raotm 2019 – t16 – ease your machine safety application design · root cause analysis let’s...
TRANSCRIPT
PUBLIC PUBLIC
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 1
RAOTM 2019 – T16 – Ease Your Machine Safety Application Design Rajendran A Menon Product Manager – Safety, Sensing & Connectivity Business FS Eng (TUV Rheinland , #4597/11, Machinery) 22nd Jan 2019
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 2 PUBLIC
Agenda
Rockwell Safety Solutions Rockwell Safety Solutions
System Validation
The Functional Safety Lifecycle The Functional Safety Lifecycle
Safety Functions
Agenda
The Functional Safety Lifecycle
Trends in Manufacturing Safety
System Validation
Safety Functions
Verification of Performance Level
PUBLIC
Rockwell Safety Solutions
Summary
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 3 PUBLIC
Safety Trends
3
Safety as a Core System Function !! Safety as a Key Differentiator:
!! Global Compliance – Global Machines !! Reduced Costs & Common Designs !! Increased Productivity –
!! Systematic MTTR Reduction !! Improved Competitiveness
!! Reduced Floor Space and Direct Labor !! Improved Ergonomics !! Reduced Injuries!
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 4 PUBLIC 4
Safety as a Core System Function!But How?
!! New Tools: !! Emergence of Global Specifications – ISO, IEC
!! Standard Machine Designs that are Globally Compliant !! New Safety Technologies – Tools for Improved
Machine Performance !! New Design approaches – Passive, Configurable and Lockable
!! “Design-In” Safety for user-friendly machines !! A Systematic Design Approach is Required. !! These systems don’t just happen!
!! The Rigor of The Functional Safety Lifecycle – Safety By Design
Safety is a “Way of Life”
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 5 PUBLIC
5
Functional Safety Lifecycle
STEP 5 MAINTAIN & IMPROVE
SAFETY SYSTEM
STEP 1 RISK OR HAZARD
ASSESSMENT
STEP 4 SAFETY SYSTEM INSTALLATION &
VALIDATION STEP 3 SAFETY SYSTEM
DESIGN & VERIFICATION
STEP 2 SAFETY SYSTEM
FUNCTIONAL REQUIREMENTS
MAINTAIN & IMPROVE SAFETY SYSTEM RISK OR HAZARD RISK OR HAZARD RISK OR HAZARD
ASSESSMENT
STEP 4 STEP 4 SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM INSTALLATION &
STEP 2 STEP 2 SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM
FUNCTIONAL
Functional Safety Lifecycle
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 6 PUBLIC 6
Risk Assessment – The Foundation
!! Provides Safety Performance Level – Design Target !! Creates the Foundation of the Safety System Functional
Requirements, System Design and Validation Protocol. !! Shows “Due Diligence” and Global Compliance (Ref. ISO 12100)
Steps Include: "! Identification of Cross-
Functional Team "! Determination of Machinery
Limits & Functions "! Identification of Tasks &
Associated Hazards "! Risk Estimation & Evaluation "! Risk Reduction and Mitigation "! Documentation
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 7 PUBLIC 7
Hierarchy of Risk Reduction Measures
Design it out
Fixed enclosing guard
Monitoring Access / Interlocked Gates
Awareness Means, Training and Procedures (Administrative)
Personal protective equipment
Most Effective
Least Effective
Hierarchy of Protective Measures
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 8 PUBLIC 8
Safety Functional Requirements Specification
!! Define and Document the Functional Requirements !! What is the Safety Level Required? (Performance Level) !! What does the Safety Function do under all Modes of Operation? !! What is the Triggering Event? Resetting Event? !! What is the Span of Control? !! Frequency of Actuation? !! Response Time Requirements? !! Priority of SF’s?
!! Document the Fault Behavior !! How do the SF’s behave in the presence of Faults and Failures? !! How are Faults and Failure Annunciated? !! Coordination with Standard Machinery Functions? !! Resetting after Faults & Failures?
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 9 PUBLIC 9
Inputs Logic Outputs + + = Complete Safety Function
Safety Functions are a combination of input, logic and output devices
Safety Function Definition
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 10 PUBLIC
!! Considerations: !! What Safety Level is indicated by the Risk Assessment? !! Fixed or Movable Guard? !! Interlocked Guard? Coded Guard? !! Guard Locking Required? !! Do you need a Separating or Non-Separating Guard? !! What are the Geometry Considerations?
Input Device Selection
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 11 PUBLIC
Safety Relays •! Standard I/O up to 40 I/O •! 1 Zone •! Local/Hardwired I/O •! Simple Safety Logic •! 1 to 2 dual channel Inputs •! Diagnostic by LED’s Safety Controllers & Expandable
Relays •! Standard I/O up to 150 I/O •! 1 to 3 Zones •! Local & Distributed I/O •! Simple & Complex Safety Logic •! 10 to 20 dual channel Inputs •! Basic Diagnostics through PLC
Safety PLCs •! More Than 3 Zones •! Distributed I/O •! Simple & Complex Safety &
Standard Logic •! More than 10 dual channel •! More than 10 dual channel Inputs •! Advanced HMI Diagnostics
Logic Selection Guidelines
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 12 PUBLIC
Safety Servo’s Safety VFD’s Safety Contactors
Safety Contactors and safety control relays are used for simple on/off control.
