safety by design: soft safety, safe plc and integrated drive technology
DESCRIPTION
Safety Standards and Drive Based Safety (Bosch Rexroth) Drive for Technology 2010TRANSCRIPT
Safety by Design: Soft Safety(Safe PLC and Integrated Drive Safety)
CMA/Flodyne/HydradyneSafety by Design Technical Symposium 2010
April 13th-14th, 2010Gary Thrall, BRUS/ETC
2Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
ChallengeNew Machine Directive 2006/42/EGChange of standards
- EN 954-1 is going to be replaced- Probabilistic approach- Functional Safety Management- Safety requirements for application
programmingSafety concept of all machines to be usedafter Nov 2011 needs to be revised
From the user standpoint
PFHSILPL
Validation & Verification
Software Testing
Safety Plan
3Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
How to avoid any hazard ?The European Machine Directive (MRL) requires
that the operation, set-up, maintenance of a machine does not lead to any hazardavoidance or minimization of the hazardadditional measures if the hazard can‘t be eliminatedinformation about the remaining risk
The machine builder has to prove that everything was done that has to be done
4Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010
Harmonized European StandardsPresumption of conformity
- Fulfilling harmonized standards the machine builder can assume that the safety aspects of the machine directive are met
State of the Art- The manufacturer should be sure that the used measures /
technology are state of the art
Type AStandards
Type BStandards
Type CStandards
Basic Standards(Principles and Definitions for all Machines)
Type B1Superior Safety Aspects
Type B2Requirements for Safety Devices
Type CSpecific Requirementsfor specific machines
ISO 12100ISO 14121
EN 574Two-Hand
EN 418Emergency Stop
EN 61496-1Safety light curtains
EN 954ISO 13849 IEC 60204IEC 62061
PrintingEN 1010
Machine toolsEN 12417EN 12415EN 12478
PressesEN 692EN 693
PackagingEN 415
5Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
Change of Standards
EN ISO 13849-1
November 2011
EN 954-1
EN 61800-5-2
November 2006
November 2007
January 2006
IEC 61508
EN 62061
Valid Standard
Valid Standard Period 3 years
Valid Standard
Valid Standard
Valid Standard
invalid
Transition
Mac
hine
Bui
lder
Com
pone
nts
98/37/EG
January 2012
2006/42/EGEuropean Machine Directive
6Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
Change of Standards
Source: TÜV Rheinland
Technology
StandardsSafety on Machines
7Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Technology
StandardsSafety on Machines
Technology
StandardsSafety on Machines
Safety by Design - Drive for Technology Symposium 2010Standards
Change of Standards – Shortcomings of EN 954
Is not intended for complex and programmable electronic SystemsFailure Models are not adapted to complex electronic (µC, ASIC’s)Does not consider all aspects of the functional safety
- Failure avoidant safety measures- Avoidance and control of systematic failures- Documentation- Validation
Does not take the probability of dangerous failure into consideration- categorizes the structural design of safety relevant parts
(hardware) and their reliability and therefore the resistance against failures and the behavior in case of a failure only
8Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Machine Builder
Safety by Design - Drive for Technology Symposium 2010Standards
Process IndustryFactory Automation
EN ISO 13849-1EN ISO 13849-1
EN 954-1EN 954-1
EN 62061EN 62061
IEC 61508IEC 61508
DIN VDE 0801DIN VDE 0801
Safety of Machines(all technologies)
Electric, electronic and programmable electronic control systems (E/E/PES)
EN IEC 61511EN IEC 61511
Vendor
Invalid afterOct. 30th, 2011
C-StandardsEN 12417EN 12415EN 1010EN 415…..
C-StandardsEN 12417EN 12415EN 1010EN 415…..
Two competing standardsDoes this help building
machines safer?
9Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
Change of Standards
EN ISO 13849-1:2006
EN 954-1 IEC 61508
Deterministic Probabilistic
Proven Methods New Concepts
safety functionsrisk graphcategories (structure)
quantification: reliability and testing qualityfailures of common cause
+
10Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
What’s necessary to make a machine safe?
