Post on 18-Jul-2016
description
Copyright © 2012 Rockwell Automation, Inc. All rights reserved. Rev 5058-CO900C
W09 - Safety Risk Assessments Determining Machine Safety Performance Levels and Safety Integrity Levels
Mike Duta & Derek Jones November 2012
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Functional Safety
2 2 2
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Functional Safety Standards
3 3 3
“Generic” Electrical Control Systems
IEC 61508
“Machinery” Electrical Control Systems
IEC 62061
“Process” Electrical Control Systems IEC 61511
“Machinery” Control Systems (All technologies)
ISO 13849-1
SIL
PL
ISO 26262 ASIL “Automotive” Road vehicles – Functional safety
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EU Legislation
4 4
National Regulations
European Regulations
European Directive
EN ISO 13849 (i.e. Standards)
NF EN ISO 13849 France DIN EN ISO 13849 Germany UNI EN ISO 13849 Italy ÖNORM EN ISO 13849 Austria
Machinery Directive "Aim: Harmonization"
"Each Country: Adoption"
CE - Information
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Directives vs. Standards
5
Directive = Law: Machine Directive 2006/42/EC. EMC Directive 2004/108/CE. (Electromagnetic Compatibility) Low Voltage Directive 2006/95/CE (Low Voltage Directive) ATEX Directive 94/9/EC (Classified Area – Explosives) Work Equipment Directive 89/655/EEC Framework Directive "worker protection" 89/391/EEC Essential Health and Safety Requirements Machine Directive - Annex 1
Standards (European Norms) = Technical Rules Standards contain compliance assumptions:
―EN ISO 12100– Risk Reduction and Risk Assessment methodology
―EN 62061, EN ISO 13849..... – Functional safety of control systems
CE - Information
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Common Essential Health and Safety Requirements
6
Machinery Directive
Directive on "the use of work equipment" UWED
89/655/CEE EHSR’s 2006/42/EC
EHSR’s – Essential Health and Safety Requirements CE - Information
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Machinery Directive - 2006/42/EC
7
Machinery Directive - 2006/42/EC For best info see: http://ec.europa.eu/enterprise/mechan_equipment/machinery/index.htm • Clear requirement for Risk Assessment at design stage • Full Quality Assurance Scheme for Annex IV machines • No Certificate of Adequacy option for Annex IV • Clarification and relevance updated • Covers partly completed machinery
Guide to Application of the Machinery Directive http://ec.europa.eu/enterprise/sectors/mechanical/files/machinery/guide_application_directive_2006-42-ec-1st_edit__12-2009_en.pdf
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Essential Health and Safety Requirements
8
In the Machinery Directive, Annex I – the general principles for conformance are communicated
A Risk Assessment must be carried out to determine the health and safety requirements which apply to the machinery. On Initial machines, the machine concept must be developed prior to the
initial risk assessment being performed – this would be an iterative process in the beginning stages of the project
The machinery must then be designed and constructed taking into account the results of the risk assessment
Steps Outlined for a Risk Assessment: • Determine the limits of the machinery –
(intended use and reasonably foreseeable misuse) • Identify the hazards • Estimate the Risks • Evaluate the risk with a view for determining if risk reduction is required • Eliminate the hazard or reduce the risks by the application of protective
measures
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Essential Health and Safety Requirements
9
Essential Health and Safety Requirements are comprised of 1 main section and 5 supplementary sections
• These sections outline requirements for the application and functional performance of the systems / machine / documentation
Essential Health and Safety Requirements - (Main Section) Supplementary Essential Health and Safety Requirements: • For certain categories of machinery • To offset hazards due to the mobility of machinery • To offset hazards due to lifting operations • For Machinery intended for underground work • For Machinery presenting particular hazards due to the lifting of
persons
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Essential Heath and Safety Requirements (EHSR’s)
10
EHSR’s cover topics such as these (not all inclusive – see Annex I) Definitions Principles of Safety Integration Materials utilized to construct machinery Lighting Ergonomics Control Systems (Safety and Reliability) – General and specific requirements Control Devices Starting & Stopping of the machinery Selection of Control Modes Failure mode considerations – component failure, machine breakup, etc. Risks related to a list of many aspects of the use of the machinery Guarding requirements Maintenance Information for use / Marking of machinery
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Essential Heath and Safety Requirements (EHSR’s)
11
To meet the EHSR’s – there are standards. (See List in the Official European Journal) – Part of resources EN Harmonized European Standards These standards are common to all EEA countries and are produced by the
European Standardization Organizations CEN and CENELEC. Their use is voluntary but designing and manufacturing equipment to them is the most direct way of demonstrating compliance with the EHSR’s.
