Safety of machinery / European machinery directive
Transcript of Safety of machinery / European machinery directive
© Siemens AG 2009. All Rights Reserved.
Safety of machinery / European machinery directive
© Siemens AG 2009. All Rights Reserved.
Important note(apply to all parts of the event):
The event shall give the participants overview over the topic area safety of machines with the focus on "functional safety". The represented lawful and normative requirements and implementationstrategies are represented simplified, i.e. for the practical implementation a detailed analysis of the safety systems and procedures is absolutely necessary!
The examples are non-committal and do not lay any claim to completeness with regard to configuration and equipment as well as any eventualities. The examples do not represent any custom-designed solutions but shall offer only support at typical tasks. You are accountable for the proper mode of the described products yourself.These examples do not discharge you from the obligation to safe dealing for application, installation, business and maintenance. By use of these examples you appreciate that Siemens cannot be made liable for possible damages beyond the provisions regarding described above. We reserve us the right to carry out changes at these examples without announcement at any time. The contents of the other documentation have priority at deviations between the suggestions in these examples and other Siemens publications, such as catalogues.
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 3/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Agenda
Part 1: The way to a safe machineryRisk assessment / risk reduction / validation / placing on market
Part 2: Practical implementation IEC 62061 and ISO 13849-1Norm overview "functional safety" / core requirements / practical implementation at an application example
Shown is the principle procedure (simplified representation )
Part 3: SIL / PL-verification with the application exampleConsideration according to ISO 13849-1 and IEC6201
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 4/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety of machinery / European machinery directive
Question:What has to be considered, when a machinery is placed to market in Europe?
Part 1: The way to a safe machinery
Risk assessment
Risk reduction
Validation
Placing on market
© Siemens AG 2009. All Rights Reserved.
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety of machinery / European machinery directive
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 6/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Terms and definitions
MachineryMachine + system (linked machines)
Machine manufacturer Redesigns a machine or considerably modifies it Implements safety functions
Machine ownerPurchases and uses a machine.The machine owner becomes machine manufacturer when … … machines are linked to form a system … the machine is considerably modified
Machine operatorOperator + maintenance personal
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 7/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Motivation for a safe machine
… needless to say: Protection of people and the environment
… but also: economic efficiencyAdvantage of modern safety technologies and intelligent safety concepts: Protection measures do not turn into obstacles
Example: Protection zones of laser scanners, depending on operating modes Increase in productivity
Examples: Safely reduced speed instead of complete stop or energy off Selective emergency stop instead of global emergency stop
© Siemens AG 2009. All Rights Reserved.
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety of machinery / European machinery directive
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 9/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
Implementation Machinery Directive Europe
The way to a safe machinery
Safety of Machinery In Europe, machine manufacturers and machine owners are required by law to ensure the safety of people and the environment.
Machines “placed on the market” in Europe must be safe.
“Placed on the market” means: The machine is manufactured or considerably modified in Europe The machine is imported to and operating in Europe
European Directives for Machinery describe essential requirements for the machine manufacturer
Situation in Europe (… and in many other countries)
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 10/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
Implementation Machinery Directive Europe
The way to a safe machinery
Safety of Machinery
Machine manufacturers and users are responsible for the safety of machines and of the plant
* Until 2009/12/29
2006/95/EG
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 11/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
Implementation Machinery Directive Europe
The way to a safe machinery
Safety of Machinery
European Machinery Directive Correlations
Machinery
…Machinery Directive
98/37/EC
Further directives:
Low Voltage
Electromagnetic Compatibility
Harmonized standards:Describe specific requirements for the machine manufacturer.
European Directives for Machinery:Essential requirements
A machine is considered to be safe when the Machinery Directive requirements are meet
Presumption of conformity:When applied correctly, the corresponding directive is considered to be complied with
Certification by themachine manufacturer:“The machine meets the requirements of the Machinery Directive and of all other relevant directives”
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 12/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
Implementation Machinery Directive Europe
The way to a safe machinery
Safety of Machinery
European Machinery DirectiveOptions for meeting the requirements
Applying harmonized standardsThe machine manufacturer only has to prove that the requirementsof the harmonized standards have been met.In this case, the presumption of conformity applies!
… or …
Without applying harmonized standardsThe machine manufacturer must prove in detail that the MachineryDirective requirements have been met.Compared to the first option, this means increased overhead whenvalidating the machine.
Recommendation:Application of harmonized standards
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 13/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
Implementation Machinery Directive Europe
The way to a safe machinery
Safety of Machinery
Directive reference Subject of directive
European Directives and applying standards
Web: http://www.newapproach.org/
Infoabout
directive
Standardsactivities
Referencesharmonisedstandards
90/396/EEC Appliances burning gaseous fuels
00/9/EC Cableway installations designed to carry persons
89/106/EEC Construction products
89/336/EEC Electromagnetic compatibility
94/9/EC Equipment and protective systems in potentiallyexplosive atmospheres
93/15/EEC Explosives for civil uses
95/16/EC Lifts
73/23/EEC Low voltage equipment
98/37/EC Machinery safety
90/385/EEC Medical devices: Active implantable
93/42/EEC
Viewdirective
Directives & Standards
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 14/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
Implementation Machinery Directive Europe
The way to a safe machinery
Safety of Machinery
TYPEC standards
Specific safety features for individual machine families
Specialist standards
TYPEB standards
B1 standardsGeneral safety aspects
B2 standardsReference to special
protective devices
Groupsafety standards
Basic design principles and basic concepts
for machines
TYPEA standards
Basic safety standards
IEC 62061IEC 61811
IEC 61508
IEC 61800-5
EN 692
EN ISO 12100
Hierarchical organization of the EN standards
EN ISO 14121
EN 349IEC 61496-1
EN 294EN 418
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 15/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
Implementation Machinery Directive Europe
The way to a safe machinery
Safety of Machinery
Hierarchical organization of the EN standards
The B norms are also aimed primarily at the norm compositors for C norms. They also can, however, be helpful to the manufacturers for construction of a machine if there exist no C norms.
There is another subdivision at the B norms carried out: B1: for primary safety aspects (ergonomic principles, safe distances
against reaching from sources of danger and to the avoidance of squeezing parts of the body)
B2: intended for machines like: E- Stop, Two-hands-facilities, contactless safeguards, safety-related parts of controls)
Minimum distances to the
avoidance of crushes from parts
of the body EN 349
Safety relevant parts of controls
EN 954-1
Electrical equipment
of machines EN 60204-
1
Interlocking devices associated with guardsEN 1088
Two hand controlEN 574
E- stop system, design basic
principles ISO 13850
Light barriers,light curtainsEN 61496-1
Electro-sensitive protective equipment
EN 61496-1
Type B1 standardsGeneral primary safety aspects
Type B2 standardsSpecifications among others of safeguards
with a general characterEN 62061 & ISO 13849-1
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 16/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
Implementation Machinery Directive Europe
The way to a safe machinery
Safety of Machinery
USA:
UL, ANSI
Europe:
EN
Japan:
JISe.g. EN 954
World
e.g. IEC 61508, IEC 62061, IEC 61511
Europe:IEC 62061,
EN ISO 13849New
■ The valid instructions and standards are significant at the place of action of the machine and/or plant.
■ The European standards and instructions are accepted worldwide.
NormsInternational safety norms
IEC, ISO
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 17/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
Implementation Machinery Directive Europe
The way to a safe machinery
Safety of Machinery
Export to Countries outside Europe Overview
Situation in the different countries of the worldThere are different concepts for machine safety: Requirements and assessment of safety systems Responsibilities Legal consequencesThe laws and regulations of the country in which the machine is operated always apply.
Influence of Europe The European procedure is accepted worldwide The CE mark is accepted worldwide Numerous European standards for machine safety
turned into internationally applicable standards
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 18/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
Implementation Machinery Directive Europe
The way to a safe machinery
Safety of Machinery
Machine
Risk evaluation/-assessment
Acceptablerisk
Measurements to reduce
the risk
Danger
Danger
The process isprescribed by thelegislature and defined in norms
The European Machinery Directive prescribes:Manufacturer of machinery and plants have to perform a risk evaluation and assessment before the construction. Only machinery with acceptable risk are allowed to be placed on the market.
„Safe“ Machine
InducementThe European Machinery Directive
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 19/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
Implementation Machinery Directive Europe
The way to a safe machinery
Safety of Machinery
At the process, all countries consider the same basic principles, but the exact instructions for the implementation are defined in country- or/and region- specificstandards.
The valid guidelines and standards at the place of action of the machine and/or plant are significant.
The constructor of the plant and/or the machine is responsible for the adherence of the standards.
Changed machinery- or process- design
Further Measurements to reduce danger
Usage of Safety Engineering
Determination of the amount of damage, probability, avoidableness
Classification
Proven by: Certificate Acceptance test
NormsProcess Implementation
Risk- evaluation/-assessment
Acceptablerisk
Measurements to reduce
the risk
!
Inducement Process in overview
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 20/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
Implementation Machinery Directive Europe
The way to a safe machinery
Safety of Machinery
European Machinery DirectiveBasic implementation procedure
Steps to be performed by the machine manufacturer1 Risk assessment2 Risk reduction
Step 1: Safe designStep 2: Technical protective measuresStep 3: User information on residual risks
3 Validation of the machine4 Placing the machine on the market
Technical documentationEach step must be comprehensibly documented: Procedures and results Test strategy and test results Responsibilities, …
© Siemens AG 2009. All Rights Reserved.
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety of machinery / European machinery directive
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 22/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
The 3 step method
Start
Risk reduction by selecting suitable protective measures
YES
NO Is the risk adequately reduced?
End
For each hazard:Estimation and assessment of the risk
Identifying the hazards on the machine
Defining the limits of the machine
The machine is safe
except for a reasonableresidual risk
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 23/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Relevant standards
EN ISO 12100 Safety of machinery –Basic concepts, general principles for design Describes possible hazards on a machine Describes strategies for risk reduction Objective: Design of a safe machine
whose residual risk is reasonable
EN ISO 14121 Safety of machinery –Principles for risk assessment Consideration of the risk
© Siemens AG 2009. All Rights Reserved.
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety of machinery / European machinery directive
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 25/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
The 3-Step Method (according to EN ISO 12100)
YES
NO
Again: Risk assessment
For each hazard requiring risk reduction:
End
Start
YES
YES
NO
NO
Step 3: Risk reduction by user information on residual risks
Was the risk adequately reduced?
Was the risk adequately reduced?
Was the risk adequately reduced?
