Transcript Safety Update - Optima Control Solutions

Optima
In control since 1995
o
This presentation covers
Machinery Directive 2006/42/EC
BS/EN954-1
EN ISO 13849-1
EN/IEC 62061
Safety Update
1
Optima
In control since 1995
o
Machinery Directive 2006/42/EC
Process of Risk Assessment
EN ISO 12100–2:2003 Safety of Machinery.Technical principles
Machine manufacturers are obligated to complete a Risk Assessment that
is now defined within the directive as an iterative process of hazard
identification, risk estimation, hazard elimination or risk reduction.
Safety system requirements
Machine designers are obligated to design control systems in such a way
that a fault in the hardware or software of the control system and/or
reasonably foreseeable human error does not lead to hazardous situations
Introduction
2
Optima
In control since 1995
o
BS/EN954-1 Valid up to 29th December 2009 (Update from
beginning September ’09: EN954-1 has been given a stay of
execution until the end of 2011)
EN ISO 13849-1 is applicable for
electrical/electronic/programmable
electronic/hydraulic/pneumatic/mechanical systems.
EN/IEC 62061 is applicable for electrical/electronic/programmable
electronic systems
Current status
3
Optima
In control since 1995
o
BS/EN954-1 was used for all safety systems using standard control
circuits and tried and tested equipment. Higher levels of safety
achieved by monitoring at various stages, once per shift, every
reset etc.
EN ISO 13849-1 is applicable for:
electrical/electronic/programmable
electronic/hydraulic/pneumatic/mechanical systems.
EN/IEC 62061 is applicable for electrical/electronic/programmable
electronic systems
Usage of different standards
4
Optima
In control since 1995
o
BS/EN954-1 Categories B,1,2,3,4
S severity of injury
S1 slight (normally reversible injury)
S2 serious (normally irreversible injury or death)
F frequency and/or exposure to hazard
F1 seldom-to-less-often and/or exposure time is short
F2 frequent-to-continuous and/or exposure time is long
P possibility of avoiding hazard or limiting
harm
P1 possible under specific conditions
P2 scarcely possible
Safety Categories EN945-1
5
Optima
In control since 1995
o
EN ISO13849-1 Performance Levels a-e
S1 slight (normally reversible injury)
S severity of injury
S2 serious (normally irreversible injury or death)
F frequency and/or exposure to hazard
F1 seldom-to-less-often and/or exposure time is short
F2 frequent-to-continuous and/or exposure time is long
P possibility of avoiding hazard or limiting
harm
P1 possible under specific conditions
P2 scarcely possible
Safety Categories EN13849-1
6
Optima
In control since 1995
o
IEC/EN 62061 is the machine sector specific standard within the
framework of IEC/EN 61508. EN 62061 is harmonised under the
European Machinery Directive.
The Safety Integrity Level (SIL) is the new measure defined in IEC
61508 regarding the probability of failures in a safety function or a
safety related system.
Safety integrity
level
High demand or continuous mode of operation
(Probability of a dangerous failure per hour)
(Average probability of failure to perform its design function on demand)
SIL
PFHd
PFDaverage
4
3
>= 10-9 to < 10-8
>= 10-8 to < 10-7
>= 10-5 to < 10-4
>= 10-4 to < 10-3
2
>= 10 to < 10
>= 10-6 to < 10-5
1
-7
-6
Low demand mode of operation
-3
-2
>= 10 to < 10
-2
-1
>= 10 to < 10
For machinery, the probability of dangerous failures per hour of a
control system is denoted in IEC/EN 62061 as the PFHd
Safety Categories EN62061
7
Optima
In control since 1995
o
EN/IEC 62061 requires each safety function to be assessed in the
following manner
Frequency and duration
of exposure
Risk related
to the
identified
hazard
=
Severity of
the possible
harm
and
Fr
Probability of occurrence
of a hazardous event
Pr
Probability of avoiding
or limiting harm
Av
Se
}
Probability of
occurrence of
that harm
The required risk assessment graph is shown on the following pages
Safety Categories EN62061
8
Optima
In control since 1995
o
Machinery: Risk parameter examples of IEC/EN 62061
Consequences
Irreversible: death, losing an eye or arm
Irreversible: broken limb(s), losing a finger(s)
Reversible: requiring attention from a medical practitioner
Reversible: requiring first aid
Severity (Se)
4
3
2
1
Frequency and duration of exposure (Fr)
Duration
Frequency of exposure
> 10 min
<= 1 h
5
> 1 h to <= 1 day
5
> 1 day to <= 2 weeks
4
> 2 weeks to <= 1 year
3
> 1 year
2
List all the possible hazards of
the machine and
Probability of occurrence
Probability (Pr)
Very high
5
Likely
4
Possible
3
Rarely
2
Negligible
1
Probability of avoiding or limiting harm (Av)
Impossible
5
Rarely
3
Probable
1
Determine the parameters
according to the tables and fill in
the values:
Serial no.
1
2
3
4
Hazard
Se
Fr
Pr
Av
Cl
The Class Cl is the sum
of:
Fr + Pr + Av = Cl
Safety of Machinery and Functional Safety
9
Optima
In control since 1995
o
Frequency and duration of exposure (Fr)
Duration
Frequency of exposure
> 10 min
<= 1 h
5
> 1 h to <= 1 day
5
> 1 day to <= 2 weeks
4
> 2 weeks to <= 1 year
3
> 1 year
2
Machinery: Determination of the required SIL (Safety
Integrity Level). Example according to IEC/EN 62061
Consequences
Irreversible: death, losing an eye or arm
Irreversible: broken limb(s), losing a finger(s)
Reversible: requiring attention from a medical practitioner
Reversible: requiring first aid
Serial no.
