Safety of machinery / European machinery directive

© Siemens AG 2009. All Rights Reserved.

Safety of machinery / European machinery directive


Important note(apply to all parts of the event):

The event shall give the participants overview over the topic area safety of machines with the focus on "functional safety". The represented lawful and normative requirements and implementationstrategies are represented simplified, i.e. for the practical implementation a detailed analysis of the safety systems and procedures is absolutely necessary!

The examples are non-committal and do not lay any claim to completeness with regard to configuration and equipment as well as any eventualities. The examples do not represent any custom-designed solutions but shall offer only support at typical tasks. You are accountable for the proper mode of the described products yourself.These examples do not discharge you from the obligation to safe dealing for application, installation, business and maintenance. By use of these examples you appreciate that Siemens cannot be made liable for possible damages beyond the provisions regarding described above. We reserve us the right to carry out changes at these examples without announcement at any time. The contents of the other documentation have priority at deviations between the suggestions in these examples and other Siemens publications, such as catalogues.

© Siemens AG 2009. All Rights Reserved.Industry Sector/198 Safety of machinery / European machinery directive

Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment

The way to a safe machinery

Safety of Machinery

Agenda

Part 1: The way to a safe machineryRisk assessment / risk reduction / validation / placing on market

Part 2: Practical implementation IEC 62061 and ISO 13849-1Norm overview "functional safety" / core requirements / practical implementation at an application example

Shown is the principle procedure (simplified representation )

Part 3: SIL / PL-verification with the application exampleConsideration according to ISO 13849-1 and IEC6201


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery


Question:What has to be considered, when a machinery is placed to market in Europe?

Part 1: The way to a safe machinery

Risk assessment

Risk reduction

Validation

Placing on market


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery



Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Terms and definitions

MachineryMachine + system (linked machines)

Machine manufacturer Redesigns a machine or considerably modifies it Implements safety functions

Machine ownerPurchases and uses a machine.The machine owner becomes machine manufacturer when … … machines are linked to form a system … the machine is considerably modified

Machine operatorOperator + maintenance personal


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Motivation for a safe machine

… needless to say: Protection of people and the environment

… but also: economic efficiencyAdvantage of modern safety technologies and intelligent safety concepts: Protection measures do not turn into obstacles

Example: Protection zones of laser scanners, depending on operating modes Increase in productivity

Examples: Safely reduced speed instead of complete stop or energy off Selective emergency stop instead of global emergency stop


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery



Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment

Implementation Machinery Directive Europe


Safety of Machinery In Europe, machine manufacturers and machine owners are required by law to ensure the safety of people and the environment.

Machines “placed on the market” in Europe must be safe.

“Placed on the market” means: The machine is manufactured or considerably modified in Europe The machine is imported to and operating in Europe

European Directives for Machinery describe essential requirements for the machine manufacturer

Situation in Europe (… and in many other countries)


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment



Safety of Machinery

Machine manufacturers and users are responsible for the safety of machines and of the plant

* Until 2009/12/29

2006/95/EG


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment



Safety of Machinery

European Machinery Directive Correlations

Machinery

…Machinery Directive

98/37/EC

Further directives:

Low Voltage

Electromagnetic Compatibility

Harmonized standards:Describe specific requirements for the machine manufacturer.

European Directives for Machinery:Essential requirements

A machine is considered to be safe when the Machinery Directive requirements are meet

Presumption of conformity:When applied correctly, the corresponding directive is considered to be complied with

Certification by themachine manufacturer:“The machine meets the requirements of the Machinery Directive and of all other relevant directives”


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment



Safety of Machinery

European Machinery DirectiveOptions for meeting the requirements

Applying harmonized standardsThe machine manufacturer only has to prove that the requirementsof the harmonized standards have been met.In this case, the presumption of conformity applies!

… or …

Without applying harmonized standardsThe machine manufacturer must prove in detail that the MachineryDirective requirements have been met.Compared to the first option, this means increased overhead whenvalidating the machine.

Recommendation:Application of harmonized standards


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment



Safety of Machinery

Directive reference Subject of directive

European Directives and applying standards

Web: http://www.newapproach.org/

Infoabout

directive

Standardsactivities

Referencesharmonisedstandards

90/396/EEC Appliances burning gaseous fuels

00/9/EC Cableway installations designed to carry persons

89/106/EEC Construction products

89/336/EEC Electromagnetic compatibility

94/9/EC Equipment and protective systems in potentiallyexplosive atmospheres

93/15/EEC Explosives for civil uses

95/16/EC Lifts

73/23/EEC Low voltage equipment

98/37/EC Machinery safety

90/385/EEC Medical devices: Active implantable

93/42/EEC

Viewdirective

Directives & Standards


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment



Safety of Machinery

TYPEC standards

Specific safety features for individual machine families

Specialist standards

TYPEB standards

B1 standardsGeneral safety aspects

B2 standardsReference to special

protective devices

Groupsafety standards

Basic design principles and basic concepts

for machines

TYPEA standards

Basic safety standards

IEC 62061IEC 61811

IEC 61508

IEC 61800-5

EN 692

EN ISO 12100

Hierarchical organization of the EN standards

EN ISO 14121

EN 349IEC 61496-1

EN 294EN 418


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment



Safety of Machinery

Hierarchical organization of the EN standards

The B norms are also aimed primarily at the norm compositors for C norms. They also can, however, be helpful to the manufacturers for construction of a machine if there exist no C norms.

There is another subdivision at the B norms carried out: B1: for primary safety aspects (ergonomic principles, safe distances

against reaching from sources of danger and to the avoidance of squeezing parts of the body)

B2: intended for machines like: E- Stop, Two-hands-facilities, contactless safeguards, safety-related parts of controls)

Minimum distances to the

avoidance of crushes from parts

of the body EN 349

Safety relevant parts of controls

EN 954-1

Electrical equipment

of machines EN 60204-

1

Interlocking devices associated with guardsEN 1088

Two hand controlEN 574

E- stop system, design basic

principles ISO 13850

Light barriers,light curtainsEN 61496-1

Electro-sensitive protective equipment

EN 61496-1

Type B1 standardsGeneral primary safety aspects

Type B2 standardsSpecifications among others of safeguards

with a general characterEN 62061 & ISO 13849-1


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment



Safety of Machinery

USA:

UL, ANSI

Europe:

EN

Japan:

JISe.g. EN 954

World

e.g. IEC 61508, IEC 62061, IEC 61511

Europe:IEC 62061,

EN ISO 13849New

■ The valid instructions and standards are significant at the place of action of the machine and/or plant.

■ The European standards and instructions are accepted worldwide.

NormsInternational safety norms

IEC, ISO


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment



Safety of Machinery

Export to Countries outside Europe Overview

Situation in the different countries of the worldThere are different concepts for machine safety: Requirements and assessment of safety systems Responsibilities Legal consequencesThe laws and regulations of the country in which the machine is operated always apply.

Influence of Europe The European procedure is accepted worldwide The CE mark is accepted worldwide Numerous European standards for machine safety

turned into internationally applicable standards


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment



Safety of Machinery

Machine

Risk evaluation/-assessment

Acceptablerisk

Measurements to reduce

the risk

Danger

Danger

The process isprescribed by thelegislature and defined in norms

The European Machinery Directive prescribes:Manufacturer of machinery and plants have to perform a risk evaluation and assessment before the construction. Only machinery with acceptable risk are allowed to be placed on the market.

„Safe“ Machine

InducementThe European Machinery Directive


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment



Safety of Machinery

At the process, all countries consider the same basic principles, but the exact instructions for the implementation are defined in country- or/and region- specificstandards.

The valid guidelines and standards at the place of action of the machine and/or plant are significant.

The constructor of the plant and/or the machine is responsible for the adherence of the standards.

Changed machinery- or process- design

Further Measurements to reduce danger

Usage of Safety Engineering

Determination of the amount of damage, probability, avoidableness

Classification

Proven by: Certificate Acceptance test

NormsProcess Implementation

Risk- evaluation/-assessment

Acceptablerisk

Measurements to reduce

the risk

!

Inducement Process in overview


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment



Safety of Machinery

European Machinery DirectiveBasic implementation procedure

Steps to be performed by the machine manufacturer1 Risk assessment2 Risk reduction

Step 1: Safe designStep 2: Technical protective measuresStep 3: User information on residual risks

3 Validation of the machine4 Placing the machine on the market

Technical documentationEach step must be comprehensibly documented: Procedures and results Test strategy and test results Responsibilities, …


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery



Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

The 3 step method

Start

Risk reduction by selecting suitable protective measures

YES

NO Is the risk adequately reduced?

End

For each hazard:Estimation and assessment of the risk

Identifying the hazards on the machine

Defining the limits of the machine

The machine is safe

except for a reasonableresidual risk


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Relevant standards

EN ISO 12100 Safety of machinery –Basic concepts, general principles for design Describes possible hazards on a machine Describes strategies for risk reduction Objective: Design of a safe machine

whose residual risk is reasonable

EN ISO 14121 Safety of machinery –Principles for risk assessment Consideration of the risk


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery



Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

Step 3 Step 2 Step 1 3-Steps-Method2 Risk reduction

1 Risk assessment


Safety of Machinery

The 3-Step Method (according to EN ISO 12100)

YES

NO

Again: Risk assessment

For each hazard requiring risk reduction:

End

Start

YES

YES

NO

NO

Step 3: Risk reduction by user information on residual risks

Was the risk adequately reduced?