There are 3 types of Standards: Type A. Standards: Cover aspects applicable to all types of machines. Type B. Standards: Subdivided into 2 groups.
Type B1 STANDARDS: Cover particular safety and ergonomic aspects of machinery.
Type B2 STANDARDS: Cover safety components and protective devices. Type C. Standards: Cover specific types or groups of machines.
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Standards - EN, ISO and IEC
12
Type A EN ISO 12100 Safety of machinery. Basic principles – Risk assessment and risk reduction
Type B EN ISO 13849-1 - Safety related parts of control systems EN ISO 13850 - Emergency stop function EN / IEC 62061 - Functional safety of electrical control systems EN / IEC 60204-1 - Safety of machinery. Electrical Equipment EN 574 / ISO 13851 – Two hand controls Type C EN ISO 2860 - Earth Moving Machinery EN ISO 8230 - Safety requirements for dry-cleaning machines
EXAMPLES
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Standards for Functional Safety
13
EN ISO 12100
EN 60204
EN 61508
EN ISO 13849-1&2 IEC 62061-1 ISO 23849
EN ISO 13849 IEC 62061
EN ISO 13849 IEC/EN 62061
Other safety type standards EN ISO 14122 - Safety of machinery. Means of access to machinery ISO 14120 EN 953 - Safety of machinery --Guards EN 614-2 - Safety of machinery. Ergonomic design etc.,.etc....
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Design and Risk Assessment of the Machine
14
EN ISO 12100: 2010 - Safety of machinery -- General principles for design -- Risk Assessment and Risk Reduction
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 13849 and EN/IEC 62061 - Design of Safety-related Control Systems for Machinery
15
Methodology using: • Safety related control functions • System-based approach Qualitative Index of Safety: Safety Integrity Level (PL or SIL) • PL/SIL assessment methodology • Architecture orientated • Quantitative indication of safety reliability • Requirements for avoidance control of systematic failures
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 12100 – Safety of machinery -General principles for design - Risk assessment and risk reduction
16
Basic terminology, methodology and Technical principles
Hazard types: Mechanical, electrical, thermal, noise, vibration, radiation, materials and substances, ergonomic, slips trips and falls, environment.
Risk reduction
Protective measures
Inherently safe design measures
Provisions for maintainability
Preventing electrical hazards
Minimizing the probability of failure of safety functions
Safeguarding and protective measures
Signals, signs and warning devices
Indexes to more specific B type standards
EN ISO 12100 provides the frame work for the design of the risk reduction elements:
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Risk Reduction – Safety System Design
17
Time to use our brains!
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 12100: Safety of Machinery – Risk Assessment and Risk Reduction
18
• General principles • Risk estimation • Checklists of hazard types, hazardous events and hazardous situations
Risk Severity of Harm
PROBABILITY OF OCCURRENCE
Exposure to the hazard
Occurrence of the hazardous event
Possibility of avoidance
IS A FUNCTION
OF AND
See ISO TR 14121-2 for worked examples of methodologies
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Fundamental Process
19
(3) Risk Evaluation
(1) Hazard Identification
(2) Risk Estimation
Risk Reduction
Risk Tolerable
Acceptable
Unacceptable
Define the Machine Characteristics and Limits (LOM)
Next Hazard
Risk Analysis
Risk Assessment
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
An Example The Starting Point – Risk Assessment
20
EN ISO 12100 Safety of machinery — General principles for design — Risk assessment and risk reduction ISO TR 14121-2: Safety of machinery — Risk assessment — Part 2: Practical guidance and examples of methods OSHA 29 CFR 1910 Subpart O - Machinery and Machine Guarding ANSI B11.0-2010 - Safety of Machinery; General Requirements and Risk Assessment CSA Z434-04 – Safeguarding of machinery ISO 10218-1&2: Safety requirements for industrial robots
Task Analysis
Hazard Identification
Risk Estimation
Risk Evaluation
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Risk Assessment and Risk Reduction
21
Hierarchy of measures for risk reduction • Inherently safe design measures
• Safeguarding and protective measures
• Information for use / training / PPE etc.
