Complying with New Functional Safety Standards

Complying with New
Functional Safety Standards

© 2012 Eaton Corporation. All rights reserved.

2

Before We Start
This webinar will be available afterwards at
designworldonline.com & email
Q&A at the end of the presentation
Hashtag for this webinar: #DWwebinar


3

Moderator

Presenter

Natasha Townsend

Jacob Feutz

Design World

Eaton


4

Functional Safety Webinar

June 14, 2012


Questions to answer
• What is Functional Safety?
• What is happening in the Functional Safety market?
• What standard should I use for my machine?

• What do I have to consider when applying that
standard?
• How do I determine what level of safety to design to?

• What values go into a calculation? Can you walk me
through one?
• Others?


6

What is functional safety?
The complete explanation:
The EU Machinery Directive 2006/42/EC stipulates that
a machine should not pose any danger. However, as
there is no 100% safety in engineering, the aim is to
reduce these dangers to a tolerable level of residual risk
by means of risk reduction measures.
The overall safety of a machine defines the state in
which it can be considered as being free of unwarranted
risks to persons or as free of danger. The functional
safety is part of the overall safety of a system which
depends on the correct functioning of the safety-related
systems and external risk reduction facilities.


7

Functional safety is not:
• Arc flash

• Grounding
• Fire suppressions systems

• Short circuit protection
• Surge protection
• Motor protection
• Others
• www.eaton.com/ElectricalSafety

8

What is happening in the functional safety
market in North America?
• Engineered based drivers:
• The desire to have standards based methods
and testing that a machine can be certified to

• Customer based drivers:
• Selling machines to European customers –
where it is required for CE mark
• Selling machines to NA customers who are
now requiring safety assessments

• Corporate based drivers:
• NA companies that are owned or are now
managed by European parent companies
• Limit liability by designing to accepted
standards

9

The Eaton Safety Manual

eaton.com/FS


10

What standard should I use for my
machine?


11

machine?
• Different “types” of standards:


12

machine?


13

machine?


14

machine?
IEC 62061

ISO 13849-1

• Applies only to electrical,
electronic and programmable
electronic systems

•

Can be used without limitation for
hydraulic, pneumatic and
electromechanical systems

•

Limited use for programmable
electronic systems

•

For mixed systems use ISO
13849

•

Any architecture can be used

•

Suitable as evidence of safety
of devices and the overall safety
functionality through calculation

Specific architecture
Up to PL d only

•

Calculation concept based on
defined architectures

•

Suitable as evidence of safety of
devices and the overall safety
functionality using tables


15

What do I have to consider when applying that
standard? – ISO 13489-1
• Which necessary safety functions are
performed by the safety-related parts of
the controls system (SRP/CS)?
• Which properties are required for the
safety function?
• Which performance level is required?
• Which safety-related parts perform the
safety function?
• Which performance level (PL) was
achieved for the SRP/CS?
• Was the PL for the safety functions
achieved?

16

How do I determine what level of safety to
design to? – ISO 13849-1
Risk estimation: PLr


17

What values go into a calculation?– ISO 13849-1
• Control architecture (category)

• MTTFd – mean time to dangerous failure
• DC – diagnostic coverage

• CCF – common cause failure
• Relationship between the above


18

SISTEMA software

http://www.dguv.de/ifa/de/pra/softwa/sistema

19

SISTEMA software


20





21

Control architecture - category


22

Control architecture – Cat. B
The safety-related parts of the control system shall, as a minimum,
be designed in accordance with the current state of the art. They
shall withstand the influences which are to be expected.


23

Control architecture – Cat. 1
The safety-related parts of the control system must be designed and
constructed using well-tried components and well-tried safety
principles. A well-tried safety principle is, for example, the use of
position switches with positively opening contacts. Normally, the
category cannot be implemented with electronic components.


24

The safety functions of the safety-related parts of a control system
must be checked at suitable intervals. The check can be performed
automatically or manually and at least with each startup and before a
hazardous situation occurs. The check can also be carried out
periodically during operation as determined by the risk analysis. A
hazardous situation may occur on the machine between the checks.


25

A single fault in a safety-related part of the control system does not
lead to the loss of the safety function. An accumulation of undetected
faults may cause a hazardous situation on the machine, since not all
faults must be detected. An example of this is the use of a redundant
circuit without self monitoring.


26

A single fault in a safety-related part of the control system does not
lead to the loss of the safety function. This fault must be detected
immediately or before the next potential danger, e.g. when closing
the door before a restart of the machine. If this is not possible, the
accumulation of faults must not lead to the loss of the safety
function.


27





28

Calculating MTTFd - Manually


29

Calculating MTTFd – using SISTEMA


30





31

Calculating DC - Manually


32

Calculating DC – using SISTEMA


33





34

Calculating CCF - Manually


35

Calculating CCF – using SISTEMA


36





37

Relating values to an achieved PL


38

Achieved PL in SISTEMA


39

What values go into a calculation?– IEC 62061
• Risk assessment
• Control architecture
• Safety characteristics of the subsystems
•
•
•
•
•
•
•
•
•
•

λd – Dangerous failure rate
DC – Diagnostic coverage
β – Common cause failures (CCF)
T1 – proof test or life time
T2 – Diagnostic test interval
PFHd – Probability of dangerous failure
SIL – Safety integrity level of the subsystem
SFF – Safe failure fraction
SIL CL – SIL claim limit
SIL – Safety integrity level of the entire system


40

Application example - products
• Application: Dual channel
emergency stop with
redundant series contactors

Input

• Monitored Manual Restart

• Cross Circuit Recognition
• Controlling three motors

Control

• Pushbutton start/stop control
• Protection Level Required: e

Output

41

Application example – control diagram


42

Application example – power diagram


43

Application example – calculated values


44

Application example - products
• Application: Single channel
position switch
• Monitored Manual Restart

Input

• Controlling two motors.
Pushbutton input to
programmable controller.
• Protection Level Required: c

Control

Output

45

Application example – control diagram


46

Application example – power diagram


47

Application example – calculated values


48

Thank You


49


50

Questions?

Design World

Eaton

Natasha Townsend

Jacob Feutz

ntownsend@wtwhmedia.com

JacobBFeutz@eaton.com

Phone: 440.234.4531

Phone: 414.449.7356

Twitter: @DW_Electrical

Twitter: @eatoncorp
Eaton.com/fs


51

Thank You
 This webinar will be available at
designworldonline.com & email
 Tweet with hashtag #DWwebinar

 Connect with
 Twitter: @DesignWorld
 Facebook: facebook.com/engineeringexchange
 LinkedIn: Design World Group
 YouTube: youtube.com/designworldvideo

 Discuss this on EngineeringExchange.com


52


53

Complying with New Functional Safety Standards

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Complying with New Functional Safety Standards

Similaire à Complying with New Functional Safety Standards (20)

Plus de Design World

Plus de Design World (20)

Dernier

Dernier (20)

Complying with New Functional Safety Standards