Step 1: Risk reduction by safe design

Step 2: Risk reduction by technical protective measures


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery

Step 1: Safe design

Safe design Integration of safety into the design of the machine Highest priority for risk assessment

Aspects for safe design (examples) Avoidance of pinch points Avoidance of electric shock Concepts for stopping in the event of hazards Concepts for operation and maintenance …


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery

Step 2: Technical protective measures

Technical protective measures A safety function must be defined for each hazard that

cannot be eliminated by design Safety functions can be performed by

safety systems

Example: Safety function - without safety systemAccess to the hazardous location is permanently prevented (fixed mechanical cover, …)

Example: Safety function - with safety system“When the protective cover is opened during normal operation, the motor must be switched off.”


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery Safety system Performs safety functions Consists of subsystemsSubsystems of a safety system Detecting (position switch, light curtain, …) Evaluating (fail-safe controller, safety switching device, …) Reacting (contactor, frequency converter, …)

Safety system

motor Protective cover


Subsystem 3:Reacting

Subsystem 1:Detecting

Subsystem 2:Evaluating

or


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery


Relevant standards for designing and realizing safety systems for machinery

EN 954-1 (valid until the end of 2009)

EN ISO 13849-1 (valid since 2006)

EN 62061 (identical to IEC 62061) (valid since 2005)

Properties of the standards:Harmonized norms (Europe )EN 62061 and EN ISO 13849 are accepted internationally


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery The standards grown in the past in different countries will be harmonized and reduced to a few European standards.

The often used standard EN954-1 will be replaced in October 2009.

The remaining relevant standards are:

IEC 61508: ■ Basic-standard for functional safety (e.g. for PLC) (product liability)

IEC 61511: ■ Application standard for process engineering

IEC 62061: ■ Application standard for mechanical engineering and also for electrical and electronic safety engineering.

ISO 13849-1: ■ Application standard for mechanical engineering and also for electronic and other technics (e.g. pneumatic, hydraulic).

■ Suppressor of EN 954-1.

IEC 61800-5-2: ■ Product specific standard for electrical drives with integrated safety functions.

IEC 62061 and ISO 13849-1 are often used for risk assessment of machines.

IEC 61508 and IEC 61800-5-2 are often used for risk assessment of safety devices(e.g. PLC).

Step 2: Technical protective measures The relevant standards


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery


Basic procedure for each safety function

a) Specifying the safety function

b) Determining the required safety level

c) Designing the safety function

d) Determining the achieved safety level

e) Realizing and testing the safety function

The steps will be explained in the following


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery

Step 2: Technical protective measures a) Specifying the safety function

Boundary conditions of the safety function Hazard to be prevented on the machine Affected persons on the machine Affected operating modes of the machine Mission time ...

Requirements for the functionality of the safety function Functional description of the safety function Required reaction time Reaction to faults Number of operations for electromechanical components …


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery

Step 2: Technical protective measures Required safety level

Significance of the required safety levelThe required safety level is a measure for the reliability of the safety function.

The required safety level depends on: Severity of the injury Frequency / exposure time Possibility of avoiding

The more severe the injury and the more probable its occurrence,the higher the required safety level.

EN 62061 and ISO 13849 show procedures for determining the required safety level.


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery ■ The risk dimensionresults from:

■ The exact calculation is standard-specific different.

■ Depending on the dimension of the risk, a certain safety level is postulated. The notations of the safety levels are:■ at EN 954-1: Category B, 1 - 4■ at ISO 13849-1: Performance Level a - e (PL)■ at IEC 62061: Safety Integrity Level 1 - 3 (SIL)■ at IEC 61511: Safety Integrity Level 1 - 4 (SIL)

■ Heaviness of injury

Wieschwer

■ Frequencyand/ orduration of stay

■ Possibilities of avoidance

• light• heavy

• often• rare

• Hardly possible

• possible

Step 2: Technical protective measures Achievable safety level


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery

Step 2: Technical protective measures b) Determining the required safety level

Specification according to EN ISO 13849: PLr a to PLr e

PLr b

PLr e

PLr a

PLr c

PLr d

Se1

Se2

Fr1

Fr1

Fr2

Fr2

P1P2P1P2P1P2P1P2

Se1Reversible injury

Se2Irreversible injury

SeSeverity of the injury

Fr1Seldom up to quite often / short

Fr2Frequent up to continuous / long

FrFrequency / exposure time

P1Possible

P2Scarcely possible

PPossibility of avoiding


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery


Specification according to EN 62061: SIL 1 to SIL 3

2More than 1 year32 weeks to 1 year41 day to 2 weeks51 h to 1 day5Less than 1 hour

FrFrequency / exposure time

1Negligible2Rarely3Possible4Likely5Frequently

PrProbability of occurrence

SIL 11SIL 2SIL 12SIL 3SIL 2SIL 13SIL 3SIL 3SIL 2SIL 2SIL 24

14 to 1511 to 138 to 105 to 73 to 4Class Cl = Fr + Pr + PSeverity of the

injury Se

++

1Likely3Possible5Impossible

PPossibility of avoiding

1Reversible: E.g., requiring first aid2Reversible: E.g., requiring medical attention3Irreversible: E.g., broken limb(s)4Irreversible: E.g., losing limb(s)

SeSeverity of the injury


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery


Requirements of the safety levels: Safety systemThe requirements concern: Engineering (depends strongly on the required safety level) Procedure

Requirements for engineering: (low high safety level) Hardware structure (one-channel two-channel) Fault detection capability (none comprehensive

diagnostics) Reliability of components (increasing)

Requirements for the procedure: Project management Test concept Technical documentation, …


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery

Step 2: Technical protective measures c) Designing the safety function

Objective of the designThe safety system performing the safety function must meet the requirements of the necessary safety level (SIL, PLr).ExampleSafety function: “When the protective cover is opened during normal operation, the motor must be switched off.”Required safety level: SIL 3 or PLr e

Safety system





orDesignfor SIL 3 or PLr e


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery

Safety system


Subsystem 1:Detacting


or


Design review Can the required safety level (SIL, PLr) be achieved?

Basic procedureAssessment of the individual subsystems Achieved safety level (SIL, PL) Probability of failure PFHD

Assessment of the safety system Achieved safety level (SIL, PL):

Normally, the lowest achieved safety level of a subsystem determines the achieved safety level of the safety system.

Probability of failure PFHD: Total of PFHD of the subsystems Achieved safety level of the safety system (SILCL, PL) =

required safety level of the safety function (SIL, PLr)?

Step 2: Technical protective measures d) Determining the achieved safety level


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery

Step 2: Technical protective measures d) Determining the achieved safety level

Assessment of the subsystemsSafety-relevant characteristics of a subsystem: Achieved safety level (SILCL, PL) Probability of failure PFHD

Finished subsystem: Characteristics and certificates from the

manufacturer

Designed subsystem: Characteristics have to be calculated EN 62061 and EN ISO 13849

show how



Subystem 2:Evaluating

or


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation


1 Risk assessment


Safety of Machinery

Step 3: User information

User information warns of residual risks

User information does not replace safe design technical protective measures

Examples: Warnings in the operating instructions Special work instructions Icons Personal protective equipment


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery



Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Validation of the machine

Objective of the validationDetermination of the conformity (accordance) with the requirements of the European Machinery Directive all other directives that apply to the machine

Implementation of the validationFor most machines:Machine manufacturer

Machines listed in Annex IV of the Machinery Directive:Machines with greater hazards (presses, …)The machine manufacturer has to call in an independent testing agency and/or a certification body (examples: TÜV, BGIA).


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery



Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Placing the Machine on the Market

PrerequisitesDetermination of conformity, within the scope of the validationTechnical documentation

Placing on the marketIssuing the declaration of conformity: “The machine complies with all relevant directives.”

Attaching the CE mark on the machine


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery


Question:What has to be considered, when designing safety related controlsystems of a machinery?

Part 2: Practical implementation IEC 62061 and ISO 13849-1

Overview "functional safety“

Core requirements

Practical implementation at an application example


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery



Support by Siemens

Application example

Functional safety Overview

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Functional safety

Safety require protection because of following hazards:

• Danger by malfunctions

• Dangerous radiation

• Heat and fire• Electric shock

“Functional safety” means protection against dangers, which caused by malfunctions.