• Personal Protective Equipment
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Protective Measures and Safety Related Control Systems - EN ISO 13849-1
22
Protective measures hazards that will be addressed by a safety related control system
Requirements for access into robot enclosure • Cleaning • Teaching • Maintenance
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Protective Measures and Safety Related Control Systems - EN ISO 13849-1
23
Functional requirements specification
1. Automatic mode – Lock the guard door when closed unless power is OFF and motion is stopped.
2. Automatic Mode - Isolate power if guard door is not closed.
3. Teach Mode - Allow power for robot teaching only with safe limited speed conditions and with local control enabling device activated and guard door open
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 13849-1 Recommendations for its Practical Use
24
1 – Automatic mode - Lock the guard door when closed unless power is OFF and motion is stopped.
Robot axis power status
Robot axis motion status
Release of stored energy
Lock release request
Robot in home position
Guard unlock Command Status
ON NOT STOPPED NOT RELEASED OFF
ON NOT STOPPED RELEASED OFF
ON STOPPED NOT RELEASED OFF
ON STOPPED RELEASED OFF
OFF NOT STOPPED NOT RELEASED OFF
OFF NOT STOPPED RELEASED OFF
OFF STOPPED NOT RELEASED OFF
OFF STOPPED RELEASED ON
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 13849-1 Recommendations for its Practical Use
25
Guard Door Status
Guard Lock Status
Output Actuators Status
OPEN UNLOCKED OFF
OPEN LOCKED OFF
CLOSED UNLOCKED OFF
CLOSED LOCKED ON
2 - Automatic Operation Mode - Isolate power if guard door is __not closed and locked
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 13849-1 Recommendations for its Practical Use
26
Safe Speed Guard Door Status
Manual Local Control Priority Enabled
Output Actuators Status
NO CLOSED NO OFF
NO CLOSED YES OFF
NO OPEN NO OFF
NO OPEN YES OFF
YES CLOSED NO OFF
YES CLOSED YES OFF
YES OPEN NO OFF
YES OPEN YES ON
3 - Teach Mode - Allow power for robot teaching only with safe limited speed conditions and with local control enabling device activated and guard door open
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 13849-1 Recommendations for its Practical Use
27
Safe Speed Guard Door Status
Manual Local Control Priority Enabled
Output Actuators Status
NO CLOSED NO OFF
NO CLOSED YES OFF
NO OPEN NO OFF
NO OPEN YES OFF
YES CLOSED NO OFF
YES CLOSED YES OFF
YES OPEN NO OFF
YES OPEN YES ON
Teach Mode Safety Function: Allow power for robot teaching only with safe limited speed conditions and with local control enabling device activated and guard door
open
Safe Speed Sensing
Door Closed Sensing
Manual Local Control
Logic Solving
Output Actuation
Shaft Encoders
Guard Interlock Switch
3 Position Enabling Device
Safe Speed Control Unit
Contactors
Safety Related Electrical Control System: Safe Limited Speed
What is the required Performance Level (PL)?
Fully decompose the safety function
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 13849-1 Recommendations for its Practical Use
28
Safe Speed Guard Door Status
Manual Local Control Priority Enabled
Output Actuators Status
NO CLOSED NO OFF
NO CLOSED YES OFF
NO OPEN NO OFF
NO OPEN YES OFF
YES CLOSED NO OFF
YES CLOSED YES OFF
YES OPEN NO OFF
YES OPEN YES ON
Teach Mode Safety Function: Allow power for robot teaching only with safe limited speed conditions and with local control enabling device activated and
guard door open
Safe Speed Sensing
Door position Sensing
Manual Local Control
Logic Solving
Output Actuation
Shaft Encoders
Guard Interlock Switch
3 Position Enabling Device
Safe Speed Control Unit
Contactors
a - Safe Limited Speed
Decomposition of Teach mode safety function
c – Guard door closed sensing
b – Enabling function
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 13849-1 Recommendations for its Practical Use
29
Safe Speed Guard Door Status
Manual Local Control Priority Enabled
Output Actuators Status
NO CLOSED NO OFF
NO CLOSED YES OFF
NO OPEN NO OFF
NO OPEN YES OFF
YES CLOSED NO OFF
YES CLOSED YES OFF
YES OPEN NO OFF
YES OPEN YES ON
Teach Mode Safety Function 1: Safe Limited Speed.
