb900 rm001 -en-p
Shb900 rm001 -en-pShb900 rm001 -en-p
Shb900 rm001 -en-pVo Quoc Hieu
 
Brochure triconex emergency_shutdownsystemssolutions_03-10
Brochure triconex emergency_shutdownsystemssolutions_03-10Brochure triconex emergency_shutdownsystemssolutions_03-10
Brochure triconex emergency_shutdownsystemssolutions_03-10Risman BizNet
 
When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?ISA Interchange
 
Understanding sil
Understanding silUnderstanding sil
Understanding silrajesh kumar ramaswamy
 
Functional safety standards_for_machinery
Functional safety standards_for_machineryFunctional safety standards_for_machinery
Functional safety standards_for_machineryie-net ingenieursvereniging vzw
 
Active medical devices EMC and RMP requirements
Active medical devices EMC and RMP requirementsActive medical devices EMC and RMP requirements
Active medical devices EMC and RMP requirementsclausroemer
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systemsMowaten Masry
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET Journal
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET Journal
 
Vortrag LWS Schweiz
Vortrag LWS SchweizVortrag LWS Schweiz
Vortrag LWS SchweizMichael Rumpler
 
55419663 burner-management-system
55419663 burner-management-system55419663 burner-management-system
55419663 burner-management-systemMowaten Masry
 
114632948 jeres-j-607-burner-management-systems-for-sru-trains
114632948 jeres-j-607-burner-management-systems-for-sru-trains114632948 jeres-j-607-burner-management-systems-for-sru-trains
114632948 jeres-j-607-burner-management-systems-for-sru-trainsMowaten Masry
 
IRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET Journal
 
Pflex um003 -en-p
Pflex um003 -en-pPflex um003 -en-p
Pflex um003 -en-pVo Quoc Hieu
 
Viewpoint on ISA TR84.0.02 - simplified methods and fault tree analysis
Viewpoint on ISA TR84.0.02 - simplified methods and fault tree analysisViewpoint on ISA TR84.0.02 - simplified methods and fault tree analysis
Viewpoint on ISA TR84.0.02 - simplified methods and fault tree analysisISA Interchange
 
1. safety instrumented systems
1. safety instrumented systems1. safety instrumented systems
1. safety instrumented systemsSaiful Chowdhury
 
INDUSTRIAL AUTOMATION USING PLC
INDUSTRIAL AUTOMATION USING PLCINDUSTRIAL AUTOMATION USING PLC
INDUSTRIAL AUTOMATION USING PLCMehvish Mushtaq
 
Safety Instrumentation
Safety Instrumentation Safety Instrumentation
Safety Instrumentation Living Online
 
Functional-Safety-Overview-UL.ppt
Functional-Safety-Overview-UL.pptFunctional-Safety-Overview-UL.ppt
Functional-Safety-Overview-UL.pptssuserba01d94
 
Tuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationTuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationie-net ingenieursvereniging vzw
 
Tuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationTuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationVo Quoc Hieu
 
Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...
Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...
Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...Schneider Electric
 
4 david schepers certification process safety relay modules for machinery app...
4 david schepers certification process safety relay modules for machinery app...4 david schepers certification process safety relay modules for machinery app...
4 david schepers certification process safety relay modules for machinery app...Luiz Fernando Moraes
 
Introduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationIntroduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationISA Boston Section
 
143673805 1-burner-management-system
143673805 1-burner-management-system143673805 1-burner-management-system
143673805 1-burner-management-systemMowaten Masry
 

More Related Content

What's hot

Active medical devices EMC and RMP requirements
Active medical devices EMC and RMP requirementsActive medical devices EMC and RMP requirements
Active medical devices EMC and RMP requirementsclausroemer
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systemsMowaten Masry
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET Journal
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET Journal
 
55419663 burner-management-system
55419663 burner-management-system55419663 burner-management-system
55419663 burner-management-systemMowaten Masry
 