Safety Drives have 2 types.
•! Variable speed drives with Safe-off functionality.
•! Safe-speed drives that monitor and control speed.
Safety Servo Systems
•! Variable speed •! Safe-speed •! Safety position •! Safe direction •! Safety Acceleration •! Safe Deceleration
Output Device Selection
Safety output control ranges from simple control to advanced control depending on the functionality requirements
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 13 PUBLIC
Safety Function - Performance Level
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 14 PUBLIC
Safety Functions: Characteristics & Block Diagram
!! Typical safety function diagram
!! The machine designer shall select an architecture – circuit structure
!! Cat B, 1, 2, 3 or 4 !! Determine MTTFd for the Channel !! Calculate Diagnostic Coverage (DC) !! Evaluate Common Cause Failure Protection !! Determine Performance Level – PLr =< PL? This is Verification.
INPUT LOGIC SOLVING OUTPUT
Sensing element
Final element or actuator Control element
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 15 PUBLIC
Determine Category - Circuit Structure
15
Indicates monitoring on demand Indicates continuous monitoring
& B
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 16 PUBLIC
Determine MTTFd for each channel
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 17 PUBLIC
Determine Diagnostic Coverage - DC
dangerous, remains undetected (du)
Failure safe (s)
dangerous (d)
dangerous, but detected before it can result in a hazard (dd)
DC = Failure rate of the detected dangerous failures (!dd) Failure rate of all dangerous failures (!d)
Denotation of DC Level of DC
None DC < 60%
Low 60% " DC < 90%
Medium 90% " DC < 99%
High 99% " DC
All products fail. How well can we detect the dangerous failures?
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 18 PUBLIC
Determination of CCF - Annex F Separation / Segregation Score
Physical separation between signal paths: Separation in wiring/piping, sufficient clearance and creepage distances on printed-circuit boards
15
Diversity
Different technologies/design or physical principles are used, for example: first channel programmable electronic and the second channel hardwired, etc.
20
Design / application / experience
Protection against overvoltage, overcurrent, over-pressure, etc. 15
Components used are well-tried 5
Assessment / analysis
Are the result of a failure mode and effect analysis taken into account to avoid common cause failures in design? 5
Competence / training
Have designers / maintainers been trained to understand the causes and consequences of common cause failures?
5
Environmental
Prevention of contamination and electromagnetic compatibility (EMC) against CCF in accordance with appropriate standards? Electric systems: Has the system been checked for electromagnetic immunity, e.g. as specified in relevant standards against CCF?
25
Other influences: Have the requirements for immunity to all relevant environmental influences such as temperature, shock, vibration, humidity (e.g. as specified in the relevant standards) been considered?
10 65
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 19 PUBLIC
Determine Performance Level
19
Figure 5 ISO 13849 PLr =< PL?
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 20 PUBLIC
Validation Testing
!! The standards require a documented Verification & Validation plan.
!! Verification and Validation plans include: !! Installation & Wiring verification !! Operational Verification & Validation !! Network Verification & Validation !! Controller Verification & Validation
!! Includes: !! Functional Testing !! Fault Injection Testing
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 21 PUBLIC
Safety Checklists and Validation
Safety Checklists Sample checklists to help users develop verification and validation checklists. These checklists guide you through the evaluation process. !! Safety Services !! Safety Functions !! GuardLogix® users manuals
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION PUBLIC INFORMATIONPUBLIC INFORMATIONPUBLIC INFORMATION
Rockwell Safety Solutions
22
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
World’s Broadest and Most Complete Machine Safety Automation Portfolio
Scaled
Connectivity Inputs Logic Outputs Connectivity
All safety automation solutions require input, logic and output elements with the correct connectivity to complete a compliant “safety function”.
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION PUBLIC INFORMATIONPUBLIC INFORMATIONPUBLIC INFORMATION 24
Today connectivity is possible at all levels from relays to integrated controllers.
Software Configurable Hardware Configurable
Integrated Safety
Hardware Configurable
CIP Safety
End Packing Machine 3 was stopped by Operator at
Main Console. Bottling Machine 1 Door 2 has a low margin indication. Door 2
Closed position has moved by 5mm in last 45 minutes
Door 2 Opened at 4:30am. Door 2
sensor has reached end of life
Door Opened
at 4:30am
Filling Machine 1 Zone 1 was stopped by
Open door request. All safety devices in Zone 1 are in sleep mode.
Zone 2 and 3 will continue to run.
This connectivity in the beginning of the Connected Enterprise.
