T71 - ANSI RIA R15.06: Robot and Robot System Safety robot that meets ISO 10218-1 (which is ANSI RIA...
Transcript of T71 - ANSI RIA R15.06: Robot and Robot System Safety robot that meets ISO 10218-1 (which is ANSI RIA...
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
PUBLIC
PUBLIC - 5058-CO900H
T71 - ANSI RIA R15.06: Robot and Robot System Safety
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
ANSI/RIA R15.06-2012
Update of R15.06 – 1999
1999 withdrawn: end of 2014
(+TR R15.106 and TR R15.206)
R15.06 – 2012 is a national adoption of
ISO 10218-1 and ISO 10218-2
ANSI/RIA R15.06-1999 was used as
basis for ISO 10218
With an ANSI/RIA Introduction• RIA (print) www.robotics.org
+ “old” stds & technical reports
• ANSI (PDFs): note the TRs are NOT
available from ANSI.
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Who is addressed by standards?
WHO ANSI ISO and ENOSHA
Regulations
EU Machinery
Directive
Manufacturer X X X
Integrator X X X
User X X
Could be directed to all entities X Suppliers ONLY
ANSI: guidance to Manufacturers, Integrators & Users of machinery (depends on scope).
ISO & EN standards: SUPPLIERS , NOT Users except when Users also have role of
supplier, of industrial machinery. Allows movement of like goods into and within Europe.
OSHA standards provide requirements only to Users (Employers) for occupational safety, but
can include responsibilities to Employees (ex. Lock-out).
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
1970 Occupational Health & Safety Act created
1982 R15.06 drafting started
1986 Publication of ANSI/RIA R15.06 – 1986
1986 R15.06 update started
1992 Publication of ANSI/ RIA R15.06 – 1992
1993 R15.06 update started
1999 Publication of ANSI/ RIA R15.06 – 1999
~2000.. ISO 10218 started based on ANSI/ RIA R15.06 – 1999
~2004 R15.06 update started (working with draft ISO)
2006 Publication of ISO 10218-1 AND ISO 10218 revision started
2007 Publication of ANSI/ RIA ISO 10218-1 – 2007 & RIA TR to enable its use
2011 Publication of ISO 10218-1 and ISO 10218-2: 2011
2012 ANSI/ RIA R15.06 adopts ISO 10218-1 and -2:2011
2014 ANSI/ RIA Tech Reports published (TR R15.306, .406, .506)
2015 Anticipate publication of updated TR R15.306 w/minor revs
History of ANSI/ RIA R15.06
1961
2014
ANSI
Top Seller
over the years
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
What’s new with R15.06-2012?
Standard structure
Part 1: Robot (comes from robot manufacturers)
Part 2: Integration: requirements placed on the integrator (role of
integrator – not necessarily the business purpose)
Normative references to ISO & IEC standards
Safety features embedded in robot systems (some optional)
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
R15.06 – 2012: 7 Top changes
1. Terminology (limited changes)
2. Risk assessment REQUIRED!
3. Functional safety (quantifiable)
4. Floor space optimization due to new features (some OPTIONAL) & changes to CLEARANCE
5. Detachable & wireless pendants
6. Perimeter guarding changes (min/max)
7. Collaborative operation (4 types identified)
The issue is collaborative application – not just the robot. This topic is GREATLY misunderstood!
SeverityFrequency of
EXPOSURE
Probability of
AVOIDANCERisk Level
S1
Minor
E0 preventedNegligible
E1 low
A1 likely
E2 high
A2 or A3 not likely or not
possible
Low
E0 prevented
S2
Moderat
e
E1 low
MediumA1 likely
E2 high
A2 or A3 not likely or not
possible High
E0 prevented
S3
Serious
Low
E1 low
High
E2 high
A1 or A2 likely or not likely
A3 not possible Very High
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Terminology changes
New Terms Explanation
RobotRobot arm & robot control (does NOT include end effector or part)
Robot CAD files do NOT include tooling or parts.
Robot System Robot, end effector and any task equipment
Robot Cell Robot System and safeguarding (inside safeguarded space)
Reduced speed Called Slow speed in the 1999 standard
Protective StopCalled Safety Stop in the 1999 standard
Purpose: protection of people. This is different from Estop.
