1 optima o in control since 1995 safety update this presentation covers machinery directive...

1

OptimaoIn control since 1995

Safety Update

This presentation covers

Machinery Directive 2006/42/EC

BS/EN954-1

EN ISO 13849-1

EN/IEC 62061

2


Introduction

Machinery Directive 2006/42/EC

Process of Risk Assessment

EN ISO 12100–2:2003 Safety of Machinery.Technical principles

Machine manufacturers are obligated to complete a Risk Assessment that is now defined within the directive as an iterative process of hazard identification, risk estimation, hazard elimination or risk reduction.

Safety system requirements

Machine designers are obligated to design control systems in such a way that a fault in the hardware or software of the control system and/or reasonably foreseeable human error does not lead to hazardous situations

3


Current status

BS/EN954-1 Valid up to 29th December 2009 (Update from beginning September ’09: EN954-1 has been given a stay of execution until the end of 2011)

EN ISO 13849-1 is applicable for electrical/electronic/programmable electronic/hydraulic/pneumatic/mechanical systems.

EN/IEC 62061 is applicable for electrical/electronic/programmable electronic systems

4


Usage of different standards

BS/EN954-1 was used for all safety systems using standard control circuits and tried and tested equipment. Higher levels of safety achieved by monitoring at various stages, once per shift, every reset etc.

EN ISO 13849-1 is applicable for: electrical/electronic/programmable electronic/hydraulic/pneumatic/mechanical systems.

EN/IEC 62061 is applicable for electrical/electronic/programmable electronic systems

5


Safety Categories EN945-1

S severity of injury S1 slight (normally reversible injury)

S2 serious (normally irreversible injury or death)

F frequency and/or exposure to hazard F1 seldom-to-less-often and/or exposure time is short

F2 frequent-to-continuous and/or exposure time is long

P possibility of avoiding hazard or limiting harm

P1 possible under specific conditions

P2 scarcely possible

BS/EN954-1 Categories B,1,2,3,4

6


Safety Categories EN13849-1

EN ISO13849-1 Performance Levels a-e

S severity of injury S1 slight (normally reversible injury)

S2 serious (normally irreversible injury or death)

F frequency and/or exposure to hazard F1 seldom-to-less-often and/or exposure time is short

F2 frequent-to-continuous and/or exposure time is long

P possibility of avoiding hazard or limiting harm

P1 possible under specific conditions

P2 scarcely possible

7


Safety Categories EN62061

IEC/EN 62061 is the machine sector specific standard within the framework of IEC/EN 61508. EN 62061 is harmonised under the European Machinery Directive.

The Safety Integrity Level (SIL) is the new measure defined in IEC 61508 regarding the probability of failures in a safety function or a safety related system.

Safety integrity level

SIL

High demand or continuous mode of operation (Probability of a dangerous failure per hour)

PFHd

Low demand mode of operation (Average probability of failure to perform its design function on demand)

PFDaverage

4 >= 10-9 to < 10-8 >= 10-5 to < 10-4

3 >= 10-8 to < 10-7 >= 10-4 to < 10-3

2 >= 10-7 to < 10-6 >= 10-3 to < 10-2

1 >= 10-6 to < 10-5 >= 10-2 to < 10-1

For machinery, the probability of dangerous failures per hour of a control system is denoted in IEC/EN 62061 as the PFHd

8


Safety Categories EN62061

EN/IEC 62061 requires each safety function to be assessed in the following manner

The required risk assessment graph is shown on the following pages

Risk relatedto the

identifiedhazard

Severity ofthe possible

harm= and

Frequency and durationof exposure Fr

Probability of occurrenceof a hazardous event Pr

Probability of avoidingor limiting harm Av

Probability ofoccurrence ofthat harm}

Se

9


Consequences Severity (Se)Irreversible: death, losing an eye or arm 4Irreversible: broken limb(s), losing a finger(s) 3Reversible: requiring attention from a medical practitioner 2Reversible: requiring first aid 1

Frequency of exposureDuration> 10 min

<= 1 h 5> 1 h to <= 1 day 5

> 1 day to <= 2 weeks 4> 2 weeks to <= 1 year 3

> 1 year 2

Frequency and duration of exposure (Fr)

Probability of occurrence Probability (Pr)Very high 5

Likely 4Possible 3Rarely 2

Negligible 1

Impossible 5Rarely 3

Probable 1

Probability of avoiding or limiting harm (Av)

List all the possible hazards of the machine and

Determine the parameters according to the tables and fill in the values:

The Class Cl is the sum of: Fr + Pr + Av = Cl

Serial no. Hazard Se Fr Pr Av Cl1234

Safety of Machinery and Functional Safety

Machinery: Risk parameter examples of IEC/EN 62061

10


Safety of Machinery and Functional Safety

Consequences Severity (Se)Irreversible: death, losing an eye or arm 4Irreversible: broken limb(s), losing a finger(s) 3Reversible: requiring attention from a medical practitioner 2Reversible: requiring first aid 1

Frequency of exposureDuration> 10 min

<= 1 h 5> 1 h to <= 1 day 5

> 1 day to <= 2 weeks 4> 2 weeks to <= 1 year 3

> 1 year 2

Frequency and duration of exposure (Fr)

Probability of occurrence Probability (Pr)Very high 5

Likely 4Possible 3Rarely 2

Negligible 1

Impossible 5Rarely 3

Probable 1

Probability of avoiding or limiting harm (Av)

Serial no. Hazard Se Fr Pr Av Cl1 hazard x 4 5 4 3 122

+ + =

Example according to IEC/EN 62061

Machinery: Determination of the required SIL (Safety Integrity Level).

