en 62061 and recommendations for the practical use - derek jones

EN 62061 and recommendations for the

practical use

Changing standards for changing technologies

Derek Jones – Convenor IEC 62061Rockwell Automation

1

EN 62061 and recommendations for the practical use

© CEN-CENELEC 2010 2Derek Jones

09/09/2010

Context with other

standards

EN ISO 12100

EN ISO 14121

EN 62061

EN 60204

EN 61508

EN ISO 13849-1&2

IEC 62061-1

ISO 23849



09/09/2010

Clause 4

Management of functional safety

Project management

for safety



09/09/2010

Clause 5

Safety Requirements Specification

Functional requirements

specification

Safety Integrity requirements

specification

Interaction of persons with

the machine (e.g. repairing,

setting, cleaning)

i.e. Task based risk

assessment



09/09/2010

Clause 6

Design and Integration

Random Hardware Failure

Systematic Integrity

Common Cause Failure

Diagnostic Function

Functional decomposition

Safety function to Safety

system



09/09/2010

Clause 7

Information for use

Clause 8

Validation

Clause 9

Modification

Clause 10

Documentation



09/09/2010

ISO TR 14121-2: Safety of machinery — Risk assessment — Part 2:

Practical guidance and examples of methods

Task Analysis Hazard Identification Risk Evaluation



09/09/2010

• All operating modes – Lock the guard door

when closed unless power is OFF and

motion is stopped.

• Automatic Operation Mode - Isolate power if

guard door is not closed.

• Teach Mode - Allow power for robot

teaching under safe speed conditions and

with local control enabling device activated.

Functional requirements specification

SAFETY RELATED CONTROL FUNCTIONS



09/09/2010

Robot axis power

status

Robot axis motion

status

Release of stored

energy

Lock release

request

Robot in home

position

Guard Lock

Command Status

ON NOT STOPPED NOT RELEASED ON

ON NOT STOPPED RELEASED ON

ON STOPPED NOT RELEASED ON

ON STOPPED RELEASED ON

OFF NOT STOPPED NOT RELEASED ON

OFF NOT STOPPED RELEASED ON

OFF STOPPED NOT RELEASED ON

OFF STOPPED RELEASED OFF

All operating modes - Lock the guard door when closed unless

power is OFF and motion is stopped.


© CEN-CENELEC 2010 10

Guard Door

Status

Output Actuators

Status

OPEN OFF

CLOSED ON

Automatic Operation Mode - Isolate power if guard door is not

closed and locked



Safe Speed Guard Door

Status

Manual Local Control Priority

Enabled

Output Actuators Status

NO CLOSED NO OFF

NO CLOSED YES OFF

NO OPEN NO OFF

NO OPEN YES OFF

YES CLOSED NO OFF

YES CLOSED YES OFF

YES OPEN NO OFF

YES OPEN YES ON

Teach Mode - Allow power for robot teaching under safe speed conditions

and with local control enabling device activated.



09/09/2010

SIL allocation for each safety function

For example Allow power for robot teaching under safe

speed conditions and with local control enabling device

activated = SIL 3



09/09/2010

Safety Function: Allow power for robot

teaching under safe speed conditions and

with local control enabling device activated.

Safe Speed

Sensing

Door Closed

Sensing

Manual Local

Control

Logic Solving Output

Actuation

Shaft Encoders Guard Interlock

Switch

3 Position

Enabling Device

Safe Speed

Control Unit

Contactors

Safety Related Electrical Control System:

Allow power for robot teaching under safe

speed conditions and with local control

enabling device activated.

Clause 6

Design and Integration

SIL 3 required

Safe Speed Guard Door

Status

Manual Local

Control Priority

Enabled

Output

Actuators

Status

NO CLOSED NO OFF

NO CLOSED YES OFF

NO OPEN NO OFF

NO OPEN YES OFF

YES CLOSED NO OFF

YES CLOSED YES OFF

YES OPEN NO OFF

YES OPEN YES ON



09/09/2010


Switch

3 Position

Enabling Device

Safe Speed

Control Unit

Contactors





SIL 3 required for the Safety

Function

Each Subsystem must have a SIL

3 Claim Limit

Total PFHD to be within SIL 3

range SIL CL = 3

PFHD = 1x 10-8

Subsystem 1

SIL CL = 3

PFHD = 1x 10-8

Subsystem 5

SIL CL = 3

PFHD = 1x 10-8

Subsystem 3

SIL CL = 3

PFHD = 1.2x 10-9

Subsystem 2

SIL CL = 3

PFHD = 3.38x 10-9

Subsystem 4

Total PFHD = 3.458x 10-8

SIL achieved = 3




Switch

3 Position

Enabling Device

Safe Speed

Control Unit

Contactors





Management of functional

safety

Safety Requirements

Specification

Design an Integration

Random Hardware

Failure

Systematic Integrity

Common Cause

Failure

Diagnostic Function

Validation

Modification

Documentation

SIL CL = 3

PFHD = 1x 10-8

Subsystem 1

SIL CL = 3

PFHD = 1x 10-8

Subsystem 5

SIL CL = 3

PFHD = 1x 10-8

Subsystem 3

SIL CL = 3

PFHD = 1.2x 10-9

Subsystem 2

SIL CL = 3

PFHD = 3.38x 10-9

Subsystem 4

Total PFHD = 3.458x 10-8

SIL achieved = 3



09/09/2010

Copyright © 2009 Rockwell Automation, Inc. All rights reserved.16

A system designer? (machine builder)

A subsystem designer? (safety component designer)

Clause 6 - Who are you?

PFHD

SIL CL

PFHD

SIL CL

PFHD

SIL CL



09/09/2010

Thank you

en 62061 and recommendations for the practical use - derek jones

Documents