114632948 jeres-j-607-burner-management-systems-for-sru-trains
114632948 jeres-j-607-burner-management-systems-for-sru-trains114632948 jeres-j-607-burner-management-systems-for-sru-trains
114632948 jeres-j-607-burner-management-systems-for-sru-trainsMowaten Masry
 
IRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET Journal
 
Viewpoint on ISA TR84.0.02 - simplified methods and fault tree analysis
Viewpoint on ISA TR84.0.02 - simplified methods and fault tree analysisViewpoint on ISA TR84.0.02 - simplified methods and fault tree analysis
Viewpoint on ISA TR84.0.02 - simplified methods and fault tree analysisISA Interchange
 
1. safety instrumented systems
1. safety instrumented systems1. safety instrumented systems
1. safety instrumented systemsSaiful Chowdhury
 
INDUSTRIAL AUTOMATION USING PLC
INDUSTRIAL AUTOMATION USING PLCINDUSTRIAL AUTOMATION USING PLC
INDUSTRIAL AUTOMATION USING PLCMehvish Mushtaq
 
Safety Instrumentation
Safety Instrumentation Safety Instrumentation
Safety Instrumentation Living Online
 

What's hot (15)

Understanding sil
Understanding silUnderstanding sil
Understanding sil
 
Functional safety standards_for_machinery
Functional safety standards_for_machineryFunctional safety standards_for_machinery
Functional safety standards_for_machinery
 
Active medical devices EMC and RMP requirements
Active medical devices EMC and RMP requirementsActive medical devices EMC and RMP requirements
Active medical devices EMC and RMP requirements
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety Critical ...
 
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
IRJET- FPGA Implementation of an Improved Watchdog Timer for Safety-Critical ...
 
Vortrag LWS Schweiz
Vortrag LWS SchweizVortrag LWS Schweiz
Vortrag LWS Schweiz
 
55419663 burner-management-system
55419663 burner-management-system55419663 burner-management-system
55419663 burner-management-system
 
114632948 jeres-j-607-burner-management-systems-for-sru-trains
114632948 jeres-j-607-burner-management-systems-for-sru-trains114632948 jeres-j-607-burner-management-systems-for-sru-trains
114632948 jeres-j-607-burner-management-systems-for-sru-trains
 
IRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBIIRJET- Design and Implementation of High Speed FPGA Configuration using SBI
IRJET- Design and Implementation of High Speed FPGA Configuration using SBI
 
Pflex um003 -en-p
Pflex um003 -en-pPflex um003 -en-p
Pflex um003 -en-p
 
Viewpoint on ISA TR84.0.02 - simplified methods and fault tree analysis
Viewpoint on ISA TR84.0.02 - simplified methods and fault tree analysisViewpoint on ISA TR84.0.02 - simplified methods and fault tree analysis
Viewpoint on ISA TR84.0.02 - simplified methods and fault tree analysis
 
1. safety instrumented systems
1. safety instrumented systems1. safety instrumented systems
1. safety instrumented systems
 
INDUSTRIAL AUTOMATION USING PLC
INDUSTRIAL AUTOMATION USING PLCINDUSTRIAL AUTOMATION USING PLC
INDUSTRIAL AUTOMATION USING PLC
 
Safety Instrumentation
Safety Instrumentation Safety Instrumentation
Safety Instrumentation
 

Similar to Safety Standards for Machinery Control Systems

Functional-Safety-Overview-UL.ppt
Functional-Safety-Overview-UL.pptFunctional-Safety-Overview-UL.ppt
Functional-Safety-Overview-UL.pptssuserba01d94
 
Tuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationTuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationVo Quoc Hieu
 
Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...
Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...
Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...Schneider Electric
 
4 david schepers certification process safety relay modules for machinery app...
4 david schepers certification process safety relay modules for machinery app...4 david schepers certification process safety relay modules for machinery app...
4 david schepers certification process safety relay modules for machinery app...Luiz Fernando Moraes
 
Introduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationIntroduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationISA Boston Section
 
143673805 1-burner-management-system
143673805 1-burner-management-system143673805 1-burner-management-system
143673805 1-burner-management-systemMowaten Masry
 
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...Parker Hannifin Corporation
 
Safety pp002 -en-e
Safety pp002 -en-eSafety pp002 -en-e
Safety pp002 -en-eVo Quoc Hieu
 
Machine safety-guide
Machine safety-guideMachine safety-guide
Machine safety-guideVo Quoc Hieu
 
ISO 26262 2nd Edition
ISO 26262 2nd EditionISO 26262 2nd Edition
ISO 26262 2nd EditionCedric Heller
 
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canadaT06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canadaVo Quoc Hieu
 
Ac drive safety functions ease risk assessment
Ac drive safety functions ease risk assessmentAc drive safety functions ease risk assessment
Ac drive safety functions ease risk assessmentARC Advisory Group
 
Asco Safety Systems Solenoid Valve Selection Guide
Asco Safety Systems Solenoid Valve Selection GuideAsco Safety Systems Solenoid Valve Selection Guide
Asco Safety Systems Solenoid Valve Selection GuideMiller Energy, Inc.
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryAshley Zupkus
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Vincenzo De Florio
 
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastrucCISEC
 

Similar to Safety Standards for Machinery Control Systems (20)

Functional-Safety-Overview-UL.ppt
Functional-Safety-Overview-UL.pptFunctional-Safety-Overview-UL.ppt
Functional-Safety-Overview-UL.ppt
 
Tuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationTuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentation
 
Tuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentationTuev sued-drives-and-controls-2014-presentation
Tuev sued-drives-and-controls-2014-presentation
 
Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...
Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...
Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...
 
4 david schepers certification process safety relay modules for machinery app...
4 david schepers certification process safety relay modules for machinery app...4 david schepers certification process safety relay modules for machinery app...
4 david schepers certification process safety relay modules for machinery app...
 
Introduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL CertificationIntroduction to Functional Safety and SIL Certification
Introduction to Functional Safety and SIL Certification
 
143673805 1-burner-management-system
143673805 1-burner-management-system143673805 1-burner-management-system
143673805 1-burner-management-system
 
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...
How to Implement Functional Safety in Mobile Machinery IQAN MC4xFS Parker Han...
 
Safety pp002 -en-e
Safety pp002 -en-eSafety pp002 -en-e
Safety pp002 -en-e
 
Machine safety-guide
Machine safety-guideMachine safety-guide
Machine safety-guide
 
ISO 26262 2nd Edition
ISO 26262 2nd EditionISO 26262 2nd Edition
ISO 26262 2nd Edition
 
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canadaT06 machine safetyachievingandmaintainingregulatorycompliance-canada
T06 machine safetyachievingandmaintainingregulatorycompliance-canada
 
Iec61508 guide
Iec61508 guideIec61508 guide
Iec61508 guide
 
Ac drive safety functions ease risk assessment
Ac drive safety functions ease risk assessmentAc drive safety functions ease risk assessment
Ac drive safety functions ease risk assessment
 
Asco Safety Systems Solenoid Valve Selection Guide
Asco Safety Systems Solenoid Valve Selection GuideAsco Safety Systems Solenoid Valve Selection Guide
Asco Safety Systems Solenoid Valve Selection Guide
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industry
 
B prepp2
B prepp2B prepp2
B prepp2
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
 
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc
 
Manual tvoc 2
Manual tvoc 2Manual tvoc 2
Manual tvoc 2
 

More from Vo Quoc Hieu

Safety qr004 -en-p
Safety qr004 -en-pSafety qr004 -en-p
Safety qr004 -en-pVo Quoc Hieu
 