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery Worldwide:Basic standard IEC 61508 (functional safety)(Safety Integrity Level SIL)

Europe:Harmonized standards EN 954-1 (Categories) ( valid till 29.12.2009)

EN ISO 13849 (Performance Level PL)

EN 62061(with identical SIL like IEC 61508)

IEC 61508 (SIL)

NuclearEN 61513

MachinesEN 62061

Functional Safety

ProcessEN 61511

Sector standard

IEC … IEC …

Basic standard

Previous regulations


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Influence of the IEC 61508 in the process andmanufacturing industry

IEC 61508

IEC 62061 ISO 13849

EN 954(until 2009)

IEC 61511

process-industry Manufacturing industry

EEP systemsFactor also not-EEP

systems (f.E. Hydr., Pneum)


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Environment

EN 954-1: 1996

EN ISO 13849-1: 2006IEC 62061: 2005identical toEN 62061: 2005

Time

Irrespective of the application:IEC 61508: 1998/2000Functional safety of safety-related electrical, electronic and programmable electronic control systems

EN ISO 13849-1: 2006Safety of machinesSafety-related parts of control systemsPart 1: General principles for design

EN 62061: 2005Safety of machinesFunctional safety of safety-related electrical, electronic and programmable electronic control systems

EN 954-1: 1996Safety of machinesSafety-related parts of control systemsPart 1: General principles for design

Influences

IEC 61508: 1998/2000


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery EN 954-1:1996•harmonized under EU Mach. Dir.•only structure orientated•no programmable electronics•still valid up to the end of 2009

ISO 13849-1:2006•quantitative and structure orientated•for control integrators andmanufactures•“intended architectures“ for electronics•also for hydraulics, pneumatics…

IEC 61508:1998/2000•recognized state-of-the-art•technology•for control and system manufacturers•quantitative and structure oriented

IEC 62061:2005•harmonized under EUMachine Directive•for controls integrators•quantitative and structureorientated•uses PES acc. to IEC 61508

in extractsElectromechanical devices

Further development of the basis standards


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Why new norms?

Points of criticism at the EN 954:

No direct connection between risk minimization andcategory, the complexity is unconsidered,

No detailed requirements for programmable systemsand complex electronic,

No sufficient requirements for the consideration of the values of the reliability

-> Does not represent the state of technology anymore


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

What is new about EN 62061 and EN ISO 13849?

Assessment of complete safety functions(Overall view: Detecting – evaluating – reacting)

Requirements for the probability of failure (PFHD)

Requirements for the procedure(project management, test concept, technical documentation, …)


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Validity

Relevant standards for “safety systems for machinery”

2006 2007 2008 2009 2010

Machinery Directive 98/37/EC 2006/42/EC

EN ISO 13849-1Transitional period: 3 yearsEN 954-1: 1996

EN 62061

Recommendation:

Immediate change from EN 954-1 to EN 62061 or EN ISO 13849

Predominantly electrical subsystems: EN 62061Predominantly hydraulic, pneumatic devices: EN ISO 13849


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Concept

Functional safety

Control of dangersfailure during the operation robust design

Avoiding of systematicfailure at the concept, production and

operation of the systems robust process

Safety-lifecyle requirement

Technical design requirements of safety-related functions

system architecture

failure probability

Requirements of planning processesand methods

Functional safety management

From risk analysis untildeinstallation of safety-engineeringsystems


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Summary

Functional safety

Control of dangersfailure during the operation robust design

Avoiding of systematicmistakes at the concept, production

and operation of the systems robust process


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Robust design – quantitative requirements

„NEW“: Quantitative measure for the safety-related efficiency (Safety Performance)

-a-≥ 10-5 to < 10-4

e

d

bc

PL

3

2

1

SIL

>1000 years

>100 years

>10 years

one dangerousfailure every X years

≥ 10-8 to < 10-7

≥ 10-7 to < 10-6

≥ 10-6 to < 10-5

PFH


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Robust design – quantitative requirements

Requirements of the safety levels: Probability of failureEN 62061 and EN ISO 13849 describe requirements for the maximum permissible probability of dangerous failure for a safety function: Probability of dangerous failure per hour PFHD

The higher the safety level, lower the required PFHD

PFHD decreases10-8

10-7

10-6

10-5

10-4

3*10-6

SIL 3 PLr e

SIL 1

SIL 2 PLr dPLr c

PLr a

PLr b Not more than 1 dangerous failure of the safety function in 10 yearsNot more than 1 dangerous failure of the safety function in 100 yearsNot more than 1 dangerous failure of the safety function in 1000 years


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Robust design - qualitative requirements

IEC 62061:The structure (architecture) of the subsystems must be suitable for the demanded SIL (IEC 62061 / table 5.)Example:- to achieve SIL 2

with a single channel architecture (HFT = 0),the rate of the safe failures must be (SFF) > 90%

ISO 13849-1:The regulation of the PL bases on the categories from the EN 954-1 (scheduled architectures )


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Successor of the EN 954-1 with quantitative methods for evaluation

EN ISO 13849-1 (Successor of the EN 954-1 )(Safety of machinery - safety parts of control systems Part 1: General principles for design) state: Version 2006 comment:

Treats electric and more electronically systems also hydraulics and pneumatics

PLPerformance Level

Stru

ctur

e

Cat

Rel

iabi

lity

MTTFD

Dia

gnos

is

DC

Res

ista

nce

CCF

Pro

cess

Verifying


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Sector norm under IEC 61508 with quantitative methods for the evaluation of functional safety

IEC / EN 62061Functional safety of safety related-electrical, electronic and programmable electronic control systems

state: Version 01/2005, harmonized under the EC machine guideline 12/2005 comment:

Treats the integration of safety relevant systems of electrical and electronic machines.

SILSafety Integrity Level

Stru

ctur

eHFT

Rel

iabi

lity

PFHD

Dia

gnos

is

DC/SFF

Res

ista

nce

CCF

Pro

cess

Verifying


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Summary

Functional safety

Control of dangerousfailure during the operation robust design

Avoiding of systematic mistakes at the concept, production

and operation of the systems robust process


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Systematic safety integrity

Besides the "safety integrity of the hardware" the IEC 62061 also looks at the "systematic safety integrity" ,this consists: Avoidance of systematic faults Control of systematic faults

Examples of systematic faults: Fault in the specification of the SRCF

Fault at design of the hardware or the applications software Short-circuit, wire break No regulation regarding responsibilities

Organizational and technical measures have to be taken to avoid and master systematic faults.


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Avoiding of systematically faults (management)

Implementation of the demand "Avoiding of systematic failures atconcept, production and operation of the system"? Through the FSM (Functional Safety Management)


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Plan of the functional safety

Process for safety relevant projects should be created first (activities, rolls, documents, milestones etc.) !

Topic of the "process and quality management"


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Recommendation: Project independent implementation of the management of the functional safety

Analysis of the installed QM-processes (Gap Analysis)

QM(ISO 9001)

FSM (IEC 62061)Quality securing processes

Functional Safety Management

Common requirements

Identification of thecoincidences

e.g. personnel training, internal audits, document

steering, maintenance, fault analysis etc.

Identification of thecoincidences

e.g. personnel training, internal audits, document

steering, maintenance, fault analysis etc.

Integration of the "Add Ons" into the QM-

system and description in a "Safety plan"

Integration of the "Add Ons" into the QM-

system and description in a "Safety plan"


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Plan of the functional safety

In cooperation with the quality management should be cleared at least on the project level following points and be documented in the plan of the functional safety : Who has which responsibility in the project? Which minimum qualification of the employees is required for

which tasks? Which documents have to be available to assign the delivering

release? Which verification and validation activities have to be carried out

in front of delivering release? How is the configuration management defined? How are modifications converted and checked? Who cares about the product care? ….


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Software safety life cycle (V-model)

SafetySW specification

System design

Module design

Coding

Module test

Integration test

Validation

Verification

Validation

Result

Specification of the safety functions

software validated


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Avoiding systematic faults (technology)

Technical measures for the avoidance of systematic faults: The SRECS shall be designed and implemented in accordance

with the functional safety plan Correct choice, combination, orders, assembly and installation of

components Use of the components within manufacturer specification Use of subsystems that have compatible operating characteristics

(business boundary conditions must be known) Acceptance according to manufacturer regulation Consider foreseeable misuse, environmental changes or

modification Over-engineering of the components


Support by Siemens

Application example


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Controlling of systematic faults

Technical measures for controlling of systematic faults : Supervision during the operation (e.g. supervision of the

environmental temperature, voltage variation, electromagnetic interference…) Tests by comparison at redundant hardware At loss of the electrical supply no dangerous condition may

appear at the machine Use of de-energization: the system shall be designed so that with

loss of its electrical supply a safe state of the machine is achieved or maintained; …


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery



Support by Siemens

SIL verification PL verificationApplication example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Example - cutting and stamping machine

Cutting -machine

Stamping-machine


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

The 3-Step-Method (EN ISO 12100)

YES

NO

Renewed: Risk evaluation

For any endangering which requires a risk reduction:

End

start

YES

YES

NO

NO

Step 3: Risk reduction by user information about remaining risks

Was the risk reduced adequately?



Step 1: Risk reduction by a safe construction

Step 2: Risk reduction by technical protective measures


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Example of endangering (extract) to ISO 14121-1

Root

cutting parts

possible consequences

-cut

-cutting off

Root

moving parts


-crushing

-hit

-cropping

Root

gravitation

stability


-crushing

-trapping

Root

droping parts


-crushing

-hit

Root

moving parts (3 examples)


-feeding

-abraison

-hitRoot

approach one of part moving towards a rigid partpossible consequences

-crushing

-hit

endangering endangering

Chart A.2


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Risk analysis and risk assessment

Endangering

place

Endangering

place

Examples of mechanically endangering

Endangering

place

Endangering

place


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Endangering

place

Endangering

place

Define suitable safety functions and additional protection measures

Gatemonitoring

Door monitoring

Additional:

Emergency stop

function

Examples of not constructively avoidable

risks


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Principle procedure


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Step 2: Technical protective measuresb) Determination of the required safety level

Meaning of the required safety level:The required safety level is a measure for the reliability of the safety function.

