IEC 62061 SIL - Conclusions - ReeR
文章推薦指數: 80 %
IEC 62061 is derived from IEC 61508 – Functional safety of safety-related electric/electronic/programmable electronic control systems. Contacts Salesnetwork Workwithus ReeR Aboutus Video News Products SafetyLightCurtains Watertightenclosures ATEXlightcurtains Accessories Safetycontrollers Safetyinterfaces Safetyrelays Laserscanner MeasurementandAutomationSensors Contactlesssafetysensors Safetyphotocells Muting,automationphotocells SafetyEncoders Safetyinterlock Events Fairs Seminars Download Catalogs Manuals Presentations Software MOSAIC MZERO SAFEGATE 3Ddrawings Certificates Safetyguide Safetyintheworkingenvironment Europeandirectives Harmonizedstandards NorthernAmericanstandardsandtestbodies Riskassessment Safetyrelatedcontrolsystemformachinery ISO13849-1PL IEC62061SIL-Conclusions ENISO14119:2013 Safetyspeedmonitoring Glossary SistemaLibrary PhotoelectricSafetyLightCurtains PhotoelectricSafetyLightCurtains ThetechnicalspecificationIEC62046 Selectioncriteria Determinationofthesafetydistance Lightcurtainsprotectedheight Mutingfunction Blankingfunction SafetyLaserScanner Characteristicelements Controlledareas Applications IntegrationoftheESPE Onlinesafetydistancecalculator Standardcommittees Support FAQ Technicalassistance R.M.A.module Contacts Salesnetwork Workwithus Home»Safetyguide»IEC62061SIL-Conclusions IEC62061SIL-Conclusions Nota Safety-relatedPLCs,safetybus,actuators,safetylightcurtainsandingeneralallcomplexsafety-relateddeviceswithintegralprogrammablelogicsandembeddedsoftware,ifusedtobuildaSRECS,shallcomplywiththerequirementsoftheappropriateProductStandards(ifapplicable)andwithIEC61508asregardsfunctionalsafety. Safetyofmachinery–Functionalsafetyofsafety-relatedelectrical,electronicandprogrammableelectroniccontrolsystem. IEC62061isderivedfromIEC61508–Functionalsafetyofsafety-relatedelectric/electronic/programmableelectroniccontrolsystems. IEC61508istheinternationalreferencestandardonfunctionalsafetyofelectric,electronicandprogrammableelectronicsystems. TheStandardconsistsofsevensections.Thefirstthreesectionsspecifythesafetyrequirementsforhardwareandsoftware,therest areofaninformativenatureandoffersupportforthecorrectapplicationoftheformer. IEC62061retainsthefeaturesofIEC61508,butsimplifiessafetyrequirements(ofbothhardwareandsoftware)adaptingthemtothespecificneedsofindustrialmachinery. Safetyrequirementsareconsideredonlyfor“highdemandmode”,i.e.requestofthesafetyfunctionmorethanonceperyear.Thestandardisbasedontwobasicconcepts: ManagementofOperationalSafety. SafetyIntegrityLevel. ManagementofOperationalSafety Specifiesalldesignaspectsneededtoattaintherequiredleveloffunctionalsafety,fromassignmentofsafetyrequirementstodocumentation,designmanagementuptovalidation.EachdesignshallhaveitsownFunctionalSafetyPlanproperlywritten,documentedanddulyupdatedasnecessary.TheFunctionalSafetyPlanshallidentifypeople,functionsandresourcesneededfordesignandimplementationofthesafetysystem. SafetyIntegrityLevel(SIL) Methodologyandrequirementsisgivenfor: specifyingfunctionalrequirementsofeachsafety-relatedfunctiontobeimplemented. assigningtheSafetyIntegrityLevel(SIL)foreachsafety-relatedfunctionenvisaged. allowthedesignofaSRECSsuitableforthesafety-relatedfunctiontobeimplemented. validatingtheSRECS. SILassignment ForSILassignmentusethemethodofAnnexA(althoughtheStandardalsoacceptsthetechniquesofIEC61508-5).Foreachriskidentifiedthefollowingmustbeassessed: Degreeofseverity(Se)ofpossibledamage. Frequencyandtime(Fr)ofexposuretodanger. Probabilityofdangerousevent(Pr)linkedtomachineoperatingmode. Avoidability(Av)ofdanger.Themoredifficulttoavoiddangerthehigherthenumberrepresentingavoidability. Thefollowingtable,extractedfromtheforminFigureA.3oftheStandardIEC62061,willhelpinobtainingtheSILtobeassignedtothesafety–relatedfunction.OM(OtherMeasures)=Theuseofotherparametersisrecommended.Thesumofmarksobtainedforattributesoffrequency,probabilityandavoidabilityprovidestheprobabilityclassofdanger: Cl=Fr+Pr+Av ToobtaintheSILalignactualCltolevelofseverity(Se)identified.Thisisaniterativeprocess.Infact,dependingontheprotectiveactionundertaken,someparametersmightchange,e.g.FrorPr,inwhichcasetheSILassignmentprocesswillhavetoberepeatedusingnewvaluesforchangedparameters.Threelevelsareenvisaged:SIL1,SIL2,SIL3. Averageprobabilityofseriousfailureperhour(PFHd) Tabella3diIEC62061 Thus,theSILrepresentsthesafetyleveltobeassignedtoaSRECSforattainmentofitssafetyintegrityintheoperatingconditionsandallthewaythroughthetimespecified. TheparameterusedtodefinetheSIL(SafetyIntegrityLevel)istheprobabilityofdangerousfailure/hour(PFHd). ThehighertheSIL,thelowertheprobabilityoftheSRECSnotperformingassafelyasexpected. TheSILmustbedefinedforeachsafety-relatedfunctionresultingfromriskanalysis.DevelopmentanddesignprocessEachsafety-relatedfunctionidentifiedthroughriskanalysisshallbedescribedintermsof: Operationalrequirements(modeofoperation,cycletime,environmentalconditions,responsetime,typeofinterfacewithothercomponentsoritems,EMClevel,etc.). Safetyrequirements(SIL). Eachsafety-relatedfunctionshallbebrokendownintofunctionalblocks,e.g.functionalblockofinputdata,functionalblockoflogicdataprocessing,functionalblockofoutputdata. Asubsystemisassociatedwitheachfunctionalblock.Inturn,subsystemswillconsistofelectricalcomponentsinterconnectedwithoneanother.Electricalcomponentsareknownassubsystemelements. ImplementationoftheSRECStechniquewillresultinatypicalarchitectureasshown(inthisinstanceaccesscontrolthroughphotoelectriccurtain). ForSRECStocomplywithidentifiedoperationalandsafetyrequirements,thefollowingrequirementsshallbemet: EachsubsystemshallconsistofelectricalcircuitssuitedtoattaintherequiredSIL.ThemaximumSILattainablebyasubsystemisidentifiedasSILCL(SILclaim).SubsystemSILCLsdependonPFHd,architectureconstraints,performanceunderfailureconditionsandontheabilitytocontrolandavoidsystematic failure.Safety-relatedsoftwareForsoftwaredesign,thecodemustbedevelopedasperreferencestandardsdependingonthetypeofsoftwareinquestionasfollows: IMPORTANT! TheprobabilityaspectisonlyoneoftheelementscontributingtoassignmentofSIL.ToclaimaspecificSILapplicantsmustproveanddocumenthaving: Adoptedadequatemanagementactionsandtechniquestoattaintherequiredlevelofoperationalsafety Inplaceadocumentedandup-to-dateOperationalSafetyPlan Avoidedsystematicfailureasfaraspossible Evaluated(throughinspectionsandtests)safetysystemperformanceinactualenvironmentalconditions Developedthesoftwareafteradoptingallorganizationalaspectsrequired. CalculationofsubsystemPFHdTocalculatesubsystemPFHdselectfirstthetypeofarchitecture(structure).TheStandardsuggestsfourpre-definedarchitectures,providingadifferentsimplifiedformulaforeachofthem.Thiscalculationrequirestheuseofthefollowingparameters:λd=Dangerousfailurerateofeachsubsystemelement.Obtainedfromitsknownfailurerateλ,percentdistributionoffailurerateforallfailuremodesandanalysisofsubsystemperformanceafterfailure(DangerousFailure=λdorNon-dangerousFailure=λs).T1=ProofTest.Prooftestinterval(externalinspectionandrepairreturningthesystemtoas-newcondition)forindustrialmachineryusuallycoincideswithlifetime(20years).T2=Testintervalofthediagnosticfunctions.DependingondesignordevicesusedthediagnosticfunctionscanbeexecutedbyinternalcircuitryofthesameSRECSorbyotherSRECSs.DC=DiagnosticCoverage:Parameterrepresentingthepercentofdangerousfailuresdetectedoutofallpossibledangerousfailures.DCdependsonself-diagnostictechniquesimplemented.Assumingthatfailureisalwayspossible(otherwisetherewouldbenopointindefiningλ),thatmechanismsfordetectingfailuresarenotnecessarily allequallyeffectiveandresponsive(dependingontypeoffailuresomemaytakelonger),thatitisimpossibletodetectallfailures,thatsuitable circuitryarchitecturesandeffectivetestingmaypermitdetectionofmostdangerousfailures,aDCparametermaybedefinedforestimatingthe effectivenessofimplementedself-diagnostictechniques.IEC62061doesnotprovidedataforobtainingDCinrelationtoimplementeddiagnostictechniques.However,dataofIEC61508-2AnnexAmay beused.