Post on 20-Aug-2015
2 © 2012 Eaton Corporation. All rights reserved.
Complying with New
Functional Safety Standards
3 © 2012 Eaton Corporation. All rights reserved.
This webinar will be available afterwards at
designworldonline.com & email
Q&A at the end of the presentation
Hashtag for this webinar: #DWwebinar
Before We Start
4 © 2012 Eaton Corporation. All rights reserved.
Moderator
Natasha Townsend
Design World
Presenter
Jacob Feutz
Eaton
© 2012 Eaton Corporation. All rights reserved.
Functional Safety Webinar
June 14, 2012
6 © 2012 Eaton Corporation. All rights reserved.
Questions to answer
• What is Functional Safety?
• What is happening in the Functional Safety market?
• What standard should I use for my machine?
• What do I have to consider when applying that
standard?
• How do I determine what level of safety to design to?
• What values go into a calculation? Can you walk me
through one?
• Others?
7 © 2012 Eaton Corporation. All rights reserved.
What is functional safety?
The complete explanation: The EU Machinery Directive 2006/42/EC stipulates that
a machine should not pose any danger. However, as
there is no 100% safety in engineering, the aim is to
reduce these dangers to a tolerable level of residual risk
by means of risk reduction measures.
The overall safety of a machine defines the state in
which it can be considered as being free of unwarranted
risks to persons or as free of danger. The functional
safety is part of the overall safety of a system which
depends on the correct functioning of the safety-related
systems and external risk reduction facilities.
8 © 2012 Eaton Corporation. All rights reserved.
Functional safety is not:
• Arc flash
• Grounding
• Fire suppressions systems
• Short circuit protection
• Surge protection
• Motor protection
• Others
• www.eaton.com/ElectricalSafety
9 © 2012 Eaton Corporation. All rights reserved.
What is happening in the functional safety market in North America?
• Engineered based drivers:
• The desire to have standards based methods
and testing that a machine can be certified to
• Customer based drivers:
• Selling machines to European customers –
where it is required for CE mark
• Selling machines to NA customers who are
now requiring safety assessments
• Corporate based drivers:
• NA companies that are owned or are now
managed by European parent companies
• Limit liability by designing to accepted
standards
10 © 2012 Eaton Corporation. All rights reserved.
The Eaton Safety Manual
eaton.com/FS
11 © 2012 Eaton Corporation. All rights reserved.
What standard should I use for my machine?
12 © 2012 Eaton Corporation. All rights reserved.
What standard should I use for my machine?
• Different “types” of standards:
13 © 2012 Eaton Corporation. All rights reserved.
What standard should I use for my machine?
14 © 2012 Eaton Corporation. All rights reserved.
What standard should I use for my machine?
15 © 2012 Eaton Corporation. All rights reserved.
What standard should I use for my machine?
IEC 62061
• Applies only to electrical,
electronic and programmable
electronic systems
• For mixed systems use ISO
13849
• Any architecture can be used
• Suitable as evidence of safety
of devices and the overall safety
functionality through calculation
ISO 13849-1
• Can be used without limitation for
hydraulic, pneumatic and
electromechanical systems
• Limited use for programmable
electronic systems
Specific architecture
Up to PL d only
• Calculation concept based on
defined architectures
• Suitable as evidence of safety of
devices and the overall safety
functionality using tables
16 © 2012 Eaton Corporation. All rights reserved.
What do I have to consider when applying that standard? – ISO 13489-1
• Which necessary safety functions are performed by the safety-related parts of the controls system (SRP/CS)?
• Which properties are required for the safety function?
• Which performance level is required?
• Which safety-related parts perform the safety function?
• Which performance level (PL) was achieved for the SRP/CS?
• Was the PL for the safety functions achieved?
17 © 2012 Eaton Corporation. All rights reserved.
How do I determine what level of safety to design to? – ISO 13849-1
Risk estimation: PLr
18 © 2012 Eaton Corporation. All rights reserved.
What values go into a calculation?– ISO 13849-1
• Control architecture (category)
• MTTFd – mean time to dangerous failure
• DC – diagnostic coverage
• CCF – common cause failure
• Relationship between the above
19 © 2012 Eaton Corporation. All rights reserved.
SISTEMA software
http://www.dguv.de/ifa/de/pra/softwa/sistema
20 © 2012 Eaton Corporation. All rights reserved.
SISTEMA software
21 © 2012 Eaton Corporation. All rights reserved.
What values go into a calculation?– ISO 13849-1
• Control architecture (category)
• MTTFd – mean time to dangerous failure
• DC – diagnostic coverage
• CCF – common cause failure
• Relationship between the above
22 © 2012 Eaton Corporation. All rights reserved.
Control architecture - category
23 © 2012 Eaton Corporation. All rights reserved.
Control architecture – Cat. B
The safety-related parts of the control system shall, as a minimum,
be designed in accordance with the current state of the art. They
shall withstand the influences which are to be expected.
24 © 2012 Eaton Corporation. All rights reserved.
Control architecture – Cat. 1
The safety-related parts of the control system must be designed and
constructed using well-tried components and well-tried safety
principles. A well-tried safety principle is, for example, the use of
position switches with positively opening contacts. Normally, the
category cannot be implemented with electronic components.
25 © 2012 Eaton Corporation. All rights reserved.
