TÜV SÜD TÜV SÜD

Functional Safety

Presented by Christian Dirmeier and

Gerald Kupel from TÜV SÜD

TÜV SÜD TÜV SÜD

TÜV SÜD in numbers: Growing from strength to strength

1 One-stop technical

solution provider

800 locations worldwide

employees worldwide 20,200

million Euro in sales

revenue 2013

1,900

150 years of experience

Note: Figures have been rounded off.

16.01.2015

TÜV SÜD

Technical expertise & broad industry knowledge

Audits system

certification in a

variety of fields

including quality,

safety, energy, IT

security, social

compliance and

environment.

Auditing &

system

certification

Product, system,

building, plant and

infrastructure

inspection.

Inspection

Safety, quality, risk,

environmental

protection and

regulatory advisory.

Knowledge

services

Chemical, physical,

mechanical,

electrical and

environmental

testing and product

certification.

Testing &

product

certification

Training in work

safety, technical

skills, management

systems and

executive programs.

Training

16.01.2015

TÜV SÜD

Global expertise. Local experience.

Global Headquarters:

Munich, Germany

INTERNATIONAL

Euro 750 mio

9,800 staff

GERMANY

Euro 1,190 mio

10,400 staff

Legend:

Countries with TÜV SÜD offices

Regional headquarters

Note: Figures have been rounded off.

16.01.2015

TÜV SÜD

Christian Dirmeier

• Senior Expert Functional

Safety at TÜV SÜD Rail

in Germany

• Since 2004 Functional

safety related Projects

• Simulation based RAMS

analysis and optimization

• Technical Certifier for

Industrial IT Security and

INDA and member of

IECEE Working Group 2B

Industrial Automation

Gerald Kupel

• Functional Safety

Consultant for TÜV SÜD

Product Service in the US

• Many years Experience as

a control systems engineer

• Experience in the

application of functional in

multiple applications,

Machinery , Process

Control, Themepark rides

Your Presenters

Slide 5

TÜV SÜD

• Assistance in meeting the requirements of machinery legislation

– CE marking for Machinery, Low Voltage & EMC Directives

• Comprehensive machinery risk hazard analysis

• Guidance on technical file construction and declaration of

conformity/incorporation

• Field Labelling and Special Inspections

• Semiconductor Manufacturing Machinery

• Safety related control system verification/validation

• Seminars and Training

US Machinery Division

Slide 6

TÜV SÜD

TÜV SÜD Rail

TÜV SÜD IS

TÜV SÜD PS

TÜV SÜD AT

• PLC

• Sensors, drives, valves

• Operating systems

• Tools

• ….

(IEC 61508, EN ISO 13849, IEC 62061)

Application

HOUSE, Machinery (EN

ISO13849, IEC 60335)

Drive-by-wire systems (ISO

26262)

Signalling, Rolling stock

(EN50128, EN 50129)

i.E Pipeline, turbine,

(IEC61511)

Safety-related generic

components

Products in FS

Scope of GSS

7

TÜV SÜD

Accreditations - Functional Safety

• Deutsche Akkreditierungsstelle Technik (DATech) e.V. , DAR DTI-P-G 001/91-02:

Competence according to DIN EN ISO/IEC 17020

• Die Zentralstelle der Länder für Sicherheitstechnik (ZLS): Accreditation as

Notified Body according to 2006/42/EC (Machinery Directive) EU NR. 0123 and DIN

EN ISO/IEC 17025

8

TÜV SÜD

TÜV SÜD Involved in Qualification and Research

TÜV SÜD is member of i.e.