Risk
residual risk which is accepted by public
Inherent Process RiskChange of
Process Design
Additional Measures
SafetyInstrumented
System
Risk = Severity x Probability
EN ISO 13849-1:2006
EN 62061
IEC 61508EN 61800-5-2
The higher the contribution to risk reductionthe more resistant the safety function must be, that means the small probability of dangerous failure is allowed!
The higher the contribution to risk reductionthe more resistant the safety function must be, that means the small probability of dangerous failure is allowed!
11Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
-< 10-84
e>= 10-8 to 10-73
d>= 10-7 to 10-62
c>= 10-6 to 3 x 10-61
b>= 3 x 10-6 to 10-51
a>= 10-5 to 10-4-
Performance LevelPL
ISO 13849
Probability of dangerous failure per hour (1/h)
PFHd
Safety Integrity LevelSIL
IEC 61508IE
C 6
2061
ISO
138
49
Safety Software RequirementsMeasures for control and avoidance of systematic failures
Safety-related Parts of Control Systemof all Technologies
Simplified Estimation (worst case)regarding to:
HW Structure (Category like EN 954)Diagnostic Coverage (DC)
Reliability MTTFdFailure of Common Cause (CC)
electrical, electronic and programmable electronic control
Systems
calculation formula for subsystem architectures
12Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
Simplified V-model of software safety life-cycle (Annex J)General requirement: readable, understandable, testable, maintainable
SafetyFunctions
Specification
Safety relatedSoftware
specification
Systemdesign
ModuleDesign
Coding
Validation
IntegrationTesting
ModuleTesting
ValidatedSoftware
VerificationOutput
Validation
Verification SoftwareSpecification:- erroneous interpretation- avoiding gaps- precisely defining conditions- all the possible cases are handled- consistency tests- the different parameterizing cases- the reaction following a failure
Verification Coding:Programming Guide Lines
13Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
SafetyFunctions
Specification
Safety relatedSoftware
specification
Systemdesign
ModuleDesign
Coding
Validation
IntegrationTesting
ModuleTesting
ValidatedSoftware
Validation
Safety by Design - Drive for Technology Symposium 2010Standards
Software Safety Requirements (Extract)PL c to e
- Software design– State diagram or program flow chart– Modular and structured programming– Function blocks of limited size of coding– Code execution inside FB should have one entry and one exit
point– Architecture: input –> processing -> output– Assignment of a safety output at only one program location– Techniques for detection of external failure and for defensive
programming– Safety related and non-safety related application Software shall
be coded in different function blocks with well-defined data links– No logical combination of non-safety and safety related data that
lead to downgrading of the integrity level (e.g. no OR allowed)
14Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
Harmonization of International Standards
EuropeNorth America
ISO 12100 / ISO 14121
IEC 61508
IEC 60204
IEC 62061
IEC 61800-5-2
ISO 13849-1OSHA
ANSI/PMMI B155.1ANSI B65.1
NFPA 79:2007etc.
Machine Directive
EN ISO 13849-1EN 62061EN 60204
15Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
Harmonization of International StandardsNFPA 79: 2007 (examples from Annex A)
- A9.2 Information on the safety-related aspects of control functions is under consideration within IEC 62061 and ISO 13849 (revision)
- A9.4.1 IEC 62061, ISO 13849-1, ISO 13849-2 and ANSI B11-TR4 give guidance on design according to the determined risk reduction in the risk assessment.
- A9.4.3.2 IEC 62061, ISO 13849-1, ISO 13849-2 provide requirements for the design of control systems incorporating the use of software- and firmware-based controllers to performing safety-related functions. IEC 61508 provides requirements for the design of software- and firmware-based safety controllers. IEC 61800-5-2 and IEC 61508 give guidance to the drive manufacturer on the design of drives intended to provide safety functions.
16Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
Harmonization of International StandardsNFPA 79:2007
- 9.2.5.4.1.4* Where a Category 0 or Category 1 stop is used for the emergency stop function, it shall have a circuitry design (including sensors, logic, and actuators) according to the relevant risk as required by Section 4.1 and 9.4.1. Final removal of power to the machine actuators shall be ensured and shall be by means of electromechanical components. Where relays are used to accomplish a Category 0 emergency stop function, they shall be non retentive relays.Exception: Drives, or solid state output devices, designed for safety-related functions shall be allowed to be the final switching element, when designed according to relevant safety standards
(Annex A refers to the European Standards)A.9.2.5.4.1.4 IEC 61508 and IEC 61800-2 - Designed for Safety
Without this design confirmation the system will still require the electromechanical means of final disconnect.
17Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
Harmonization of International StandardsANSI/PMMI B155.1
- This version of the standard has been harmonized with international (ISO) and European (EN) standards by the introduction of hazard identification and risk assessment as the principal method for analyzing hazards to personnel and achieving a level of acceptable risk. This version of the standard is a major revision that integrates the requirements of ISO 12100 parts 1 and 2, and ISO 14121, as well as U.S. standards. Suppliers meeting the requirements of ANSI/PMMI B155.1:2006 may simultaneously meet the requirements of these three ISO standards.
1)
1) Risk Scoring like ISO 13849may be used.
18Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
Harmonization of International StandardsANSI/PMMI B155.1
- 7.2.8 Programmable electronic systems (PES) used in safety functions
– 7.2.8.1 GeneralPES may include a programmable logic controller (PLC), servo motion controller, computer numerical control (CNC), personal computer, human-machinery interface (HMI) or programmable limit switch (PLS). American National Standard ANSI/PMMI B155.1-2006 Page 29. A PES can be applied to safety functions when the design and use of the system meets the requirement(s) of the risk assessment. The design measures of the PES shall be chosen so the safety related performance provides adequate risk reduction per ISO 13849-1, and meets the appropriate safety integrity level (SIL) per IEC 62061. The PES shall be installed and validated to ensure that the specified performance for each safety function has been achieved. See also SIL in IEC 61508-5, IEC TR 61508-0..
19Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
Harmonization of International StandardsANSI/RIA/ISO 10218-1-2007 (Robots for Industrial Environment –Safety Requirements) Part 1 – Robots
- In 2007, according to Roberta Nelson Shea, U.S. robot users may soon gain greater access to these and other emerging technologies. That will come with the approval by ANSI - the American National Standards Institute - of ISO 10218 Part 1, an international robot safety standard that was published last June by the International Organization for Standardization (ISO)...
- Approved by ANSI 8/17/2007 as ANSI, RIA, and ISO standard
20Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
Benefits of Harmonization of International StandardsEnd User
- Same standards for machines sourced worldwide coming into their plant
- Multi-nationals can use same standards for plants at locations worldwide
Machine builder- Same standards for users worldwide – reducing need for
design variantsEquipment and Component suppliers
- Same standards for users worldwide – reducing need for certification to different (and in the past sometimes conflicting) standards
All- Same methodologies defined by IEC-61508 to be used in
all industries and applications
21Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Standards
Listed Testing Laboratories by the Occupational Safety and Health Administration (OSHA)
Standards approvable by NRTL
NRTLs listed by OSHA
22Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
ChallengeNew Machine Directive 2006/42/EGChange of standards
- EN 954-1 is going to be replaced- Probabilistic approach- Functional Safety Management- Safety requirements for application
programmingSafety concept of all machines to be usedafter Nov 2009 needs to be revised
From the user standpointChance
Make it right from the beginning. Upgrade it to state of the artModern safety technology offer advantages for machine builders and end usersInternational harmonized standards make global business easier since ANSI refers on newer IEC standardsUsing certified components makes life easier
PFHSILPL
Validation & Verification
Software Testing
Safety Plan
23Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
Safety on Board offers a simple and safe implementation of functional safety in accordance with safety standards and keeps the availability of the machine at the highest level
SafeLogic increases the flexibility of the safety application
SafeMotion raises the productivity of the machine
Control
Network
DriveAvoidance of unintended movement
Safe
Pro
cess
Flow
Con
trol
Safe
Dat
a
Tran
smis
sion
Safe
Mov
emen
t
Safe Processing
Safe Communication
24Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
Drive based Safety Functions
Safely monitored DecelerationSafe Torque OffSafe Operational StopSafe Stop 1Safe Stop 2Safely limited SpeedSafe Maximum SpeedSafely limited IncrementSafe DirectionSafely limited PositionSafe Position SwitchesSafe Homing ProcedureSafe Door LockingSafe I/O interface for Safety-PLCSafe Braking and Holding System
25Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
25Electric Drives and Controls 2008-03-08; BRC/PRM3; J. Ost
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
Safe Braking and Holding System – A New Milestone!
