Presented by Christian Dirmeier and Gerald Kupel … · TÜV SÜD Christian Dirmeier • Senior...
Transcript of Presented by Christian Dirmeier and Gerald Kupel … · TÜV SÜD Christian Dirmeier • Senior...
TÜV SÜD TÜV SÜD
Functional Safety
Presented by Christian Dirmeier and
Gerald Kupel from TÜV SÜD
TÜV SÜD TÜV SÜD
TÜV SÜD in numbers: Growing from strength to strength
1 One-stop technical
solution provider
800 locations worldwide
employees worldwide 20,200
million Euro in sales
revenue 2013
1,900
150 years of experience
Note: Figures have been rounded off.
16.01.2015
TÜV SÜD
Technical expertise & broad industry knowledge
Audits system
certification in a
variety of fields
including quality,
safety, energy, IT
security, social
compliance and
environment.
Auditing &
system
certification
Product, system,
building, plant and
infrastructure
inspection.
Inspection
Safety, quality, risk,
environmental
protection and
regulatory advisory.
Knowledge
services
Chemical, physical,
mechanical,
electrical and
environmental
testing and product
certification.
Testing &
product
certification
Training in work
safety, technical
skills, management
systems and
executive programs.
Training
16.01.2015
TÜV SÜD
Global expertise. Local experience.
Global Headquarters:
Munich, Germany
INTERNATIONAL
Euro 750 mio
9,800 staff
GERMANY
Euro 1,190 mio
10,400 staff
Legend:
Countries with TÜV SÜD offices
Regional headquarters
Note: Figures have been rounded off.
16.01.2015
TÜV SÜD
Christian Dirmeier
• Senior Expert Functional
Safety at TÜV SÜD Rail
in Germany
• Since 2004 Functional
safety related Projects
• Simulation based RAMS
analysis and optimization
• Technical Certifier for
Industrial IT Security and
INDA and member of
IECEE Working Group 2B
Industrial Automation
Gerald Kupel
• Functional Safety
Consultant for TÜV SÜD
Product Service in the US
• Many years Experience as
a control systems engineer
• Experience in the
application of functional in
multiple applications,
Machinery , Process
Control, Themepark rides
Your Presenters
Slide 5
TÜV SÜD
• Assistance in meeting the requirements of machinery legislation
– CE marking for Machinery, Low Voltage & EMC Directives
• Comprehensive machinery risk hazard analysis
• Guidance on technical file construction and declaration of
conformity/incorporation
• Field Labelling and Special Inspections
• Semiconductor Manufacturing Machinery
• Safety related control system verification/validation
• Seminars and Training
US Machinery Division
Slide 6
TÜV SÜD
TÜV SÜD Rail
TÜV SÜD IS
TÜV SÜD PS
TÜV SÜD AT
• PLC
• Sensors, drives, valves
• Operating systems
• Tools
• ….
(IEC 61508, EN ISO 13849, IEC 62061)
Application
HOUSE, Machinery (EN
ISO13849, IEC 60335)
Drive-by-wire systems (ISO
26262)
Signalling, Rolling stock
(EN50128, EN 50129)
i.E Pipeline, turbine,
(IEC61511)
Safety-related generic
components
Products in FS
Scope of GSS
7
TÜV SÜD
Accreditations - Functional Safety
• Deutsche Akkreditierungsstelle Technik (DATech) e.V. , DAR DTI-P-G 001/91-02:
Competence according to DIN EN ISO/IEC 17020
• Die Zentralstelle der Länder für Sicherheitstechnik (ZLS): Accreditation as
Notified Body according to 2006/42/EC (Machinery Directive) EU NR. 0123 and DIN
EN ISO/IEC 17025
8
TÜV SÜD
TÜV SÜD Involved in Qualification and Research
TÜV SÜD is member of i.e.