3 - 4 5 - 7 8 - 10 11 - 13 14 - 15 4 SIL 2 SIL 2 SIL 2 SIL 3 SIL 33 OM SIL 1 SIL 2 SIL 32 OM SIL 1 SIL 21 OM SIL 1

Death, losing an eye or armPermanent, losing fingers

Severity(Se)

ConsequencesClass Cl

Reversible, medical attentionReversible, first aid

11


Machinery: Risk assessment form given as an example in IEC/EN 62061

Product:Issued by:Date:

Black area = Safetymeasures required

Grey area = Safety mesures recommended

3 - 4 5 - 7 8 - 10 11 - 13 14 - 15 4 SIL 2 SIL 2 SIL 2 SIL 3 SIL 3 <= 1 hour 5 Common 53 OM SIL 1 SIL 2 SIL 3 > 1 h to <= 1 day 5 Likely 42 OM SIL 1 SIL 2 > 1 day to <= 2 wks 4 Possible 3 Impossible 51 OM SIL 1 > 2 wks to <= 1 year 3 Rarely 2 Possible 3

> 1 year 2 Negligible 1 Likely 1

No. Se Fr Pr Av Cl

Comments

Risk assessment and safety measures

SafeHazard

Reversible, medical attentionReversible, first aid

Safety Measure

AvoidanceAv

ConsequencesClass Cl Frequency and duration

FrDeath, losing an eye or armPermanent, losing fingers

Severity(Se)

Probability of hzd. EventPr

12


Safety Level Comparison

SIL calculations can be approximately converted over to PL levels…

The relationship between the categories, the PL and the SIL is as follows:

CategoryEN 954-1

Performance level (PL)prEN ISO 13849-1

SILIEC 61508, EN 62061

B a no special safety requirements1 b 12 c 13 d 24 e 3

Not more than 1 dangerous failure of the safety function in 100 yearsNot more than 1 dangerous failure of the safety function in 1000 years

Not more than 1 dangerous failure of the safety function in 10 years

13


Calculation of PL and SIL

To enable the value of PL or SIL to be calculated information must be available from equipment manufacturers.

Software Packages available to help with verification of PL or SIL

PILZ Pascal

SIEMENS “The Safety Evaluation Tool” online package

SISTEMA German BGIA organisation tool for calculating Performance Level to EN ISO 13849-1

FREE!

£

£

14



Example calculation - Risk assessment for a rotary printing machineOn a web-fed printing press, a paper web is fed through a number of cylinders. High operating speeds and rotational speeds of the cylinders are reached, particularly in newspaper printing. Essential hazards exist at the zones where it is possible to be drawn in by the counter-rotating cylinders. This example considers the hazardous zone on a printing machine on which maintenance work requires manual intervention at reduced machine speeds. The access to the hazardous zone is protected by a guard door (safeguarding). The following safety functions are designated:

SF1 — Opening of the guard door during operation causes the cylinders to be braked to a halt.

SF2— When the guard door is open, any machine movements must be performed at limited speed.

SF3— When the guard door is open, movements are possible only whilst an inching button is pressed.

Example taken from BGIA report 2/2008e

Entrapment between the cylinders causes severe injuries (S2).

Since work in the hazardous area is necessary only during maintenance tasks, the frequency and duration of hazard exposure can be described as low (Fl).

At production speeds, no possibility exists of avoiding the hazardous movement (P2).

15



Example calculation - Risk assessment for a rotary printing machine

Example taken from BGIA report 2/2008e

This therefore results in a required Performance Level PLr Of d for the

safety functions SF1 and SF2

The safety function SF3 can however be used only if the printing machine has first been halted (SF1) and the permissible rotational speed of the cylinders limited (SF2).

This results in the possible machine movements being predictable for the operator, who is thus able to evade hazardous movements (P1). A required performance level PLr of c is therefore adequate for SF3.

16


Conclusions

EN ISO13849-1 is the default choice for systems that contain non-electrical systems and an overall summary is shown below:

Covered

All architectures andup to PL = e

All architectures andup to PL = e

Up to PL = e(PL = e without diversity:

design according toIEC 61508-3, clause 7)

UptoPL=e

Restrictionsas above

Not covered

All architectures andup to SIL 3

Up to SIL 3 when designedaccording to IEC 61508

Design according toIEC 61508-3

UptoSlL3

Restrictions as abovenon electrical parts acc. to

EN ISO 13849-1

Non electrical,e.g. hydraulics

Electromechanics,e.g. relays, or non

complex electronics

Complex electronics,e.g. programmable

Embedded software(SRESW)

Application software

Combination ofdifferent technologies

EN ISO 13849-1 IEC 62061

1 optima o in control since 1995 safety update this presentation covers machinery directive...

Documents

safety systems

safety of machinery

control systems

optima o

control system andor

safety function

possible slide

safety categories en945