Escolar Documentos
Profissional Documentos
Cultura Documentos
ABB drives
Technical guide no. 10
Functional safety
3AUA0000048753 REV D
EFFECTIVE: 14.3.2011
Contents
About this document .................................................................................. 7
1:
2:
3:
4:
5:
6:
7:
8:
9:
Glossary .....................................................................................................40
Index ..........................................................................................................42
Disclaimer
This document is an informative guide intended to assist the users, specifiers and manufacturers of machinery and the related
people in achieving a better understanding of the requirements
of the EU Machinery Directive, and the measures required to
achieve conformity with the directive and the harmonized standards under it.
This document is not intended to be used verbatim, but rather
as an informative aid.
The information and examples in this guide are for general use
only and do not offer all of the necessary details for implementing
a safety system.
ABB Oy Drives does not accept any liability for direct or indirect
injury or damage caused by the use of information found in
this document. The manufacturer of the machinery is always
responsible for the safety of the product and its suitability under
the applicable laws. ABB hereby disclaims all liabilities that may
result from this document.
Machinery Directive
The Machinery Directive, with the harmonized standards listed
thereunder, defines the Essential Health and Safety Requirements
( EHSR) for machinery at European Union level. The EHSR are
listed in Annex I of the Machinery Directive.
10
11
12
A
BASIC
SAFETY STANDARDS
B
GROUP SAFETY STANDARDS
Concrete statements regarding basic standards
C
PRODUCT STANDARDS
13
Machine builders
12/2009
Transition period
EN 954-1
12/2011
Two-year extension
3 years
EN ISO 13849-1
11/2006
EN 62061
2005
New Machinery
Directive 2006/42/EC
14
15
Note:
It is up to the machine manufacturer to decide which if any
safety system creation standard is to be used (EN ISO 13849-1
or EN 62061), and then they must follow the same, chosen
standard all the way from beginning to end to ensure congruity
with the said standard.
CEN standards are based on ISO standards and are basically
for mechanical equipment new standards have numbers in
the 10,000 series, while CENELEC standards are based on IEC
standards new standards have numbers in the 60,000 series.
Note:
EN ISO standards are presented in this document using the
ISO mark. However, EN IEC standards are presented without
IEC mark, according to the convention used in the harmonized
standards list.
16
17
Note:
All other references to this standard in this document solely apply
to the above mentioned version of the standard.
EN 61800-5-2 gives specifications and recommendations for
power drive systems used in safety-related applications. It is a
product standard that presents safety-related aspects in terms
of the framework of IEC 61508, and introduces requirements
for power drive systems when used as subsystems in safety
systems.
0
t
0
t
19
0
t
0
t
Output active
0
t
20
21
22
RISK IDENTIFICATION
Machinery
Directive
(EHSR)
Risk
assessment &
evaluation, risk
reduction
SAFETY FUNCTION
steps
2-3
Specification
- Functionality
- Safety performance
(SIL, PLT)
step 4
IMPLEMENTATION
Architecture,
subsystems,
safety / reliability
parameters
step 5
Compliance
assessment,
technical file,
documentation
step 9
COMPLIANCE
Functional
testing,
achieved
SIL / PL level
Does the
function fulfill the
risk reduction
requirement?
Documenting
the design,
residual risk,
user instructions
step 6
VERIFICATION
step 7
step 8
VALIDATION
DOCUMENTATION
23
Safety plan:
identifies all relevant activities,
describes the policy and strategy for fulfilling functional safety
requirements,
identifies responsibilities,
identifies or establishes procedures and resources for
documentation,
describes strategy for configuration management, and
includes plans for verification and validation.
Note:
Even though the activities listed above are not particularly
specified in EN ISO 13849-1:2008, similar activities are needed
to fully meet the requirements of the Machinery Directive.
When the safety plan (according to EN 62061) has been created,
risk assessment starts.
24
25
Risk assesment
1. Determine limits / intended use
of the machine
2. Identify Hazards
YES
To risk reduction
After the risk assessment has been carried out, there are two
options, depending on the outcome of the assessment:
Option 1
If the assessment reached the conclusion that risk reduction
was not needed, the machine has reached the adequate level
of safety required by the Machinery Directive.
Note:
In order for the machine to be approved and CE marking affixed, the remaining risks must be documented in the appropriate operation and maintenance manuals. There is always some
residual risk.
Option 2
If the assessment revealed that the risk remains unacceptable,
the process for risk reduction is started.
26
Risk reduction
Back to risk assessment
1.
Design
changes
YES
Risk reduction
by design changes
3 - STEP METHOD
NO
NO
2.
Safety
technology
(Functional
Safety)
YES
Risk reduction
by functional safety
?
NO
Adequate
reduction
(Y/N)?
NO
3.
Processes,
information
for use
YES
YES
Risk reduction
by processes & info
?
NO
NO
Figure 3-3 The 3-step method for risk reduction according to EN ISO 12100-1
27
Residual risk is the risk that remains when all protective measures
have been considered and implemented. Using technology, it is
not possible to achieve a state of zero risk, since some residual
risk always remains.
All residual risks must be documented in the operating
instructions.