The required safety level is dependent of: Severity of the injury Frequency / length of stay Possibility for the avoidance

The heavier the possible injury, and the more probable the occurrence, the higher is the required safety level.

EN 62061 and ISO 13849 show Methods, how the required safety level can identified


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery


Requirements of the safety levels: Safety systemEN 62061 and EN ISO 13849 describe requirements for the reliability of safety systems:

All phases of the lifetime of a machine are considered: From planning to shutdown

Increasing requirements for the reliability of safety systems

SIL 3 PLr e

SIL 1

SIL 2 PLr dPLr c

PLr a

PLr b


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

SIL assignment IEC 62061, annex AEndangering place - cutting machineMode cleaning/maintenance

Document Nr.:Part of:

Pre risk assessmentIntermediate risk assessmentFollow up risk assessment

Severity

Se Fr PrDeath, losing an eye or arm 4 <= 1 h Very high 5Permanent, losing fingers 3 > 1 h to ? 1 day likely 4Reversible, medical attention 2 > 1 day to ? 2 weeks possible 3 5Reversible, first aid 1 > 2 weeks to ? 1 year rarely 2 3

> 1 year negligible 1 1

Ser. Hzd HazardNr. Nr.

Comments

Avoidance

Product:Issued by:Date:

Effects ClassCl

Frequency andduration

5-7 8-10 11-13

Probability of hazardousevent

Av

5

SafeSafety measure

SIL 2 SIL 2 SIL 2 SIL 3 SIL 3 5

32

OM SIL 1 SIL 2 SIL 3

OM SIL 1OM SIL 1 SIL 2 impossible4

possiblelikely

Se Fr Pr Av Cl

Risk assessment and safety measures

14-153-4

Danger of cutting Sliding door supervision1 3 5 4 3 12 SIL2+ + + =

Frequency: >1 hour to 1 dayProbability: likely leads toFr 5 and Pr 4

Avoidance: possible, leads toAv 3

Severity: permanent (loosing fingers)leads toSe 3


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

SIL assignment IEC 62061, annex AEndangering place - cutting machine / stamping machineMode cleaning/maintenance

Document Nr.:Part of:

Pre risk assessmentIntermediate risk assessmentFollow up risk assessment

Severity

Se Fr PrDeath, losing an eye or arm 4 <= 1 h Very high 5Permanent, losing fingers 3 > 1 h to ? 1 day likely 4Reversible, medical attention 2 > 1 day to ? 2 weeks possible 3 5Reversible, first aid 1 > 2 weeks to ? 1 year rarely 2 3

> 1 year negligible 1 1

Ser. Hzd HazardNr. Nr.

Comments

Avoidance

Product:Issued by:Date:

Effects ClassCl

Frequency andduration

5-7 8-10 11-13

Probability of hazardousevent

Av

5

SafeSafety measure

SIL 2 SIL 2 SIL 2 SIL 3 SIL 3 5

32

OM SIL 1 SIL 2 SIL 3

OM SIL 1OM SIL 1 SIL 2 impossible4

possiblelikely

Se Fr Pr Av Cl

Risk assessment and safety measures

14-153-4

1 Danger of cutting 3 5 4 3 12 Sliding Door supervision SIL2

2 Danger of squeeze 3 4 4 3 11 Door supervision SIL2


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Risk ParameterS = Severity of injury

S1 = Slight (normally reversible) injury.S2 = Severe (normally irreversible) injury including death.

F = Frequency and/or exposure time to the hazard F1 = Seldom up to often and/or the exposure time is short.F2 = Frequent up to continuous and/or the exposure time is long.

P = Possibility of avoiding the hazard or limiting the harm P1 = Possible under specific conditions.P2 = Scarcely possible.

a,b,c,d,e = Estimates of safety-related Performance Level

a

b

c

d

e

RequiredPerformance

Level (PL)

Low Risk

High Risk

Starting point forrisk reductionestimation

F1

F2

S2

S1

F1

F2

P1

P2

P1

P2

P1

P2

P1

P2

Risk = function of: Measure ofdamages (S)

Frequencyand duration (F)

Possibility ofavoidence (P)

Risk graph in the EN ISO 13849-1Endangering place - cutting machineMode cleaning/maintenance


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Risk graph in the EN ISO 13849-1Endangering place - stamping machineMode cleaning/maintenance

Assessment according EN ISO 13849: PLr a bis PLr e

PLr b

PLr e

PLr a

PLr c

PLr d

S1

S2

F1

F1

F2

F2

P1P2P1P2P1P2P1P2

S1Reversible injury

S2Irreversible injury

SSeverity of injury

F1Seldom / shortlyF2Frequent

FFrequency / Exposure

P1Possible

P2Rarely

PAvoidance


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Supplementary protective measure "emergency hold"

The MRL 2006/42/ EC demands:

Which drives have to be stopped/with which SIL/PL?Answer by endangering and risk evaluationFixed for the application example: Two drives (the most unfavorable case.) SIL 2 / PLd (konservative)

Note: Measures to disengage are described as "supplementary protective measures"


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Distinction E-stop need E -hold EN 60204


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Shutdown (for emergency) acc. EN 60204-1

c

no Torque

full Torque

Controlled shutdown

Controlled shutdown

ActivationStop-orderl

coast-down

n

n

t

Stop-category 0

n

n

t

Stop-category 1

n

n

t

Stop-category 2

shutdown of an bounddrive

Application example:shutdown of an extruder

Application example :shutdown of an bound drive

Application example :Hoist(no sag down of the charge)


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Safe shutdown according to IEC 61800-5-2:STO, SS1, SS2

n

n

t

ActivationSafe Shutdown

n

n

t

n

n

t

Defined braking ramp

Defined braking ramp

Safe Operating Stop

Safe Torque Offt

t

Safe Torque Off

Safe Stop 1

Safe Stop 2

Galvanic isolation

from the net is not

required!

Safe Torque Off

full Torque

Stop-categorie 0

Stop-categorie 1

Stop-categorie 2


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Principle procedure


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Specification of the safety function

Boundary conditions of machine for the safety function Endangering at the machine which shall be prevented Concerned operating modes of the machine when active Reaction time Production cycle time Mission time ...

Functionality of the safety function Functional description of the safety function Required safety performance Reset function Priority if different safety functions can be active Reaction to faults Frequent of operation …


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Principle procedure


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Structuring elements of the system architecture

A "safety function" is executed by a "system".

A "system" is combined of "subsystems".

A "subsystem" consists of "subsystem elements"

systemsubsystemssubsystem elements

DetectEvaluate React


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Concept of the safety function

Aim of the conceptThe safety system which executes the safety function must fulfill the requirements of the required safety level (SIL, PLr).ExampleSafety function : „If the protective hood is opened in the normal mode, then the engine must be turned off.“Demanded safety level: SIL 2 or PLr d

safety system

motor protective hood

Subsystem 3:react

Subsystem 1: Detecting

Subsystem 2:evaluation

orconcept for SIL CL 2 or PLr d


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Safety systemThe principle of security systems

A safety system always consists of components to:Detecting Reacting

SIRIUS contactors SIRIUS motor starters SIRIUS compact starter SINAMICS G120/G120D SINAMICS S120

SIRIUS position switches SIRIUS signal columns SIRIUS EMERGENCY STOP

buttons SIRIUS zero-speed relays SIMATIC FS light curtain SIMATIC FS laser scanner ASIsafe safe modules

Evaluating

SIRIUS safety switching devices

SIRIUS modular safety system

ASIsafe safety monitor SIMATIC

fail-safe controllers SIMATIC ET 200S, ET 200pro SIMATIC

Mobile Panel 277F IWLAN


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Safety functions and supplementary protective measures

Safety functions after risk analysis:Cutting machine: Door monitoring with

immediately stop

Stamping- machine Door monitoring with

immediately stop

Supplementary protective measures: Emergency Stop - central Emergency Stop - local at cutting machine

IM 151-8FPN/DP CPU

6ES7 151-8FB00-0AB0

PM-EDC24V..48VAC24..230V

6ES7 138-4CB11-0AB0

P15S23-A0

6ES7 193-

4CD20-0AA0

4 F-DI/3 F-DO DC24V/2APROFIsafe

6ES7 138-4FC01-0AB0

62

3 7

4011

511

6211

9 31

51

84E30S44-01

6ES7 193-

4CG20-0AA0

8DIDC24V

6ES7 131-4BF00-0AA0

E15S24-01

6ES7 193-

4CB20-0AA0

8DODC24V/0.5A

6ES7 132-4BF00-0AA0

E15S24-01

6ES7 193-

4CB20-0AA0

Cutting-machine

Stamping-

machine


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Safety functions“Door supervision” Cutting machine“Door supervision” Stamping- machine

Detecting evaluation react



Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Supplementary protective measuresEmergency hold (local & central)Stamping- machine and Cutting machine




Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Safety related control systems

1.1 2 3.1

1.2 2 3.1

2 3.21.3

1.4 2

3.2

3.1


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Safety related control system

2

3.1

3.2

1.1

1.2

System, SSubsystem, TSSubsystem element TSE

1.3

1.4


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Principle procedure

Part 3: SIL/PL-Verification


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Safety of Machinery / European Machinery Directive

Question:How can the safety-related reliability of the system be determined?