• IEC 61508 committee

• IEC 61496 committee

• IEC 62061 maintainance group

• EN ISO 13849 maintainance group

• ISO 17305 committee

• IEC 61131 working group

• Several Network associations (i.e. PNO, Foundation Fieldbus, Safety

over EtherCat, Safety alliance)

9

TÜV SÜD

Certificate: Example

10

TÜV SÜD

Introduction to Functional Safety

11

..in order

to protect....

people

Safety has to be an

integrated part of

every automation

machines and

TÜV SÜD

Definitions

12

Free from unacceptable risks

Goal is to reduce risk to a acceptable

extent

Safety =

Risk = Combination of probability of occurrence of harm

and the severity of that harm

(see IEC 61508 Part 4 and 5, Annex A)

TÜV SÜD

Risk Reduction

Residual risk Acceptable risk

Increasing Risk

EUC Risk

Necessary Risk Reduction

Actual Risk Reduction

Partial Risk

covered by E/E/PE

safety related

systems

Partial risk covered by

other technology safety

related systems

Partial risk

covered by

external risk

reduction facilities

13

TÜV SÜD

Control of dangerous failures

during operation

robust design

The combination of probability of occurrence and severity of

hazardous events may not exceed the tolerable risk.

Avoidance of systematic

failures during design, production and

operation of the system

robust development

process

Aspects for Risk reduction

Requirements of reliability of safety related functions

necessary to sustain or fulfil the required safety

= Functional Safety

14

TÜV SÜD

Aim of Functional Safety

The avoidance of systematic failures as well as the control of

systematic and random failures in safety related functions reduces the

expected risk to a tolerable extent,

thereby the following will be prevented:

injury or death of people

catastrophic effects on the environment,

destruction or damage of production facilities and producer goods,

inclusive production deficit (optional)

15

TÜV SÜD

Legal situation

In case of an accident you will be asked:

Has the development and planning been performed

according to the state of the art? (not only with view to the company product liability, but with guilty causing of the developer

[e.g. Germany: §823 BGB-Schadensersatzpflicht])

Safety related functions

Legal requirements

for the facility operation

Requirements according to

product liability

(state of the art)

16

TÜV SÜD

Legal requirements for production

Laws and regulations have to be fulfilled to achieve and

sustain the admission for operation

Machinery directive 2006/42/EC Safety goal and elementary safety

requirements

Low Voltage

Directive

2006/95/EC for devices within specific voltage

ranges

EMC

Directive 2004/108/EC Electromagnetic compatibility

17

TÜV SÜD

Fulfilling the directive (I)

Technical realisation – Requirements and the technical realisation are given in standards and have to be fulfilled.

Presumption of conformity – If a product complies with the relevant harmonized standards it may be presumed that the directive is

fulfilled

– Harmonized standards are listed under the related directive.

(http://www.newapproach.org/Directives/DirectiveList.asp)

Deviation from standards – Other technical solutions are allowed if equivalent safety is achieved. (Problem to show the evidence of

compliance?)

18

TÜV SÜD

Requirements resulting from product liability

„...State of the art at the point of installation (=commissioning)..“

is relevant in case of assessment of product liability

IEC 61508

DIN EN 61508

Generic basic standard for functional safety of

electric/ electronic systems

IEC 62061

ISO 13849

Application specific standard of IEC 61508 for

manufacturing industry

19

TÜV SÜD

Definitions

Process of standardization:

IEC → EN → DIN EN

ISO → EN ISO → DIN EN ISO

More: http://www.dke.de/DKE_en/Abbreviations.htm

CEN = European Committee for Standardization, Brüssel CENELEC = European Committee for electrotechnical Standardization,

Brüssel IEC = International Electrotechnical Commission, Geneva ISO = Internationale Organisation for Standardization, Geneva EN = European Standard DIN = German Institute of Standardization

(Deutsches Institut für Normung e.V.), Berlin VDE = Verband der Elektrotechnik, Elektronik und

Informationstechnik e.V., Frankfurt am Main

20

TÜV SÜD

Fulfilling the directive (II)

Liability

In case of compliance with the standards it is assumed that the

manufacturer did not act grossly negligent.

Thereby the legal consequences in case of damage will be reduced

to a minimum.