Step 1: Risk reduction by safe design
Step 2: Risk reduction by technical protective measures
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 26/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Step 1: Safe design
Safe design Integration of safety into the design of the machine Highest priority for risk assessment
Aspects for safe design (examples) Avoidance of pinch points Avoidance of electric shock Concepts for stopping in the event of hazards Concepts for operation and maintenance …
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 27/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Step 2: Technical protective measures
Technical protective measures A safety function must be defined for each hazard that
cannot be eliminated by design Safety functions can be performed by
safety systems
Example: Safety function - without safety systemAccess to the hazardous location is permanently prevented (fixed mechanical cover, …)
Example: Safety function - with safety system“When the protective cover is opened during normal operation, the motor must be switched off.”
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 28/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery Safety system Performs safety functions Consists of subsystemsSubsystems of a safety system Detecting (position switch, light curtain, …) Evaluating (fail-safe controller, safety switching device, …) Reacting (contactor, frequency converter, …)
Safety system
motor Protective cover
Step 2: Technical protective measures
Subsystem 3:Reacting
Subsystem 1:Detecting
Subsystem 2:Evaluating
or
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 29/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Step 2: Technical protective measures
Relevant standards for designing and realizing safety systems for machinery
EN 954-1 (valid until the end of 2009)
EN ISO 13849-1 (valid since 2006)
EN 62061 (identical to IEC 62061) (valid since 2005)
Properties of the standards:Harmonized norms (Europe )EN 62061 and EN ISO 13849 are accepted internationally
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 30/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery The standards grown in the past in different countries will be harmonized and reduced to a few European standards.
The often used standard EN954-1 will be replaced in October 2009.
The remaining relevant standards are:
IEC 61508: ■ Basic-standard for functional safety (e.g. for PLC) (product liability)
IEC 61511: ■ Application standard for process engineering
IEC 62061: ■ Application standard for mechanical engineering and also for electrical and electronic safety engineering.
ISO 13849-1: ■ Application standard for mechanical engineering and also for electronic and other technics (e.g. pneumatic, hydraulic).
■ Suppressor of EN 954-1.
IEC 61800-5-2: ■ Product specific standard for electrical drives with integrated safety functions.
IEC 62061 and ISO 13849-1 are often used for risk assessment of machines.
IEC 61508 and IEC 61800-5-2 are often used for risk assessment of safety devices(e.g. PLC).
Step 2: Technical protective measures The relevant standards
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 31/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Step 2: Technical protective measures
Basic procedure for each safety function
a) Specifying the safety function
b) Determining the required safety level
c) Designing the safety function
d) Determining the achieved safety level
e) Realizing and testing the safety function
The steps will be explained in the following
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 32/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Step 2: Technical protective measures a) Specifying the safety function
Boundary conditions of the safety function Hazard to be prevented on the machine Affected persons on the machine Affected operating modes of the machine Mission time ...
Requirements for the functionality of the safety function Functional description of the safety function Required reaction time Reaction to faults Number of operations for electromechanical components …
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 33/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Step 2: Technical protective measures Required safety level
Significance of the required safety levelThe required safety level is a measure for the reliability of the safety function.
The required safety level depends on: Severity of the injury Frequency / exposure time Possibility of avoiding
The more severe the injury and the more probable its occurrence,the higher the required safety level.
EN 62061 and ISO 13849 show procedures for determining the required safety level.
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 34/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery ■ The risk dimensionresults from:
■ The exact calculation is standard-specific different.
■ Depending on the dimension of the risk, a certain safety level is postulated. The notations of the safety levels are:■ at EN 954-1: Category B, 1 - 4■ at ISO 13849-1: Performance Level a - e (PL)■ at IEC 62061: Safety Integrity Level 1 - 3 (SIL)■ at IEC 61511: Safety Integrity Level 1 - 4 (SIL)
■ Heaviness of injury
Wieschwer
■ Frequencyand/ orduration of stay
■ Possibilities of avoidance
• light• heavy
• often• rare
• Hardly possible
• possible
Step 2: Technical protective measures Achievable safety level
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 35/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Step 2: Technical protective measures b) Determining the required safety level
Specification according to EN ISO 13849: PLr a to PLr e
PLr b
PLr e
PLr a
PLr c
PLr d
Se1
Se2
Fr1
Fr1
Fr2
Fr2
P1P2P1P2P1P2P1P2
Se1Reversible injury
Se2Irreversible injury
SeSeverity of the injury
Fr1Seldom up to quite often / short
Fr2Frequent up to continuous / long
FrFrequency / exposure time
P1Possible
P2Scarcely possible
PPossibility of avoiding
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 36/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Step 2: Technical protective measures b) Determining the required safety level
Specification according to EN 62061: SIL 1 to SIL 3
2More than 1 year32 weeks to 1 year41 day to 2 weeks51 h to 1 day5Less than 1 hour
FrFrequency / exposure time
1Negligible2Rarely3Possible4Likely5Frequently
PrProbability of occurrence
SIL 11SIL 2SIL 12SIL 3SIL 2SIL 13SIL 3SIL 3SIL 2SIL 2SIL 24
14 to 1511 to 138 to 105 to 73 to 4Class Cl = Fr + Pr + PSeverity of the
injury Se
++
1Likely3Possible5Impossible
PPossibility of avoiding
1Reversible: E.g., requiring first aid2Reversible: E.g., requiring medical attention3Irreversible: E.g., broken limb(s)4Irreversible: E.g., losing limb(s)
SeSeverity of the injury
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 37/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Step 2: Technical protective measures b) Determining the required safety level
Requirements of the safety levels: Safety systemThe requirements concern: Engineering (depends strongly on the required safety level) Procedure
Requirements for engineering: (low high safety level) Hardware structure (one-channel two-channel) Fault detection capability (none comprehensive
diagnostics) Reliability of components (increasing)
Requirements for the procedure: Project management Test concept Technical documentation, …
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 38/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Step 2: Technical protective measures c) Designing the safety function
Objective of the designThe safety system performing the safety function must meet the requirements of the necessary safety level (SIL, PLr).ExampleSafety function: “When the protective cover is opened during normal operation, the motor must be switched off.”Required safety level: SIL 3 or PLr e
Safety system
motor Protective cover
Subsystem 3:Reacting
Subsystem 1:Detecting
Subsystem 2:Evaluating
orDesignfor SIL 3 or PLr e
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 39/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety system
motor Protective cover
Subsystem 1:Detacting
Subsystem 2:Evaluating
or
Subsystem 3:Reacting
Design review Can the required safety level (SIL, PLr) be achieved?
Basic procedureAssessment of the individual subsystems Achieved safety level (SIL, PL) Probability of failure PFHD
Assessment of the safety system Achieved safety level (SIL, PL):
Normally, the lowest achieved safety level of a subsystem determines the achieved safety level of the safety system.
Probability of failure PFHD: Total of PFHD of the subsystems Achieved safety level of the safety system (SILCL, PL) =
required safety level of the safety function (SIL, PLr)?
Step 2: Technical protective measures d) Determining the achieved safety level
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 40/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Step 2: Technical protective measures d) Determining the achieved safety level
Assessment of the subsystemsSafety-relevant characteristics of a subsystem: Achieved safety level (SILCL, PL) Probability of failure PFHD
Finished subsystem: Characteristics and certificates from the
manufacturer
Designed subsystem: Characteristics have to be calculated EN 62061 and EN ISO 13849
show how
Subsystem 1:Detecting
Subsystem 3:Reacting
Subystem 2:Evaluating
or
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 41/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Step 3: User information
User information warns of residual risks
User information does not replace safe design technical protective measures
Examples: Warnings in the operating instructions Special work instructions Icons Personal protective equipment
© Siemens AG 2009. All Rights Reserved.
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety of machinery / European machinery directive
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 43/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Validation of the machine
Objective of the validationDetermination of the conformity (accordance) with the requirements of the European Machinery Directive all other directives that apply to the machine
Implementation of the validationFor most machines:Machine manufacturer
Machines listed in Annex IV of the Machinery Directive:Machines with greater hazards (presses, …)The machine manufacturer has to call in an independent testing agency and/or a certification body (examples: TÜV, BGIA).
© Siemens AG 2009. All Rights Reserved.
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety of machinery / European machinery directive
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 45/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Placing the Machine on the Market
PrerequisitesDetermination of conformity, within the scope of the validationTechnical documentation
Placing on the marketIssuing the declaration of conformity: “The machine complies with all relevant directives.”
Attaching the CE mark on the machine
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 46/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety of machinery / European machinery directive
Question:What has to be considered, when designing safety related controlsystems of a machinery?
Part 2: Practical implementation IEC 62061 and ISO 13849-1
Overview "functional safety“
Core requirements
Practical implementation at an application example
© Siemens AG 2009. All Rights Reserved.
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety of machinery / European machinery directive
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 48/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Functional safety
Safety require protection because of following hazards:
• Danger by malfunctions
• Dangerous radiation
• Heat and fire• Electric shock
“Functional safety” means protection against dangers, which caused by malfunctions.
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 49/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery Worldwide:Basic standard IEC 61508 (functional safety)(Safety Integrity Level SIL)
Europe:Harmonized standards EN 954-1 (Categories) ( valid till 29.12.2009)
EN ISO 13849 (Performance Level PL)
EN 62061(with identical SIL like IEC 61508)
IEC 61508 (SIL)
NuclearEN 61513
MachinesEN 62061
Functional Safety
ProcessEN 61511
Sector standard
IEC … IEC …
Basic standard
Previous regulations
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 50/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Influence of the IEC 61508 in the process andmanufacturing industry
IEC 61508
IEC 62061 ISO 13849
EN 954(until 2009)
IEC 61511
process-industry Manufacturing industry
EEP systemsFactor also not-EEP
systems (f.E. Hydr., Pneum)
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 51/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Environment
EN 954-1: 1996
EN ISO 13849-1: 2006IEC 62061: 2005identical toEN 62061: 2005
Time
Irrespective of the application:IEC 61508: 1998/2000Functional safety of safety-related electrical, electronic and programmable electronic control systems
EN ISO 13849-1: 2006Safety of machinesSafety-related parts of control systemsPart 1: General principles for design
EN 62061: 2005Safety of machinesFunctional safety of safety-related electrical, electronic and programmable electronic control systems
EN 954-1: 1996Safety of machinesSafety-related parts of control systemsPart 1: General principles for design
Influences
IEC 61508: 1998/2000
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 52/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery EN 954-1:1996•harmonized under EU Mach. Dir.•only structure orientated•no programmable electronics•still valid up to the end of 2009
ISO 13849-1:2006•quantitative and structure orientated•for control integrators andmanufactures•“intended architectures“ for electronics•also for hydraulics, pneumatics…
IEC 61508:1998/2000•recognized state-of-the-art•technology•for control and system manufacturers•quantitative and structure oriented
IEC 62061:2005•harmonized under EUMachine Directive•for controls integrators•quantitative and structureorientated•uses PES acc. to IEC 61508
in extractsElectromechanical devices
Further development of the basis standards
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 53/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Why new norms?