• IEC 61508 committee
• IEC 61496 committee
• IEC 62061 maintainance group
• EN ISO 13849 maintainance group
• ISO 17305 committee
• IEC 61131 working group
• Several Network associations (i.e. PNO, Foundation Fieldbus, Safety
over EtherCat, Safety alliance)
9
TÜV SÜD
Certificate: Example
10
TÜV SÜD
Introduction to Functional Safety
11
..in order
to protect....
people
Safety has to be an
integrated part of
every automation
machines and
TÜV SÜD
Definitions
12
Free from unacceptable risks
Goal is to reduce risk to a acceptable
extent
Safety =
Risk = Combination of probability of occurrence of harm
and the severity of that harm
(see IEC 61508 Part 4 and 5, Annex A)
TÜV SÜD
Risk Reduction
Residual risk Acceptable risk
Increasing Risk
EUC Risk
Necessary Risk Reduction
Actual Risk Reduction
Partial Risk
covered by E/E/PE
safety related
systems
Partial risk covered by
other technology safety
related systems
Partial risk
covered by
external risk
reduction facilities
13
TÜV SÜD
Control of dangerous failures
during operation
robust design
The combination of probability of occurrence and severity of
hazardous events may not exceed the tolerable risk.
Avoidance of systematic
failures during design, production and
operation of the system
robust development
process
Aspects for Risk reduction
Requirements of reliability of safety related functions
necessary to sustain or fulfil the required safety
= Functional Safety
14
TÜV SÜD
Aim of Functional Safety
The avoidance of systematic failures as well as the control of
systematic and random failures in safety related functions reduces the
expected risk to a tolerable extent,
thereby the following will be prevented:
injury or death of people
catastrophic effects on the environment,
destruction or damage of production facilities and producer goods,
inclusive production deficit (optional)
15
TÜV SÜD
Legal situation
In case of an accident you will be asked:
Has the development and planning been performed
according to the state of the art? (not only with view to the company product liability, but with guilty causing of the developer
[e.g. Germany: §823 BGB-Schadensersatzpflicht])
Safety related functions
Legal requirements
for the facility operation
Requirements according to
product liability
(state of the art)
16
TÜV SÜD
Legal requirements for production
Laws and regulations have to be fulfilled to achieve and
sustain the admission for operation
Machinery directive 2006/42/EC Safety goal and elementary safety
requirements
Low Voltage
Directive
2006/95/EC for devices within specific voltage
ranges
EMC
Directive 2004/108/EC Electromagnetic compatibility
17
TÜV SÜD
Fulfilling the directive (I)
Technical realisation – Requirements and the technical realisation are given in standards and have to be fulfilled.
Presumption of conformity – If a product complies with the relevant harmonized standards it may be presumed that the directive is
fulfilled
– Harmonized standards are listed under the related directive.
(http://www.newapproach.org/Directives/DirectiveList.asp)
Deviation from standards – Other technical solutions are allowed if equivalent safety is achieved. (Problem to show the evidence of
compliance?)
18
TÜV SÜD
Requirements resulting from product liability
„...State of the art at the point of installation (=commissioning)..“
is relevant in case of assessment of product liability
IEC 61508
DIN EN 61508
Generic basic standard for functional safety of
electric/ electronic systems
IEC 62061
ISO 13849
Application specific standard of IEC 61508 for
manufacturing industry
19
TÜV SÜD
Definitions
Process of standardization:
IEC → EN → DIN EN
ISO → EN ISO → DIN EN ISO
More: http://www.dke.de/DKE_en/Abbreviations.htm
CEN = European Committee for Standardization, Brüssel CENELEC = European Committee for electrotechnical Standardization,
Brüssel IEC = International Electrotechnical Commission, Geneva ISO = Internationale Organisation for Standardization, Geneva EN = European Standard DIN = German Institute of Standardization
(Deutsches Institut für Normung e.V.), Berlin VDE = Verband der Elektrotechnik, Elektronik und
Informationstechnik e.V., Frankfurt am Main
20
TÜV SÜD
Fulfilling the directive (II)
Liability
In case of compliance with the standards it is assumed that the
manufacturer did not act grossly negligent.
Thereby the legal consequences in case of damage will be reduced
to a minimum.