Man
ual
Mo
de
reduced
speed
Often called T1, was called Teach Mode in 1999 standard.
(Teach is a task using manual reduced speed mode)
high speed Often called T2, but also called APV in the 1999 standard
Operator(s)All personnel, not simply production operators.
Maintenance, troubleshooting, setup, production…
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Standard “special” words
Shall Normative or mandatory requirement
Should Recommendation or good practice
May Permissive or allowed
Can Possible or capable – statement of fact
Notes are informative and are used to provide additional information or explain concepts.
If you see a “shall,” “should” or “may” in a note
– it is an error. Notes are INFORMATIVE!
We (standards writers) try, but we still make mistakes.
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
R15.06 – 2012, Part 1 Robot Mfgers!
Part 1: Annex D describes OPTIONAL features. Robot manufacturers are NOT required to provide any of these features, however if they are provided, they have to meet the stated requirements in Part 1. Here are the optional features listed in Annex D
Emergency stop output functions
Enabling Device features (common enabling device functionality and connecting additional)
Mode section (providing mode information as a safety related functions)
Anti-collision sensing awareness signal (not safety-related function but helpful)
Maintaining path accuracy across all speeds, so that using T2 is not needed
Safety-rated soft axis and space limiting (allows smaller cell footprints)Ex: FANUC DCS, Kuka Safe Operation, ABB SafeMove, Yaskawa FSU…
Stopping performance measurement
Do NOT presume that these features are provided. OPTIONS!
Part 2 is for the integration of robots into systems and cells.
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Impact to Integrators & Users
Part 2 (ISO 10218-2 = R15.06 Part 2)
This is the BIGGY for Integrators (and Users to know)
Users are not specifically addressed
User acts as integrator, then integrator requirements apply to User.
Users need to use the information provided by the integrator.
Users address the residual risks: typically developing procedures & training, training personnel, adding warnings/ signs and safety management.
Integrators/ Users: options in Part 1, Annex D needed?
Know before buying robots. A robot that meets ISO 10218-1 (which is ANSI RIA R15.06 Part 1), only has these optional
features if you request them or if the manufacturer states that their robot has these options.
Validation & verification, Clause 6, requires Annex G (p 127 Part 2)
Then START READING the standard!
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
R15.06: 2012 – Part 2
Clause 1: Scope
Clause 2: Normative References
ISO to be used for global (including US) compliance while some ANSI standards can be used instead of ISO if compliance is for US only.
Clause 3: Terms and definitions
Clause 4: Hazard Identification & Risk Assessment (see TR R15.306)
Clause 5: Safety Requirements and protective measures
5.2: Functional safety (ISO 13849-1 & IEC 62061) requirements and equivalency to “Control Reliability”
5.10: Safeguarding (Use ISO & IEC standards or if ONLY US, TR R15.406 can be used)
Clause 6: Verification & validation of safety requirements and protective measures (NORMATIVE reference to ANNEX G in Part 2)
Clause 7: Information for Use (page 101, Part 2)
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Part 2: 5.2 Functional safety
ISO 13849-1:2006 and IEC 62061 provide metrics for functional safety
Can quantify performance, determine requirements, and validate
“Control Reliable”: concept in 1999 standard
PL=d with structure category 3 is equivalent to the requirements in the 1999 for “control reliability” : A single fault does not lead to the loss of the safety function;
The fault shall be detected before the next safety function demand;
When the fault occurs, the safety function is performed and a safe state shall be maintained until the detected fault is corrected;
Reasonably foreseeable faults shall be detected.
Functional safety applies to all safety features which include a control system/ logic (SRP/CS)
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Optimize Your Floor Space
Using safety-rated soft axis and space limiting feature of the robot control
(optional feature)
See Part 1: 3.19.3, Part 1: 5.12.3 and Part 1: Annex D
This is a type of “Limiting Device” (safety function) that reduces the
“maximum space” to the restricted space.
Maximum, Restricted, and
Operating Spaces include the
robot, end-effector, & part
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Optimize Your Floor Space: Clearance
IF ONLY Manual Reduced Speed (T1) and NO T2, then clearance is required for tasks inside the safeguarded space where there is an exposure to hazard(s) due to lack of space (pinch, crush, trapping).