Points of criticism at the EN 954:
No direct connection between risk minimization andcategory, the complexity is unconsidered,
No detailed requirements for programmable systemsand complex electronic,
No sufficient requirements for the consideration of the values of the reliability
-> Does not represent the state of technology anymore
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 54/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
What is new about EN 62061 and EN ISO 13849?
Assessment of complete safety functions(Overall view: Detecting – evaluating – reacting)
Requirements for the probability of failure (PFHD)
Requirements for the procedure(project management, test concept, technical documentation, …)
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 55/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Validity
Relevant standards for “safety systems for machinery”
2006 2007 2008 2009 2010
Machinery Directive 98/37/EC 2006/42/EC
EN ISO 13849-1Transitional period: 3 yearsEN 954-1: 1996
EN 62061
Recommendation:
Immediate change from EN 954-1 to EN 62061 or EN ISO 13849
Predominantly electrical subsystems: EN 62061Predominantly hydraulic, pneumatic devices: EN ISO 13849
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 56/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Concept
Functional safety
Control of dangersfailure during the operation robust design
Avoiding of systematicfailure at the concept, production and
operation of the systems robust process
Safety-lifecyle requirement
Technical design requirements of safety-related functions
system architecture
failure probability
Requirements of planning processesand methods
Functional safety management
From risk analysis untildeinstallation of safety-engineeringsystems
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 57/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Summary
Functional safety
Control of dangersfailure during the operation robust design
Avoiding of systematicmistakes at the concept, production
and operation of the systems robust process
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 58/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Robust design – quantitative requirements
„NEW“: Quantitative measure for the safety-related efficiency (Safety Performance)
-a-≥ 10-5 to < 10-4
e
d
bc
PL
3
2
1
SIL
>1000 years
>100 years
>10 years
one dangerousfailure every X years
≥ 10-8 to < 10-7
≥ 10-7 to < 10-6
≥ 10-6 to < 10-5
PFH
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 59/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Robust design – quantitative requirements
Requirements of the safety levels: Probability of failureEN 62061 and EN ISO 13849 describe requirements for the maximum permissible probability of dangerous failure for a safety function: Probability of dangerous failure per hour PFHD
The higher the safety level, lower the required PFHD
PFHD decreases10-8
10-7
10-6
10-5
10-4
3*10-6
SIL 3 PLr e
SIL 1
SIL 2 PLr dPLr c
PLr a
PLr b Not more than 1 dangerous failure of the safety function in 10 yearsNot more than 1 dangerous failure of the safety function in 100 yearsNot more than 1 dangerous failure of the safety function in 1000 years
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 60/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Robust design - qualitative requirements
IEC 62061:The structure (architecture) of the subsystems must be suitable for the demanded SIL (IEC 62061 / table 5.)Example:- to achieve SIL 2
with a single channel architecture (HFT = 0),the rate of the safe failures must be (SFF) > 90%
ISO 13849-1:The regulation of the PL bases on the categories from the EN 954-1 (scheduled architectures )
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 61/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Successor of the EN 954-1 with quantitative methods for evaluation
EN ISO 13849-1 (Successor of the EN 954-1 )(Safety of machinery - safety parts of control systems Part 1: General principles for design) state: Version 2006 comment:
Treats electric and more electronically systems also hydraulics and pneumatics
PLPerformance Level
Stru
ctur
e
Cat
Rel
iabi
lity
MTTFD
Dia
gnos
is
DC
Res
ista
nce
CCF
Pro
cess
Verifying
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 62/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Sector norm under IEC 61508 with quantitative methods for the evaluation of functional safety
IEC / EN 62061Functional safety of safety related-electrical, electronic and programmable electronic control systems
state: Version 01/2005, harmonized under the EC machine guideline 12/2005 comment:
Treats the integration of safety relevant systems of electrical and electronic machines.
SILSafety Integrity Level
Stru
ctur
eHFT
Rel
iabi
lity
PFHD
Dia
gnos
is
DC/SFF
Res
ista
nce
CCF
Pro
cess
Verifying
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 63/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Summary
Functional safety
Control of dangerousfailure during the operation robust design
Avoiding of systematic mistakes at the concept, production
and operation of the systems robust process
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 64/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Systematic safety integrity
Besides the "safety integrity of the hardware" the IEC 62061 also looks at the "systematic safety integrity" ,this consists: Avoidance of systematic faults Control of systematic faults
Examples of systematic faults: Fault in the specification of the SRCF
Fault at design of the hardware or the applications software Short-circuit, wire break No regulation regarding responsibilities
Organizational and technical measures have to be taken to avoid and master systematic faults.
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 65/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Avoiding of systematically faults (management)
Implementation of the demand "Avoiding of systematic failures atconcept, production and operation of the system"? Through the FSM (Functional Safety Management)
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 66/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Plan of the functional safety
Process for safety relevant projects should be created first (activities, rolls, documents, milestones etc.) !
Topic of the "process and quality management"
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 67/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Recommendation: Project independent implementation of the management of the functional safety
Analysis of the installed QM-processes (Gap Analysis)
QM(ISO 9001)
FSM (IEC 62061)Quality securing processes
Functional Safety Management
Common requirements
Identification of thecoincidences
e.g. personnel training, internal audits, document
steering, maintenance, fault analysis etc.
Identification of thecoincidences
e.g. personnel training, internal audits, document
steering, maintenance, fault analysis etc.
Integration of the "Add Ons" into the QM-
system and description in a "Safety plan"
Integration of the "Add Ons" into the QM-
system and description in a "Safety plan"
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 68/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Plan of the functional safety
In cooperation with the quality management should be cleared at least on the project level following points and be documented in the plan of the functional safety : Who has which responsibility in the project? Which minimum qualification of the employees is required for
which tasks? Which documents have to be available to assign the delivering
release? Which verification and validation activities have to be carried out
in front of delivering release? How is the configuration management defined? How are modifications converted and checked? Who cares about the product care? ….
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 69/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Software safety life cycle (V-model)
SafetySW specification
System design
Module design
Coding
Module test
Integration test
Validation
Verification
Validation
Result
Specification of the safety functions
software validated
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 70/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Avoiding systematic faults (technology)
Technical measures for the avoidance of systematic faults: The SRECS shall be designed and implemented in accordance
with the functional safety plan Correct choice, combination, orders, assembly and installation of
components Use of the components within manufacturer specification Use of subsystems that have compatible operating characteristics
(business boundary conditions must be known) Acceptance according to manufacturer regulation Consider foreseeable misuse, environmental changes or
modification Over-engineering of the components
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 71/198 Safety of machinery / European machinery directive
Support by Siemens
Application example
Functional safety Overview
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Controlling of systematic faults
Technical measures for controlling of systematic faults : Supervision during the operation (e.g. supervision of the
environmental temperature, voltage variation, electromagnetic interference…) Tests by comparison at redundant hardware At loss of the electrical supply no dangerous condition may
appear at the machine Use of de-energization: the system shall be designed so that with
loss of its electrical supply a safe state of the machine is achieved or maintained; …
© Siemens AG 2009. All Rights Reserved.
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety of machinery / European machinery directive
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 73/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Example - cutting and stamping machine
Cutting -machine
Stamping-machine
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 74/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
The 3-Step-Method (EN ISO 12100)
YES
NO
Renewed: Risk evaluation
For any endangering which requires a risk reduction:
End
start
YES
YES
NO
NO
Step 3: Risk reduction by user information about remaining risks
Was the risk reduced adequately?
Was the risk reduced adequately?
Was the risk reduced adequately?
Step 1: Risk reduction by a safe construction
Step 2: Risk reduction by technical protective measures
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 75/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Example of endangering (extract) to ISO 14121-1
Root
cutting parts
possible consequences
-cut
-cutting off
Root
moving parts
possible consequences
-crushing
-hit
-cropping
Root
gravitation
stability
possible consequences
-crushing
-trapping
Root
droping parts
possible consequences
-crushing
-hit
Root
moving parts (3 examples)
possible consequences
-feeding
-abraison
-hitRoot
approach one of part moving towards a rigid partpossible consequences
-crushing
-hit
endangering endangering
Chart A.2
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 76/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Risk analysis and risk assessment
Endangering
place
Endangering
place
Examples of mechanically endangering
Endangering
place
Endangering
place
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 77/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Endangering
place
Endangering
place
Define suitable safety functions and additional protection measures
Gatemonitoring
Door monitoring
Additional:
Emergency stop
function
Examples of not constructively avoidable
risks
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 78/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Principle procedure
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 79/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Step 2: Technical protective measuresb) Determination of the required safety level
Meaning of the required safety level:The required safety level is a measure for the reliability of the safety function.
The required safety level is dependent of: Severity of the injury Frequency / length of stay Possibility for the avoidance
The heavier the possible injury, and the more probable the occurrence, the higher is the required safety level.
EN 62061 and ISO 13849 show Methods, how the required safety level can identified
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 80/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Step 2: Technical protective measures b) Determining the required safety level
Requirements of the safety levels: Safety systemEN 62061 and EN ISO 13849 describe requirements for the reliability of safety systems:
All phases of the lifetime of a machine are considered: From planning to shutdown
Increasing requirements for the reliability of safety systems
SIL 3 PLr e
SIL 1
SIL 2 PLr dPLr c
PLr a
PLr b
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 81/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
SIL assignment IEC 62061, annex AEndangering place - cutting machineMode cleaning/maintenance
Document Nr.:Part of:
Pre risk assessmentIntermediate risk assessmentFollow up risk assessment
Severity
Se Fr PrDeath, losing an eye or arm 4 <= 1 h Very high 5Permanent, losing fingers 3 > 1 h to ? 1 day likely 4Reversible, medical attention 2 > 1 day to ? 2 weeks possible 3 5Reversible, first aid 1 > 2 weeks to ? 1 year rarely 2 3
> 1 year negligible 1 1
Ser. Hzd HazardNr. Nr.
