Introduction to Functional Safety ISO 13849 and EN 62061

Module T3A specialist technical Training module from the Machine Safety training series

27.9.13 Replaces None Created by S.Steele

Why are we doing this?

The EU Machinery Directive (98/42/EC), As a European law, defines the targeted levels of Machine Safety.

Compliance with machinery directive is necessary to get the CE mark, and to Allow the free circulation of machinery

within the European Union.A new version will be effective at the end of 2009

The European harmonised standards Established technical specifications which comply with the

requirements of the related directives.Compliance with European Harmonised standard give compliance

with the related directive

Comply with the European harmonized Standards is the simplest way to comply with the Machinery Directive

European legislation and the standards

Why are we doing this? European legislation and the standards

If you are creating a complex assembly by interlinking a series of existing machines you are in effect creating

something new. • Therefore who ever is carrying out the work must ensure

that the whole assembly complies with the Directive. • Regardless of the age of the machines.

• If you are altering the function or performance of a machine or complex assembly you are again creating something new and must ensure that the Directive is

complied with.

Before we begin The TerminologyStandard types: A-B1-B2-C

Design architecture categories: B-1-2-3-4(PL) Performance level: A-B-C-D-E(SIL ) safety integrity level : 1-2-3-4

(CCF) Common cause failurefailures of different items, resulting from a single event, where these failures are not consequences of eachother

(SRP/CS) Safety-related part of a control systempart of a control system that responds to safety-related input signals and generates safety-related outputSignals

(MTTFd ) Mean time to dangerous failureexpectation of the mean time to dangerous failure

(DC) Diagnostic coveragemeasure of the effectiveness of diagnostics

Standards overview Safety circuit design

On the basis of the risk assessment, the designer has to define the safety related control system. To achieve that, the designer will chose one of the

two standards appropriate to the application:either standard EN/ISO 13849-1, which defines performance levels

(PL)or standard EN/IEC 62061, which defines safety integrity levels (SIL)

The table below gives relations between these two definitionsTo select the applicable standard, a common table in both standards gives

indications:

-

d

Standard EN/ISO 13849-1

• The Standard gives safety requirements for the design and integration of safety-related parts of control systems, including software design.

• The Risk Graph helps to determine the required PL (Performance Level) of each safety function

– S - Severity of injury> S1 Slight injury> S2 Serious or permanent injury or death

– F - Frequency and / or exposure to a hazard> F1 Seldom to less often and / or short time> F2 Frequent to continuous and / or long time

– P - Possibility of avoiding the hazard or limiting the harm> P1 Possible under specific conditions> P2 Scarcely possible

Standard EN/IEC 62061

• Specific to the machine sector within the framework of EN/IEC 61508:– gives rules for the integration of safety-related electrical, electronic and electronic programmable control

systems (SRECS)– does not specify the operating requirements of non-electrical control components in machine (ex.: hydraulic,

pneumatic)

• The probability of failure associated to the required SIL (Safety Integrity Level) depends on the frequency of usage of the safety function to be performed

Safety of Machineryapplication

EN/IEC 62061

Introduction to Functional Safety The standard EN ISO 13849

A basic std

EN ISO 12100Fundamental notions,Design main principles

EN 693hydraulic Presses

EN 692Mechanical presses

C specific class of machines

EN 1088Locking devices

EN 953Fixed and mobile protectors

EN/ISO 13850:2006Emergency

Stop equipment

EN 574Bi-manual

command devices

B2 safety devices

EN 1050 = EN/ISO 14121Risk assessment

EN 954-1 = ISO 13849-1:1999 EN ISO 13849Safety of machinerySafety-related part of ctrl sys

EN 60 204-1Machines electrical

equipment

EN 294 and 999Safety distances

B1 specific safety aspect

The 13849 standard

Parts of machinery control systems that are assigned to provide safety functions are called safety-relatedparts of control systems (SRP/CS) and these can consist of hardware and software and can either beseparate from the machine control system or an integral part of it. In addition to providing safety functions,SRP/CS can also provide operational functions (e.g. two-handed controls as a means of process initiation).

The ability of safety-related parts of control systems to perform a safety function under foreseeable conditionsThey are allocated one of five levels, called performance levels (PL). These performance levels are defined in terms of probability of dangerous failure per hour .

The probability of dangerous failure of the safety function depends on several factors, including hardware and software structure, the extent of fault detection mechanisms [diagnostic coverage (DC)], reliability ofcomponents [mean time to dangerous failure (MTTFd), common cause failure (CCF)], design process,operating stress, environmental conditions and operation procedures.

Safety Control function

Working example

Who is the designer who is the manufacturer?

We are as we are upgrading the control system

Is this a significant change to line 2 filler as defined in the directive?