No task no need for clearance! Be real in the risk assessment.
If there is a lack of space for a task, then 20in (500mm) needed for trapping (body/ chest). For other body parts, use ISO 13854.
1999: 18-inch clearance from the operating space was required.
2012: Silent whether distance is from the restricted or operating space.
Case studies: up to a 30-40% reduction in footprint!
Photo courtesy Assa Abloy
Important: If the robot has high-speed manual (T2), then 20in (500mm)
clearance is required regardless of the risk assessment (Part 2, 5.5.2)
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Perimeter Guard Dimension Comparison
R15.06-1999 ISO 10218 & R15.06-2012 CSA Z434
Lower Dimension 12 in. 7 in. 6 in.
Upper Dimension 60 in. 55 in. 72 in.
Lower Dimension, MAXIMUM
Upper Dimension
MINIMUM
Only if hazards cannot be accessed by reach over, under and through.
Example, if there is a hazard within 43” of the bottom, then the guard must
have a lower dimension smaller than 7”. (see ISO 13855 or RIA TR15.406)
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Collaborative Operation
4 types of collaborative operation (Part 1, 5.10; Part 2, 5.11) for collaborative applications (can be a mix of the following) – all while in AUTOMATIC:
Safety-rated monitored stop: Operator may interact with robot system when it is stopped (drive power may be ON). Automatic operation resumes when the human leaves the collaborative workspace.
Hand-guiding operation: Operator in direct contact with the robot system, using hand controls.
Speed and separation monitoring: Robot/hazard speed is reduced the closer an operator is to the hazard. Protective stop is issued before contact.
Power and force limiting: Incidental contact between robot and person will not result in harm to person. Reference ISO TS 15066. Requires a risk assessment per each body region. Applications where WORSE CASE is ONLY SLIGHT INJURY!
A collaborative application could include 1 or more of the above capabilities.
NOTE: Additional guidance for collaborative operations has been drafted in ISO TS 15066. Mostly about Power & Force Limited and Speed & Separation Monitoring.
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
RIA Technical Reports…
R15.306, R15.406, and R15.506 were developed for the US because the
1999 standard included these details and the 2012 edition does not.
TR R15.306 update of 1999 risk assessment methodology and matrix
(from 2x2x2 to 3x3x3).
TR R15.406 Safeguarding, pulls many (but NOT all)
requirements from various ISO safety standards.
For EU or global compliance, use ISO standards.
TR R15.506 Applicability of R15.06-2012 for existing robot
applications. Needed because ISO standards only look forward (new).
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
TR R15.306 Risk assessment (task-based)
Conduct a risk assessment (required now, option in 1999).
Consider task locations & access requirements. See Part 2, clause 4.3
Identify tasks & hazards & the needed protective measures for all phases of operation
Include the need for access to tasks and providing space to perform tasks, including clearance if needed.
3 x 3 x 3 Matrix Severity, Exposure, and Possibility of Avoidance: See TR R15. 306, Table 1
risk analysis
risk assessment
Risk evaluation (see 5.6)
Adequate risk reduction – see 5.6.2
Has the risk been
adequately reduced? Clause 6 Risk reduction
Excerpt from ISO 12100, figure 1
If no, repeat
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
RIA TR R15.306 – 2014Factor Rating Criteria (Examples) – choose most credible
Injury
Severity
Serious
S3
Normally non-reversible:
– fatality
– limb amputation
– long term disability
– chronic illness
– permanent health change
If any of the above are applicable, the rating is SERIOUS
Moderate
S2
Normally reversible:
– broken bones
– severe laceration
– short hospitalization
– short term disability
– lost time (multi-day)
– fingertip amputation (not thumb)
If any of the above are applicable, the rating is MODERATE
Minor
S1
First aid:
– bruising
– small cuts
– no loss time (multi-day)
– does not require attention by a medical doctor
If any of the above are applicable, the rating is MINOR
Read criteria from
the top and down,
for each factor
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
RIA TR R15.306 with E0
Exposure
Prevented
E0
– Exposure to hazard(s) is eliminated/ controlled/ limited by inherently safe design measures.