Comments
Avoidance
Product:Issued by:Date:
Effects ClassCl
Frequency andduration
5-7 8-10 11-13
Probability of hazardousevent
Av
5
SafeSafety measure
SIL 2 SIL 2 SIL 2 SIL 3 SIL 3 5
32
OM SIL 1 SIL 2 SIL 3
OM SIL 1OM SIL 1 SIL 2 impossible4
possiblelikely
Se Fr Pr Av Cl
Risk assessment and safety measures
14-153-4
Danger of cutting Sliding door supervision1 3 5 4 3 12 SIL2+ + + =
Frequency: >1 hour to 1 dayProbability: likely leads toFr 5 and Pr 4
Avoidance: possible, leads toAv 3
Severity: permanent (loosing fingers)leads toSe 3
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 82/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
SIL assignment IEC 62061, annex AEndangering place - cutting machine / stamping machineMode cleaning/maintenance
Document Nr.:Part of:
Pre risk assessmentIntermediate risk assessmentFollow up risk assessment
Severity
Se Fr PrDeath, losing an eye or arm 4 <= 1 h Very high 5Permanent, losing fingers 3 > 1 h to ? 1 day likely 4Reversible, medical attention 2 > 1 day to ? 2 weeks possible 3 5Reversible, first aid 1 > 2 weeks to ? 1 year rarely 2 3
> 1 year negligible 1 1
Ser. Hzd HazardNr. Nr.
Comments
Avoidance
Product:Issued by:Date:
Effects ClassCl
Frequency andduration
5-7 8-10 11-13
Probability of hazardousevent
Av
5
SafeSafety measure
SIL 2 SIL 2 SIL 2 SIL 3 SIL 3 5
32
OM SIL 1 SIL 2 SIL 3
OM SIL 1OM SIL 1 SIL 2 impossible4
possiblelikely
Se Fr Pr Av Cl
Risk assessment and safety measures
14-153-4
1 Danger of cutting 3 5 4 3 12 Sliding Door supervision SIL2
2 Danger of squeeze 3 4 4 3 11 Door supervision SIL2
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 83/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Risk ParameterS = Severity of injury
S1 = Slight (normally reversible) injury.S2 = Severe (normally irreversible) injury including death.
F = Frequency and/or exposure time to the hazard F1 = Seldom up to often and/or the exposure time is short.F2 = Frequent up to continuous and/or the exposure time is long.
P = Possibility of avoiding the hazard or limiting the harm P1 = Possible under specific conditions.P2 = Scarcely possible.
a,b,c,d,e = Estimates of safety-related Performance Level
a
b
c
d
e
RequiredPerformance
Level (PL)
Low Risk
High Risk
Starting point forrisk reductionestimation
F1
F2
S2
S1
F1
F2
P1
P2
P1
P2
P1
P2
P1
P2
Risk = function of: Measure ofdamages (S)
Frequencyand duration (F)
Possibility ofavoidence (P)
Risk graph in the EN ISO 13849-1Endangering place - cutting machineMode cleaning/maintenance
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 84/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Risk graph in the EN ISO 13849-1Endangering place - stamping machineMode cleaning/maintenance
Assessment according EN ISO 13849: PLr a bis PLr e
PLr b
PLr e
PLr a
PLr c
PLr d
S1
S2
F1
F1
F2
F2
P1P2P1P2P1P2P1P2
S1Reversible injury
S2Irreversible injury
SSeverity of injury
F1Seldom / shortlyF2Frequent
FFrequency / Exposure
P1Possible
P2Rarely
PAvoidance
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 85/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Supplementary protective measure "emergency hold"
The MRL 2006/42/ EC demands:
Which drives have to be stopped/with which SIL/PL?Answer by endangering and risk evaluationFixed for the application example: Two drives (the most unfavorable case.) SIL 2 / PLd (konservative)
Note: Measures to disengage are described as "supplementary protective measures"
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 86/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Distinction E-stop need E -hold EN 60204
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 87/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Shutdown (for emergency) acc. EN 60204-1
c
no Torque
full Torque
Controlled shutdown
Controlled shutdown
ActivationStop-orderl
coast-down
n
n
t
Stop-category 0
n
n
t
Stop-category 1
n
n
t
Stop-category 2
shutdown of an bounddrive
Application example:shutdown of an extruder
Application example :shutdown of an bound drive
Application example :Hoist(no sag down of the charge)
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 88/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safe shutdown according to IEC 61800-5-2:STO, SS1, SS2
n
n
t
ActivationSafe Shutdown
n
n
t
n
n
t
Defined braking ramp
Defined braking ramp
Safe Operating Stop
Safe Torque Offt
t
Safe Torque Off
Safe Stop 1
Safe Stop 2
Galvanic isolation
from the net is not
required!
Safe Torque Off
full Torque
Stop-categorie 0
Stop-categorie 1
Stop-categorie 2
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 89/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Principle procedure
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 90/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Specification of the safety function
Boundary conditions of machine for the safety function Endangering at the machine which shall be prevented Concerned operating modes of the machine when active Reaction time Production cycle time Mission time ...
Functionality of the safety function Functional description of the safety function Required safety performance Reset function Priority if different safety functions can be active Reaction to faults Frequent of operation …
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 91/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Principle procedure
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 92/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Structuring elements of the system architecture
A "safety function" is executed by a "system".
A "system" is combined of "subsystems".
A "subsystem" consists of "subsystem elements"
systemsubsystemssubsystem elements
DetectEvaluate React
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 93/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Concept of the safety function
Aim of the conceptThe safety system which executes the safety function must fulfill the requirements of the required safety level (SIL, PLr).ExampleSafety function : „If the protective hood is opened in the normal mode, then the engine must be turned off.“Demanded safety level: SIL 2 or PLr d
safety system
motor protective hood
Subsystem 3:react
Subsystem 1: Detecting
Subsystem 2:evaluation
orconcept for SIL CL 2 or PLr d
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 94/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety systemThe principle of security systems
A safety system always consists of components to:Detecting Reacting
SIRIUS contactors SIRIUS motor starters SIRIUS compact starter SINAMICS G120/G120D SINAMICS S120
SIRIUS position switches SIRIUS signal columns SIRIUS EMERGENCY STOP
buttons SIRIUS zero-speed relays SIMATIC FS light curtain SIMATIC FS laser scanner ASIsafe safe modules
Evaluating
SIRIUS safety switching devices
SIRIUS modular safety system
ASIsafe safety monitor SIMATIC
fail-safe controllers SIMATIC ET 200S, ET 200pro SIMATIC
Mobile Panel 277F IWLAN
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 95/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety functions and supplementary protective measures
Safety functions after risk analysis:Cutting machine: Door monitoring with
immediately stop
Stamping- machine Door monitoring with
immediately stop
Supplementary protective measures: Emergency Stop - central Emergency Stop - local at cutting machine
IM 151-8FPN/DP CPU
6ES7 151-8FB00-0AB0
PM-EDC24V..48VAC24..230V
6ES7 138-4CB11-0AB0
P15S23-A0
6ES7 193-
4CD20-0AA0
4 F-DI/3 F-DO DC24V/2APROFIsafe
6ES7 138-4FC01-0AB0
62
3 7
4011
511
6211
9 31
51
84E30S44-01
6ES7 193-
4CG20-0AA0
8DIDC24V
6ES7 131-4BF00-0AA0
E15S24-01
6ES7 193-
4CB20-0AA0
8DODC24V/0.5A
6ES7 132-4BF00-0AA0
E15S24-01
6ES7 193-
4CB20-0AA0
Cutting-machine
Stamping-
machine
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 96/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety functions“Door supervision” Cutting machine“Door supervision” Stamping- machine
Detecting evaluation react
Detecting evaluation react
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 97/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Supplementary protective measuresEmergency hold (local & central)Stamping- machine and Cutting machine
Detecting evaluation react
Detecting evaluation react
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 98/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety related control systems
1.1 2 3.1
1.2 2 3.1
2 3.21.3
1.4 2
3.2
3.1
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 99/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety related control system
2
3.1
3.2
1.1
1.2
System, SSubsystem, TSSubsystem element TSE
1.3
1.4
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 100/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Principle procedure
Part 3: SIL/PL-Verification
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 101/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety of Machinery / European Machinery Directive
Question:How can the safety-related reliability of the system be determined?
Part 3: Verification
Assessment according to ISO 13849 (PLr)
Assessment according to IEC 62061 (SIL)
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 102/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Thank you for your attention!
IEC 62061ISO 13849-1
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 103/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
index 7 —Simplified procedure to evaluate the PL achieved by SPR/CS
none none low medium low medium high
a
b
not covered
not covered
not covered
low
medium
high
MTTFd of each channel
The identification of performance levels (PL) according to ISO 13849
The identification of the performance levels from category, DC and MTTFdWithin the two norms different methodology is used for the assessment of a safety function, but the results can be convicted into each other.
Simplified method to the assessment of the PL reached by a SPR/CS:
3 years
10 years
30 years
not covered
not covered
Category
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 104/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
PL according to EN ISO 13849-1
PLPerformance Level
Stru
ctur
e
Cat
Rel
iabi
lity
MTTFDD
iagn
osis
DC
Res
ista
nce
CCF
Pro
cess
verifying
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 105/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Categories
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 106/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
PL according to EN ISO 13849-1
PLPerformance Level
Stru
ctur
eCat-gory
Rel
iabi
lity
MTTFD
Dia
gnos
is
DC
Res
ista
nce
CCF
Pro
cess
verifying
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 107/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
MTTFd
MTTFd: Average of operating time without dangerous failure for each channel of the control
MTTFd is a static average andnot a rated economic life-time
30 Jahre ≤ MTTFd ≤ 100 Jahrehoch
10 Jahre ≤ MTTFd < 30 Jahremittel
3 Jahre ≤ MTTFd < 10 Jahreniedrig
Wertebereich MTTFdBezeichnungDenotation Range of values MTTFd
lowmedium
high
3 years ≤ MTTFd < 10 years10 years ≤ MTTFd < 30 years
30 years ≤ MTTFd < 100 years
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 108/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Definition of MTTF and MTBF
MTTF: Mean time to failure: Mean time before a fault occurs
ISO 13849, MTTF = MTBF + MTTRMean Time Between Failure, Mean Time To RepairMTBF>>MTTR, MTTR can be ignored
MTBF values for SIMATIC components are available in the Internet
SFF: Safe Failure FractionFault detection rate in %(Σ λS + Σ λDD) / (Σ λS + Σ λD)S: Safe, D: Dangerous, DD Dangerous DetectedCorresponds indirectly to the DC value
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 109/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
MTTFd
Hierarchical procedure for the determination of the MTTFd:
1. Use of the manufacturer's indications
2. Application of the methods in the appendix C and D
3. Chose 10 years
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 110/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
MTTFd (After annex C)
If the requirements from C.2 are fulfilled, the MTTFd or B10d
value can be intended for a component after table C.1
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 111/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
MTTFd (After annex C)
Calculation of the MTTFd for components from B10dB10d value: 10% of all equipment have failed dangerously
nop: Number of activity cycles per yearshop: Operation hours per day [h/d]dop: Operation days per years [d/y]tcycle: Mean time between two activity cycles
[s/cycle]
Operating timeT10d
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 112/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Siemens norm SN 31920
Table referring to the ISO 13849-2 (annex D) (EN 954-2) the ISO/FDIS 13849-1:2005 (annex C) the EN 62061 (annex D, Failure type of electrical/electronic components)
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 113/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Analysis of the sensor circle 1.1 position switch
nop = ( (365days x 24h x 3600 ) / 28800 = 1095
MTTFd = ( 1.000.000operating cycle / 0,2dangerous failures ) / 0,1 x 1095 nop = 45662 years
The MTTFd of every channel of the position switch is therefore "high" (> 30 years)
B10 = 1.000.000 with part of dangerous failures 20% B10d = B10/ 0,2dangerous failures
It will be worked 365 days per year and 24 hours per dayTcycle = every 8 hours 28800 sec.
