Scribd Logo
Upload

Welcome to Scribd!

  • Rockwell Machine Safety ISO 13849-1

    Uploaded by

    Arun Babu
    451 views17 pages
    a guide on machine safety considerations.

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    a guide on machine safety considerations.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    451 views17 pages

    Rockwell Machine Safety ISO 13849-1

    Uploaded by

    Arun Babu
    a guide on machine safety considerations.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    Machine safety y design

    Overview of ISO 13849 13849-1 1

    Copyright 2007 Rockwell Automation, Inc. All rights reserved. Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Agenda

    1. Evolution of the EN ISO 13489-1 2. EN ISO 13849-1 Performance Levels 3. Performance Level Estimation

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Evolution of EN ISO 13849-1: 2206

    EN 954-1 954 1 [General [G lP Principles] i i l ] also published as ISO 13849-1 : 1999


    based on a risk assessment Will remain valid until: Got 2 years more so now for use until 2011

    Part P t 2 of f EN 954-1 954 1 [Validation] [V lid ti ] is published as EN ISO 13849-2 : 2003 EN 954-1 has been revised to include aspects of functional safety. It has changed number to EN ISO 13849-1 (2006) Got 2 years more so now for use until 2011.

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    EN ISO 13489-1 Performance levels

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    EN ISO 13849-1:2006 Performance levels


    Category

    Estimation of the Performance Level (PL) required

    B1 2 3 4

    Performance Level, PLr


    P1 F1 S1 F2 P2 P1 P2 P1 F1 S2 F2
    S = Severity e F = Frequency or Duration of Exposure P = Avoidance Probability Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    a b c

    P2 P1 P2

    EN ISO 13849-1:2006 Performance levels

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    EN ISO 13849-1:2006 Performance levels

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    EN ISO 13849-1:2006 Performance levels

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    EN ISO 13849-1:2006 Performance levels

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    EN ISO 13849-1:2006 Performance levels


    Performance Level (PL) is related to the Probability of Dangerous failure per Hour (PFHD)

    The standard give a simplified procedure for estimating the Performance Level

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Performance Level Estimation

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Performance level estimation


    PLd is required What does that mean? Choose the most suitable combination of Structure (Category), Reliability (MTTFd) and Diagnostics (DC)

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Performance level estimation


    PLd is required What does that mean? Choose the most suitable combination of Structure (Category), Reliability (MTTFd) and Diagnostics (DC)

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Structure Typical safety function diagram:

    INPUT

    LOGIC SOLVING

    OUTPUT

    Sensing element

    Control element

    Final element or actuator

    The machine designer shall select an architecture that will meet the needs of the safety function.
    Cat B, B 1, 1 2, 2 3 or 4
    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Structure
    The structure and behaviour of the safety function under fault conditions Designated Architecture Category B Typical implementation
    Contactor Motor

    Requirements
    Basic Safety principles Withstand expected influences Sensor Machine Control

    Behaviour under fault conditions


    A fault can cause a loss of the safety function.

    Designed to product standards e.g. IEC 60947-5-2 (not specific safety standards) Designed for environment and electrical safety aspects e.g IEC 60204-1
    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Structure
    The structure and behaviour of the safety function under fault conditions Designated Architecture Category 1 Typical implementation
    Contactor Motor

    Requirements
    Category B Well tried components Well tried safety principles

    Guard interlock switch Machine Control

    Behaviour under fault conditions


    A fault can cause a loss of the safety function.

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Structure
    The structure and behaviour of the safety function under fault conditions Designated Architecture Category 2 Typical implementation
    Contactor Motor

    Guard interlock switch

    Safety monitoring relay with start up check Machine Control

    Requirements
    Category B Well tried safety principles Functional check at start up and periodically (on/off check)

    Behaviour under fault conditions


    A fault occurring between the checks can cause a loss of the safety function.

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Structure
    The structure and behaviour of the safety function under fault conditions Designated Architecture Category 3 Typical implementation
    Contactors with mechanically linked contacts

    Motor

    Contactor monitoring

    Requirements
    Category B Well tried safety principles Single fault does not cause a loss of safety function Where Wh practicable ti bl that th t fault f lt should h ld be b d detected t t d

    Guard interlock switches

    Safety monitoring relay

    Machine Control

    Behaviour under fault conditions


    Accumulation of undetected faults can cause a loss of the safety y function.

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Structure
    The structure and behaviour of the safety function under fault conditions Designated Architecture Category 4 Typical implementation

    Contactors with mechanically linked contacts

    Motor Guard interlock switches Contactor monitoring Safety S f t monitoring relays

    Requirements
    Category B Well tried safety principles An accumulation of faults does not cause a loss of safety function

    Behaviour under fault conditions


    Faults will be detected in time to prevent a loss of safety function

    Machine Control

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Structure: Fault exclusion


    The structure and behaviour of the safety function under fault conditions Designated Architecture Categories B B, 1 1, 2 2, 3 & 4

