new safety standards machinery directive

1Electric Drives and Controls 2009-02-26; BRC/SPD G. Kobs© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.

CMAFH Drive For Technology 2010 New Safety Standards / Machinery Directive

CMAFHDrive For Technology 2010

New Safety Standards / Machinery Directive

Gary Thrall Senior Product Support Engineer

Bosch Rexroth Corporation


CMAFH Drive For Technology 2010 New Safety Standards / Machinery Directive

New European Standards

European Machinery Directive – extension of EN 954-1

IEC 13849 Performance Level – 10 steps

IEC 61800-1 Functional safety for speed variable drives


CMAFH Drive For Technology 2010Machinery Safety


EC

Machine Builder

EN 13849-1 (EN 954-1)EN 62061

EN 61800-5-2

CMAFH Drive For Technology 2010 Passport into European Community market (EEA)

European Machinery Directive

Fulfilling harmonized standards the manufacturer can assume that the safety

aspects of the machine directive are met


CMAFH Drive For Technology 2010 EN 945-1 Extended for Machinery Directive

EN954-1 Prolonged until December 31, 2011

Why?European companies are encountering difficultiesU.S. companies struggling to understand the requirements of the new ISO standard

By integrating safety application requirements into certified firmware andsoftware, numerous electromechanical components are no longer needed, safetyis enhanced, and profits are increased. This approach to safety compliancesimplifies the application for the OEM and can generate more machine uptime forthe end user.


CMAFH Drive For Technology 2010 Change of Standards

EN ISO 13849-1

December 2009

EN 954-1

EN 61800-5-2

November 2006

November 2007

January 2006

IEC 61508

EN 62061

Valid Standard

Valid Standard Period 3 years

Valid Standard

Valid Standard

Valid Standard

Transition

Mac

hine

Bui

lder

Com

pone

nts

98/37/EG

January 2010

2006/42/EGEuropean Machinery Directive

Today

Extended 2 more years

Transition


CMAFH Drive For Technology 2010 Performance Level of EN ISO 13849-1:2006

The Performance Level is defined byCategory (architecture), identical to EN 954-1 and C-StandardsMTTFd (Meantime to dangerous failure in one channel)

DC (Diagnostic Coverage): Share of detected failures

CCF (Common Cause Failures affecting both channels)Measures against systematic failures

Denotation of MTTFd Range of MTTFd

Low

Medium

High

3 years <= MTTFd < 10 years



Denotation of DC Range of DC

None

Low

Medium

DC < 60%

60% <= DC < 90%

90% <= DC < 99%

High 99% <= DC


CMAFH Drive For Technology 2010 10 Steps to Performance Level – Step 1


CMAFH Drive For Technology 2010 10 Steps to Performance Level – Step 5a


CMAFH Drive For Technology 2010 10 Steps to Performance Level – Step 5b


CMAFH Drive For Technology 2010Functional Safety Terms and Parameters


CMAFH Drive For Technology 2010Performance Level of EN ISO 13849-1:2006

A Performance Level d could be achieved by:

Cat. 3 Cat. 2DCavg = medium or DCavg . = medium MTTFd = medium MTTFd = high


CMAFH Drive For Technology 2010 EN 62061 and EN 13849-1

-< 10-84

e>= 10-8 to 10-73

d>= 10-7 to 10-62

c>= 10-6 to 3 x 10-61

b>= 3 x 10-6 to 10-51

a>= 10-5 to 10-4-

Performance LevelPL

ISO 13849

Probability of dangerous failure per hour (1/h)

PFHd

Safety Integrity LevelSIL

IEC 61508IE

C 6

2061

ISO

138

49

PFHd – Probability of a dangerous Failure per Hour

All Technologies

Simplified Estimation (worst case)regarding to:

HW Structure (Category like EN 954)Diagnostic Coverage (DC)

Reliability MTTFdFailure of Common Cause (CC)

electrical, electronic and programmable

calculation formula for subsystem architectures


CMAFH Drive For Technology 2010 Performance Level in total

Performance Level of the combination of SRP/CS

PFHtotal = PFHSensor + PFHIO + PFHSafetyPLC + n x PFHDrive

PFHtotal = 2,29 10-7 + 4,29 10-8 + 2,47 10-8 + 6 x 4,29 10-8

PFHtotal = 5,54 10-7 < 10-6 -> PL d

EN ISO 13849-1:2006 Category 3 PL d

SRP/CS1PL1

SRP/CS2PL2

SRP/CS3PL3

SRP/CS4PL4SRP/CS5

PL5SRP/CS6PL6SRP/CS7

PL7SRP/CS8PL8SRP/CS9

PL9

Cat 3 Cat 3 Cat 3

Cat 3


CMAFH Drive For Technology 2010 SafeMotion – Preliminary Data

Safe Torque Off (L2):

EN ISO 13849-1:2006 Category 3 PL = e

IEC 61508EN 62061:2005EN 61800-5-2:2007 SIL3

PFHd = 2 * 10 -9 1/h

MTTFd = 100 years (limitation by standard)

Mission Time = 20 years

The PFH values are based on a 100% duty cycle (24h/ 365 days)



Safe Motion (S2):

EN ISO 13849-1:2006 Category 3 PL = d

IEC 61508EN 62061:2005EN 61800-5-2:2007 SIL2

PFHd Drive = 3 * 10 -8 1/hPFHd Feedback = 2 * 10 -8 1/h (Stegmann/ Heidenhain motor feedback)

MTTFd = 100 years (limitation by standard)

Mission Time = 20 years

To calculate the MTTFd value for a drive and feedback combination: Add the PFH values and convert then into a MTTFd value. Do not add the MTTFd values since they are limited to 100 years.