Fall protection on axes with gravity loadsWorld’s only onboard solution which complies with EN 954-1 Category 3Two independent brakes separately controlled and monitored by redundant, diverse channels in the driveEscalation strategy to protect the mechanical subsystemsApplications
PressesReel StandsLoading gantriesVertical guard doors…
26Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
3 principles are realized to detect latent failures
Dual channel data operation with diversityCross data comparison of safety related functionsDynamization of static modes
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
Safety On Board with IndraDrive
Dynamization
27Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
27Electric Drives and Controls 2007-11-05; BRC/PRM1; G. Kobs
IndraDrive Certificates – For global Business!
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
SIBE Certificate accepted by TÜV Rheinland- EN 954-1, ISO13849-1:1999
NRTL listing by TÜV Rheinland North America- NFPA 79, UL 508C, CAN/CSA C22.2,
ISO 13849-1:1999IEC 61508 certification by TÜV Rheinland and TÜV Rheinland of North America in work
- IEC 61508, IEC 61800-5-2, ISO 13849-1: 2006- with MPx06Vxx in 4Q/2008- S2, L2 control units
IndraDrive Mi and IndraDrive Cs with safety technology
- Expected availability: 2010
28Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
IndraDrive with Safety Functions – A Convincing Technology!
Safety Technology made by the experts having more than 8 years field experienceScalable Safety Functions minimize the potential of tampering and therefore reduce the hazard for injury caused by bypassing the safety measuresIncreased productivity by reducing downtimeOnline Testing (Failure Detection) during runtimeCost savings by reduction of external components and wiringMinimal Movement in case by detecting failures within 2msHigh reliability due to a encapsulated, certified solutionIndependent, whether wired, or with or without a safety PLC
29Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
Safety Functions“ASP“ used for E-Stop and “Stop/Locking“. (Machine stop synchronized by the virtual master axis) Safe Operational Stop when guards are openSafely limited speed in combination with safe direction for jogging forward and backward
Example Printing
30Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safe operational stop at printing cylinder for sleeve change
Safely limited speed for cylinder washing or jogging with open guards
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
“ASP“ used for E-Stop and “Stop/Locking“. (Machine stop synchronized by the virtual master axis)
Example Printing
31Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
Example printingSafe Mode:
- Safe Drive Interlock (ASP)- Safe Operational Stop (SBH)- Safely limited Speed (SBB)- Safely limited Speed with Safe Direction
Normal Operation:- Safe Maximum Speed
Tool plate could come offif centrifugal force becomes higher than magnetic force
32Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
connection to periphery
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
Complexity
Flexibility
E30
E1
E1
also parameterizable, modular Safety Modules
E1
E1
E30
Safety-Field bus
Safety-Installation bus
A B C D
33Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
Directly Hooked up to the Drive (A)No-Safety PLCDoor interlock can be controlled by the driveConnection to periphery
Both channels discrete wired- Requires open-contactor and
antivalent signals (may require relays with ESPE, E-Stop, Enabling)
One channel via the command variable- Requires open-contactor (may require
relays with ESPE)Diagnosis
By reading drive parameterIn case of direct wiring of both channels extra wiring to the controller necessary for detailed information
A
34Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
Directly Hooked up to the Drive (A)
Discrete inputs allow multiple safety functionsASPOperation Mode (normally series connection of all safety devices which put the drive in SBHEnablingSB1 / SB2 switch
When to use?Small machine with limited safety functionsJust wiring and parameterization of the drive
A
35Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
Safety Modules (B)
E30
E1
E1
also parameterizable, modular Safety Modules
B
No-Safety PLCConnection to periphery
via Safety Modules- One channel direct wired- One channel via the command
variable(Parameterizeable) Safety Modules can offer the possibility to build groups (simple “AND” “OR”) at reduced wiring efforts