Safebk rm002 -en-p
Safebk rm002 -en-pSafebk rm002 -en-p
Safebk rm002 -en-pVo Quoc Hieu
 
Guidance design-dossiers
Guidance design-dossiersGuidance design-dossiers
Guidance design-dossiersVo Quoc Hieu
 

More from Vo Quoc Hieu (7)

Tdoct0713a eng
Tdoct0713a engTdoct0713a eng
Tdoct0713a eng
 
Safety qr004 -en-p
Safety qr004 -en-pSafety qr004 -en-p
Safety qr004 -en-p
 
Safebk rm002 -en-p
Safebk rm002 -en-pSafebk rm002 -en-p
Safebk rm002 -en-p
 
Guidance design-dossiers
Guidance design-dossiersGuidance design-dossiers
Guidance design-dossiers
 
En954 1
En954 1En954 1
En954 1
 
Control systems
Control systemsControl systems
Control systems
 
B10d en
B10d enB10d en
B10d en
 

Recently uploaded

ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 

Recently uploaded (20)

ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 

Safety Standards for Machinery Control Systems

  • 1. Safety of machinery Notes on the application of standards EN 62061 and EN ISO 13849-1 Automation
  • 2. I M P R I N T Safety of machinery Notes on the application of standards EN 62061 and EN ISO 13849-1 German Electrical and Electronic Manufacturer’s Association Stresemannallee 19 60596 Frankfurt am Main Germany Professional Association Automation Specialist Area of Switchgears, Switchgears, Industrial Controls Technical Committee Safety System in Automation Autor: Gunther Bernd Phone: +49 69 6302-323 Fax: +49 69 6302-386 Mail: bernd@zvei.org www.zvei.org/automaton Despite utmost care no liability for contents June 2007
  • 3. Safety of machinery Notes on the application of standards EN 62061 and EN ISO 13849-1 Are you a machine manufacturer or system integrator? Do you upgrade machinery? This is what you need to consider in future in terms of functional safety! Grundsätzliche Vorgehensweise um die Anforderungen der Maschinenrichtlinie zu erfüllen What do I need to do to place a machine on the market in compliance with the directives? The EU Machinery Directive stipulates that machinery should not present a risk (risk assessment in accordance with EN 1050 or EN ISO 14121-1). Given that there is no such thing as zero risk in technology, the aim is to achieve an acceptable residual risk. If safety is dependent on control systems, these must be designed so that the probability of functional errors is sufficiently low. If this isn’t possible, any errors that occur shall not lead to the loss of the safety function. To meet this requirement it makes sense to use harmonised standards that have been created in accordance with a mandate from the European Commission and are published in the Official Journal of the European Communities (presump- tion of conformity). This is the only way to avoid spending extra time and effort demonstrating conformity in the event of a claim. The two standards EN 62061 and EN ISO 13849-1 are compared below. 2. Warum reicht die heutige EN 954-1 zukünftig nicht mehr aus ? In the past, the safety-related parts of a machine’s control system were designed in accordance with EN 954-1. This was based on the calculated risk (formed into categories). The aim was to set an appropriate system behaviour (“control class”) against a category (deterministic approach). Once electronics, and programmable electronics in particular, had made their mark on safety technology, safe- ty could no longer be measured purely in terms of the simple category system found in EN 954-1. Furthermore, it was unable to provide infor- mation on probability of failure (probabilistic approach). Help is now available from EN 62061 and EN ISO 13849-1, the successor standard to EN 954-1. 3 1. Basic procedure for complying with the requirements of the Machinery Directive 2. Why is today’s EN 954-1 not sufficient for the future?