hop, The average of operation hours per day [h/d]
dop, The average of operation days per year [d/y]
tcyle, The mean time between two operation cycles [s{cycle]
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 114/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
PL according to EN ISO 13849-1
PLPerformance Level
Stru
ctur
e
Cate-gory
Rel
iabi
lity
MTTFD
Dia
gnos
is
DC
Res
ista
nce
CCF
Pro
cess
verifying
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 115/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Diagnostic Coverage (DC)
The diagnostic coverage (DC) is the ratio of the failure rate of the recognized dangerous failures to failure rates of all dangerous failures
DC < 60%no
99% ≤ DC ≤ 100%high
90% ≤ DC < 99%medium
60% ≤ DC < 90%low
Range of DCDenotation
DD
DD DUDC
DD
DU
S
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 116/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
The specification diagnostic coverage DC (EN ISO 13849-1:2006)4.5.3 Diagnostic coverage (DC) page 18The value of the DC is given in four levels (see Table 6).For the estimation of DC, in most cases, failure mode and effects analysis (FMEA, see IEC 60812) or similarmethods can be used. In this case, all relevant faults and/or failure modes should be considered and the PL of the combination of the SRP/CS which carry out the safety function should be checked against the required performance level (PLr). For a simplified approach to estimating DC, see Annex E.
table 6 — diagnostic coverage (DC)
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 117/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Diagnostic coverage (DC) for function and modules annex E informative (EN ISO 13849-1:2006)
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 118/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Diagnostic coverage (DC) for function and modules annex E informative (EN ISO 13849-1:2006)
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 119/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Diagnostic coverage (DC) for function and modules annex E informative (EN ISO 13849-1:2006)
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 120/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
PL according to EN ISO 13849-1
PLPerformance Level
Stru
ctur
e
Cate-gory
Rel
iabi
lity
MTTFD
Dia
gnos
is
DC
Res
ista
nce
CCF
Pro
cess
verifying
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 121/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Common cause failure (CCF)
Annex F: Estimate of the failures due to CCF This quantitative process should be used for the complete system.
Every part of the safety-related parts of the control should be taken into account especially 2 channel architectures Cat. 2-4
The table F.1 list measures and contains associated values,based on an engineer-like judgement, which represent the contribution each measure makes in the reduction of common cause failures.
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 122/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Method to estimate common cause failure (CCF)annex F.1 informative (EN ISO 13849-1:2006)
(Max accessible 100%)
e. g. by use of:EN 60204IEC 61664
FMEA Analysis
total points65% or better
less than 65%
measures to avoid CCFRequierments achievedProcess failed ->Choose of additional measures
1.summ up the points
2.Requiermentsachieved?
X
X
X
XX
X
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 123/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Look at lecture no. 2 / robust processes
PL nach EN ISO 13849-1
PLPerformance Level
Stru
ctur
e
Cate-gory
Rel
iabi
lity
MTTFD
Dia
gnos
is
DC
Res
ista
nce
CCF
Pro
cess
verifying
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 124/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
PFH and corresponding PL or MTTFd with DCannex K informative (EN ISO 13849-1:2006)
The calculated MTTFd can be transferred to an adequate PFH value
low
medium
high
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 125/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
PL verification of the individual safety functions
1.1 2 3.1
1.2 2 3.1
2 3.21.3
1.4 2
3.2
3.1
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 126/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Emergency hold Door supervision with
magnetic switch
Door supervision
Position switch with a separate actuator
Door supervision
Recommended solution
Connection according to Cat. 3 to EN 954-1, PL d according to EN ISO 13849-1 and SIL 2 according to EN 62061
*
Emergency hold control units are manufactured according to EN ISO 13850 and can despite mechanical one-channel design in safety technical applications used for Cat. 3, PLd and SIL 2 There are no . There are no structural restriction at the emergency-hold / emergency-stop.
oror
ASIsafesafety monitor
3TK28F-CPU
or
MSS
* The break of the actuator must be impossibly to fulfill PL d, SIL 2and category 3. For Measures see DIN VDE 0113. This fault exclusion is possible only at position switches with a separate actuator.
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 127/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
index 7 —Simplified operation to rating by a SPR/CS achieved PLSafety-
none none low medium low medium high
a
b
not masked
not masked
not masked
not masked
not masked
low
medium
high
MTTFd of each Channel
The regulation of the performance levels (PL) to ISO 13849
Appointment of performance levels of category, DC and MTTFd. Within either norms there will be a different method used for rating of safety functions, but the results can be transfered into each other. Simplified operation to rating by a SPR/CS achieved PL.
3 years
10 years
30 years
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 128/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Analysis of the sensor circle 1.1 position switchRequired measures
nop = ( (365days x 24h x 3600 ) / 28800 = 1095
MTTFd = ( 1.000.000operating cycle / 0,2dangerous failures ) / 0,1 x 1095 nop = 45662 years
The MTTFd of every channel of the position switch is therefore "high" (> 30 years)
B10 = 1.000.000 with part of dangerous failures 20% B10d = B10/ 0,2dangerous failures
It will be worked 365 days per year and 24 hours per dayTcycle = every 8 hours 28800 sec.
hop, The average of operation hours per day [h/d]
dop, The average of operation days per year [d/y]
tcyle, The mean time between two operation cycles [s{cycle]
Construction is carried out into category 3DC is required with 90% as mediumCCF is regarded accordance to annex F and must be complied.
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 129/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
ReihenschaltungBeispiel NOT-HALT und Schutztürüberwachung
1. 2. 3.
Categorie ?PL ?SIL ?
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 130/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Analysis of the sensor circle 1.1 position switchSensor connection according DC
Testing pulses for short-circuit detection
F-DI
Two channel Discrepancy assessment No short-circuit detection DC 90% P* P*
short-circuit detection
* Internal sensor supply can also be used
Two channel Discrepancy assessment Short-circuit detection DC 99%
Two channel antivalentDiscrepancy assessment
DC 99%
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 131/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
The DC is defined as medium with 90% The CCF has to be considered acc. to annex F and must be fulfilled. The mounting proceeds in category 3
nop = ( (365days x 24hx 3600 ) / 86400 = 365
MTTFd = ( 100.000operating cycle / 0,2dangerous failures ) / 0,1 x 365 nop = 13698 years
So the MTTFd of any Channels from the E-STOP “is high”.(> 30 years)
Analysis of the sensor circle 1.2 emergency hold local (trick unlocked)
B10 = 100.000 with part of dangerous failures 20% B10d = B10/ 0,2dangerous failuresIt is worked per annum 365 days and 24 hour on each the dayTcycle = 1x per day 86400 sec.
hop, The average of operating time in hours per day [h/d]
dop, The average of operating time within days per annum [d/y]
tcyle, The one average of the period of time between two activity cycles [s{cycle]
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 132/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
The DC is defined as medium with 90% The CCF has to be considered acc. to annex F and must be fulfilled. The mounting proceeds in category 3
nop = ( (365days x 24hx 3600 ) / 3600 = 8760
MTTFd = ( 1.000.000operating cycle / 0,2dangerous failures ) / 0,1 x 8760 nop = 5707 years
So the MTTFd of any Channels from the position switch “is high”.(> 30 years)
Analysis of the sensor circle 1.3 position switches
B10 = 1.000.000 with part of dangerous failures 20% B10d = B10/ 0,2dangerous failuresIt is worked per annum 365 days and 24 hour on each the dayTcycle = 1x per hour 3600 sec.
hop, The average of operating time in hours per day [h/d]
dop, The average of operating time within days per annum [d/y]
tcyle, The one average of the period of time between two activity cycles [s{cycle]
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 133/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
The DC is defined as medium with 90% The CCF has to be considered acc. to annex F and must be fulfilled. The mounting proceeds in category 3
nop = ( (365days x 24hx 3600 ) / 28800 = 1095
MTTFd = ( 100.000operating cycle / 0,2dangerous failures ) / 0,1 x 1095 nop = 4566 years
So the MTTFd of any Channels from the E-STOP “is high”.(> 30 years)
Analysis of the sensor circle 1.4 emergency hold central (trick unlocked)
B10 = 100.000 with part of dangerous failures 20% B10d = B10/ 0,2dangerous failuresIt is worked per annum 365 days and 24 hour on each the dayTcycle = every 8 hours 28800 sec.
hop, The average of operating time in hours per day [h/d]
dop, The average of operating time within days per annum [d/y]
tcyle, The one average of the period of time between two activity cycles [s{cycle]
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 134/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Failsafe module – PROFIsafe - Failsafe controller
4 F-DI/ 3F-DO SILCL2.1 = 2 -> PL d PFHD2.1 = 1,0*10-8
SILCL2.3 = 3 -> PL e PFHD2.3 = 3,62*10-10
SILCL SRP/CS 2.x >= SIL SRP/CS 2
2 ; 3 ; 3 >= 2 -> PL d
PFHD2.1 + PFHD2.2 + PFHD2.3 = PFHD 2 = 1,14 * 10-8
F-CPU
PROFIsafe
SILCL2.2 = 3 -> PL e PFHD2.2 = 1,00*10-9
communication
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 135/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
PFH / PFD The technicaldata evaluate for Simatic assemblies
http://support.automation.siemens.com/WW/view/de/27832836
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 136/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
nop = ( (365days x 24hour3600 ) / 3600 = 8760
MTTFd = ( 1.000.000operating cycle / 0,75dangerous failures ) / 0,1 x 8760 nop = 1522 years
So the MTTFd of any Channels from the contactors “is high”.(> 30 years)
Analysis of the actor circle 3.1 and 3.2 contactors
B10 = 1.000.000 with part of dangerous failures 75% B10d = B10/ 0,75 dangerous failures
It is worked per annum 365 days and 24 hour on each the dayTcycle = every hour 1x 3600 sec.
