safety-risk-assessments_pls-and-sils.pptx

LISTEN. THINK. SOLVE~W09-SafetyRiskAssessmentsRockwell@ Allen-Bradley Rockwell software AutomationRev 5058-CO900CCopyright 2012 Rockwell Automation, Inc. All rights reserved.2Copyright 2012 Rockwell Automation, Inc. All rights reserved2.FunctionalSafety2FunctionalGeneric Electrical Control SystemsSafetyStandardsIEC61508Process Electrical Control SystemsIEC61511SILElectricalSystemsPLSystemsAutomotive Road vehicles Functional safetyASILISO262623Copyright 2012 Rockwell Automation, Inc. All rights reserved3.MachineryControl IEC 62061MachineryControl ISO 13849-1(All technologies)EULegislationMachinery Directive"Aim: Harmonization"EuropeanDirectiveENISO 13849 (i.e. Standards)European Regulations"Each Country: Adoption"NF EN ISO 13849 FranceDIN EN ISO 13849 Germany UNI EN ISO 13849 Italy NORM EN ISO 13849 AustriaNational RegulationsCE - InformationCopyright 2012 Rockwell Automation, Inc. All rights reserved4.4Directives vs. StandardsDirective = Law: Machine Directive 2006/42/EC. EMC Directive 2004/108/CE.(Electromagnetic Compatibility) Low Voltage Directive 2006/95/CE (Low Voltage Directive) ATEX Directive 94/9/EC(Classified Area Explosives) Work Equipment Directive 89/655/EEC Framework Directive "worker protection" 89/391/EEC Essential Health and Safety Requirements Machine Directive - Annex 1Standards (European Norms) = Technical Rules Standards contain compliance assumptions: EN ISO 12100 Risk Reduction and RiskAssessment methodology EN 62061, EN ISO 13849..... Functional safety of control systemsCE - InformationCopyright 2012 Rockwell Automation, Inc. All rights reserved.5Common EssentialHealthandSafetyRequirementsof work equipment"UWEDEHSRs Essential Health and Safety RequirementsCE - InformationCopyright 2012 Rockwell Automation, Inc. All rights reserved.6Machinery Directive2006/42/ECEHSRs89/655/CEEDirective on "the useMachinery Directive - 2006/42/ECMachinery Directive - 2006/42/ECFor best info see:http://ec.europa.eu/enterprise/mechan_equipment/machinery/index.htm Clear requirement for Risk Assessment at design stage Full Quality Assurance Scheme for Annex IV machines No Certificate of Adequacy option for Annex IV Clarification and relevance updated Covers partly completed machineryGuide to Application of the Machinery Directivehttp://ec.europa.eu/enterprise/sectors/mechanical/files/machinery/guide_application_directive_2006-42-ec-1st_edit 12-2009_en.pdfCopyright 2012 Rockwell Automation, Inc. All rights reserved.7Essential Health and SafetyRequirementsIn the Machinery Directive, Annex I the general principles forconformance are communicatedA Risk Assessment must be carried out to determine the health and safety requirements which apply to the machinery. On Initial machines, the machine concept must be developed prior to the initial risk assessment being performed this would be an iterative process in the beginning stages of the project The machinery must then be designed and constructed taking into account the results of the risk assessmentSteps Outlined for a Risk Assessment: Determine the limits of the machinery (intended use and reasonably foreseeable misuse) Identify the hazards Estimate the Risks Evaluate the risk with a view for determining if risk reduction is requiredEliminate the hazard or reduce the risks by the application of protective measuresCopyright 2012 Rockwell Automation, Inc. All rights reserved.8Essential Health and SafetyRequirementsEssential Health and Safety Requirements are comprised of 1 main sectionand 5 supplementary sections These sections outline requirements for the application and