DiagnosisBy reading drive parameterSafety Modules offer diagnosis capabilities which might be linked to the standard control via field bus
36Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
Safety Modules (B)
E30
E1
E1
also parameterizable, modular Safety Modules
B
Discrete inputs allow multiple safety functions
ASPOperation Mode (normally series connection of all safety devices which put the drive in SBHEnablingSB1 / SB2 switch
When to use?Small machine with less complex safety functionsJust wiring and parameterization of the drive
37Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
Safety Modules (B) - Example
PNOZ
Euchner SK
K11
K12
K11
K21
K12
K22
Diagnosis &Dynamization
Master
Drive
EA20
n
EA30
E2n
Diagnosis &Dynamization-
Slave
Drive
EA20
n
EA30
E2n
PLC
qTür
_Arb
eits
raum
_ent
reie
gln
qDyn
am (E
A30
)
qAx_
SafO
pMod
eSw
itch
(E2)
K30
Load door
EA10
n
EA10
n
PNOZ
Euchner TZ
K21
K22
Work space door
qNor
mal
_ope
ratio
n
38Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
Safety Modules with limited logic processing functionality (C)
E1
E1
E30
Safety-Installation bus
C
Safety Controller with limited capabilities(Parameterizable) Safety Controller can offer some logic processing capabilitiesLimited number of I/Os
Connection to peripheryvia Safety Controller
- One channel direct wired- One channel via the command
variableInstallation bus reduces wiring efforts
DiagnosisBy reading drive parameterSafety Modules offer diagnosis capabilities which might be linked to the standard control via field bus
39Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
Safety Modules with limited logic processing functionality (C)
E1
E1
E30
Safety-Installation bus
C
Discrete inputs allow multiple safetyfunctions
ASPOperation Mode (normally series connection of all safety devices which put the drive in SBH)EnablingSB1 / SB2 switch
When to use?Machines with mid-range complexityWiring and parameterization of the drive and safety processing unit
40Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
Safety Modules with some logic processing functionality (C)
Euchner TP3 PLC
+24V
Diagnosis &Dynamization
Master
IndraDrive
qDoo
r_Lo
ck
iAx_
Saf
Ctrl
Out
putS
tate
(A10
)
qDyn
amiz
atio
n(E
A30
)
EA
20n
EA
10
qAx_
Saf
OpM
odeS
witc
h (E
2)
EA
30
E2n
+24V
Diagnosis &Dynamization
Slave
IndraDrive
EA
20n
EA
10
EA
30
E2n
Diagnosis &Dynamization
Slave
IndraDrive
EA
20n
EA
10
EA
30
E2n
PNOZMulti-A1
i0 i1 i2 o4
i5 i6 i4i3 o0
Example for a drive group
+24V
L1
41Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
9 pin ribbon cable Special connector kit for
going over from standard wiringto 9 pin ribbon cable
Hardwiring from safety relays to 9 pin ribbon cableEase of use by
crimp connectorsEase of diagnostics by
24Volt signalsStandard wiring
Simple wiring recommendations for drive groups
42Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
Safety Modules with some logic processing functionality (C)
43Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
AS-iSafety
Monitor
AS-iSafety
Monitor
iEStopiProtection_Area_not_IOiEnable
qDynamization
EA30
E1n
E2n
E3n
IndraDrive
EA30
E1n
E2n
E3n
IndraDrive
EA30
E1n
E2n
E3n
IndraDrive
EA30
E1n
E2n
E3n
IndraDrive
PLC
EStop
ProtectionArea I/O
Enable AS-iSafety
Monitor
Con
sent
Sicherer AS-i Slave
Door 1 Door 2 Door nEStop
Sicherer AS-i Slave
Sicherer AS-i Slave
Sicherer AS-i Slave
44Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
Programmable Safety Control (D)
Safety-Field bus
D
Programmable Safety ControllerFlexible (IEC61131-1) programming
- FBs- OEM libraries
“unlimited” number of I/OsConnection to periphery
Safety-I/O- Built-in diagnosis
Safety Field bus- Standard, Safety-I/O and Drive on one
field bus- reduces wiring efforts
DiagnosisImplicit diagnosis of the Safety-I/Os within the standard diagnosis
45Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
Programmable Safety Control (D)
Safety-Field bus
D
Safety-Field bus allows unlimited safety functions
Boolean Control and Status BitsFeedback and Command valuesDrive as I/O unit
When to use?Machines with higher complexityCommon powerful diagnosisCommon engineeringProgramming of safety functions(instead of wiring)
46Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Modern Safety Technology on Machines
Why a Safety-PLC is not enough!However
- Many machines can be done without a Safety-PLC- Bosch Rexroth can offer real safe motion which is the key to
increase the productivity and safety, since the operator can do his job, he does not get hindered and motivated to tamper the safety measures.