– Use of guards prevents exposure or access to the hazard(s)
(see Part 2, 5.10). If an interlocked guard is selected, the following bullet must also be met.
– If functional safety is used as a risk reduction measure, the functional safety performance (PL)
meets or exceeds the required functional safety performance (PLr). See Part 2, 5.2.
If any of the above are applicable, the rating is PREVENTED
High
E2
– Typically more than once per day or shift
– Frequent or multiple short duration
– Durations/situations which could lead to task creep and does not include teach
If any of the above are applicable, the rating is HIGH
Low
E1
– Typically less than or once per day or shift
– Occasional short durations
If either of the above are applicable, the rating is LOW
FACTORwith E0
Rating Criteria (Examples) – choose most credible
NOTE: E0 is used during validation as E0 is only available as a selection
AFTER the 1st round as it requires risk reduction (which happens after the initial assessment)
E0
added
Read criteria from the top for each factor
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
RIA TR R15.306
Factor Rating Criteria (Examples) – choose most credible
Avoidance
Not
Possible
A3
• Insufficient clearance to move out of the way and safety-rated reduced speed control is not used
• The robot system or cell layout causes the operator to be trapped, with the escape route toward the hazard
• Safeguarding is not expected to offer protection from the process hazard (e.g. explosion or eruption hazard)
If any of the above are applicable, the rating is NOT POSSIBLE
Not Likely
A2
• Insufficient clearance to move out of the way and safety-rated reduced speed control is used
• Obstructed path to move to safe area
• Hazard is moving faster than reduced speed (250 mm/sec)
• Inadequate warning/reaction time
• The hazard is imperceptible
If any of the above are applicable, the rating is NOT LIKELY
Likely
A1
• Sufficient clearance to move out of the way
• Hazard incapable of moving greater than reduced speed (250mm/sec)
• Adequate warning/reaction time
• Positioned in a safe location away from the hazard
If any of the above are applicable, the rating is LIKELY
Tweaking of
A2 and A3
examples
Read criteria from the top for each factor
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
TR R15.306: PLe not typically applicable to robot system
RISK REDUCTION – Table 2 without E0
Sev
erit
yEXPOSURE
Probability of
AVOIDANCERisk Level
If applicable
Min PL & Cat
of SRPCS
S1
Min
or
Negligible bE1 low
A1 likely
E2 high
A2 or A3
not likely or not possible
Low c2
S2
Mo
der
ate E1 low
Medium d2A1 likely
E2 high
A2 or A3
not likely or not possible
High d3
S3
Ser
iou
s E1 low
E2 high
A1 or A2
likely or not likely
A3 not possible Very High e4
RISK REDUCTION – Table 2
Sev
erit
y
EXPOSUREProbability of
AVOIDANCERisk Level
If applicable
Min PL & Cat
of SRPCS
S1
Min
or
E0 preventedNegligible b
E1 lowA1 likely
E2 high
A2 or A3
not likely or not possible
Low c2E0 prevented
S2
Mo
der
ate E1 low
Medium d2A1 likely
E2 high
A2 or A3
not likely or not possible High d3
S3
Ser
iou
s
E0 prevented Low c2
E1 low
High d3E2 high
A1 or A2
likely or not likely
A3 not possible Very High e4
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Risk reduction measures – 3 Step Method
Inherently safe design measures
by the designer/ supplier
Guards
Protective Devices
Warnings & Awareness Means
Administrative ControlsTraining & supervision
Personal protective equipment (PPE)
Safeguarding* * designer & user
Complementary
Protective Measures See Supplier 3 Step Method
developed from
Information for Use
1
2
3
risk
resi
du
al r
isk
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Hierarchy of risk reduction measures
Inherently Safe
Design Measures
Elimination
Substitution
Limit interaction (by inherently safe design)
Safeguarding
and
Complementary
Protective
Measures
Safeguards & if applicable, Safety-Related
Parts of the Control System (SRP/CS)
Complementary Protective Measures• Emergency stop devices and functions
• Platforms and guard railing (fall prevention) & safe
access – building codes & standards can apply
• Measures for escape & rescue of people, isolation
& energy dissipation, handling heavy parts
Information for
Use
Warnings & Awareness Means
Administrative Controls
Personal Protective Equipment Use
r Im
pac
t
Des
ign
er Im
pac
t
Inte
gra
tor
(Su
pp
lier)
Imp
act
See TR R15.306 for a detailed Hierarchy of Risk Reduction Measures
Most
Least
Effective
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
RIA TR R15.306
Assess residual risk (6.6). Will acceptable risk be achieved (6.7). If not achieved, repeat.