    Fault exclusion
    Clause 7.3 deals with Fault Exclusion. It states: "It is not always possible to evaluate safety related parts of control systems without assuming that certain faults can be excluded.. F lt exclusion Fault l i is i a compromise i between b t the th technical t h i l safety f t requirements i t and d the th th theoretical ti l possibility ibilit of f occurrence of a fault. Fault exclusion can be based on: the th technical t h i l improbability i b bilit of f the th occurrence of f some faults. f lt generally accepted technical experience, independent of the considered application, and technical requirements related to the application and the specific hazard Example list of excludable in annex of EN 13849-2 Example short between conductors belonging to different sheathed wires or cable conduit can be excluded.
    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Performance level estimation


    PLd is required What does that mean? Choose the most suitable combination of Structure (Category), Reliability (MTTFd) and Diagnostics (DC)

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Reliability
    Reliability (MTTFd Mean Time To Failure Dangerous of each channel )

    Denotation of MTTFd of each channel Low Medium High

    Range of MTTFd of each channel 3 years <= MTTFd < 10 years 10 years <= MTTFd < 30 years 30 years <= MTTFd < 100 years

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Reliability
    Reliability (MTTFd Mean Time To Failure Dangerous of each channel )
    Channel 1

    Data sources preference: 1. 2. 3. provided by manufacturers from generic handbook sources use 10 years

    B10d =400,000 MTTFd = 277y Mission time = 27y


    Fault Exclusion? or:

    Channel 2

    4 3 1 2

    B10d =2,000,000 MTTFd = 1388y Mission time = 138y

    Simplified into 3 ranges o = 3 yea years s to o <10 0 yea years s Low Medium = 10 years to <30 years High = 30 years to <100 years

    B10d =20,000,000 MTTFd = 13,888y Mission time = 1,388y

    Both guard doors access the same hazard zone

    1/MTTFdtotal= 1/MTTFd1 + 1/MTTFd2 + 1/MTTFd3 + 1/MTTFd4 1/MTTFdtotal= 1/1388 + 1/1388 + 1/13888 + 1/277 MTTFdtotal= 195 years = High
    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Reliability What data is available?


    Generic data from EN/ISO 13849-1: 2006

    B10d: Number of cycles until a component fails d dangerously l MTTFd: Mean time to dangerous failure

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Reliability
    B10d = Number of cycles until a component fails dangerously dop = Number of days per year when the machine is operational hop = Number of hours per day the machine is operational tcycle = Mean time in seconds between the b i i of beginning ft two consecutive ti cycles l of f the component To be determined:
    Number of switching cycles per year: Operation time of the component until ntil it fails dangerously: Mean time to dangerous failure (MTTFd):

    nop =

    d op hop 3600 s / h tcycle


    T10 d = B 10 d n op

    MTTF

    T10 d 0 .1

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Performance level estimation


    PLd is required What does that mean? Choose the most suitable combination of Structure (Category), Reliability (MTTFd) and Diagnostics (DC)

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Diagnostic
    (average)

    Diagnostic coverage (DC)

    Denotation of DC None Low Medium High

    Range of DC DC < 60% 60% <= DC < 90% 90% <= DC C < 99% 99% <= DC

    This is a measure of the effectiveness of the diagnostics Detected Dangerous Failures DC = ---------------------------------------All Dangerous Failures
    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Diagnostic Coverage
    (average)

    Diagnostic coverage (DC)


    99%

    Channel 1

    Channel 2

    Data sources: 1 1. 2. 3. A Annex E of f the h standard d d provided by manufacturers FMEA

    Fault Exclusion? or: 99% reduced to

    4 3 1 2
    99%

    60% (due to shadowing)

    Simplified into 4 ranges

    1. None = <60%
    2. Low = 60% to <90% 3. Medium = 90% to <99% 4. High = 99%
    DCavg= DCavg=

    Both guard doors access the same hazard zone

    DC1/MTTFd1 + DC2/MTTFd2 + DC3/MTTFd3 + DC4/MTTFd4 1/MTTFd1 + 1/MTTFd2 + 1/MTTFd3 + 1/MTTFd4 0.6/1388 1/1388 + + 0.6/1388 + 0.99/13888 + 0.99/277 1/1388 + 1/13888 + 1/277

    DCavg = 88% = Low


    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Diagnostic
    Simplified DC estimation Annex E of EN/ISO 13849-1: 2006 1 and 2

    4
    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Performance level estimation


    Structure: Cat. 3 Reliability (MTTFD): High Diagnostics (DC): Low

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Common Cause Failures (CCF)


    These are failures of different items, resulting from a single event. The failures are not consequences of each other. No. 1 2 3 4 5 6 Measure Against CCF Separation/Segregation Diversity Design/application/experience Assessment/analysis Competence/training Environmental Score 15 20 20 5 5 35

    (see Annex F)

    Must M t achieve hi a score of at least 65 for Cat 2, 3 or 4!

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    PL estimation, the easy way


    Combining subsystems with known PLs

    Subsystem PLlow a b c d e

    Nlow l >3 3 >2 2 >2 2 >3 3 >3 3

    Achieved system PL Not allowed a a b b c c d d e

    PLe

    1 PLd

    2 PLd

    PLe

    PLd is achieved Based on the number of the lowest PL subsystems

    Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    Copyright 2007 Rockwell Automation, Inc. All rights reserved. Copyright 2007 Rockwell Automation, Inc. All rights reserved.

    You might also like