- There are alternative concepts possible even with a competitors PLC
Our competitors may offer a Safety-PLC- But they can’t offer safe drives which provide more than a
safe stop or standstill- There is no alternative available
Bosch Rexroth is on it’s way to offer an integrated Safety-Control for all system solutions and all platforms
47Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
Why Safe Logic Processing?
Machine Operators
Cleaners
Service
Complex machines withMultiple access areasMultiple safety zonesMultiple operation panels
Fine-scaled safety functionsEscalated reaction rather than always shutting down
Safety Levels regarding the authorization Levels of
Machine operatorMaintenance peopleCleanersService
VersatilityModular machine designTailored to customer preferences
MaintenancePersonnel
48Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
SafetyControl
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
Failure detectionMinimizing the residual risk
WiringCost cutting of hardware and soft costs
InterfacesReduction of interfaces and minimizing the data exchange and programming effort
AvailabilityIntegration of the drive based safety functions in the overall engineering (diagnosis)
ValidationEffort reduction by using certified functions
StandardControl
Discrete SignalsLimit safety Functions
Additional Data Exchange
SafeMotionSafeMotionSafeMotionSafeMotion
Traditional Solutions offer Potential for Improvements
Auto Set-upAuto Set-up
DifferentEngineering Tools
++-
SafetyIO
StandardIO
49Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
One certified automation system
Standard + Safety
SafeMotionSafeMotionSafeMotionSafeMotion
One certified communication system
Standard + Safety
One certified engineering system
Standard + Safety
Certified FBs to represent the drive based safety functions in the PLC
Certified FBs for analysis of the safety periphery
Data exchange between motion and safety on system level
Integrated Solutions – Standard and Safety merge together
Auto Set-upAuto Set-up
++-
StandardIO
SafetyIO
SafetyControl
StandardControl
SafeLogicSafeLogic
SI
SI
MC
50Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Inline
IndraControl V
IndraWorksEngineering
IndraControl L
IndraDyn IndraDyn
Inline
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
Flexible connection of all components via one single network
StandardControlIODrives
SafetyControlIODrives
One-cable Safety-NetworkSERCOS safety
Consistent Engineering with IndraWorks
Safety Control
Safety Drive
Safety I/O
SafeLogicSafeLogicSafeLogicSafeLogic
Integration of 3rd party componentsPROFIsafe
IndraDrive
51Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
Logic Motion
IEC61131-3
Safety
Logic Motion
IEC 61131-3
Safety
SafeLogic – Just added when needed!
Safety Function Module converts standard controller into a safety controller
Optional extendible (can be upgraded later)No interference (constant cycle times, standard program and safety program have no influence on each other)
Seamless engineering and diagnostics in the standard control contextNo need for synchronization interfaces between the safety controller and the standard controller
HardwareApplications program
52Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
Working Principle
Safety Integrity gets ensured by the communication end-points (producer – consumer) independently of the transmission network (Black Channel)
Use of the interfaces of the standard control- SERCOS III
- PROFIBUS
- PROFInet
CPUStandardControl
SIII
DPS
1
2
S
I/O
1
1 2
I/O
1 2
SS
SS
SS
2
1 2
Black ChannelBlack Channel
on SERCOS III
53Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety Function Module for PC-and embedded controls
Safe networking between SERCOS networks using SERCOS safety C2CSafety sensor/actuator peripherals attached to
Inline local bus,
SERCOSPROFIBUS/PROFInet
Safety-I/O scaleable for SIL2 and SIL3 applications
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
Seamless Safety Topology – Homogenous and Open!