β=Commoncausefailurefactor.Providesameasureofthedegreeofindependenceofoperationofredundantchannelsystems.HavingcalculatedsubsystemPFHdbymeansoftheformulasfromtheIEC62061,itisimportanttoensurethattheassociatedSILCLobtainedfromTable3ofIEC62061 iscompatiblewiththeconstraintsimposedbythearchitectureasthemaximumSILCLattainablebyagivensubsystemisrestrictedbythehardwarefaulttoleranceofthearchitectureandbySFFaslistedinthefollowingtable Safefailurefraction(SFF) Hardwarefaulttolerance 0 1 2 SFF<60% Notallowed SIL1 SIL2 60%≤SFF<90% SIL1 SIL2 SIL3 90%≤SFF<99% SIL2 SIL3 SIL3 SFF≥99% SIL3 SIL3 SIL3 (Table5ofIEC62061) Subsystemsafetyfailurefraction(SFF)is,bydefinition,thefractionofoverallfailureratenotinvolvingdangerousfailure SFF=(Σλs+Σλdd)/(Σλs+Σλdd+Σλdu). λdd(failurerateofdetectabledangerousfailures)andλdu(failurerateofundetectabledangerousfailures)areobtainedfromknowneffectivenessofimplementeddiagnostictechniques.IfPFHdandSILCLofeachsubsystemareknown,itwillbepossibletocalculatetheoverallSILofSRECS.Theoverallprobabilityofdangerousfailure/hourofSRECSwillequalthesumoftheprobabilitiesofdangerousfailure/hourofallsubsytemsinvolvedandshallinclude,ifnecessary,alsotheprobabilityofdangerousfailureperhour(PTE)ofanysafety-relatedcommunicationlines: PFHd=PFHd1+...+PFHdN+PTE KnownthePFHd,theresultingSILoftheSRECSisobtainedfromTable3.TheSILshallthanbecomparedtotheSILCLofeachsubsystem,astheSILthatcanbeclaimedfortheSRECSshallbelessorequaltothelowestvalueoftheSILCLofanyofthesubsystems. Example: Whereasubsysteminvolvestwoormoresafety-relatedfunctionsrequiringdifferentSILs,thehighestSILshallapply. CONCLUSIONS TheproceduresspecifiedinISO13849-1:2006simplifytheestimationofAverageProbabilityofDangerousFailureperHourcomparedtoIEC61508,offeringapragmaticapproachmoreinlinewiththeneedsofthemachinetoolindustry. ByretainingCategoriesandotherbasicconcepts,suchassafety-relatedfunctionandriskgraph,seamlesscontinuitywithEN954:1996isassured. MaintainingacloselylinearapproachwithEN954-1:1996however,showsthelimitsofISO13849-1:2006.Wheretheadoptionofcomplextechnologyisanticipated,e.g.programmableelectronics,safety-relatedbusapplications,differentarchitectures,etc.,itwillbemoreappropriatetodesigntoIEC62061. Wheredevicesand/orsubsystemsdesignedinaccordancewithISOEN13849-1:1999areused,Std.IEC62061showshowtointegratetheminSRECS. Aprecisebi-univocalequivalencebetweenPLandSILcannotbeidentified. However,theprobabilisticsideofPLandSILcanbecomparedastheyusethesameconcept,namelytheAverageProbabilityofDangerousFailureperHour,todefinetheextenttofailureresistance. Also,althoughtheprobabilityconceptusedinthetwoStandardsisthesame,theresultmaydifferastherigorofcalculationisnotthesame. Infact,forevaluatingPFHd,IEC62061specifiesaprocedurebasedonformulasderivedfromthesystemreliabilitytheory.Theresultsmayinsomecases,e.g.reducednumberofcomponents,high-efficiencyofself-diagnostictechniquesimplemented,turnouttobeverylow,i.e.verygood. TosimplifyandspeedupevaluationofProbabilityofDangerousFailureperHour,ISO13849-1usesapproximationtableswhichmustnecessarilyconsiderworstcasescenarios,withconsequentlyhigherresults,i.e.inferiorto,thanthosecalculatedusingIEC62061. Next...ENISO14119 backtotop
延伸文章資訊
- 1EN IEC 62061 - Everything you need to know - Unique Safety ...
The harmonised standard EN IEC 62061 covers all safety-relevant parts of electrical control syste...
- 2使用EN ISO 13849 和EN IEC 62061 实现功能安全 - PILZ
此外,我们还向您介绍EN IEC 62061标准的要求。 目标对象:. 设备和机器工程以及控制和自动化技术所涉及的开发人员、设计工程师和规划师。 高阶1.jpg. 课程内容:.
- 3IEC 62061 SIL - Conclusions - ReeR
IEC 62061 is derived from IEC 61508 – Functional safety of safety-related electric/electronic/pro...
- 4透過達到EN ISO 13849-1和EN 62061標準提高功能安全
IEC 62061是指一般功能安全標準,考慮到電氣、電子或可程式設計電子(E/E/PE)系統和產品整個生命週期。這是IEC/EN 61508的具體機械實施要求。符合機械指令2006/42/EC中...
- 52.4.2 EN IEC 62061 "Safety of machinery - Leuze