  • 4. EN ISO 13849-1: “Safety-related parts of control systems, Part 1: General principles for design” This standard may be applied to SRP/CS (safety-related parts of control systems) and all types of machinery, regardless of the type of technology and energy used (electrical, hydraulic, pneumatic, mechanical, etc.). EN ISO 13849-1 also lists special requirements for SRP/CS with pro- grammable electronic systems. EN 62061: “Functional safety of safety-related electrical, electronic and programmable electronic control systems” This standard defines requirements and gives recommendations for the design, integration and validation of safety-related electrical, electronic and programmable electronic control systems (SRECS) for machinery. It does not define requirements for the performance of non-electrical (e.g. hydraulic, pneumatic, electromechanical) safety-related control elements for machinery. 2. Warum reicht die heutige EN 954-1 zukünftig nicht mehr aus ? EN ISO 13849-1 is based on the familiar categories from EN 954-1:1996. It examines complete safety functions, including all the components invol- ved in their design. EN ISO 13849-1 goes beyond the qualitative approach of EN 954-1 to include a quantitative assessment of the safety functions. A performance level (PL) is used for this, building upon the categories. Components/devices require the following safety parameters: • Category (structural requirement) • PL: Performance level • MTTFd: Mean time to dangerous failure • B10d: Number of cycles by which 10% of a random sample of wearing components have failed dangerously 4 3. Scopes of the two standards 4. Brief overview of EN ISO 13849-1:
  • 5. 5 • DC: Diagnostic coverage • CCF: Common cause failure • TM: Mission time The standard describes how to calculate the performance level (PL) for safety-related parts of control systems, based on designated architectu- res, for the designated mission time TM. EN ISO 13849-1 refers any deviations to IEC 61508. Where several safe- ty-related parts are combined into one overall system, the standard des- cribes how to calculate the PL that can be achieved. For additional guidelines on validation EN ISO 13849-1 refers to Part 2, which was published at the end of 2003. This part provides information on fault considerations, maintenance, technical documentation and usage guidelines. The transition period from EN 954-1 to EN ISO 13849-1 is likely to end in October 2009. Until then, either standard may be app- lied. 2. Warum reicht die heutige EN 954-1 zukünftig nicht mehr aus ? EN 62061 represents a sector-specific standard under IEC 61508. It des- cribes the implementation of safety-related electrical and electronic con- trol systems on machinery and examines the overall lifecycle from the concept phase through to decommissioning. Quantitative and qualitative examinations of the safety-related control functions form the basis. The performance level is described through the safety integrity level (SIL). The safety functions identified from the risk analysis are divided into safe- ty subfunctions; these safety subfunctions are then assigned to actual devices, called subsystems and subsystem elements. Both hardware and software are handled this way. A safety-related control system is made up of several subsystems. The safety-related characteristics of these subsystems are described through parameters (SIL claim limit and PFHD). 5. Brief overview of EN 62061
  • 6. Safety-related parameters for subsystems: • SILCL: SIL claim limit • PFHD: Probability of dangerous failure per hour • T1: Lifetime These subsystems may in turn be made up of various interconnected sub- system elements (devices) with parameters to calculate the subsystem’s corresponding PFHD value. Safety-related parameters for subsystem elements (devices): • ␭: Failure rate; for wearing elements: describe via the B10 value • SFF: Safe failure fraction On electromechanical devices the failure rate is indicated by the manu- facturer as a B10 value, based on the number of cycles. The time-based fai- lure rate and lifetime must be determined through the switching frequency for the respective application. 6 SIL Subsystem- element 1.1 ,T1 Subsystem- element 1.2 ,T1 DC, T2, Subsystem 1 (Sensor A) SILCL, PFHD,T1 Subsystem 1 Subsystem 2 (Sensor B) SILCL, PFHD,T1 Subsystem 3 (PLC to IEC 61508) SILCL, PFHD,T1 Subsystem 4 (Actuator) SILCL, PFHD,T1