Control architecture – Cat. 2
The safety functions of the safety-related parts of a control system
must be checked at suitable intervals. The check can be performed
automatically or manually and at least with each startup and before a
hazardous situation occurs. The check can also be carried out
periodically during operation as determined by the risk analysis. A
hazardous situation may occur on the machine between the checks.
26 © 2012 Eaton Corporation. All rights reserved.
Control architecture – Cat. 3
A single fault in a safety-related part of the control system does not
lead to the loss of the safety function. An accumulation of undetected
faults may cause a hazardous situation on the machine, since not all
faults must be detected. An example of this is the use of a redundant
circuit without self monitoring.
27 © 2012 Eaton Corporation. All rights reserved.
Control architecture – Cat. 4
A single fault in a safety-related part of the control system does not lead to the loss of the safety function. This fault must be detected immediately or before the next potential danger, e.g. when closing the door before a restart of the machine. If this is not possible, the accumulation of faults must not lead to the loss of the safety function.
28 © 2012 Eaton Corporation. All rights reserved.
What values go into a calculation?– ISO 13849-1
• Control architecture (category)
• MTTFd – mean time to dangerous failure
• DC – diagnostic coverage
• CCF – common cause failure
• Relationship between the above
29 © 2012 Eaton Corporation. All rights reserved.
Calculating MTTFd - Manually
30 © 2012 Eaton Corporation. All rights reserved.
Calculating MTTFd – using SISTEMA
31 © 2012 Eaton Corporation. All rights reserved.
What values go into a calculation?– ISO 13849-1
• Control architecture (category)
• MTTFd – mean time to dangerous failure
• DC – diagnostic coverage
• CCF – common cause failure
• Relationship between the above
32 © 2012 Eaton Corporation. All rights reserved.
Calculating DC - Manually
33 © 2012 Eaton Corporation. All rights reserved.
Calculating DC – using SISTEMA
34 © 2012 Eaton Corporation. All rights reserved.
What values go into a calculation?– ISO 13849-1
• Control architecture (category)
• MTTFd – mean time to dangerous failure
• DC – diagnostic coverage
• CCF – common cause failure
• Relationship between the above
35 © 2012 Eaton Corporation. All rights reserved.
Calculating CCF - Manually
36 © 2012 Eaton Corporation. All rights reserved.
Calculating CCF – using SISTEMA
37 © 2012 Eaton Corporation. All rights reserved.
What values go into a calculation?– ISO 13849-1
• Control architecture (category)
• MTTFd – mean time to dangerous failure
• DC – diagnostic coverage
• CCF – common cause failure
• Relationship between the above
38 © 2012 Eaton Corporation. All rights reserved.
Relating values to an achieved PL
39 © 2012 Eaton Corporation. All rights reserved.
Achieved PL in SISTEMA
40 © 2012 Eaton Corporation. All rights reserved.
What values go into a calculation?– IEC 62061
• Risk assessment
• Control architecture
• Safety characteristics of the subsystems
• λd – Dangerous failure rate
• DC – Diagnostic coverage
• β – Common cause failures (CCF)
• T1 – proof test or life time
• T2 – Diagnostic test interval
• PFHd – Probability of dangerous failure
• SIL – Safety integrity level of the subsystem
• SFF – Safe failure fraction
• SIL CL – SIL claim limit
• SIL – Safety integrity level of the entire system
41 © 2012 Eaton Corporation. All rights reserved.
Application example - products
Input
Control
Output
• Application: Dual channel
emergency stop with
redundant series contactors
• Monitored Manual Restart
• Cross Circuit Recognition
• Controlling three motors
• Pushbutton start/stop control
• Protection Level Required: e
42 © 2012 Eaton Corporation. All rights reserved.
Application example – control diagram
43 © 2012 Eaton Corporation. All rights reserved.
Application example – power diagram
44 © 2012 Eaton Corporation. All rights reserved.
Application example – calculated values
45 © 2012 Eaton Corporation. All rights reserved.
Application example - products
Input
Control
Output
•Application: Single channel
position switch
•Monitored Manual Restart
•Controlling two motors.
Pushbutton input to
programmable controller.
•Protection Level Required: c
46 © 2012 Eaton Corporation. All rights reserved.
Application example – control diagram
47 © 2012 Eaton Corporation. All rights reserved.
Application example – power diagram
48 © 2012 Eaton Corporation. All rights reserved.
Application example – calculated values
49 © 2012 Eaton Corporation. All rights reserved.
Thank You
50 © 2012 Eaton Corporation. All rights reserved.
51 © 2012 Eaton Corporation. All rights reserved.
Questions?
Design World
Natasha Townsend
ntownsend@wtwhmedia.com
Phone: 440.234.4531
Twitter: @DW_Electrical
Eaton
Jacob Feutz
JacobBFeutz@eaton.com
Phone: 414.449.7356
Twitter: @eatoncorp
Eaton.com/fs
52 © 2012 Eaton Corporation. All rights reserved.
Thank You
This webinar will be available at
designworldonline.com & email
Tweet with hashtag #DWwebinar
Connect with
Twitter: @DesignWorld
Facebook: facebook.com/engineeringexchange
LinkedIn: Design World Group
YouTube: youtube.com/designworldvideo
Discuss this on EngineeringExchange.com
53 © 2012 Eaton Corporation. All rights reserved.