Safe Speed Sensing
Logic Solving
Output Actuation
Shaft Encoders
Safe Speed Control Unit
Contactors
Safety Related Electrical Control System: Safe Limited Speed
What is the required Performance Level (PLr)?
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 13849-1 - PL allocation
30
PLr allocation for each safety function For example PLr for safe limited speed function = PL?
EN ISO 13849-1 risk graph
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 13849-1 Safety of Machinery – Safety Related Parts of Control Systems
31
Then we choose the most suitable combination of Structure (Category), Reliability (MTTFd) and Diagnostics (DC) To achieve that Performance Level (PL)
Shaft Encoders
Safe Speed Control Unit
Contactors
Safety Related Electrical Control System: Safe Limited Speed
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 13849-1 Safety of Machinery – Safety Related Parts of Control Systems
32
See annex K Shaft Encoders
Safe Speed Control Unit
Contactors
Safety Related Electrical Control System: Safe Limited Speed
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 13849-1 Recommendations for its Practical Use
33
Shaft Encoder 2
Safe Speed Control Unit 2
Contactor 2
Shaft Encoder 1
Safe Speed Control Unit 1
Contactor 2
Shaft Encoders
Safe Speed Control Unit
Contactors
Safety Related Electrical Control System: Safe Limited Speed
MTTFd of Channel 1
MTTFd of Channel 2
PFHd or MTTFd at Subsystem level Shaft Encoder 2
Safe Speed Control Unit Contactor 2
Shaft Encoder 1
Contactor 2
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 13849-1 Recommendations for its Practical Use
34
Derek Jones 09/09/2010
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
EN ISO 13849-1: SISTEMA Calculation Tool
35
SISTEMA (available in multiple languages)
• PL Calculation software for EN ISO 13849-1
• Free to use
• Data Libraries available
• Independent
• Maintained
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Where can you download SISTEMA and Data?
36
Rockwell Automation Safety Resource Center at: : http://discover.rockwellautomation.com/SA_EN_Functional_Safety.aspx
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
Overview of SISTEMA
37
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
IEC 62061 – Machinery safety related E/E/PE control systems
38
IEC EN 62061 risk chart
Safety Integrity Level SIL allocation for each safety function For example safe limited speed function = SIL?
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
IEC 62061 – Machinery safety related E/E/PE control systems
39
Shaft Encoders
Safe Speed Control Unit
Contactors
Safety Related Electrical Control System: Safe Limited Speed
SIL 3 required for the Safety Function: Teach mode – Safe limited speed
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
IEC 62061 – Machinery safety related E/E/PE control systems
40
SIL 3 required for the Safety Function: Teach mode – Safe limited speed
Shaft Encoders
Safe Speed Control Unit
Contactors
Safety Related Electrical Control System: Safe Limited Speed
Subsystem SIL CL = 3
PFHD = 4.3 x 10-8
Subsystem SIL CL = 3
PFHD = 1.50 x 10-9
Subsystem SIL CL = 3
PFHD = 3.38x 10-9
Total PFHD = 4.788 x 10-8
SIL achieved = 3
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
The real world - HRN From Risk assessment to PL
41
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
The real world - HRN From Risk assessment to PL
42
Risk Assessment of overall machine
HRN Hazard rating number
Risk Reduction of overall machine
By inherently safe design of
machine and its control system
Guards & protective devices
Information & PPE
Design of safety Function(s)
ISO 13849-1
Or IEC 62061
SISTEMA
Qualitative information
Hazard Identities
Map HRN to ISO13849 / IEC 62061
Risk Graph PLr / SIL Safety Integrity
Requirement
Safety Functional Requirement
Did I increase or reduce The original HRN?
Severity? Probability?
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
The real world - HRN From Risk assessment to PL
43
Risk Assessment of overall machine
HRN Hazard rating number
Risk Reduction of overall machine
By inherently safe design of
machine and its control system
Guards & protective devices
Information & PPE
Design of safety Function(s)
ISO 13849-1
Or IEC 62061
SISTEMA
Qualitative information
Hazard Identities
Map HRN to ISO13849 / IEC 62061
Risk Graph PLr / SIL Safety Integrity
Requirement
Safety Functional Requirement
Did I increase or reduce The original HRN?
Severity? Probability?
Copyright © 2012 Rockwell Automation, Inc. All rights reserved.
www.rockwellautomation.com
Follow ROKAutomation on Facebook & Twitter. Connect with us on LinkedIn.
Rev 5058-CO900C
Thank you for participating