  • 7. 7 Internal parameters to be established during design / construction for a subsystem comprised of subsystem elements: • T2: Diagnostic test interval • ␤: Susceptibility to common cause failure • DC: Diagnostic coverage • PFHD: The PFHD value of the safety-related control system is calcula- ted by adding the subsystems’ individual PFHD values. Users have the following options when designing a safety-related control system: • Use devices and subsystems that already comply with EN 954-1 and IEC 61508 or EN 62061. The standard specifies how to incorporate qualified devices when implementing safety func- tions. • Develop their own subsystems. – Programmable, electronic subsystems or complex subsystems: Apply IEC 61508. – Simple devices and subsystems: Apply EN 62061. The standard represents a comprehensive system for the implementation of safety-related electrical, electronic and programmable electronic con- trol systems. EN 62061 has been a harmonised standard since December 2005. EN 954-1, or alternatively EN ISO 13849-1, should be applied for non- electrical systems. 2. Warum reicht die heutige EN 954-1 zukünftig nicht mehr aus ? Step 1 – Risk assessment in accordance with EN 1050 / EN ISO 14121 It can be assumed that a hazard on a machine will result in harm sooner or later if safety measures are not put in place. Safety measures are a combination of these measures taken by the desi- gner and those implemented by the user. Measures taken at the design 6. Achieving safety, step-by-step – Basic procedure
  • 8. 8 phase are preferable to those implemented by the user, and generally they are also more effective. The designer must follow the sequence described below, bearing in mind the experience gained by users of similar machinery and information gai- ned from discussions with potential users (if this is possible): – Establish the limits and the intended use of the machinery; – Identify the hazards and any associated hazardous situations; – Estimate the risk for each identified hazard and hazardous situation; – Evaluate the risk and decide on the need for risk reduction. Step 2 – Define the measures required to reduce the calculated risks The objective is to reduce risk as much as possible, taking various factors into account. The process is iterative; making the best possible use of the available technologies it may be necessary to repeat the process several times in order to reduce the risk. When carrying out the process, the following priority ranking shall apply: 1. Safety of the machine in all phases of its lifetime; 2. The ability of the machine to perform its function; 3. User friendliness of the machine. Only then shall the machine’s manufacturing, operating and disassembly costs be taken into consideration. Yes END Hazard identification Risk estimation Risk evaluation Risk reductionMachinery safe? Limits of the machinery No Start Approach during the machine design Riskanalysis Riskassessment EN 1050 and EN ISO 14121
  • 9. The hazard analysis and risk reduction process requires hazards to be elimina- ted or reduced through a hierarchy of measures: • Hazard elimination or risk reduction through design • Risk reduction through technical protection devices and potential additional protective measures • Risk reduction through the availability of user information about residual risk Step 3 – Risk reduction through control measures If safety-related control parts are used to control a protective measure in order to achieve the necessary risk reduction, the design of these control parts shall be an integral part of the whole design procedure for the machine. The safety- related control system provides the safety function(s) with a SIL or PL that achieves the necessary risk reduction. 9 Design and risk evaluation of the machine EN ISO 12100 Functional and safety requirements for safety related control systems Design and realisation of safety related electrical control systems EN 62061EN ISO 13849 Electrical safety aspects EN IEC 60204
  • 10. 10 Step 4 – Implementation of control measures using EN ISO 13849-1 or EN 62061 EN ISO 13849-1 1) Determination of the required performance level 2) Specification The specification of the functional requirements shall describe each safety function that is to be performed. Any interfaces with other control functions shall be defined and any necessary error reactions established. The required SIL or PL must be defined. 3) Design of the control architecture Part of the risk reduction process involves the definition of the machine’s safety functions. This includes the safety functions on the control system, e.g. to prevent unexpected start-up. When defining the safety functions it is always important to consider that a machine has different operating modes (e.g. automatic setup mode) and that the safety measures in these different modes may be totally different (e.g. safely limited speed in setup mode - two-hand in automatic mode). A safety function may be implemented via one or more safety-related control parts and several safety functions may be divided over one or more safety-related control parts (e.g. logic module, energy transmission element(s)). EN ISO 13849-1 EN 62061 EN 62061