The PFH values are based on a 100% duty cycle (24h/ 365 days)



( note that 108 hours is 11,415 years)

Preliminary Data for IndraDrive, Safety on Board

Safe Torque Off: PFHd = 2 * 10 -9 1/h = 2 % of max. SIL3 value

Safe Motion: PFHd Drive and feedback = 5 * 10 -8 1/h = 5 % of max. SIL2 value

-< 10-84

e>= 10-8 to 10-73

d>= 10-7 to 10-62

c>= 10-6 to 3 x 10-61

b>= 3 x 10-6 to 10-51

a>= 10-5 to 10-4-

Performance LevelPL

ISO 13849

Probability of dangerous failure per hour (1/h)

PFHd

Safety Integrity LevelSIL

IEC 61508

IEC

620

61

ISO

138

49

26Electric Drives and Controls 2008-11-07; BRC/SPM; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.

CMAFH Drive For Technology 2010 IEC 61800-5-2 – New Terminology (not all available)

SCASafe Cam

SMTSafe Motor Temperature

STRSafe Torque Range

SLTSafely-limited Torque

SBS 1)Safe Braking and Holding System

SBCSafe Brake Control

SMP 1)Safely-monitored Position

SLPSafely-limited Position

SDISafe Direction

SLISafely-limited Increment

SMS 1)Safe Maximum Speed

SSMSafe Speed Monitor

SSRSafe Speed Range

SLSSafely-limited Speed

SARSafe Acceleration Range

SLASafely-limited Acceleration

SMD 1)Safely-monitored Deceleration

SOSSafe Operating Stop

SS2Safe Stop 2

SS1Safe Stop 1

STOSafe Torque Off

1) N

ot d

efin

ed in

IEC

618

00-5

-2

EN 61800-5-2: 2007 Functional safety for speed variable drives


Safe Torque off (Stop Category 0*)

Drive is torque-lessPower is cut safely (pulse inhibit)

v

tt0

Safe Torque Off (STO)

CMAFH Drive For Technology 2010 Drive Based Safety Functions

* according to EN 60204-1



Safe Stop 1 (SS1) / Safe Stop 2 (SS2)

Controlled Stopping according to stop category 1* (SS1)

monitored stopping, control or drive controlled with safe decelerationTorque-less standstill of the drivesPower is cut safely (STO)

Controlled Stopping according to stop category 2* (SS2)

monitored stopping, control or drive controlledcontrolled standstill after stopping, no power off (SOS)

* according to EN 60204-1

v, s tt0 t1

v

tt0 t1



Safely Limited Speed (SLS) / Safely Limited Increment (SLI)

Within the Safe Mode a safely limited speed and / or a safely limited increment can be enabled (enabling device)

In case the speed/increment monitoring window will be triggered the drive will be safely stopped automatically in accordance with the stop category 1.

v, s

v

t

v, s

t

t0 t1 30



Safe Direction (SDI)

In addition a safe direction (right, left) can be defined.

In case the direction changes the drive will be safely stopped automatically in accordance with the stop category 1.

v

t0



Safe Maximum Speed (SMS1)

The monitoring of a safely limited maximum speed is active always, regardless the operation mode of the drive (Automatic/Manual Mode)

In case the parameterized maximum speed will be exceeded the drive will be safely stopped automatically in accordance with the stop category 1.

vMax

t

120

1) Not defined in IEC 61800-5-2


In the safe operation mode a working area (absolute position) can be defined

In case the parameterized working area will be left, the drive will be safely stopped automatically in accordance with the stop category 1.

Position 1 Position 2

Working Area


Safely Monitored Position (SMP1)

1) Not defined in IEC 61800-5-2



s

v v max

Max. deceleration

Positive Limit Switch

Negative Limit Switch

Max. deceleration

Safely Limited Position (SLP)active in normal and safe operation mode

- The drive is not able to cross the limited switches- The drive is stopped automatically when the available

deceleration torque would not be sufficient to stop the load before the parameterized position area will be left

Offers cost saving by replacing hardware position limit switch

34Electric Drives and Controls 2008-11-07; BRC/SPM; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.

Safety on BoardSafeMotion - More than just Switching Off!

The evolution of safety technology

Safety reaction

Switching off SafeMotion

Safety condition


CMAFH Drive For Technology 2010 Additional Resources

www.BoschRexroth.com/safety

www.BoschRexroth.com/MediaDirectory for downloadable manuals including Safety on Board Application Manual

http://www.dguv.de/ifa/en/pra/softwa/sistema/index.jsp or just Google “IFA SISTEMA” for BGIA software to calculate PFHd and Performance Level to IEC 13849

Bosch Rexroth Safety on Board hands-on workshop – next scheduled for April 21st and 22nd in Hoffman Estates (more to follow)


CMAFH Drive For Technology 2010 New safety standards / Machinery Directive

http://www.control-city.com

Thank you for your attention!