21

TÜV SÜD

Overview of valid key standards

Harmonized under EU Machinery Directive:

EN ISO 12100

Basic concepts, general principles for design and risk assessment

EN 60204-1

Safety of machinery – electrical equipment of machines

Part 1: General requirements

EN ISO 13850

Safety of machinery - Emergency stop — Principles for design

EN ISO 13849-1/2 (EN 954-1)

Safety of machinery - Safety-related parts of control systems

EN 62061

Safety of machinery – Functional safety of safety-related electrical,

electronic and programmable electronic control systems

EN 61496-1

Safety of machinery- Electro-sensitive protective equipment –

Part 1: General requirements and tests“

http://www.newapproach.org/Directives/DirectiveList.asp

22

TÜV SÜD

Overview of valid key standards

Not harmonized under any EU Directive:

IEC 61508

Functional safety of electrical/electronic/programmable

electronic safety-related systems

IEC 61496-2, -3, -4

Electro-sensitive protective equipment - ...

23

TÜV SÜD

Hierarchical Structure of EN Standards

Basic design guidelines and basic

terminology for machinery

TYPE A Basic Safety Standards

TYPE B

B1 Standards General safety aspects

B2 Standards Reference to special

protective devices

Group Safety Standards

TYPE C

Specific safety features for individual machinery groups

Product standards

EN ISO 12100

EN ISO 13849

EN 954 (until 2011)

EN 62061

EN 692 Machine tools– Mechanical presses

EN ISO 13850 Emergency Stop

EN 61508

24

TÜV SÜD

Link between FS Standards

IEC 60601

Medical

ISO 26262

Automobile ISO 25119

Agriculture

ISO 13849

IEC 62061

Machinery

ISO 15998

Earth Moving M.

IEC 61511

Process Ind. IEC 60335

Household

Appliances

IEC 50156

Furnaces

IEC 61513

Nuclear

Power

EN 50129

Railway

DO-178B

Aviation

IEC 61508 Generic

25

TÜV SÜD

HW-Test

Saf

ety

Req

iuer

men

t Sp

ec. (

SR

S)

Einführung

Validation

Safety Case

Funktional Safety Concept

Hazard & Risk Analysis

Safety goals with SIL X

Technical Safety Concept

Hardware Spec.

Hardware Design

Process

HW/SW Interface SRS

Requirements for each function: SIL, operation mode/modi, process safety time,

safe state, measure&method

System-Analysis System-FMEA / FTA

Review Report

System Test System Test Specification,

System Test Reports

Hardware SRS

Hardware Analysis

FMEDA, ZBD, Markov, SFF, PFH/PFD

HW-Verification Test spec + report

Fault Insertion Tests

Software Spec.

SW Design

Software SRS

SW-Analysis Criticality Analysis

SW-Verification Test spec. + report

SW-Tests SW-Modul Tests

System architectur, interface, HFT, SFF goal, conditions of use, maintance,

error handling & diagnosis

FSM for all steps

Safety plan

Audit plan + reports

Hardware Integration SW Modul-Integration

System Design System Integration

Customer documents

Validation Specification, Validation Reports

V & V Plan

Software Development

Safety analysis

Development guidelines

Analysis guidelines

Checklist FSM IEC 61508

Checklist

Checklist

Checklist

Checklist SW Development

Checklist

Checklist

Hardware Development

Development guidelines

Checklist HW Development

Checklist

TÜV documents

Checklist Risk Analysis

Checklist Safety Requirement Spec. (SRS)

Checklist Safety Requirement Spec. (SRS)

Checklist Safety Case

Checklist Validation

Checklist System Tests

Checklist System Analysis

Checklist HW Verification Checklist HW Spec. Checklist Software Spec. Checklist SW Verification

Checklist HW Analysis Checklist HW Tests Checklist SW-Analysis Checklist SW Tests

Technical Report (Concept Report)

Certificate, Certificate Report Technical Report

Quotation

TÜV SÜD certification process

26

TÜV SÜD

Thank you for

listening For more information please contact: Christian Dirmeier: christian.dirmeier @tuev-sued.de Gerald Kupel: gkupel@tuvam.com

Slide 27