The users part of risk reduction includes information given by
the designer (manufacturer). Risk reduction measures for the
machine user / organization are as follows:
Risk reduction measures typically taken by the organization:
28
29
Pr
Frequency, duration
Av
Avoidance
<= hour
Very high
Likely
Possible
Impossible
Rarely
Possible
> 1 yr
Negligible
Likely
5 + 3 + 3 = 11
SEVERITY of harm
A SIL2
safety
function
is required
SIL Class
Se
Class CI
Consequences (severity)
Death, losing and eye or arm
3-4
5-7
SIL2
SIL2
SIL3
OM
SIL1
SIL2
SIL3
OM
SIL1
SIL2
OM
SIL1
SIL3
30
F1
P2
S1
Slight
START
HERE
P1
F2
F1
S2
Severe
Rare to often
F2
Freq. to cont.
P2
P1
P2
P1
Possible
P2
Hardly possible
c
$3/G
VDIHW\IXQFWLRQ
LVUHTXLUHG
d
e
High risk
31
32
Subsystem 1
Subsystem 2
Actuator
(Safe Torque
Off, STO)
Subsystem 3
33
34
Actuator
(Safe Torque
Off, STO)
Subsystem 1
Subsystem 2
Subsystem 3
SIL CL = 2
PFHd = 2,4 x 10-7
SIL CL = 3
PFHd = 9,8 x 10-9
SIL CL = 3
PFHd = 2,0 x 10-10
SIL 1
SIL 2
10 -7 up to < 10-6
SIL 3
10 -8 up to < 10-7
35
MTTFd for
each channel
1 = Low
2 = Medium
3 = High
e
Cat. B
DCavgnone
Cat. 1
DCavgnone
Cat. 2
DCavglow
Cat. 2
DCavgmedium
Cat. 3
DCavglow
Cat. 3
Cat. 3
DCavgmedium DCavghigh
36
10 -5 up to < 10-4
3 x 10 -6 up to < 10-5
10 -8 up to < 10-7
Performance level PL
no correspondence
37
38
39
Glossary
CE marking
A mandatory conformity mark on machinery and many other
kinds of products placed on the single market in the European
Economic Area (EEA). By affixing CE marking to the product, the
manufacturer ensures that the product meets all of the essential
requirements of the relevant European Directive(s).
CCF, Common Cause Failure
A situation where several subsystems fail due to a single event. All
failures are caused by the event itself and are not consequences
of each other.
DC, Diagnostic Coverage
Diagnostic Coverage (DC) is the effectiveness of fault monitoring
of a system or subsystem. It is the ratio between the failure
rate of detected dangerous failures and the failure rate of total
dangerous failures.
EHSR, Essential Health and Safety Requirements
Requirements that machinery must meet in order to comply with
the European Union Machinery Directive and obtain CE marking.
These requirements are listed in the Machinery Directives Annex I.
EN
Stands for EuroNorm. This prefix is used with harmonized
standards.
Harm
Physical injury or damage to health.
Harmonized standard
A European standard that has been prepared under the mandate
of the European Commission or the EFTA Secretariat with the
purpose of supporting the essential requirements of a directive
and is effectively mandatory under the EU law.
Hazard
Potential source of harm.
IEC, International Electrotechnical Commission
A worldwide organization for standardization that consists of all
national electrotechnical committees.
www.iec.ch
40
Glossary
41
Index
A
Annex IV 11, 12, 39
P
PL, Performance Level 15, 17, 29,
30, 35, 37, 41
proving compliance 40
C
CE marking 7, 10, 23, 26, 39, 40
CEN 12, 16
CENELEC 12, 16
D
documenting safety system 38
E
EHSR 8, 9, 10, 18, 22, 32, 37, 38,
40
emergency stop 13, 21
emergency switching off 20
EN 61800-5-2 18
EN 62061 13, 14, 16, 24, 29, 32, 34
EN ISO 13849-1 13, 14, 16, 24, 30,
32, 35
F
functional safety 9, 23, 28
functional safety system 32, 33, 37
H
harmonized standards 8, 12, 16, 22,
26, 38
S
safe brake control (SBC) 21
safe direction (SDI) 20
safely-limited speed (SLS) 19
safe operating stop (SOS) 19
safe speed monitor (SSM) 20
safe stop 1 (SS1) 19
safe stop 2 (SS2) 19
safety functions 9, 10, 13, 14, 17,
18, 19, 27, 28, 32, 33, 37, 38, 41
safety performance 8, 10, 29, 34, 35
safety plan 23
SIL, Safety Integrity Level 15, 17, 29,
34, 37, 41
T
transition period 14
type-A standards 13
type-B standards 13
type-C standards 13
I
IEC, International Electrotechnical
Commission 15, 40
ISO, International Organization for
Standardization 15, 41
M
Machinery Directive 8, 9, 11, 12, 22,
24, 26, 32, 37, 38
Machinery Directive 2006/42/EC 11,
24, 38
Machinery Directive 98/37/EC 11, 39
42
R
residual risk 26, 27, 28, 38
risk analysis 10, 18, 24, 25
risk assessment 12, 16, 18, 24, 26,
27, 29, 37
risk reduction 9, 13, 16, 24, 25, 26
U
updating existing machinery 22
V
validating safety system 39
verifying safety system 35
43
Contact us