21
TÜV SÜD
Overview of valid key standards
Harmonized under EU Machinery Directive:
EN ISO 12100
Basic concepts, general principles for design and risk assessment
EN 60204-1
Safety of machinery – electrical equipment of machines
Part 1: General requirements
EN ISO 13850
Safety of machinery - Emergency stop — Principles for design
EN ISO 13849-1/2 (EN 954-1)
Safety of machinery - Safety-related parts of control systems
EN 62061
Safety of machinery – Functional safety of safety-related electrical,
electronic and programmable electronic control systems
EN 61496-1
Safety of machinery- Electro-sensitive protective equipment –
Part 1: General requirements and tests“
http://www.newapproach.org/Directives/DirectiveList.asp
22
TÜV SÜD
Overview of valid key standards
Not harmonized under any EU Directive:
IEC 61508
Functional safety of electrical/electronic/programmable
electronic safety-related systems
IEC 61496-2, -3, -4
Electro-sensitive protective equipment - ...
23
TÜV SÜD
Hierarchical Structure of EN Standards
Basic design guidelines and basic
terminology for machinery
TYPE A Basic Safety Standards
TYPE B
B1 Standards General safety aspects
B2 Standards Reference to special
protective devices
Group Safety Standards
TYPE C
Specific safety features for individual machinery groups
Product standards
EN ISO 12100
EN ISO 13849
EN 954 (until 2011)
EN 62061
EN 692 Machine tools– Mechanical presses
EN ISO 13850 Emergency Stop
EN 61508
24
TÜV SÜD
Link between FS Standards
IEC 60601
Medical
ISO 26262
Automobile ISO 25119
Agriculture
ISO 13849
IEC 62061
Machinery
ISO 15998
Earth Moving M.
IEC 61511
Process Ind. IEC 60335
Household
Appliances
IEC 50156
Furnaces
IEC 61513
Nuclear
Power
EN 50129
Railway
DO-178B
Aviation
IEC 61508 Generic
25
TÜV SÜD
HW-Test
Saf
ety
Req
iuer
men
t Sp
ec. (
SR
S)
Einführung
Validation
Safety Case
Funktional Safety Concept
Hazard & Risk Analysis
Safety goals with SIL X
Technical Safety Concept
Hardware Spec.
Hardware Design
Process
HW/SW Interface SRS
Requirements for each function: SIL, operation mode/modi, process safety time,
safe state, measure&method
System-Analysis System-FMEA / FTA
Review Report
System Test System Test Specification,
System Test Reports
Hardware SRS
Hardware Analysis
FMEDA, ZBD, Markov, SFF, PFH/PFD
HW-Verification Test spec + report
Fault Insertion Tests
Software Spec.
SW Design
Software SRS
SW-Analysis Criticality Analysis
SW-Verification Test spec. + report
SW-Tests SW-Modul Tests
System architectur, interface, HFT, SFF goal, conditions of use, maintance,
error handling & diagnosis
FSM for all steps
Safety plan
Audit plan + reports
Hardware Integration SW Modul-Integration
System Design System Integration
Customer documents
Validation Specification, Validation Reports
V & V Plan
Software Development
Safety analysis
Development guidelines
Analysis guidelines
Checklist FSM IEC 61508
Checklist
Checklist
Checklist
Checklist SW Development
Checklist
Checklist
Hardware Development
Development guidelines
Checklist HW Development
Checklist
TÜV documents
Checklist Risk Analysis
Checklist Safety Requirement Spec. (SRS)
Checklist Safety Requirement Spec. (SRS)
Checklist Safety Case
Checklist Validation
Checklist System Tests
Checklist System Analysis
Checklist HW Verification Checklist HW Spec. Checklist Software Spec. Checklist SW Verification
Checklist HW Analysis Checklist HW Tests Checklist SW-Analysis Checklist SW Tests
Technical Report (Concept Report)
Certificate, Certificate Report Technical Report
Quotation
TÜV SÜD certification process
26
TÜV SÜD
Thank you for
listening For more information please contact: Christian Dirmeier: christian.dirmeier @tuev-sued.de Gerald Kupel: [email protected]
Slide 27