  • 11. 11 The PL shall be estimated for each selected SRP/CS and/or combination of SRP/CS that per- forms a safety function. The PL of the SRP/CS shall be determined by the estimation of the following parameters: • The MTTFd value for single components • The DC • The CCF • The structure (category) • The behaviour of the safety function under fault condition(s) • Safety-related software • Systematic failures • The ability to perform a safety function under expected environmental conditions EN ISO 13849-1 EN 62061 The selection or design of the SRECS shall always meet the following minimum requirements: Requirements for hardware safety integrity, com- prising • Architectural constraints for hardware safety integrity • Requirements for the probability of dangerous random hardware failures plus requirements for systematic safety integrity, comprising • Requirements for avoidance of failures and • Requirements for the control of systematic failures. EN 62061 also describes requirements for imple- menting application programs. Safety-related parameters for subsystems: • SILCL: SIL claim limit • PFHD: Probability of dangerous failure per hour • T1: Lifetime 4) Determination of the achieved performance level
  • 12. 12 EN ISO 13849-1 EN IEC 62061 Note: The PFHD comparisons are an essential require- ment for determining the performance level. To complete the determination of the PL, CCF, category and DC shall also be considered. Safety-related parameters for subsystem ele- ments (devices): • ␭: Failure rate • B10 value: For wearing elements • T1: Lifetime • T2: Diagnostic test interval • ␤: Susceptibility to common cause failure • DC: Diagnostic coverage • SFF: Safe failure fraction • HTF: Hardware fault tolerance SFF HFT 0 HFT 1 HFT 2 60% Not allowed SIL 1 SIL 2 60% to 90% SIL 1 SIL 2 SIL 3 90% to 99% SIL 2 SIL 3 SIL 3 =99% SIL 3 SIL 3 SIL 3 Probability (average) of a failure to danger [1/h] SIL Level 10 -6 PFH 10 -5 SIL 1 10 -7 PFH 10 -6 SIL 2 10 -8 PFH 10 -7 SIL 3 Performance level Probability (average) of a failure to danger [1/h] a 10 -5 PFH 10 -4 b 3 ·10 -6 PFH 10 -5 c 10 -6 PFH 3 ·10 -6 d 10 -7 PFH 10 -6 e 10 -8 PFH 10 -7
  • 13. 13 EN ISO 13849-1 EN IEC 62061 5) Verification 6) Validation Note: The illustration describes the relationship between the standards’ two concepts (PL and SIL), based on probability of failure. Performance level SIL Level a -- b SIL 1 c SIL 1 d SIL 2 e SIL 3 For each individual safety function, the PL of the corresponding SRP/CS must match the “Required Performance Level”. Where various SRP/CS from part of a safety function, their PLs shall be equal to or greater than the perfor- mance level required for this function. Where several SRP/CS are connected in series, the final PL can be determined using Table 11 from the standard. The design of a safety-related control function shall be validated. The validation must show that the combination for each safety function of the safety-related parts meets the relevant requirements. The probability of dangerous failure of each safety-related control function (SRCF) as a result of dangerous random hardware failures shall be equal to or less than the failure thres- hold value defined in the specification of the safety requirements. The SIL that is achieved by the SRECS on the basis of architectural constraints shall be less than or equal to the lowest SILCL of any subsy- stem involved in performing the safety func- tion.
  • 14. 14 Abbreviation Explanation B10d Number of cycles until 10% of components fail causing danger ␭ Failure Rate ␭s Failure Rate (failure to safe side) ␭d Failure Rate (failure to danger) CCF Common cause failure DC Diagnostic coverage DCavg Average diagnostic coverage Designated Architecture Designated architecture of an SRP/CS HFT Hardware fault tolerance MTBF Mean time between failures (during normal operation) MTTF Mean time to failure MTTFd Mean time to dangerous failure MTTR Mean time to repair (always significantly less than the MTTF) PFH Probability of failure per hour PFHD Probability of dangerous failure per hour PL Performance Level, Ability of safety- related parts to perform a safety function under foreseeable conditions, to achieve the expected risk reduction PLr Required performance level SIL Safety integrity level 7. Glossary