Part 3: Verification

Assessment according to ISO 13849 (PLr)

Assessment according to IEC 62061 (SIL)


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Thank you for your attention!

IEC 62061ISO 13849-1


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

index 7 —Simplified procedure to evaluate the PL achieved by SPR/CS

none none low medium low medium high

a

b

not covered

not covered

not covered

low

medium

high

MTTFd of each channel

The identification of performance levels (PL) according to ISO 13849

The identification of the performance levels from category, DC and MTTFdWithin the two norms different methodology is used for the assessment of a safety function, but the results can be convicted into each other.

Simplified method to the assessment of the PL reached by a SPR/CS:

3 years

10 years

30 years

not covered

not covered

Category


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

PL according to EN ISO 13849-1

PLPerformance Level

Stru

ctur

e

Cat

Rel

iabi

lity

MTTFDD

iagn

osis

DC

Res

ista

nce

CCF

Pro

cess

verifying


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Categories


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery


PLPerformance Level

Stru

ctur

eCat-gory

Rel

iabi

lity

MTTFD

Dia

gnos

is

DC

Res

ista

nce

CCF

Pro

cess

verifying


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

MTTFd

MTTFd: Average of operating time without dangerous failure for each channel of the control

MTTFd is a static average andnot a rated economic life-time

30 Jahre ≤ MTTFd ≤ 100 Jahrehoch

10 Jahre ≤ MTTFd < 30 Jahremittel

3 Jahre ≤ MTTFd < 10 Jahreniedrig

Wertebereich MTTFdBezeichnungDenotation Range of values MTTFd

lowmedium

high

3 years ≤ MTTFd < 10 years10 years ≤ MTTFd < 30 years

30 years ≤ MTTFd < 100 years


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Definition of MTTF and MTBF

MTTF: Mean time to failure: Mean time before a fault occurs

ISO 13849, MTTF = MTBF + MTTRMean Time Between Failure, Mean Time To RepairMTBF>>MTTR, MTTR can be ignored

MTBF values for SIMATIC components are available in the Internet

SFF: Safe Failure FractionFault detection rate in %(Σ λS + Σ λDD) / (Σ λS + Σ λD)S: Safe, D: Dangerous, DD Dangerous DetectedCorresponds indirectly to the DC value


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

MTTFd

Hierarchical procedure for the determination of the MTTFd:

1. Use of the manufacturer's indications

2. Application of the methods in the appendix C and D

3. Chose 10 years


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

MTTFd (After annex C)

If the requirements from C.2 are fulfilled, the MTTFd or B10d

value can be intended for a component after table C.1


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

MTTFd (After annex C)

Calculation of the MTTFd for components from B10dB10d value: 10% of all equipment have failed dangerously

nop: Number of activity cycles per yearshop: Operation hours per day [h/d]dop: Operation days per years [d/y]tcycle: Mean time between two activity cycles

[s/cycle]

Operating timeT10d


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Siemens norm SN 31920

Table referring to the ISO 13849-2 (annex D) (EN 954-2) the ISO/FDIS 13849-1:2005 (annex C) the EN 62061 (annex D, Failure type of electrical/electronic components)


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Analysis of the sensor circle 1.1 position switch

nop = ( (365days x 24h x 3600 ) / 28800 = 1095

MTTFd = ( 1.000.000operating cycle / 0,2dangerous failures ) / 0,1 x 1095 nop = 45662 years

The MTTFd of every channel of the position switch is therefore "high" (> 30 years)

B10 = 1.000.000 with part of dangerous failures 20% B10d = B10/ 0,2dangerous failures

It will be worked 365 days per year and 24 hours per dayTcycle = every 8 hours 28800 sec.

hop, The average of operation hours per day [h/d]

dop, The average of operation days per year [d/y]

tcyle, The mean time between two operation cycles [s{cycle]


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery


PLPerformance Level

Stru

ctur

e

Cate-gory

Rel

iabi

lity

MTTFD

Dia

gnos

is

DC

Res

ista

nce

CCF

Pro

cess

verifying


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Diagnostic Coverage (DC)

The diagnostic coverage (DC) is the ratio of the failure rate of the recognized dangerous failures to failure rates of all dangerous failures

DC < 60%no

99% ≤ DC ≤ 100%high

90% ≤ DC < 99%medium

60% ≤ DC < 90%low

Range of DCDenotation

DD

DD DUDC

DD

DU

S


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

The specification diagnostic coverage DC (EN ISO 13849-1:2006)4.5.3 Diagnostic coverage (DC) page 18The value of the DC is given in four levels (see Table 6).For the estimation of DC, in most cases, failure mode and effects analysis (FMEA, see IEC 60812) or similarmethods can be used. In this case, all relevant faults and/or failure modes should be considered and the PL of the combination of the SRP/CS which carry out the safety function should be checked against the required performance level (PLr). For a simplified approach to estimating DC, see Annex E.

table 6 — diagnostic coverage (DC)


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Diagnostic coverage (DC) for function and modules annex E informative (EN ISO 13849-1:2006)


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery


PLPerformance Level

Stru

ctur

e

Cate-gory

Rel

iabi

lity

MTTFD

Dia

gnos

is

DC

Res

ista

nce

CCF

Pro

cess

verifying


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Common cause failure (CCF)

Annex F: Estimate of the failures due to CCF This quantitative process should be used for the complete system.

Every part of the safety-related parts of the control should be taken into account especially 2 channel architectures Cat. 2-4

The table F.1 list measures and contains associated values,based on an engineer-like judgement, which represent the contribution each measure makes in the reduction of common cause failures.


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Method to estimate common cause failure (CCF)annex F.1 informative (EN ISO 13849-1:2006)

(Max accessible 100%)

e. g. by use of:EN 60204IEC 61664

FMEA Analysis

total points65% or better

less than 65%

measures to avoid CCFRequierments achievedProcess failed ->Choose of additional measures

1.summ up the points

2.Requiermentsachieved?

X

X

X

XX

X


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Look at lecture no. 2 / robust processes

PL nach EN ISO 13849-1

PLPerformance Level

Stru

ctur

e

Cate-gory

Rel

iabi

lity

MTTFD

Dia

gnos

is

DC

Res

ista

nce

CCF

Pro

cess

verifying


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

PFH and corresponding PL or MTTFd with DCannex K informative (EN ISO 13849-1:2006)

The calculated MTTFd can be transferred to an adequate PFH value

low

medium

high


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

PL verification of the individual safety functions

1.1 2 3.1

1.2 2 3.1

2 3.21.3

1.4 2

3.2

3.1


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Emergency hold Door supervision with

magnetic switch

Door supervision

Position switch with a separate actuator

Door supervision

Recommended solution

Connection according to Cat. 3 to EN 954-1, PL d according to EN ISO 13849-1 and SIL 2 according to EN 62061

*

Emergency hold control units are manufactured according to EN ISO 13850 and can despite mechanical one-channel design in safety technical applications used for Cat. 3, PLd and SIL 2 There are no . There are no structural restriction at the emergency-hold / emergency-stop.

oror

ASIsafesafety monitor

3TK28F-CPU

or

MSS

* The break of the actuator must be impossibly to fulfill PL d, SIL 2and category 3. For Measures see DIN VDE 0113. This fault exclusion is possible only at position switches with a separate actuator.


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

index 7 —Simplified operation to rating by a SPR/CS achieved PLSafety-

none none low medium low medium high

a

b

not masked

not masked

not masked

not masked

not masked

low

medium

high

MTTFd of each Channel

The regulation of the performance levels (PL) to ISO 13849

Appointment of performance levels of category, DC and MTTFd. Within either norms there will be a different method used for rating of safety functions, but the results can be transfered into each other. Simplified operation to rating by a SPR/CS achieved PL.

3 years

10 years

30 years


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Analysis of the sensor circle 1.1 position switchRequired measures

nop = ( (365days x 24h x 3600 ) / 28800 = 1095


The MTTFd of every channel of the position switch is therefore "high" (> 30 years)

B10 = 1.000.000 with part of dangerous failures 20% B10d = B10/ 0,2dangerous failures

It will be worked 365 days per year and 24 hours per dayTcycle = every 8 hours 28800 sec.

hop, The average of operation hours per day [h/d]

dop, The average of operation days per year [d/y]

tcyle, The mean time between two operation cycles [s{cycle]

Construction is carried out into category 3DC is required with 90% as mediumCCF is regarded accordance to annex F and must be complied.


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

ReihenschaltungBeispiel NOT-HALT und Schutztürüberwachung

1. 2. 3.

Categorie ?PL ?SIL ?