1
2
Hazard
hazard x
Se
4
Severity (Se)
4
3
2
1
Fr
5
+
Probability of occurrence
Very high
Likely
Possible
Rarely
Negligible
Pr
4
Consequences
Death, losing an eye or arm
Permanent, losing fingers
Reversible, medical attention
Reversible, first aid
+
Av
3
=
Probability (Pr)
5
4
3
2
1
Probability of avoiding or limiting harm (Av)
Impossible
5
Rarely
3
Cl
Probable
1
12
Severity
(Se)
4
3
2
1
3-4
SIL 2
5-7
SIL 2
OM
Class Cl
8 - 10
SIL 2
SIL 1
OM
Safety of Machinery and Functional Safety
11 - 13
SIL 3
SIL 2
SIL 1
OM
14 - 15
SIL 3
SIL 3
SIL 2
SIL 1
10
o
Optima
In control since 1995
Risk assessment and safety measures
Product:
Issued by:
Date:
Black area = Safetymeasures required
Grey area = Safety mesures recommended
Consequences
Death, losing an eye or arm
Permanent, losing fingers
Reversible, medical attention
Reversible, first aid
No.
Hazard
Severity
(Se)
4
3
2
1
3-4
SIL 2
Se
5-7
SIL 2
OM
Fr
Class Cl
8 - 10
SIL 2
SIL 1
OM
Pr
11 - 13
SIL 3
SIL 2
SIL 1
OM
14 - 15
SIL 3
SIL 3
SIL 2
SIL 1
Av
Cl
Frequency and duration
Fr
<= 1 hour
5
> 1 h to <= 1 day
5
> 1 day to <= 2 wks
4
> 2 wks to <= 1 year 3
> 1 year
2
Probability of hzd. Event
Pr
Common
5
Likely
4
Possible
3
Rarely
2
Negligible
1
Safety Measure
Avoidance
Av
Impossible
Possible
Likely
5
3
1
Safe
Comments
Machinery: Risk assessment form given as an example in IEC/EN 6206111
Optima
In control since 1995
o
SIL calculations can be approximately converted over to PL
levels…
The relationship between the categories, the PL and the SIL is as
follows:
Category
EN 954-1
B
1
2
3
4
Performance level (PL)
prEN ISO 13849-1
a
b
c
d
e
SIL
IEC 61508, EN 62061
no special safety requirements
1
1
2
3
Not more than 1 dangerous failure
of the safety function in 10 years
Not more than 1 dangerous failure
of the safety function in 100 years
Not more than 1 dangerous failure
of the safety function in 1000 years
Safety Level Comparison
12
Optima
In control since 1995
o
To enable the value of PL or SIL to be calculated information must
be available from equipment manufacturers.
Software Packages available to help with verification of PL or SIL
£
£
PILZ
SIEMENS
FREE! SISTEMA
Pascal
“The Safety Evaluation Tool” online package
German BGIA organisation tool for calculating
Performance Level to EN ISO 13849-1
Calculation of PL and SIL
13
Optima
In control since 1995
o
Example calculation - Risk assessment for a rotary printing machine
On a web-fed printing press, a paper web is fed through a number of cylinders. High operating speeds
and rotational speeds of the cylinders are reached, particularly in newspaper printing. Essential
hazards exist at the zones where it is possible to be drawn in by the counter-rotating cylinders. This
example considers the hazardous zone on a printing machine on which maintenance work requires
manual intervention at reduced machine speeds. The access to the hazardous zone is protected by a
guard door (safeguarding). The following safety functions are designated:
SF1 — Opening of the guard door during operation causes the cylinders to be braked to a halt.
SF2— When the guard door is open, any machine movements must be performed at limited speed.
SF3— When the guard door is open, movements are possible only whilst an inching button is pressed.
Entrapment between the cylinders causes severe injuries (S2).
Since work in the hazardous area is necessary only during
maintenance tasks, the frequency and duration of hazard
exposure can be described as low (Fl).
At production speeds, no possibility exists of avoiding the
hazardous movement (P2).
Example taken from BGIA report
2/2008e
Calculation of PL and SIL
14
Optima
In control since 1995
o
Example calculation - Risk assessment for a rotary printing machine
This therefore results in a required
Performance Level PLr Of d for the
safety functions SF1 and SF2
The safety function SF3 can however be
used only if the printing machine has first
been halted (SF1) and the permissible
rotational speed of the cylinders limited
(SF2).
This results in the possible machine
movements being predictable for the
operator, who is thus able to evade
hazardous movements (P1). A required
performance level PLr of c is therefore
adequate for SF3.
Example taken from BGIA report
2/2008e
Calculation of PL and SIL
15
Optima
In control since 1995
o
EN ISO13849-1 is the default choice for systems that contain non-electrical
systems and an overall summary is shown below:
EN ISO 13849-1
IEC 62061
Non electrical,
e.g. hydraulics
Covered
Not covered
Electromechanics,
e.g. relays, or non
complex electronics
All architectures and
up to PL = e
All architectures and
up to SIL 3
Complex electronics,
e.g. programmable
All architectures and
up to PL = e
Up to SIL 3 when designed
according to IEC 61508
Embedded software
(SRESW)
Up to PL = e
(PL = e without diversity:
design according to
IEC 61508-3, clause 7)
Design according to
IEC 61508-3
Application software
UptoPL=e
Combination of
different technologies
Restrictions
as above
Restrictions as above
non electrical parts acc. to
EN ISO 13849-1
UptoSlL3
Conclusions
16