  • 15. 15 Abbreviation Explanation SILCL SIL claim limit (suitability) SRP/CS Safety-related parts of a control system SRECS Safety-related electrical control systems T1 Lifetime or proof test interval, assumed lifetime of safety system T2 Diagnostic test interval TM Mission time ␤ Susceptibility to common cause failure C Duty cycle (per hour) of an electromechanical component SFF Safe failure fraction Security Common term for protective guarding. A person or item is safeguarded through monitoring. Safety Collective term for functional safety and machinery safety, among others Machinery safety State achieved when measures have been taken to reduce the risk to an accepted residual risk after the hazard analysis has been carried out. Functional safety Part of the safety of the machine and the machine control system which depends on the correct functioning of the SRECS, other technology safety- related systems and external risk reduc- tion facilities
  • 16. 16 Do solenoid valves / contactors have a SIL or PL rating? No. Single components cannot have a SIL or PL rating. What is the difference between SIL and SILCL? The SIL rating always refers to a complete safety function while the SILCL refers to the subsystem. Is there an analogy between PL and SIL? A relationship between PL and SIL can be established through the PFH value. (See step 4: “Determination of the achieved performance level”). Performance level (EN13849-1) Probability of a dangerous failure per hour [1/h] SIL Level after EN IEC 62061 b 3 ·10 -6 PFH 10-5 SIL 1 c 10-6 PFH 3 ·10 -6 SIL 1 d 10-7 PFH 10-6 SIL 2 e 10-8 PFH 10-7 SIL 3 What diagnostic coverage can I claim for relays and contactors with positive-guided contacts? In accordance with both standards, a DC of 99% can be assumed due to the positive-guided contacts on contactors and relays. A diagnostic function with an appropriate error reaction is a prerequisite. 8. FAQ list
  • 17. 17 Can I achieve a hardware fault tolerance of 1 with a single door monitoring (safety gate) switch? No, just one error would cause the circuit to fail. Is there a probability of failure or PFHD value for wearing components? No. Users can calculate a PFH value for wearing components on the specific application using the B10 value in relation to the number of duty cycles. What is the difference between MTBF and MTTF? The MTBF describes the time between two failures, whereas MTTF describes the time to the first failure. What does the letter “d” mean on MTTFd? “d” stands for “dangerous” – the MTTFd describes the mean time to the first dangerous failure. May I apply EN ISO 13849-1 when integrating complex programmable electronics? Yes. However, for operating system software and safety functions in accordance with PL “e”, the requirements of IEC 61508-3 will need to be considered. What can I do if I do not receive any characteristic data from my component manufacturer? The annexes of both EN ISO 13849-1 and EN 62061 contain substitute reference values for frequently used components. Where available, however, manufacturer’s values should always be used.
  • 18. 18 Can I apply EN ISO 13849-1 to calculate the MTTF on process valves/armatures that are only switched once or twice a year (low demand)? No, EN ISO 13849-1 only describes high demand mode, so an MTTF assessment can only be made using additional measures such as “forced dynamisation”. Can I apply EN 62061 to calculate the failure rate on process valves/armatures that are only switched once or twice a year (low demand)? See question above. Does application software have to be certified? If “Yes”, to which standard? No. There is no mandatory certification for either standard. However, there may be mandatory certification for Annex IV machines under the Machinery Directive (e.g. presses). Requirements for software production can be found in both EN 62061 and EN ISO 13849-1.
  • 19. German Electrical and Electronic Manufacturers’ Association Stresemannallee 19 60596 Frankfurt am Main Germany Professional Association Automation Specialist Area of Switchgears, Switchgears, Industrial Controls Technical Committee Safety System in Automation