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Analysis of the sensor circle 1.1 position switchSensor connection according DC

Testing pulses for short-circuit detection

F-DI

Two channel Discrepancy assessment No short-circuit detection DC 90% P* P*

short-circuit detection

* Internal sensor supply can also be used

Two channel Discrepancy assessment Short-circuit detection DC 99%

Two channel antivalentDiscrepancy assessment

DC 99%


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

The DC is defined as medium with 90% The CCF has to be considered acc. to annex F and must be fulfilled. The mounting proceeds in category 3

nop = ( (365days x 24hx 3600 ) / 86400 = 365

MTTFd = ( 100.000operating cycle / 0,2dangerous failures ) / 0,1 x 365 nop = 13698 years

So the MTTFd of any Channels from the E-STOP “is high”.(> 30 years)

Analysis of the sensor circle 1.2 emergency hold local (trick unlocked)

B10 = 100.000 with part of dangerous failures 20% B10d = B10/ 0,2dangerous failuresIt is worked per annum 365 days and 24 hour on each the dayTcycle = 1x per day 86400 sec.

hop, The average of operating time in hours per day [h/d]

dop, The average of operating time within days per annum [d/y]

tcyle, The one average of the period of time between two activity cycles [s{cycle]


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery


nop = ( (365days x 24hx 3600 ) / 3600 = 8760


So the MTTFd of any Channels from the position switch “is high”.(> 30 years)

Analysis of the sensor circle 1.3 position switches

B10 = 1.000.000 with part of dangerous failures 20% B10d = B10/ 0,2dangerous failuresIt is worked per annum 365 days and 24 hour on each the dayTcycle = 1x per hour 3600 sec.





Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery


nop = ( (365days x 24hx 3600 ) / 28800 = 1095

MTTFd = ( 100.000operating cycle / 0,2dangerous failures ) / 0,1 x 1095 nop = 4566 years

So the MTTFd of any Channels from the E-STOP “is high”.(> 30 years)

Analysis of the sensor circle 1.4 emergency hold central (trick unlocked)

B10 = 100.000 with part of dangerous failures 20% B10d = B10/ 0,2dangerous failuresIt is worked per annum 365 days and 24 hour on each the dayTcycle = every 8 hours 28800 sec.





Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Failsafe module – PROFIsafe - Failsafe controller

4 F-DI/ 3F-DO SILCL2.1 = 2 -> PL d PFHD2.1 = 1,0*10-8

SILCL2.3 = 3 -> PL e PFHD2.3 = 3,62*10-10

SILCL SRP/CS 2.x >= SIL SRP/CS 2

2 ; 3 ; 3 >= 2 -> PL d

PFHD2.1 + PFHD2.2 + PFHD2.3 = PFHD 2 = 1,14 * 10-8

F-CPU

PROFIsafe

SILCL2.2 = 3 -> PL e PFHD2.2 = 1,00*10-9

communication


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

PFH / PFD The technicaldata evaluate for Simatic assemblies

http://support.automation.siemens.com/WW/view/de/27832836


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

nop = ( (365days x 24hour3600 ) / 3600 = 8760


So the MTTFd of any Channels from the contactors “is high”.(> 30 years)

Analysis of the actor circle 3.1 and 3.2 contactors

B10 = 1.000.000 with part of dangerous failures 75% B10d = B10/ 0,75 dangerous failures

It is worked per annum 365 days and 24 hour on each the dayTcycle = every hour 1x 3600 sec.






Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Analysis of the actor circle 3.1 and 3.2 contactors

Electronic-contact - M

Electroniccontact - P

Power circuit > 24V

F-DO DI

Feedback monitoring within the safety controller

Cross monitoringDC 90%

Direct monitoringDC 99%


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

low

medium

high

Table (annex K) for the determination of PFH value

1522 years

PFH-value for contactors & position switches


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Safety functions “Door supervision”Cutting machine

Detect Evaluate React

Required safety integrity

++PL dPFH 1,14 * 10-8

Cat. 3MTTF highDC mediumCCF >65

Cat. 3MTTF highDC mediumCCF >65

Pl = d/ Kat. 3; DC = 90; MTTF = 45662 yearsPFH1.1 = 4,29E-8

SIL = 2; SFF = >90 PL = d; SIL CL = 2PFH2 = 1,14E-8

Pl = d/ Kat. 3; DC = 90; MTTF = 1522 years PFH3.1 = 4,29E-8

Pl = dPFHSF1 = 9,72E


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

ResultsPl = d/ Kat. 3; DC = 90; MTTF = 45662 yearsPFH1.1 = 4,29E-8



Pl = dPFHSF1 = 9,72E-8











Pl = d/ Kat. 3; DC = 90; MTTF = 1522 years PFH3.1/3.2 = 8,58E-8



Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

ResultsPl = d/ Kat. 3; DC = 90; MTTF = 45662 yearsPFH1.1 = 4,29E-8



PL = dPFHSF1 = 9,72E-8










Pl = d/ Kat. 3; DC = 90; MTTF = 1522 years PFH3.1/3.2 = 8,58E-8




Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Simplified quantification of the PL for a safety function with Parts Count

Sensor circuit:MTTFd = 850 years; DC-value is low with 99%

Actuator circuit:MTTFd = 56 years; DC-value is high with 99%

3331

12501

MTTF1

D

52,54MTTFD

1) Creation of DCavg Sensor/ Actuator = ?

x%99DC

DC

avg

561

8501

560,99

8500,99

avg

Sensor circuit & Actuator circuit:MTTFd = 52,54 years „high“; DC-value with 99% „high“ PL e

with for each component

2) Creation of MTTFd Sensor/ Actuator of each channel = ?


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

The regulation of the performance levels (PL) to ISO 13849 ( table 11)

The check of the complete PL for the series connection of SRP/CS

> 3 x PL e

result = PL d


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery


IEC 62061ISO 13849-1


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery A "safety function" is executed by a "system".

A "system" is combined of "subsystems".

A "subsystem" consists of "subsystem elements"

systemsubsystemssubsystem elements

detectingevaluation react

complet SIL = ?

SIL subsystem 1 = ? SIL subsystem 2 = ? SIL subsystem 3 = ?

Bases of the SIL-verification


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

SIL


Stru

ctur

eHFT

Rel

iabi

lity

PFHD

Dia

gnos

is

DC/SFF

Res

ista

nce

CCF

Pro

cess

verifying


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Structural restrictions

The structure (architecture) of the subsystems must be suitable for the demanded SIL. The following factors influence the suitability: HFT: Hardware Fault Tolerance the ability of a hardware component to execute a

demanded function at existence of faults or deviations further

HFT = N means, that N +1 hardware problems the loss of the security function imply

SFF: Safe Failure Fraction Proportional part of the safe recognized failures (Σ λS + Σ λDD) / (Σ λS + Σ λD) S: Safe, D: Dangerous, DD: Dangerous Detected


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

SIL 1 (s. Corrigendum)

Structural restrictions : SIL CL – SFF (table 5)

SFF HFT


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Assessment of the functional safety SIL claim limit, SIL CL

SILCL, SIL-Claim limit The SILCL of every subsystem of the safety function (SRCF) must at least correspond to the demanded SIL (after danger analysis) of the SRCF (similar as categories at EN954).

SIL CL subsystem >= SIL CL SRCF

The architecture of the subsystems also must be suitable for the demanded SIL, for example subsystem with/without redundancy or with/without diagnosis.

subsystem, TS

SIL CL3.1 = ?

SIL CL1.1 = ? SIL CL2 = ?


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

SFF of subsystems “detecting” Position switch with tumbler1.1

Simple subsystem, i.e. simple analysis of the failure type (annex IEC 62061)

- Contact does not open Dangerous Detection by diagnosis

- Contact does not close safe

- DC >= 90 SFF>= 90% HFT = 0 Because of fault exclusion (Break of the actuator) -> HFT 1

According to the table 5 arises

- SFF >90% and HFT =1 SIL CL = 3

- The fault exclusion at the mechanical part leads to the max. limitation on SIL CL 2

Note: According to IEC 61508 at certified components the SIL CL is given. Manufacturer's indications at configuration and wiring have to be taken into account

1.1


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Structural restriction: SIL CL - SFF (table 5)

of SFF contingent

safer failures

SIL 3(see comment 2)

Hardware fault-tolerance (see comment 1)

COMMENT 1: A hardware fault-tolerance of means that +1 error could conduct to a loss of SRCF.COMMENT 2: A SIL 4-border of claim will be not treated at this norm. For SIL 4 see IEC 61508-1

COMMENT 3: exception see 6.7.7.

Not allowed(see comment 3)



Table 5 – structural controls of subsystems: maximal take on claimable SIL for a SRCF, which is used by this subsystem

necessary for a subsystem with HFT = 0 and elimination of errors is:

EXCEPTION:

SIL CL ≤ SIL 2


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Mixed module, F-communication and F-CPU

4/8 F-DI/ 3F-DO SIL CL2.1 = 2 PFHD2.1 = 1,0*10-8

SIL CL2.3 = 3 PFHD2.3 = 3,62*10-10

SIL CL subsystem 2.x >= SIL CL subsystem 22; 3; 3; >= 2

F-CPU

PROFIsafe

SIL CL2.2 = 3 PFHD2.2 = 1,00*10-9

Communication


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

SFF of the subsystems “Reacting” contactor 3.1 and 3.2

Simple subsystem, i.e. simple analysis of the failure type (annex K IEC 62061)

- Contact does not open dangerous detecting by diagnosis in F CPU

- Contact does not close safe

- DC >= 90 SFF>= 90% HFT = 1

According to the table 5 arises

- SFF >90% und HFT =1 SIL CL = 3

3.1


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Assessment of the function-related safety after SIL claim limit, SIL CL

subsysteme, TS

SIL CL 1.1 = 2 SIL CL 2 = 2 SIL CL 3.1 =

3

SIL CL = 2


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

SIL


Stru

ctur

e

HFTR

elia

bilit

yPFHD

Dia

gnos

is

DC/SFF

Res

ista

nce

CCF

Pro

cess

verifying


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

MTTF values and general approach The failure rate – lambda λ

The failure rate has the dimension 1/time unit, e.g. 1/hFor construction elements often used the notion FIT (failures in time). This describes a failure rate related to a corresponding "time base" (of 109 hours):

A so-called “constant failure rate” can be started out from for a particular time period only.

failure rate

Early failures Phase with a constant failure rate Late failures

time t


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Harmless and dangerous failure rate in accordance to DIN EN 62061

The failure rate (λ) gets together from harmless/safe (λS) and dangerous failures (λD) together:

λ = λS + λDs = „safe“, d = „dangerous“

or

λD = [part of dangerous failures in %] x λ

λS = [part of harmless failures in %] x λ

It is mainly looked at the dangerous failure ratein the safety engineering.