Light Curtain on Palletizer 2 has an internal recoverable fault.
We found a recent Tech Note on this fault and a new firmware
revision. Would you like to view the Tech Note or would you like
to Chat with Tech Support?
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION PUBLIC INFORMATIONPUBLIC INFORMATIONPUBLIC INFORMATION 25
New technology / products + GuardLink, EtherNet/IP based new products
New in 2018!
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION PUBLIC INFORMATIONPUBLIC INFORMATIONPUBLIC INFORMATION
Root Cause Analysis
Let’s look at how we can use safety data to improve productivity.
Added Safety Data Existing Line Stop Data Added Networked Safety System
Networked Production Line
Reduced downtime & increased productivity
Corrective Active
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Safety System Design Tools
27
Safety Function
s
Safety Functions Program The Safety Functions Program is building block approach to designing safety systems. Each building block has a complete documentation package that includes a description of each safety function, an electrical schematic, a bill of material, a SISTEMA verification calculation and a verification and validation plan.
Safety Accelerato
r Toolkit
Safety Accelerator Toolkit This toolkit provides easy to use system design, programming, and diagnostic tools to assist you in the rapid development and deployment of your safety systems using GuardLogix, Compact GuardLogix, or SmartGuard 600 Controllers, Guard I/O, and Safety Devices. The toolkit includes a risk assessment and system design guide, hardware selection guide, CAD drawings, safety logic routines, and operator status and diagnostic faceplates.
Connected Component
s BB
Connected Components Building Blocks These building blocks are tools that help customers develop safety solutions that utilize component class safety solutions. These building blocks include sample programs, electrical schematics and configuration documents that help in the configuration and start-up of safety systems.
SAB Safety Automation Builder The Safety Automation Builder software package that allows users to import images of their machines. Users can identify hazardous access points and the associated hazards in order to develop a list of safety products that will be used to mitigate the risk. This gives the customer a complete drawing, a bill of material and SISTEMA calculation.
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
!! Assessments !! Arc Flash Analysis !! Risk Assessment !! Hazard Assessment !! Safety Audit
!! Validation !! Safety circuit analysis !! Machine stop time services !! Conformance audits !! Safety system validation
!! Compliance Consulting !! CE conformance !! Functional safety (i.e., ISO
13849-1 and IEC 62061 ISO, ANSI, IEC, CE, OSHA, NFPA, CSA, AS
Supported World Wide by Safety Professionals
Safety Services Portfolio
To Schedule or Obtain Information on Safety Services, Contact your local distributor or Rockwell Automation Sales Office
!! Training !! Safety product
training !! Safety standards
training !! Arc Flash training !! TUV Certification
training
!! Integration / Start Up !! Circuit/logic design !! Installation !! Arc flash remediation !! MCC arc flash
upgrades !! Project Management
Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC INFORMATION PUBLIC INFORMATIONPUBLIC INFORMATIONPUBLIC INFORMATION
Rockwell Automation Solutions Machine Safety Lifecycle & Services
Copyright ©
2007 Rockw
ell Automa
tion, Inc. All rights
reserved.
29
STEP 5 MAINTAIN & IMPROVE SAFETY SYSTEM
STEP 1 RISK OR HAZARD ASSESSMENT
STEP 4 SAFETY SYSTEM INSTALLATION & VALIDATION
STEP 3 SAFETY SYSTEM DESIGN & VERIFICATION
STEP 2 SAFETY SYSTEM FUNCTIONAL REQUIREMENTS
Safety Life Cycle
RISK OR HAZARD RISK OR HAZARD RISK OR HAZARD ASSESSMENT Risk Assessment
Guarding Evaluation Conformity Audit
STEP 2 STEP 2 SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM FUNCTIONAL
Functional Specification Stop Time Calculation
STEP 3 STEP 3 SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM DESIGN & VERIFICATION
Safety Circuit Design Stop Time Measurement Safety Circuit Analysis
STEP 4 STEP 4 SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM SAFETY SYSTEM INSTALLATION & VALIDATION
Validation Services Stop Time Measurement Safety Circuit Analysis
STEP 5 STEP 5 MAINTAIN & IMPROVE MAINTAIN & IMPROVE MAINTAIN & IMPROVE SAFETY SYSTEM Functional Safety Training
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 30 PUBLIC
Summary !! Safety Standards, Design Methods and Technologies define Contemporary
Safety Systems. !! The Functional Safety Lifecycle outlines the Critical Activities. !! Safety Functions have Systematic Characteristics critical to their ability to
Reduce Risks. !! The Analysis of Designs (Verification) and Testing of our Installations
(Validation) help document Compliance. !! Well Engineered Safety System can help reduce Floorspace, Direct Labor,
and Reduce MTTR.
PUBLIC
www.rockwellautomation.com www.rockwellautomation.com
PUBLIC
Copyright © 2016 Rockwell Automation, Inc. All Rights Reserved. 31
Thank You