hop, The average of operating time in hours per day [h/d]
dop, The average of operating time within days per annum [d/y]
tcyle, The one average of the period of time between two activity cycles [s{cycle]
The DC is defined as medium with 90% The CCF has to be considered acc. to annex F and must be fulfilled. The mounting proceeds in category 3
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 137/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Analysis of the actor circle 3.1 and 3.2 contactors
Electronic-contact - M
Electroniccontact - P
Power circuit > 24V
F-DO DI
Feedback monitoring within the safety controller
Cross monitoringDC 90%
Direct monitoringDC 99%
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 138/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
low
medium
high
Table (annex K) for the determination of PFH value
1522 years
PFH-value for contactors & position switches
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 139/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety functions “Door supervision”Cutting machine
Detect Evaluate React
Required safety integrity
++PL dPFH 1,14 * 10-8
Cat. 3MTTF highDC mediumCCF >65
Cat. 3MTTF highDC mediumCCF >65
Pl = d/ Kat. 3; DC = 90; MTTF = 45662 yearsPFH1.1 = 4,29E-8
SIL = 2; SFF = >90 PL = d; SIL CL = 2PFH2 = 1,14E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 1522 years PFH3.1 = 4,29E-8
Pl = dPFHSF1 = 9,72E
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 140/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
ResultsPl = d/ Kat. 3; DC = 90; MTTF = 45662 yearsPFH1.1 = 4,29E-8
SIL = 2; SFF = >90 PL = d; SIL CL = 2PFH2 = 1,14E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 1522 years PFH3.1 = 4,29E-8
Pl = dPFHSF1 = 9,72E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 13698 years PFH1.2 = 4,29E-8
SIL = 2; SFF = >90 PL = d; SIL CL = 2PFH2 = 1,14E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 1522 years PFH3.1 = 4,29E-8
Pl = dPFHSF2 = 9,72E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 5707 years PFH1.3 = 4,29E-8
SIL = 2; SFF = >90 PL = d; SIL CL = 2PFH2 = 1,14E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 1522 years PFH3.2 = 4,29E-8
Pl = dPFHSF3 = 9,72E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 4566 years PFH1.4 = 4,29E-8
SIL = 2; SFF = >90 PL = d; SIL CL = 2PFH2 = 1,14E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 1522 years PFH3.1/3.2 = 8,58E-8
Pl = dPFHSF4 = 1,40E-7
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 141/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
ResultsPl = d/ Kat. 3; DC = 90; MTTF = 45662 yearsPFH1.1 = 4,29E-8
SIL = 2; SFF = >90 PL = d; SIL CL = 2PFH2 = 1,14E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 1522 years PFH3.1 = 4,29E-8
PL = dPFHSF1 = 9,72E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 13698 years PFH1.2 = 4,29E-8
SIL = 2; SFF = >90 PL = d; SIL CL = 2PFH2 = 1,14E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 1522 years PFH3.1 = 4,29E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 5707 years PFH1.3 = 4,29E-8
SIL = 2; SFF = >90 PL = d; SIL CL = 2PFH2 = 1,14E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 1522 years PFH3.2 = 4,29E-8
PL = dPFHSF3 = 9,72E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 4566 years PFH1.4 = 4,29E-8
SIL = 2; SFF = >90 PL = d; SIL CL = 2PFH2 = 1,14E-8
Pl = d/ Kat. 3; DC = 90; MTTF = 1522 years PFH3.1/3.2 = 8,58E-8
PL = dPFHSF4 = 1,40E-7
PL = dPFHSF2 = 9,72E-8
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 142/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Simplified quantification of the PL for a safety function with Parts Count
Sensor circuit:MTTFd = 850 years; DC-value is low with 99%
Actuator circuit:MTTFd = 56 years; DC-value is high with 99%
3331
12501
MTTF1
D
52,54MTTFD
1) Creation of DCavg Sensor/ Actuator = ?
x%99DC
DC
avg
561
8501
560,99
8500,99
avg
Sensor circuit & Actuator circuit:MTTFd = 52,54 years „high“; DC-value with 99% „high“ PL e
with for each component
2) Creation of MTTFd Sensor/ Actuator of each channel = ?
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 143/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
The regulation of the performance levels (PL) to ISO 13849 ( table 11)
The check of the complete PL for the series connection of SRP/CS
> 3 x PL e
result = PL d
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 144/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Thank you for your attention!
IEC 62061ISO 13849-1
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 145/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery A "safety function" is executed by a "system".
A "system" is combined of "subsystems".
A "subsystem" consists of "subsystem elements"
systemsubsystemssubsystem elements
detectingevaluation react
complet SIL = ?
SIL subsystem 1 = ? SIL subsystem 2 = ? SIL subsystem 3 = ?
Bases of the SIL-verification
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 146/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
SIL
SILSafety Integrity Level
Stru
ctur
eHFT
Rel
iabi
lity
PFHD
Dia
gnos
is
DC/SFF
Res
ista
nce
CCF
Pro
cess
verifying
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 147/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Structural restrictions
The structure (architecture) of the subsystems must be suitable for the demanded SIL. The following factors influence the suitability: HFT: Hardware Fault Tolerance the ability of a hardware component to execute a
demanded function at existence of faults or deviations further
HFT = N means, that N +1 hardware problems the loss of the security function imply
SFF: Safe Failure Fraction Proportional part of the safe recognized failures (Σ λS + Σ λDD) / (Σ λS + Σ λD) S: Safe, D: Dangerous, DD: Dangerous Detected
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 148/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
SIL 1 (s. Corrigendum)
Structural restrictions : SIL CL – SFF (table 5)
SFF HFT
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 149/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Assessment of the functional safety SIL claim limit, SIL CL
SILCL, SIL-Claim limit The SILCL of every subsystem of the safety function (SRCF) must at least correspond to the demanded SIL (after danger analysis) of the SRCF (similar as categories at EN954).
SIL CL subsystem >= SIL CL SRCF
The architecture of the subsystems also must be suitable for the demanded SIL, for example subsystem with/without redundancy or with/without diagnosis.
subsystem, TS
SIL CL3.1 = ?
SIL CL1.1 = ? SIL CL2 = ?
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 150/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
SFF of subsystems “detecting” Position switch with tumbler1.1
Simple subsystem, i.e. simple analysis of the failure type (annex IEC 62061)
- Contact does not open Dangerous Detection by diagnosis
- Contact does not close safe
- DC >= 90 SFF>= 90% HFT = 0 Because of fault exclusion (Break of the actuator) -> HFT 1
According to the table 5 arises
- SFF >90% and HFT =1 SIL CL = 3
- The fault exclusion at the mechanical part leads to the max. limitation on SIL CL 2
Note: According to IEC 61508 at certified components the SIL CL is given. Manufacturer's indications at configuration and wiring have to be taken into account
1.1
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 151/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Structural restriction: SIL CL - SFF (table 5)
of SFF contingent
safer failures
SIL 3(see comment 2)
Hardware fault-tolerance (see comment 1)
COMMENT 1: A hardware fault-tolerance of means that +1 error could conduct to a loss of SRCF.COMMENT 2: A SIL 4-border of claim will be not treated at this norm. For SIL 4 see IEC 61508-1
COMMENT 3: exception see 6.7.7.
Not allowed(see comment 3)
SIL 3(see comment 2)
SIL 3(see comment 2)
Table 5 – structural controls of subsystems: maximal take on claimable SIL for a SRCF, which is used by this subsystem
necessary for a subsystem with HFT = 0 and elimination of errors is:
EXCEPTION:
SIL CL ≤ SIL 2
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 152/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Mixed module, F-communication and F-CPU
4/8 F-DI/ 3F-DO SIL CL2.1 = 2 PFHD2.1 = 1,0*10-8
SIL CL2.3 = 3 PFHD2.3 = 3,62*10-10
SIL CL subsystem 2.x >= SIL CL subsystem 22; 3; 3; >= 2
F-CPU
PROFIsafe
SIL CL2.2 = 3 PFHD2.2 = 1,00*10-9
Communication
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 153/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
SFF of the subsystems “Reacting” contactor 3.1 and 3.2
Simple subsystem, i.e. simple analysis of the failure type (annex K IEC 62061)
- Contact does not open dangerous detecting by diagnosis in F CPU
- Contact does not close safe
- DC >= 90 SFF>= 90% HFT = 1
According to the table 5 arises
- SFF >90% und HFT =1 SIL CL = 3
3.1
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 154/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Assessment of the function-related safety after SIL claim limit, SIL CL
subsysteme, TS
SIL CL 1.1 = 2 SIL CL 2 = 2 SIL CL 3.1 =
3
SIL CL = 2
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 155/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
SIL
SILSafety Integrity Level
Stru
ctur
e
HFTR
elia
bilit
yPFHD
Dia
gnos
is
DC/SFF
Res
ista
nce
CCF
Pro
cess
verifying
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 156/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
MTTF values and general approach The failure rate – lambda λ
The failure rate has the dimension 1/time unit, e.g. 1/hFor construction elements often used the notion FIT (failures in time). This describes a failure rate related to a corresponding "time base" (of 109 hours):
A so-called “constant failure rate” can be started out from for a particular time period only.
failure rate
Early failures Phase with a constant failure rate Late failures
time t
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 157/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Harmless and dangerous failure rate in accordance to DIN EN 62061
The failure rate (λ) gets together from harmless/safe (λS) and dangerous failures (λD) together:
λ = λS + λDs = „safe“, d = „dangerous“
or
λD = [part of dangerous failures in %] x λ
λS = [part of harmless failures in %] x λ
It is mainly looked at the dangerous failure ratein the safety engineering.
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 158/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
The probability of failure
A (mathematical) distribution function of the probability of failure gives up from the failure rate:F(t) = 1 – exp (- λt), with λ as failure rate.
One also describes the mean average value of this exponential distribution: At components could not been repaired as the middle life time MTTF
(Mean Time To Failure; 63,2% of the components fallen out until middle life time MTTF);
at repairable components as a middle operating timebetween two failures MTBF( Mean operating Time Between Failures).
– Technical statistics –
MTTF = 1 / λThe MTTF is a statistical mean average value,
however no guaranteed life time!