SERCOS safety
PROFIsafeIndraDrivePROFIsafe
IndraDriveSERCOS safety
Local busInline
Safety-I/O
Safety-Function module
EmbeddedControl
PCControl
SERCOS safety C2C
SIL2 SIL3
SIL2 SIL3
SIL2 SIL3
54Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
SERCOS safety – CIP Safety on SERCOS
Agreement between ODVA and SI, that SERCOS safety uses the CIP SafetyTM
technology to safeguard the data transmission
SERCOS safety V2.0 is
CIP Safety on SERCOSAdaptation of SERCOS to CIP SafetySERCOS specific safety profiles in accordance with the basic CIP Safety Profiles
BRC implements SERCOS safety on SERCOS III
SERCOS III SERCOS II
SERCOSadaptation to CIP Safety
CIP Safety
SEROCS safetyProfiles
CIP SafetyProfiles
Supported by:
55Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
SafetyManager contains everything to
Plan
Parameterize and
Program
the safety projectFull seamless integration with the standard tool
Same look and feelComprehensive diagnostics
Systematic safety integrity features built into the tool
User managementPLCopen Safety compliance
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
IndraWorks - Easy, Safe and Compliant Engineering!
SafetyManager
EditorKonfiguratorLibs
IndraWorks
56Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
“Graphical Programming“Analogous to the discrete wiring of conventional safety switching devices
Certified Function Blocks comparable to safety switching devices
The user can confine the verification according to the verification & validation plan at system integrationFunction Blocks are available as certified components
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
Principles
57Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
IndraWorks SafetyManager
Standard PLC
Safety-Function-Module
Safety-Program
Safety-IO
Safety-Viewer
Safety-Editor
58Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
SafeLogic – Functional Safety Flexible Programmed!
Lower Total Cost of Ownership from planning to operationOne communication medium for standard and safety technology, for I/O, Logic and DrivesSIL2, SIL3 scalabilityOptionally extendable, even later onMakes additional safety components (restart inhibits, two hand control, door locking, …) obsoleteCertified
Absence of interference between Safety and Standard Streamlines validationProvides constant cycle times
Easy Programming according to standardsOne common and consistent toolGraphical „wiring“ of certified FBsIntegration of the drive based safety technology into the safety application program at the bestIntegrated measures to avoid systematic failures
Integrated SolutionFor all systems and all platforms
59Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
SafeMotionSafe Braking and Holding SystemMarket leader, every fourth axis with safety functions ordered19 certified safety functionsFailure detection within 2 ms
SafeLogicOptional and independent from the standard controlFully integrated, everything on one cable, standard and safetyNo interference between Standard and Safety (cycle time, validation)Multi-Master: SERCOS safety and PROFIsafe
I/OScaleable in accordance to different requirement Levels (SIL)locally or distributed on PROFIBUS or SERCOSSIL2 roughly 40% cheaper than SIL3
EngineeringCommon tool for standard and safety applicationCertified Safety FBsIntegration of the drive based safety functions at the best
60Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety on Levels of IndraMotion
SafeMotion Drive BasedSafety Technology
SafeLogic SIL3 I/O
SafeLogic Safety-Function-Module
SafeLogic Safety-IO-Converter
SafeLogicIW SafetyManager
61Electric Drives and Controls 2008-03-06; BRC/PRM3; J. Ost© Alle Rechte bei Bosch Rexroth AG, auch für den Fall von Schutzrechtsanmeldungen. Jede Verfügungsbefugnis, wie Kopier- und Weitergaberecht, bei uns.
Safety by Design - Drive for Technology Symposium 2010Integrated Safety
RiskUnwanted motion or hazardous work- arounds of safety interlocks to recover from machine jams?
Mitigation Bosch Rexroth Motion on BoardSafe Stop andSafe Motion.