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

The probability of failure

A (mathematical) distribution function of the probability of failure gives up from the failure rate:F(t) = 1 – exp (- λt), with λ as failure rate.

One also describes the mean average value of this exponential distribution: At components could not been repaired as the middle life time MTTF

(Mean Time To Failure; 63,2% of the components fallen out until middle life time MTTF);

at repairable components as a middle operating timebetween two failures MTBF( Mean operating Time Between Failures).

– Technical statistics –

MTTF = 1 / λThe MTTF is a statistical mean average value,

however no guaranteed life time!


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

The probability of failure according to DIN EN 62061

The probability of failure is looked at based on the failure rate at any hour of the life time of the component:

PFHD probability of dangerous hardware failure

The calculation is derived directly from the failure rate:

PFHD = λD x 1 h [without dimension]

high demand or continuous mode„Mode in which the frequency of requirements on a SRECS more than once per year

amounts or the frequency of the requirements more greatly is as the double frequency of the proof test. “SRECS: Safety-Related Electrical Control Systems


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

PFH estimation for electromechanical components

λd

Rate of dangerous failures [1/h] Reciprocal value of the time until the

dangerous failure (MTTFd)λd = 1 / MTTFd λ = 1 / MTTF (mainly) Restrictions see IEC 62061

PFH = λd ×1h; λ = 1/MTTFIEC 62061,

6.7.8.2.1IEC 62061,

6.7.8.2.1

detection

PFH subsystem 1 = ?


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

B10 value for electromechanical components according to DIN EN 62061

The failure rate for electromechanical components is defined with the B10 value.

The B10 value is expressed in number of operating cycles:

The number of operating cycles within a life time test, after 10% of the components have been failed.

According to EN 62061:

λ = 0,1 x C / B10with C = operation cycle in hour

The failure rate must be calculated on base of operation cycle.


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Electromechanical components

λ = 0,1*C/B10 λd = λ * part of dangerous failures

B10: Number of operation cycles after which 10% of all equipment have failed

C: operation cycle per hour


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Example application

Subsystem element: Single Contact

Dangerous failure rate, D [1/h]D = 0.1 x C / B10 x (Contingent of dangerous failure

rate)B10: Amount of switching cycles-> Information of component manufacturer: B10 = 1.000.000

Rate of dangerous failures “fuse of contacts”-> Information of component manufacturer = 75%

C: Operating Cycles-> Information of machine manufacturer:C = 10 times per hour / h

D = 7,5 x 10-6


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

4 Base subsystem architectures

One fault tolerance withoutdiagnostic function(s)

One fault tolerance with diagnostic function(s)

element 1

element n

subsystem PFH=?

Zero fault tolerance without diagnostic function

Zero fault tolerance with diagnostic function


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Designated architectures and basic subsystem architectures are comparable

Category 3/4 designated architectures

Basic subsystem architecture D

I1

I2

L1

L2

O1output signal

O2

monitoring

sensor logic contactor

output signal

monitoringinput signal

input signal

monitoring

Basic subsystem architecture D

subsystem element 1λDe1

subsystem element 2λDe2

common cause failurediagnostic function(s)

λD = ( 1 – β )2 {[ λD11 λD12 ( DC11 + DC12 ) T2 / 2 ] + [ λD11 λD12 ( 2 - DC11 - DC12 ) T1 / 2 ]} + β ( λD11 + λD12) / 2


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Some definitionsfor abrasion afflicted, electro mechanical elements

Failure probability of a subsystem with 1-channel architecture:

λD = λDi without diagnosis λD = λD1 ( 1 - DC1 ) with diagnosis

Failure probability of a subsystems with redundant architecture: λD = ( 1 – β )2 {[ λD11 λD12 ( DC11 + DC12 ) ] T2 / 2 +

[ λD11 λD12 ( 2 - DC11 - DC12 ) ] T1 / 2} + β ( λD11 + λD12 ) / 2

Failure probability of a Subsystems with even Subsystem elements of a redundant architecture: λDe = λD11 = λD12

DCe = DC11 = DC12

λD = ( 1 – β )2 λDe2 {[ DCe T2 ] + [ (1 – DCe ) T1 ]} + β λDe


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

One fault tolerance with diagnostic function(s)

homogeneous structure


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Definition

Rate dangerous failures:λ = 1/MTTF (electronic component)λ = 0,1*C/B10 (electromechanical components)

DC: Diagnostic CoverageDiagnostic Coverage in %ΣλDD /λDtotalSpecification by machinery manufacturers

CCF or ß-factor: Common Cause FailureFault in result of a common causeBy analysis of the realization established Question list from IEC 62061, annex F Specification by machinery manufacturers

T2: Diagnosis test intervalTime interval between two function testsOperation interval at electromechanical componentsSpecification by machinery manufacturers

T1: Proof test intervalTime interval between two tests

Proof "virgin state"Given for certified safety products.

Otherwise parameter to adjust Lambda value


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Method to estimate CCF- Factorannex F informative (EN 62061)

CCF-factor : common cause failure

Defined through machine manufacturer after total points from theapplication assessment according to some special criteria.criteria: separation/isolationdiversity / redundancy, complexity/ applicationassessment / analysis, competence / training andenvironment monitoring

Possible values are 0,1 to 0,01e.g. total points, = 0,1

conservative assumption

X


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

CCF or : Common Cause Failure

By reflection of the realization detected

Question lists out of IEC 62061 or ISO 13849 (rev) An failure, which is the result from one or more events, which cause the failure of two or

more seperate channels in a subsystem (redundant architecture) and leads to a failure of a SRECS at the same time.

Measure against it is e.g. a protected transfer

Specification by machinery manufacturers (e.g. by evaluation of the tables F1 and F2.)

The CCF factor worsens the PFHD value!Reasons for CCF:Surroundings: Temperature, dampness, vibration, shock, corrosive substancesPower supply: Voltage drops, voltage fluctuations, transient voltage , voltage blackoutEMV: Interference immunity opposite magnetic fields, electromagnetic fields and electrostatic dischargesSoftware: Identical algorithms,

only must be intended for redundant architectures, (.architecture type C and D)

Explanation CCF-factor and regulation


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

DC Diagnostic CoverageDC: Diagnostic Coverage (Σ λdd / Σ λd) Diagnostic Coverage in % from 0 to 99 % "Approval of the probability of dangerous hardware failures which results

from the execution of the automatic diagnostic tests." Example: Two position switches are controlled on discrepancy; this failure

is uncovered as soon as one is faulty DC = 0,99 (or 99%)

Specification by machinery manufacturers

Procedure to the assessment of the DC value execution of a fault analysis - fault tree analysis or FMEA for every subsystemregulation of the failure rates s, D, DD and DU (on basis of the IEC 61508)calculation of the diagnosis funding ratio

if necessary determination of the SFF part

DD

DD + DU

DCAVG=

The diagnostic coverage (DC) is the ratio of the failure rate of therecognized dangerous failures to the failure rates of all dangerous failures


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Estimate of the diagnostic coverage (DC) for function and modules annex E informative (EN ISO 13849-1:2006)

Tabelle E.1 (fortgesetzt)


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

T1, T2

Proof test interval T1 Time interval between two subsystem tests influences the lambda value of the subsystem Can be defined by subsystem manufacturer

Test interval T2 Time interval between two function tests

for uncovering failures Can be replaced with the number of switching cycles and corresponds so

to the operation cycle of the electromechanical component. Specification by machinery manufacturers (operation manual) At mechanical components e.g. 1 year about a forced dynamic sampling

1 CT2 =


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Verification of the individual safety functions

1.1 2 3.1

1.2 2 3.1

2 3.21.3

1.4 2

3.2

3.1


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Subsystem element

subsystem

Failure coverage through comparison in F-SPS

rate of dangerously failuresDangerous faults: "Contacts do not open” = 20%

D = 0.2 x

Homogeneous redundancy (the same machine)1 = 2 = ; DC1 = DC2 = DC

Failure coverage ratio (at comparison in F-SPS)DC = 90%Common Cause FailureCCF: 10% (conservative worst case value)

Time-related failure rate

C: Switching rate in [1 / h]

= 0.1 x C / B10

B10: Manufacturer's indication

B10 : 100.000 C : all 8 hours

Diagnosis support:

Manufacturer's indications

DssD = (1 – β)2 {[ De2 * 2 * DC ] * T2/2 + [ De2 * (1 - DC) ] * T1} + β * DePFHDssD = DssD * 1h 2,51 E-9

test IntervalsT1: 20 years (Manufacturer detail)T2: all 8 h (Evaluation in user software)SIL CL = 3

Analysis of the sensor circle 1.4 emergency hold central (trick unlocked)


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

The Excel table for calculation


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Verification with a Siemens tool after HMI 2009


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

subsystem element

subsystem



D = 0.75 x





= 0.1 x C / B10


B10 : 1.000.000 C : every 8 hours (0,125)Diagnosis support :



test IntervalsT1: 20 years (Manufacturer detail)T2: all 8 h (Evaluation in user software) SIL CL = 3

consideration of actor circles 3.1 contactors (3.1 = 3.2)

3.1


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Mixed module, F-communication and F-CPU

4/8 F-DI/ 3F-DO SIL CL2.1 = 2 PFHD2.1 = 1,0*10-8

SIL CL2.3 = 3 PFHD2.3 = 3,62*10-10

PFHD2.1 + PFHD2.2 + PFHD2.3 = PFHD 2 = 1,14 * 10-8

F-CPU

PROFIsafe

SIL CL2.2 = 3 PFHD2.2 = 1,00*10-9

Communication


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

ResultsSIL CL = 2PFH1.1 = 2,50E-10

SIL CL = 2PFH2 = 1,14E-8

SIL CL = 3 PFH3.1 = 7,58E-9

SIL CL = 2PFHSF1 = 1,92E-8

SIL CL = 3PFH1.4 = 2,51E-9

SIL CL = 2PFH2 = 1,14E-8

SIL CL = 3 PFH3.1 = 1,52E-8


SIL CL = 3PFH1.2 = 8,41E-10

SIL CL = 2PFH2 = 1,14E-8

SIL CL = 3 PFH3.1 = 7,58E-9


SIL CL = 2PFH1.3 = 2,01E-9

SIL CL = 2PFH2 = 1,14E-8

SIL CL = 3 PFH3.2 = 7,58E-9



Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

subsystem element

subsystem



D = 0.2 x





= 0.1 x C / B10


B10 : 1.000.000 C : every 8 hours

Diagnosis support:




Analysis of the sensor circle 1.1 door supervision


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Subsystem element

subsystem



D = 0.2 x


Common Cause FailureCCF: 10% (conservative worst case value)



= 0.1 x C / B10


B10 : 100.000 C : 1x per day

Diagnosis support :



test Intervals

T1: 20 years (Manufacturer detail)

T2: all 24 h (Evaluation in user software)SIL CL = 3

Analysis of the sensor circle 1.2 need hold local (trick unlocked)

Failure coverage ratio (at comparison in F-SPS)DC = 90%


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Subsystem element

Subsystem



D = 0.2 x


Failure coverage ratio (at comparison in F-SPS)

DC = 90%Common Cause FailureCCF: 10% (conservative worst case value)



= 0.1 x C / B10


B10 : 1.000.000 C : every 8 hours (0,125)

Diagnosis support :




Analysis of the sensor circle 1.3 door supervision


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery SIL Claim:SS1.1 SS1.2 SS2 SS3 SS4SIL2 SIL3 SIL3 SIL3 SIL2

SIL2

PFH and SIL:SS1.1 SS1.2 SS2 SS3 SS41,0 E-9 +1,0 E-10 +1,2 E-8 + 5,42 E-10 + 1,8 E-9

= 1,5442 E-8

SIL specification

SIL3 ???


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

SIL and PL can be compared with each other

Measure of the safety performance

3≥ 10-8 to < 10-7e

2≥ 10-7 to < 10-6d

1≥ 10-6 to < 3 x 10-6c

1≥ 3 x 10-6 to < 10-5b

no special safety requirements≥ 10-5 to < 10-4a

SIL [EN 61508-1 (IEC 61508-1)] for information

Average probability of a dangerous failure per hour [1/h]Performance level (PL)


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment



SIL2

PFD and SIL:SS1.1 SS1.2 SS2 SS3 SS41,0 E-9 +1,0 E-10 +1,2 E-8 + 5,42 E-10 + 1,8 E-9

= 1,5442 E-8

SIL2

Qualitative assessment

SIL specification

SIL3 ???


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment



SIL2

PFD und SIL:SS1.1 SS1.2 SS2 SS3 SS41,0 E-6 +1,0 E-10 +1,2 E-8 + 5,42 E-10 + 1,8 E-9

= 1,002 E-6

SIL2

Qualitative assessment

SIL specification

SIL1


Support by Siemens


IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

SIL

See lecture no. 2 / robust processes


Stru

ctur

eHFT

Rel

iabi

lity

PFHD

Dia

gnos

is

DC/SFF

Res

ista

nce

CCF

Pro

cess

verifying


Support by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery



Information Training Function examples Evaluation tool Support ProductsSupport by Siemens

Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Certified Products for the overall Safety System …

… with all safety-relevant characteristics and certificatesDetecting Reacting

SIRIUS contactors SIRIUS motor starters SIRIUS compact starter SINAMICS G120/G120D SINAMICS S120

SIRIUS position switches SIRIUS signal columns SIRIUS EMERGENCY STOP

buttons SIRIUS zero-speed relays SIMATIC FS light curtain SIMATIC FS laser scanner ASIsafe safe modules

Evaluating

SIRIUS safety switching devices

SIRIUS modular safety system

ASIsafe safety monitor SIMATIC

fail-safe controllers SIMATIC ET 200S, ET 200pro SIMATIC

Mobile Panel 277F IWLAN

www.siemens.de/simatic-safety-integrated/starterkit



Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Action packs and slides



Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Comprehensive Support on your Way to the optimum Use of Safety Technology

Internet contacthttp://support.automation.siemens.com

The right support for every project phase

Support

Internet downloadhttp://www.siemens.com//safety-functional-examples

Instructions for functions and applications

Functional Examples

Product and standards trainings

Tool to prove the required safety level

Contents

Internet contacthttp://www.siemens.com/sitrain-safetyintegrated

Sitrain

Online toolwww.siemens.com/safety-evaluation-tool

Safety Evaluation tool

Can be obtained from



Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Safety evaluation tool

The safety evaluation tool A free Internet-based tool for calculating safety functions ISO 13849-1 (successor standard of EN 954-1) IEC 62061 For documenting the

results by a report Offers easy, identical

handling for bothstandards Optimum support when

using the Siemens products

With the Safety Evaluation tool:Easy preparation of machine documentation conforming to the standards



Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Functional Examples

Functional Examples include Functional, tested and

practical safety functions List of all required software

and hardware components and description of the interconnection

Tested and commented code Assessment of the safety functions

according to EN 62061 and EN ISO 13849-1: 2006

Described functionalities Can be easily implemented Serve as a basis for individual

expansions

Easy, fast and inexpensive implementation of safety tasks

Example: Safety Door with Spring-LoadedEngagement in Category 4 / PL e / SIL 3



Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

SITRAIN – Safety Integrated Course Catalog

Specific courses

Drive technology

ST-NSST, focus: Theory; trainer: TÜV Süd, Latest Standards for Designing Safe Machines, 2 days

Sensors

SE-FSZERTTesting, Usage and Handling of Contactless Protective Equipment2 days

Controls

IK-ASISYSActuator-Sensor Interface system course3 days

Automationsystems

ST-PPDSConfiguring and Programming Fail-Safe SIMATIC S7-300 Control Systems with PROFIsafe3 days

DR-G120-EXPSINAMICS G120 Service and Commissioning2 days

NC-840DSIWSINUMERIK 840D Safety Integrated Configuring and Commissioning5 days

NC-840DSISSINUMERIK 840D Safety Integrated Maintenance course3 days

General coursesST-SIUEBF, focus: System overview; Current Standards (ST-NSST) plus Safety Integrated Product and System Overview, 4 days

CD-SSISIRIUS Safety Integrated3 days

Drives Safety S120Safety Functions2 days

NEWstarts 2009

NEWstarts 2009



Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Functional safety of machine controlapplication of DIN EN ISO 13849

Functional safety of machine controlapplication of DIN EN ISO 13849 (BGIA-Report 2/2008)

Download report & calculation tool SISTEMA http://www.dguv.de/bgia/de/pub/rep/rep07/bgia0208/index.jsp



Application example

IEC 62061 and ISO 13849-1

4 Placing to market

3 Validation

2 Risk reduction

1 Risk assessment


Safety of Machinery

Support to the norms

To the 62061 Siemens Function example to 62061

http://support.automation.siemens.com/WW/view/de/23996473

To the EN ISO 13849 BGIA Report 2008

http://www.dguv.de/bgia/13849

To the EN 62061 and EN ISO 13849: Siemens: Standards brochure, standards poster

http://www.automation.siemens.com/cd/safety/index_00.htm

To the reference book: Funktionale Sicherheit von Maschinen und Anlagen

Umsetzung der europäischen Maschinenrichtlinie in der Praxis(ISBN 978-3-89578-366-1, only German version)

To the EU Guidelines: Guidelines, activities for the guidelines, list of the harmonized norms,

FAQs, ...http://www.newapproach.org

Safety of machinery / European machinery directive

Documents

Transcript of Safety of machinery / European machinery directive