No as we are not changing the functionality technically but we are improving the existing controls .

So re-CE Marking is not required

Working example Electrical control system upgrade

Note: Under PUWER assessment the electrical control system does not comply with BS EN 60204 Ref: General electrical requirements(Enacted in 17th edition).

Integrity assessment First step

Integrity assessment First step Alternative PL Tools

SISTEMA Software PL Calculation Tool

SISTEMA is a software tool for the implementation of EN ISO 13849-1. Its use will greatly simplify the implementation of the standard.

SISTEMA stands for "Safety Integrity Software Tool for the Evaluation of Machine Applications" It was developed by the BGIA in Germany and is free for use.

Second stepSAFETY FUNCTION DESIGN

Performance Level Data: When configured correctly, the safety system can achieve a safety rating of PLd, Cat. 3 according to EN ISO 13849.1 2008.

When modeled in SISTEMA, each safety E-stop string is treated as an individual safety function and can be modeled as follows. This diagram shows a single E-stop safety function. Calculations are based on 1 operation of the E-stop per month, with 12 operations per year; therefore 36 operations of contactors per year. The Diagnostic Coverage (Dcavg) is reduced to 60% for the E-stops because they are connected in series. SISTEMA File:

Subsystem 2 Subsystem 3Subsystem 1

EStopCh. 1

EStopCh. 2

SR1

K1

K2

Second stepSAFETY FUNCTION DIAGRAM

Process stop other equipment

Third step

PL FUNCTION VALIDATION OF DESIGN FOR THE SAFETY CONTROL SYSTEM

Function design Validation(Refer to training module T2 for EOL Tool kit to undertake assessments and validation of circuit designs)

First part Identifies the control systems required and their PL requirement

Each section is taken individual and circuit function generated to achieve PL requirement

Working exampleelectrical drawings Emergency stop

PONZ S4

PONZ S7

Working exampleelectrical drawings main drive inverter

Safety Relay activation

Working exampleDrive inverter Technical details

Working exampleDrive inverter Technical details

Working example

Working example

Old machinery in this context are machines which were placed on the market before the Machinery Directive came into force. The requirements of the directive were not applied to these machines. However, its application may become necessary should machines be extended, modified, modernized, etc. In such cases, assess- ment must be made for whether an essential change has occurred. Should this be the case, the requirements of the EC Machinery Directive apply to “old” machines in the same way as to new machinery. These requirements include the application of EN ISO 13849.

Treatment of old machinery

Design categories Architecture Overview

Design architecture and PL Overview

PL

Relationship Between Different Criteria

• Relationship between Categories, DCavg, MTTFd and PL

*In several application the realisationof performance level c by category 1 may not be sufficient. In this case a

higher category e.g. 2 or 3 should

be chosen.

Working exampleExample 1: Emergency stop Safe Stop - Category B, PL b

Design categories example Cat 2 Architecture

EMERGENCY STOP, Category 2 single-channel,with feedback circuit

Working exampleExample 2: Emergency stop with Safe Stop using safety relay - Category 3, PL d

Design category example CAT 3 architecture

EMERGENCY STOP, 2-channel,Category 3

Working exampleExample 3:Emergency Stop of frequency converter with Safe Stop, Safety

Relay and output contactor - Category 4, PL e

Safety Chain Principle for Design

Use devices that comply with safety

standards

Monitor & analyze the information

Safety-oriented signal processing

Catch the information

Safeguarding to protectpeople from hazard

Initializing & control of hazardous machine

Emergency stopoperations

Stop the dangerous machine

Signalling

Disconnectionand locking

power supply

Safe drive technology

Safe signal transmission

Safe connection & communication of functional units or segments

Functional Safety Life Cycle

Safety Life Safety Life CycleCycle

STEP 5STEP 5MAINTAIN & IMPROVE

SAFETY SYSTEM

STEP 1STEP 1RISK OR HAZARD

ASSESSMENT

STEP 4STEP 4SAFETY SYSTEM INSTALLATION &

VALIDATION

STEP 2STEP 2SAFETY SYSTEM

FUNCTIONALREQUIREMENTS

(Confidenti

al – For

Internal

Use Only) Copyright

© 2012 Rock

well Auto

mation,

Inc. All

rights reserved.

38

STEP 3STEP 3SAFETY SYSTEM

DESIGN & VERIFICATION

Other Modules in the S.Steele specialist technical Training module seriesT1 Introduction to EU Directive & Harmonization standardsT2 EHSR Compliance & EOL Tool kitT3 Functional safety of control system designT4 Guarding fixed and movableT5 Electrical systemsT6 EMCT7 RobotsT8 Hydraulic T9 PneumaticT10 HP Air systemsT11 EC Marking Equipment

END