performance of the systems / machine / documentationfunctionalEssential Health and Safety Requirements- (Main Section)Supplementary Essential Health and Safety Requirements: For certain categories To offset hazards due To offset hazards dueofto tomachinerythe mobility of machinery lifting operations For Machinery intended for underground work For Machinery presenting particular hazards due personstothe liftingofCopyright 2012 Rockwell Automation, Inc. All rights reserved.9Essential Heath and SafetyRequirements (EHSRs)EHSRs cover topics such as these (not all inclusive see Annex I)DefinitionsPrinciples of Safety IntegrationMaterials utilized to construct machineryLightingErgonomicsControl Systems (Safety and Reliability) GeneralControl DevicesStarting & Stopping of the machinerySelection of Control Modesand specific requirementsFailure mode considerations component failure, machine breakup, etc.Risks related to a list of many aspects of the use of the machineryGuarding requirementsMaintenanceInformation for use / Marking of machineryCopyright 2012 Rockwell Automation, Inc. All rights reserved.10Essential Heath and SafetyRequirements (EHSRs) To meet the EHSRs there are standards.(See List in the Official European Journal) Part of resourcesEN Harmonized European Standards These standards are common to all EEA countries and are produced by the European Standardization Organizations CEN and CENELEC. Their use is voluntary but designing and manufacturing equipment to them is the most direct way of demonstrating compliance with the EHSRs. There are 3 types of Standards: Type A. Standards: Cover aspects applicable to all types of machines. Type B. Standards: Subdivided into 2 groups. Type B1 STANDARDS: Cover particular safety and ergonomic aspects ofmachinery. Type B2 STANDARDS: Cover safety components and protective devices. Type C. Standards: Cover specific types or groups of machines.Copyright 2012 Rockwell Automation, Inc. All rights reserved.11Standards-EN,ISOand IECEXAMPLESType AEN ISO 12100 Safety of machinery. Basic principles Risk assessment and risk reductionType BEN ISO 13849-1 - Safety related parts of control systemsEN ISO 13850 - Emergency stop functionEN / IEC 62061 - Functional safety of electrical control systemsEN / IEC 60204-1 - Safety of machinery. ElectricalEquipmentEN 574 / ISO 13851 Two hand controlsType CEN ISO 2860 - Earth Moving MachineryEN ISO 8230 - Safety requirements for dry-cleaning machinesCopyright 2012 Rockwell Automation, Inc. All rights reserved.12StandardsforFunctionalSafetyENISO 12100machinery. Means of access toEN ISO 13849IEC 62061EN ISO 13849-1&2IEC 62061-1ISO 23849EN 60204EN 61508EN ISO 13849IEC/EN 62061Copyright 2012 Rockwell Automation, Inc. All rights reserved.13Other safety type standardsEN ISO 14122 - Safety ofmachineryISO 14120 EN 953 - Safety of machinery --GuardsEN 614-2 - Safety of machinery. Ergonomic designetc.,.etc....Design and Risk Assessment of theMachineEN ISO 12100: 2010 - Safety of machinery -- General design -- Risk Assessment and Risk ReductionprinciplesforCopyright 2012 Rockwell Automation, Inc. All rights reserved.14EN ISO 13849 and EN/IEC 62061 -Design of Safety-related Control Systemsfor MachineryMethodology using: Safety related control functions System-based approachQualitative Index of Safety: Safety Integrity Level PL/SIL assessment methodology Architecture orientated Quantitative indication of safety reliability(PL or SIL) Requirements for avoidance control of systematic failuresCopyright 2012 Rockwell Automation, Inc. All rights reserved.15EN ISO 12100 Safety of machinery -General principles for design - Risk assessment and risk reductionBasic terminology, methodology and Technical principlesHazard types: Mechanical, electrical, thermal, noise, vibration, radiation, materials and substances,ergonomic, slips trips and falls, environment.Risk reductionProtective measuresInherently safe design measures Provisions for maintainability Preventing electrical hazardsMinimizing the probability of failure of safety functionsEN ISO 12100 provides the frame work for the design of the risk reduction elements:Safeguarding and protective measuresSignals, signs and warning devicesIndexes to more specific B type standardsCopyright 2012 Rockwell Automation, Inc. All rights reserved. 16RiskReductionSafetySystemDesignTime to use our brains!Copyright 2012 Rockwell Automation, Inc. All rights reserved.17EN ISO 12100: Safety of Machinery Risk Assessment and Risk ReductionOCCURRENCEIS A FUNCTION OFAND General principles Risk estimation Checklists of hazardtypes, hazardousevents and hazardous situationsSee ISO TR 14121-2 for worked examplesof methodologiesCopyright 2012 Rockwell Automation, Inc. All rights reserved.18avoidancehazardous eventPROBABILITY OFExposure to the hazardOccurrence of thePossibility ofSeverity of HarmRiskFundamentalProcessNextRisk(3) Risk EvaluationUnacceptableAssessmentCopyright 2012 Rockwell Automation, Inc. All rights reserved. 19Risk ReductionAnalysis (1) Hazard IdentificationDefine the Machine Characteristics and Limits (LOM)RiskHazard(2) Risk EstimationAcceptableTolerableRiskAn ExampleThe Starting Point Risk AssessmentEN ISO 12100 Safety of machinery General principles for design Risk assessment and risk reductionISO TR 14121-2: Safety of machinery Risk assessment Part 2: Practical guidance and examples of methodsOSHA 29 CFR 1910 Subpart O - Machinery and Machine GuardingANSI B11.0-2010 - Safety of Machinery; General Requirements and Risk AssessmentCSA Z434-04 Safeguarding of machineryISO 10218-1&2: Safety requirements for industrial robotsHazardIdentificationRiskEstimationRiskEvaluationTaskAnalysisCopyright 2012 Rockwell Automation, Inc. All rights reserved.20Risk Assessment and RiskReductionHierarchy of measures for risk reduction Inherently safe design measures Safeguarding and protective measures Information for use / training / PPE etc. Personal Protective EquipmentCopyright 2012 Rockwell Automation, Inc. All rights reserved.21Protective Measures and Safety RelatedControl Systems - EN ISO 13849-1Protective measureshazards that will be addressed by a safety related control systemRequirements for enclosureaccessintorobot Cleaning Teaching MaintenanceCopyright 2012 Rockwell Automation, Inc. All rights reserved.22Protective Measures and Safety RelatedControl Systems - EN ISO 13849-1Functional requirements specification1.Automatic mode Lock the guard door when closed unless power is OFF and motion is stopped.Automatic Mode - Isolate power if guard door is not closed.Teach Mode - Allow power for robot teaching only with safe limited speed conditions and with local control enabling device activated and guard door open2.3.Copyright 2012 Rockwell Automation, Inc. All rights reserved.23EN ISO 13849-1Recommendationsforits Practical Use1 Automatic mode - Lock the guard door when closed unless power is OFF and motion is stopped.Copyright 2012 Rockwell Automation, Inc. All rights reserved. 24Robot axis power statusRobot axis motion statusRelease of stored energyLock release requestRobot in home positionGuard unlockCommand StatusONNOT STOPPEDNOT RELEASEDOFFONNOT STOPPEDRELEASEDOFFONSTOPPEDNOT RELEASEDOFFONSTOPPEDRELEASEDOFFOFFNOT STOPPEDNOT RELEASEDOFFOFFNOT STOPPEDRELEASEDOFFOFFSTOPPEDNOT RELEASEDOFFOFFSTOPPEDRELEASEDONEN ISO 13849-1Recommendationsforits Practical Use2 - Automatic Operation Mode - Isolate power if guard door is not closed and lockedCopyright 2012 Rockwell Automation, Inc. All rights reserved. 