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 159/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
The probability of failure according to DIN EN 62061
The probability of failure is looked at based on the failure rate at any hour of the life time of the component:
PFHD probability of dangerous hardware failure
The calculation is derived directly from the failure rate:
PFHD = λD x 1 h [without dimension]
high demand or continuous mode„Mode in which the frequency of requirements on a SRECS more than once per year
amounts or the frequency of the requirements more greatly is as the double frequency of the proof test. “SRECS: Safety-Related Electrical Control Systems
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 160/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
PFH estimation for electromechanical components
λd
Rate of dangerous failures [1/h] Reciprocal value of the time until the
dangerous failure (MTTFd)λd = 1 / MTTFd λ = 1 / MTTF (mainly) Restrictions see IEC 62061
PFH = λd ×1h; λ = 1/MTTFIEC 62061,
6.7.8.2.1IEC 62061,
6.7.8.2.1
detection
PFH subsystem 1 = ?
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 161/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
B10 value for electromechanical components according to DIN EN 62061
The failure rate for electromechanical components is defined with the B10 value.
The B10 value is expressed in number of operating cycles:
The number of operating cycles within a life time test, after 10% of the components have been failed.
According to EN 62061:
λ = 0,1 x C / B10with C = operation cycle in hour
The failure rate must be calculated on base of operation cycle.
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 162/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Electromechanical components
λ = 0,1*C/B10 λd = λ * part of dangerous failures
B10: Number of operation cycles after which 10% of all equipment have failed
C: operation cycle per hour
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 163/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Example application
Subsystem element: Single Contact
Dangerous failure rate, D [1/h]D = 0.1 x C / B10 x (Contingent of dangerous failure
rate)B10: Amount of switching cycles-> Information of component manufacturer: B10 = 1.000.000
Rate of dangerous failures “fuse of contacts”-> Information of component manufacturer = 75%
C: Operating Cycles-> Information of machine manufacturer:C = 10 times per hour / h
D = 7,5 x 10-6
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 164/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
4 Base subsystem architectures
One fault tolerance withoutdiagnostic function(s)
One fault tolerance with diagnostic function(s)
element 1
element n
subsystem PFH=?
Zero fault tolerance without diagnostic function
Zero fault tolerance with diagnostic function
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 165/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Designated architectures and basic subsystem architectures are comparable
Category 3/4 designated architectures
Basic subsystem architecture D
I1
I2
L1
L2
O1output signal
O2
monitoring
sensor logic contactor
output signal
monitoringinput signal
input signal
monitoring
Basic subsystem architecture D
subsystem element 1λDe1
subsystem element 2λDe2
common cause failurediagnostic function(s)
λD = ( 1 – β )2 {[ λD11 λD12 ( DC11 + DC12 ) T2 / 2 ] + [ λD11 λD12 ( 2 - DC11 - DC12 ) T1 / 2 ]} + β ( λD11 + λD12) / 2
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 166/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Some definitionsfor abrasion afflicted, electro mechanical elements
Failure probability of a subsystem with 1-channel architecture:
λD = λDi without diagnosis λD = λD1 ( 1 - DC1 ) with diagnosis
Failure probability of a subsystems with redundant architecture: λD = ( 1 – β )2 {[ λD11 λD12 ( DC11 + DC12 ) ] T2 / 2 +
[ λD11 λD12 ( 2 - DC11 - DC12 ) ] T1 / 2} + β ( λD11 + λD12 ) / 2
Failure probability of a Subsystems with even Subsystem elements of a redundant architecture: λDe = λD11 = λD12
DCe = DC11 = DC12
λD = ( 1 – β )2 λDe2 {[ DCe T2 ] + [ (1 – DCe ) T1 ]} + β λDe
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 167/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
One fault tolerance with diagnostic function(s)
homogeneous structure
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 168/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Definition
Rate dangerous failures:λ = 1/MTTF (electronic component)λ = 0,1*C/B10 (electromechanical components)
DC: Diagnostic CoverageDiagnostic Coverage in %ΣλDD /λDtotalSpecification by machinery manufacturers
CCF or ß-factor: Common Cause FailureFault in result of a common causeBy analysis of the realization established Question list from IEC 62061, annex F Specification by machinery manufacturers
T2: Diagnosis test intervalTime interval between two function testsOperation interval at electromechanical componentsSpecification by machinery manufacturers
T1: Proof test intervalTime interval between two tests
Proof "virgin state"Given for certified safety products.
Otherwise parameter to adjust Lambda value
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 169/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Method to estimate CCF- Factorannex F informative (EN 62061)
CCF-factor : common cause failure
Defined through machine manufacturer after total points from theapplication assessment according to some special criteria.criteria: separation/isolationdiversity / redundancy, complexity/ applicationassessment / analysis, competence / training andenvironment monitoring
Possible values are 0,1 to 0,01e.g. total points, = 0,1
conservative assumption
X
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 170/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
CCF or : Common Cause Failure
By reflection of the realization detected
Question lists out of IEC 62061 or ISO 13849 (rev) An failure, which is the result from one or more events, which cause the failure of two or
more seperate channels in a subsystem (redundant architecture) and leads to a failure of a SRECS at the same time.
Measure against it is e.g. a protected transfer
Specification by machinery manufacturers (e.g. by evaluation of the tables F1 and F2.)
The CCF factor worsens the PFHD value!Reasons for CCF:Surroundings: Temperature, dampness, vibration, shock, corrosive substancesPower supply: Voltage drops, voltage fluctuations, transient voltage , voltage blackoutEMV: Interference immunity opposite magnetic fields, electromagnetic fields and electrostatic dischargesSoftware: Identical algorithms,
only must be intended for redundant architectures, (.architecture type C and D)
Explanation CCF-factor and regulation
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 171/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
DC Diagnostic CoverageDC: Diagnostic Coverage (Σ λdd / Σ λd) Diagnostic Coverage in % from 0 to 99 % "Approval of the probability of dangerous hardware failures which results
from the execution of the automatic diagnostic tests." Example: Two position switches are controlled on discrepancy; this failure
is uncovered as soon as one is faulty DC = 0,99 (or 99%)
Specification by machinery manufacturers
Procedure to the assessment of the DC value execution of a fault analysis - fault tree analysis or FMEA for every subsystemregulation of the failure rates s, D, DD and DU (on basis of the IEC 61508)calculation of the diagnosis funding ratio
if necessary determination of the SFF part
DD
DD + DU
DCAVG=
The diagnostic coverage (DC) is the ratio of the failure rate of therecognized dangerous failures to the failure rates of all dangerous failures
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 172/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Estimate of the diagnostic coverage (DC) for function and modules annex E informative (EN ISO 13849-1:2006)
Tabelle E.1 (fortgesetzt)
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 173/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
T1, T2
Proof test interval T1 Time interval between two subsystem tests influences the lambda value of the subsystem Can be defined by subsystem manufacturer
Test interval T2 Time interval between two function tests
for uncovering failures Can be replaced with the number of switching cycles and corresponds so
to the operation cycle of the electromechanical component. Specification by machinery manufacturers (operation manual) At mechanical components e.g. 1 year about a forced dynamic sampling
1 CT2 =
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 174/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Verification of the individual safety functions
1.1 2 3.1
1.2 2 3.1
2 3.21.3
1.4 2
3.2
3.1
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 175/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Subsystem element
subsystem
Failure coverage through comparison in F-SPS
rate of dangerously failuresDangerous faults: "Contacts do not open” = 20%
D = 0.2 x
Homogeneous redundancy (the same machine)1 = 2 = ; DC1 = DC2 = DC
Failure coverage ratio (at comparison in F-SPS)DC = 90%Common Cause FailureCCF: 10% (conservative worst case value)
Time-related failure rate
C: Switching rate in [1 / h]
= 0.1 x C / B10
B10: Manufacturer's indication
B10 : 100.000 C : all 8 hours
Diagnosis support:
Manufacturer's indications
DssD = (1 – β)2 {[ De2 * 2 * DC ] * T2/2 + [ De2 * (1 - DC) ] * T1} + β * DePFHDssD = DssD * 1h 2,51 E-9
test IntervalsT1: 20 years (Manufacturer detail)T2: all 8 h (Evaluation in user software)SIL CL = 3
Analysis of the sensor circle 1.4 emergency hold central (trick unlocked)
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 176/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
The Excel table for calculation
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 177/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Verification with a Siemens tool after HMI 2009
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 178/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
subsystem element
subsystem
Failure coverage through comparison in F-SPS
rate of dangerously failuresDangerous faults: "Contacts do not open” = 75%
D = 0.75 x
Homogeneous redundancy (the same machine)1 = 2 = ; DC1 = DC2 = DC
Failure coverage ratio (at comparison in F-SPS)DC = 90%Common Cause FailureCCF: 10% (conservative worst case value)
Time-related failure rate
C: Switching rate in [1 / h]
= 0.1 x C / B10
B10: Manufacturer's indication
B10 : 1.000.000 C : every 8 hours (0,125)Diagnosis support :
Manufacturer's indications
DssD = (1 – β)2 {[ De2 * 2 * DC ] * T2/2 + [ De2 * (1 - DC) ] * T1} + β * DePFHDssD = DssD * 1h 7,58 E-9
test IntervalsT1: 20 years (Manufacturer detail)T2: all 8 h (Evaluation in user software) SIL CL = 3
consideration of actor circles 3.1 contactors (3.1 = 3.2)
3.1
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 179/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Mixed module, F-communication and F-CPU
4/8 F-DI/ 3F-DO SIL CL2.1 = 2 PFHD2.1 = 1,0*10-8
SIL CL2.3 = 3 PFHD2.3 = 3,62*10-10
PFHD2.1 + PFHD2.2 + PFHD2.3 = PFHD 2 = 1,14 * 10-8
F-CPU
PROFIsafe
SIL CL2.2 = 3 PFHD2.2 = 1,00*10-9
Communication