If residual risks are low or negligible, this is sufficient. Perform verification and validation (6.8).
Document (7.9). And be aware of Updates (7)
Table 4 – Min risk reduction as a function of the risk level
Risk Reduction
Measure
Risk Level
VERY HIGH HIGH MEDIUM LOW NEGLIGIBLE
Most Elimination
Use of one or a combination of these
risk reduction measures are required
as a primary means to reduce risks. Use of one or a
combination of any of
the risk reduction
measures that would
reduce risks to an
acceptable level may be
used.
Preferred Substitution
Limit Interaction
Safeguarding/
SRP/CS
Complementary
Protective MeasuresUse of one or a combination of these
risk reduction measures may be used
in conjunction with the above risk
reduction measures but shall not be
used as the primary risk reduction
measure.
Warnings and
Awareness Means
Least
Administrative
ControlsPreferred PPE
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
TR R15.306, table 5
Risk LevelMinimum functional safety performance
PLr Structure Category
NEGLIGIBLE
(see 5.6.1)b --
LOW c 2
MEDIUM d 2
HIGH d 3
VERY HIGH (see 5.6.2)
did not exist in R15.06-1999e 4
Robot safety standards require PLd, Cat 3 unless a risk assessment determines another PL and Cat is needed.
Functional safety could be lower or higher, based on application – with end-effector and part(s). A higher requirement
is not expected due to hazards associated with a robot system but could be required for other application risks.
PLd, Cat 3 is equivalent to Control Reliable & can be validated!
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
TR R15.406-2014
TR R15.406 Safeguarding, pulls many
(but NOT all) requirements from various
ISO safety standards.
For EU or global compliance,
use the EN/ ISO standards.
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
TR R15.506 Scope
ANSI/RIA R15.06-2012 provides
forward-looking guidance for industrial
robots and industrial robot systems/cells
effective at the time of its publication
and contains no requirements for
change or retrofit.
This TR provides guidance as about
what applies to existing equipment built
to an earlier version of the standard.
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
TR R15.506
Figure 1 –
Flowchart outlining various requirements
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
TR R15.506
Table 2 – Risk assessment and standard requirements for each scenario
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Challenges moving ahead…
Change is difficult. We have a new standard (and TRs) to learn.
Risk assessment is now required. Some people are not yet comfortable with risk assessment. But also many have
become quite comfortable.
Drive for new TR15.306 to have 3 levels of severity: slight, moderate, serious.
ISO 13849-1 and IEC 62061 are relatively new to the US.
Functional safety can seem scary because it includes equations.
Math can be easily done by free software (Sistema for ISO 13849-1).
Combines reliability with diagnostics coverage (to detect a failure), rather than simply relying on an architecture
(categories).
Functional safety requires understanding components (machine and safety-related), then integrating properly and
lastly validating. More expected … progress
This design, integration and use needs to reflect the entire lifecycle of the robot system and application. It
requires a discipline – the discipline of functional safety management, akin to quality management.
We have PLe which didn’t exist in EN954 plus “Control Reliable” was the “best”.
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
What’s Next?
Collaborative Operations / Applications: ISO TS 15066 out for ballot.
Manual load station (ISO TS Technical Specification)
– when is a load station a “hindrance device”
that prevents entry
New Projects
Robot/AGV combination
Other…
UL1740 revision to go to ballot in 2016How do we write a
safety standard for this?
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.PUBLIC
Roberta Nelson Shea
Global Marketing Manager, Safety Components
Rockwell Automation
Chelmsford, MA, USA
+1 978-446-3494
Copyright © 2015 Rockwell Automation, Inc. All Rights Reserved.
PUBLIC
PUBLIC - 5058-CO900H
www.rockwellautomation.com
Intro to Robot / Robot System Safety