25Guard DoorStatusGuard LockStatusOutput ActuatorsStatusOPENUNLOCKEDOFFOPENLOCKEDOFFCLOSEDUNLOCKEDOFFCLOSEDLOCKEDONEN ISO 13849-1Recommendationsforits Practical Use3 - Teach Mode - Allow power for robot teaching only with safe limited speed conditions and with local control enabling device activated and guard door openCopyright 2012 Rockwell Automation, Inc. All rights reserved. 26Safe SpeedGuard DoorStatusManual Local Control PriorityEnabledOutput Actuators StatusNOCLOSEDNOOFFNOCLOSEDYESOFFNOOPENNOOFFNOOPENYESOFFYESCLOSEDNOOFFYESCLOSEDYESOFFYESOPENNOOFFYESOPENYESONEN ISO 13849-1Recommendations forits Practical UseWhat is the requiredPerformance Level (PL)?Teach Mode Safety Function: Allow power for robotlocal control enabling device activated and guard doorActuationControl UnitSafe Limited SpeedFully decomposethe safety functionCopyright 2012 Rockwell Automation, Inc. All rights reserved.27Safety Related Electrical Control System:Safe SpeedGuard DoorStatusManual Local Control Priority EnabledOutput Actuators StatusNOCLOSEDNOOFFNOCLOSEDYESOFFNOOPENNOOFFNOOPENYESOFFYESCLOSEDNOOFFYESCLOSEDYESOFFYESOPENNOOFFYESOPENYESONContactorsSafe Speed3 PositionEnabling DeviceGuard InterlockSwitchShaft EncodersOutputLogic SolvingManual LocalControlDoor ClosedSensingSafe SpeedSensingteaching only with safe limited speed conditions and withopenEN ISO 13849-1 Recommendations forits Practical UseDecomposition ofrobot teaching only with safe limited speed conditionsTeachmodesafetyfunctionActuationControl UnitsensingStatusCopyright 2012 Rockwell Automation, Inc. All rights reserved.28a - Safe Limited Speedb Enabling functionSafe SpeedGuard DoorStatusManual Local Control Priority EnabledOutputActuatorsNOCLOSEDNOOFFNOCLOSEDYESOFFNOOPENNOOFFNOOPENYESOFFYESCLOSEDNOOFFYESCLOSEDYESOFFYESOPENNOOFFYESOPENYESONc Guard door closedContactorsSafe Speed3 PositionEnabling DeviceGuard InterlockSwitchShaft EncodersOutputLogic SolvingManual LocalControlDoor positionSensingSafe SpeedSensingTeach Mode Safety Function: Allow power forand with local control enabling device activated andguard door openEN ISO 13849-1 Recommendationsforits Practical UseWhat is the requiredPerformance Level (PLr)?ActuationControl UnitStatusSafe Limited SpeedCopyright 2012 Rockwell Automation, Inc. All rights reserved.29Safety Related Electrical Control System:Safe SpeedGuard DoorStatusManual Local Control Priority EnabledOutputActuatorsNOCLOSEDNOOFFNOCLOSEDYESOFFNOOPENNOOFFNOOPENYESOFFYESCLOSEDNOOFFYESCLOSEDYESOFFYESOPENNOOFFYESOPENYESONContactorsSafe SpeedShaft EncodersOutputLogic SolvingSafe SpeedSensingTeach Mode Safety Function 1: Safe Limited Speed.EN ISO 13849-1 - PL allocationPLr allocation for each safety functionEN ISO 13849-1 risk graphFor example PLr for safe limited speed function= PL?Copyright 2012 Rockwell Automation, Inc. All rights reserved. 30EN ISO 13849-1Safety Related PartsSafety of Machinery of Control SystemsThen we choose the most suitable combination ofStructure (Category), Reliability (MTTFd) andDiagnostics (DC)To achieve that Performance Level (PL)Control UnitSafe Limited SpeedCopyright 2012 Rockwell Automation, Inc. All rights reserved.31Safety Related Electrical Control System:ContactorsSafe SpeedShaft EncodersCopyright 2012 Rockwell Automation, Inc. All rights reserved. 