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 180/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
ResultsSIL CL = 2PFH1.1 = 2,50E-10
SIL CL = 2PFH2 = 1,14E-8
SIL CL = 3 PFH3.1 = 7,58E-9
SIL CL = 2PFHSF1 = 1,92E-8
SIL CL = 3PFH1.4 = 2,51E-9
SIL CL = 2PFH2 = 1,14E-8
SIL CL = 3 PFH3.1 = 1,52E-8
SIL CL = 2PFHSF4 = 2,91E-8
SIL CL = 3PFH1.2 = 8,41E-10
SIL CL = 2PFH2 = 1,14E-8
SIL CL = 3 PFH3.1 = 7,58E-9
SIL CL = 2PFHSF2 = 1,98E-8
SIL CL = 2PFH1.3 = 2,01E-9
SIL CL = 2PFH2 = 1,14E-8
SIL CL = 3 PFH3.2 = 7,58E-9
SIL CL = 2PFHSF3 = 2,10E-8
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 181/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
subsystem element
subsystem
Failure coverage through comparison in F-SPS
rate of dangerously failuresDangerous faults: "Contacts do not open” = 20%
D = 0.2 x
Homogeneous redundancy (the same machine)1 = 2 = ; DC1 = DC2 = DC
Failure coverage ratio (at comparison in F-SPS)DC = 90%Common Cause FailureCCF: 10% (conservative worst case value)
Time-related failure rate
C: Switching rate in [1 / h]
= 0.1 x C / B10
B10: Manufacturer's indication
B10 : 1.000.000 C : every 8 hours
Diagnosis support:
Manufacturer's indications
DssD = (1 – β)2 {[ De2 * 2 * DC ] * T2/2 + [ De2 * (1 - DC) ] * T1} + β * DePFHDssD = DssD * 1h 2,50 E-10
test IntervalsT1: 20 years (Manufacturer detail)T2: all 8 h (Evaluation in user software)SIL CL = 2
Analysis of the sensor circle 1.1 door supervision
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 182/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Subsystem element
subsystem
Failure coverage through comparison in F-SPS
rate of dangerously failuresDangerous faults: "Contacts do not open” = 20%
D = 0.2 x
Homogeneous redundancy (the same machine)1 = 2 = ; DC1 = DC2 = DC
Common Cause FailureCCF: 10% (conservative worst case value)
Time-related failure rate
C: Switching rate in [1 / h]
= 0.1 x C / B10
B10: Manufacturer's indication
B10 : 100.000 C : 1x per day
Diagnosis support :
Manufacturer's indications
DssD = (1 – β)2 {[ De2 * 2 * DC ] * T2/2 + [ De2 * (1 - DC) ] * T1} + β * DePFHDssD = DssD * 1h 8,41 E-10
test Intervals
T1: 20 years (Manufacturer detail)
T2: all 24 h (Evaluation in user software)SIL CL = 3
Analysis of the sensor circle 1.2 need hold local (trick unlocked)
Failure coverage ratio (at comparison in F-SPS)DC = 90%
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 183/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Subsystem element
Subsystem
Failure coverage through comparison in F-SPS
rate of dangerously failuresDangerous faults: "Contacts do not open” = 20%
D = 0.2 x
Homogeneous redundancy (the same machine)1 = 2 = ; DC1 = DC2 = DC
Failure coverage ratio (at comparison in F-SPS)
DC = 90%Common Cause FailureCCF: 10% (conservative worst case value)
Time-related failure rate
C: Switching rate in [1 / h]
= 0.1 x C / B10
B10: Manufacturer's indication
B10 : 1.000.000 C : every 8 hours (0,125)
Diagnosis support :
Manufacturer's indications
DssD = (1 – β)2 {[ De2 * 2 * DC ] * T2/2 + [ De2 * (1 - DC) ] * T1} + β * DePFHDssD = DssD * 1h 2,01 E-9
test IntervalsT1: 20 years (Manufacturer detail)T2: all 8 h (Evaluation in user software)SIL CL = 2
Analysis of the sensor circle 1.3 door supervision
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 184/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery SIL Claim:SS1.1 SS1.2 SS2 SS3 SS4SIL2 SIL3 SIL3 SIL3 SIL2
SIL2
PFH and SIL:SS1.1 SS1.2 SS2 SS3 SS41,0 E-9 +1,0 E-10 +1,2 E-8 + 5,42 E-10 + 1,8 E-9
= 1,5442 E-8
SIL specification
SIL3 ???
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 185/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
SIL and PL can be compared with each other
Measure of the safety performance
3≥ 10-8 to < 10-7e
2≥ 10-7 to < 10-6d
1≥ 10-6 to < 3 x 10-6c
1≥ 3 x 10-6 to < 10-5b
no special safety requirements≥ 10-5 to < 10-4a
SIL [EN 61508-1 (IEC 61508-1)] for information
Average probability of a dangerous failure per hour [1/h]Performance level (PL)
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 186/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery SIL Claim:SS1.1 SS1.2 SS2 SS3 SS4SIL2 SIL3 SIL3 SIL3 SIL2
SIL2
PFD and SIL:SS1.1 SS1.2 SS2 SS3 SS41,0 E-9 +1,0 E-10 +1,2 E-8 + 5,42 E-10 + 1,8 E-9
= 1,5442 E-8
SIL2
Qualitative assessment
SIL specification
SIL3 ???
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 187/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery SIL Claim:SS1.1 SS1.2 SS2 SS3 SS4SIL2 SIL3 SIL3 SIL3 SIL2
SIL2
PFD und SIL:SS1.1 SS1.2 SS2 SS3 SS41,0 E-6 +1,0 E-10 +1,2 E-8 + 5,42 E-10 + 1,8 E-9
= 1,002 E-6
SIL2
Qualitative assessment
SIL specification
SIL1
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 188/198 Safety of machinery / European machinery directive
Support by Siemens
SIL verification PL verificationApplication example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
SIL
See lecture no. 2 / robust processes
SILSafety Integrity Level
Stru
ctur
eHFT
Rel
iabi
lity
PFHD
Dia
gnos
is
DC/SFF
Res
ista
nce
CCF
Pro
cess
verifying
© Siemens AG 2009. All Rights Reserved.
Support by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety of machinery / European machinery directive
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 190/198 Safety of machinery / European machinery directive
Information Training Function examples Evaluation tool Support ProductsSupport by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Certified Products for the overall Safety System …
… with all safety-relevant characteristics and certificatesDetecting Reacting
SIRIUS contactors SIRIUS motor starters SIRIUS compact starter SINAMICS G120/G120D SINAMICS S120
SIRIUS position switches SIRIUS signal columns SIRIUS EMERGENCY STOP
buttons SIRIUS zero-speed relays SIMATIC FS light curtain SIMATIC FS laser scanner ASIsafe safe modules
Evaluating
SIRIUS safety switching devices
SIRIUS modular safety system
ASIsafe safety monitor SIMATIC
fail-safe controllers SIMATIC ET 200S, ET 200pro SIMATIC
Mobile Panel 277F IWLAN
www.siemens.de/simatic-safety-integrated/starterkit
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 191/198 Safety of machinery / European machinery directive
Information Training Function examples Evaluation tool Support ProductsSupport by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Action packs and slides
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 192/198 Safety of machinery / European machinery directive
Information Training Function examples Evaluation tool Support ProductsSupport by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Comprehensive Support on your Way to the optimum Use of Safety Technology
Internet contacthttp://support.automation.siemens.com
The right support for every project phase
Support
Internet downloadhttp://www.siemens.com//safety-functional-examples
Instructions for functions and applications
Functional Examples
Product and standards trainings
Tool to prove the required safety level
Contents
Internet contacthttp://www.siemens.com/sitrain-safetyintegrated
Sitrain
Online toolwww.siemens.com/safety-evaluation-tool
Safety Evaluation tool
Can be obtained from
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 193/198 Safety of machinery / European machinery directive
Information Training Function examples Evaluation tool Support ProductsSupport by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Safety evaluation tool
The safety evaluation tool A free Internet-based tool for calculating safety functions ISO 13849-1 (successor standard of EN 954-1) IEC 62061 For documenting the
results by a report Offers easy, identical
handling for bothstandards Optimum support when
using the Siemens products
With the Safety Evaluation tool:Easy preparation of machine documentation conforming to the standards
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 194/198 Safety of machinery / European machinery directive
Information Training Function examples Evaluation tool Support ProductsSupport by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Functional Examples
Functional Examples include Functional, tested and
practical safety functions List of all required software
and hardware components and description of the interconnection
Tested and commented code Assessment of the safety functions
according to EN 62061 and EN ISO 13849-1: 2006
Described functionalities Can be easily implemented Serve as a basis for individual
expansions
Easy, fast and inexpensive implementation of safety tasks
Example: Safety Door with Spring-LoadedEngagement in Category 4 / PL e / SIL 3
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 195/198 Safety of machinery / European machinery directive
Information Training Function examples Evaluation tool Support ProductsSupport by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
SITRAIN – Safety Integrated Course Catalog
Specific courses
Drive technology
ST-NSST, focus: Theory; trainer: TÜV Süd, Latest Standards for Designing Safe Machines, 2 days
Sensors
SE-FSZERTTesting, Usage and Handling of Contactless Protective Equipment2 days
Controls
IK-ASISYSActuator-Sensor Interface system course3 days
Automationsystems
ST-PPDSConfiguring and Programming Fail-Safe SIMATIC S7-300 Control Systems with PROFIsafe3 days
DR-G120-EXPSINAMICS G120 Service and Commissioning2 days
NC-840DSIWSINUMERIK 840D Safety Integrated Configuring and Commissioning5 days
NC-840DSISSINUMERIK 840D Safety Integrated Maintenance course3 days
General coursesST-SIUEBF, focus: System overview; Current Standards (ST-NSST) plus Safety Integrated Product and System Overview, 4 days
CD-SSISIRIUS Safety Integrated3 days
Drives Safety S120Safety Functions2 days
NEWstarts 2009
NEWstarts 2009
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 196/198 Safety of machinery / European machinery directive
Information Training Function examples Evaluation tool Support ProductsSupport by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Functional safety of machine controlapplication of DIN EN ISO 13849
Functional safety of machine control- application of DIN EN ISO 13849 (BGIA-Report 2/2008)
Download report & calculation tool SISTEMA http://www.dguv.de/bgia/de/pub/rep/rep07/bgia0208/index.jsp
© Siemens AG 2009. All Rights Reserved.Industry SectorPage 197/198 Safety of machinery / European machinery directive
Information Training Function examples Evaluation tool Support ProductsSupport by Siemens
Application example
IEC 62061 and ISO 13849-1
4 Placing to market
3 Validation
2 Risk reduction
1 Risk assessment
The way to a safe machinery
Safety of Machinery
Support to the norms
To the 62061 Siemens Function example to 62061
http://support.automation.siemens.com/WW/view/de/23996473
To the EN ISO 13849 BGIA Report 2008
http://www.dguv.de/bgia/13849
To the EN 62061 and EN ISO 13849: Siemens: Standards brochure, standards poster
http://www.automation.siemens.com/cd/safety/index_00.htm
To the reference book: Funktionale Sicherheit von Maschinen und Anlagen
Umsetzung der europäischen Maschinenrichtlinie in der Praxis(ISBN 978-3-89578-366-1, only German version)
To the EU Guidelines: Guidelines, activities for the guidelines, list of the harmonized norms,
FAQs, ...http://www.newapproach.org
© Siemens AG 2009. All Rights Reserved.
Thank you for your attention!