32EN ISO 13849-1Safety Related PartsSafety of Machineryof Control SystemsSee annex KSafe Limited SpeedSafety Related Electrical Control System:ContactorsSafe SpeedControl UnitShaft EncodersEN ISO 13849-1 Recommendations forits Practical UseMTTFd ofChannel 1Control Unit 1MTTFd ofChannel 2PFHd or MTTFd at Subsystem levelControl UnitControl UnitSafe Limited SpeedCopyright 2012 Rockwell Automation, Inc. All rights reserved.33Safety Related Electrical Control System:ContactorsSafe SpeedShaft EncodersShaft Encoder 1Safe SpeedContactor 2Shaft Encoder 2Contactor 2Shaft Encoder 1Safe SpeedContactor 2Shaft Encoder 2Safe SpeedControl Unit 2Contactor 2Derek Jones09/09/2010Copyright 2012 Rockwell Automation, Inc. All rights reserved. 34EN ISO 13849-1 Recommendations forits Practical UseEN ISO 13849-1:SISTEMA Calculation ToolSISTEMA (available in multiple languages)PL Calculation software for EN ISO 13849-1 Free to use Data Libraries available Independent MaintainedCopyright 2012 Rockwell Automation, Inc. All rights reserved. 35Where can you download SISTEMA andData?Rockwell Automation Safety Resource Center at: :http://discover.rockwellautomation.com/SA_EN_Functional_Safety.aspxCopyright 2012 Rockwell Automation, Inc. All rights reserved.36OverviewofSISTEMACopyright 2012 Rockwell Automation, Inc. All rights reserved. 37IEC 62061 MachinerysafetyrelatedE/E/PE control systemsIEC EN 62061 risk chartSafety Integrity LevelSIL allocation for each safety functionFor example safe limited speed function = SIL?Copyright 2012 Rockwell Automation, Inc. All rights reserved. 38IEC 62061 Machinery safety relatedE/E/PE control systemsSIL 3requiredfortheSafetyFunction:Teachmode Safe limitedspeedControl UnitSafe Limited SpeedCopyright 2012 Rockwell Automation, Inc. All rights reserved.39Safety Related Electrical Control System:ContactorsSafe SpeedShaft EncodersIEC 62061 Machinery safety relatedE/E/PE control systemsSIL 3required for theSafety Function:Teachmode SafelimitedspeedSubsystemSIL CL = 3PFHD = 4.3 x 10-8SubsystemSIL CL = 3PFHD = 3.38x 10-9SubsystemSIL CL = 3PFHD = 1.50 x 10-9Control UnitSafe Limited Speed10-8TotalPFHD = 4.788xSIL achieved=3Copyright 2012 Rockwell Automation, Inc. All rights reserved.40Safety Related Electrical Control System:ContactorsSafe SpeedShaft EncodersThe real world - HRN From Risk assessmenttoPLCopyright 2012 Rockwell Automation, Inc. All rights reserved. 41HRNHazard rating numberof overall machineBy inherently safe design of machine and its control systemGuards & protective devicesMap HRN toISO13849 / IEC 62061Risk GraphSafety FunctionalRequirementPLr / SIL Safety IntegrityRequirementQualitative informationl world - HRisk assessmISO 13849-1OrIEC 62061SISTEMADid Iincrease or reduce The original HRN? Severity? Probability?The reaFrom RNenttoPLCopyright 2012 Rockwell Automation, Inc. All rights reserved. 42Design of safetyFunction(s)Risk ReductionInformation & PPERisk Assessment of overall machineHazardIdentitiesMap HRN toISO13849 / IEC 62061Risk GraphSafety FunctionalRequirementPLr / SIL Safety IntegrityRequirementQualitative informationl world - HRisk assessmHRNHazard rating numberof overall machineBy inherently safe design of machine and its control systemGuards & protective devicesISO 13849-1OrIEC 62061SISTEMADid Iincrease or reduce The original HRN? Severity? Probability?The reaFrom RNenttoPLCopyright 2012 Rockwell Automation, Inc. All rights reserved. 43Design of safetyFunction(s)Risk ReductionInformation & PPERisk Assessment of overall machineHazardIdentitiesLISTEN. THINK. SOLVE:ThankyouforparticipatingRockwell@ Allen-Bradley Rockwell software AutomationRev 5058-CO900CCopyright 2012 Rockwell Automation, Inc. All rights reserved.