Introduction to Machine Safety Standards

Similar documents
CT433 - Machine Safety

PL estimation acc. to EN ISO

The Best Use of Lockout/Tagout and Control Reliable Circuits

New Thinking in Control Reliability

Session: 14 SIL or PL? What is the difference?

T71 - ANSI RIA R15.06: Robot and Robot System Safety

Implementing Emergency Stop Systems - Safety Considerations & Regulations A PRACTICAL GUIDE V1.0.0

Safety Legislation and Standards

Safety Circuit Design. Heinz Knackstedt Safety Engineer C&E sales, inc.

Grantek Systems Integration

Elements of a Lockout/Tagout Program OSHA

Application Note. Safety Sub-function PUS Category 1, up to PL c. Application Note PUS, Category 1, up to PL c M20 S22 R20 M1 Q20

Applications & Tools. Evaluation of the selection of a safetyrelated mode using non-safety-related components

Application Note. Safety Sub-functions SSC Category 1, up to PL c PUS Category 1, up to PL c. Application Note SSC, PUS, Category 1, up to PL c STOP

Integrating Safety and Automation

Managing for Liability Avoidance. (c) Lewis Bass

Safe Machinery Handbook

Available online at ScienceDirect. Jiří Zahálka*, Jiří Tůma, František Bradáč

Table 1: Safety Function (SF) Descriptions

Functional safety. Functional safety of Programmable systems, devices & components: Requirements from global & national standards

What safety level can be reached when combining a contactor with a circuitbreaker for fail-safe switching?

SEMI Headquarters 3081 Zanker Road City, State/Country: San Jose, CA, USA San Jose, CA, USA Leader(s):

Safely on the way in the automotive and Tier 1 supplier industry

Machine Safety Guide 1

The following gives a brief overview of the characteristics of the most commonly used devices.

Safe Machinery Handbook

San Francisco Marriott Marquis Hotel 55 Fourth Street City, State/Country: San Francisco, CA / USA San Francisco, CA / USA Leader(s):

TEST REPORT Safety Laboratory-MD Team Report No.: RA/2013/90003

Lockout/Tagout Training Overview. Safety Fest 2013

Safety in pneumatic automation

Every things under control High-Integrity Pressure Protection System (HIPPS)

Sample Written Program for The Control of Hazardous Energy (Lockout/Tagout)

MARIPOSA COUNTY LOCKOUT/TAGOUT PROGRAM

ICS Supersedes EN ISO :2006. English Version

Design of safety guards Under observation of ISO 14119

Functional Example CD-FE-I-029-V30-EN Safety-related controls SIRIUS Safety Integrated


Design of safety guards Under observation of ISO 14119

WORKSHOP SAFE ENGINEERING

Product Information Report Lockout/Tagout Hazardous Energy Control

Safety Manual VEGAVIB series 60

Hydraulic (Subsea) Shuttle Valves

Control of Hazardous Energy Lockout / Tagout Program

SAMPLE WRITTEN PROGRAM for Control of Hazardous Energy LOCKOUT TAGOUT

Understanding safety life cycles

RiskTopics. Lockout/Tagout October 2017

LO/TO LOCKOUT/TAGOUT PROGRAM

Implementing IEC Standards for Safety Instrumented Systems

Control of Hazardous Energy Program (Lockout/Tagout)

LOCKOUT/TAGOUT PROGRAM

Applicable and have been incorporated into North American Standards.

This session covers the safety procedure known as lockout/tagout, which is required by Occupational Safety and Health Administration (OSHA) in its

Safety Manual VEGAVIB series 60

Safety Manual OPTISWITCH series relay (DPDT)

230-LOCKOUT/TAGOUT PROGRAM

Lockout / Tag out Program

CONTROL OF HAZARDOUS ENERGY IN THE WORKPLACE

Safety Manual. Process pressure transmitter IPT-1* 4 20 ma/hart. Process pressure transmitter IPT-1*

Lockout/Tagout Program

FP15 Interface Valve. SIL Safety Manual. SIL SM.018 Rev 1. Compiled By : G. Elliott, Date: 30/10/2017. Innovative and Reliable Valve & Pump Solutions

Eutectic Plug Valve. SIL Safety Manual. SIL SM.015 Rev 0. Compiled By : G. Elliott, Date: 19/10/2016. Innovative and Reliable Valve & Pump Solutions

C. Mokkapati 1 A PRACTICAL RISK AND SAFETY ASSESSMENT METHODOLOGY FOR SAFETY- CRITICAL SYSTEMS

Instrumented Safety Systems

Safety-critical systems: Basic definitions

Lockout/Tagout Program

LOCKOUT TAGOUT. Quick Reference FAQs REQUIREMENTS OF THE STANDARD COMMONLY USED TERMS

RISK ASSESSMENT. White Paper.

Operating instructions Safety Rope Emergency Stop Switches ZB0052 / ZB0053 ZB0072 / ZB0073

University of Vermont Department of Physical Plant Burlington, Vermont

Failure Modes, Effects and Diagnostic Analysis

Lockout/Tagout Program Occupation Safety & Health Standards for General Industry 29 CFR

Bespoke Hydraulic Manifold Assembly

Ultima. X Series Gas Monitor

Lockout - Tagout. Control of Hazardous Energy OSHA Standard

Lockout/Tagout - Energy Control Program

LOCK-OUT/TAG-OUT (LO/TO) SAFETY PROGRAM

ARKANSAS TECH UNIVERSITY FACILITIES MANAGEMENT HEALTH AND SAFETY MANUAL (LOCKOUT/TAGOUT) 30.0

Lock Out/Tag Out Control of Hazardous Energy

LOCKOUT/TAGOUT PLAN August 2015

Energy Control Procedures Lockout/Tagout 29 CFR

Health, Safety, Security and Environment

Safety Beyond the Electrics

Understanding the How, Why, and What of a Safety Integrity Level (SIL)

LOCKOUT/TAGOUT PROGRAM

A study on the relation between safety analysis process and system engineering process of train control system

Facilities Management

DeZURIK. KGC Cast Knife Gate Valve. Safety Manual

Pneumatic QEV. SIL Safety Manual SIL SM Compiled By : G. Elliott, Date: 8/19/2015. Innovative and Reliable Valve & Pump Solutions

The Control of Hazardous Energy (Lockout/Tagout) California State University Chico

Service & Support. Questions and Answers about the Proof Test Interval. Proof Test According to IEC FAQ August Answers for industry.

SIL explained. Understanding the use of valve actuators in SIL rated safety instrumented systems ACTUATION

Solenoid Valves For Gas Service FP02G & FP05G

University of Arkansas Office of Environmental Health and Safety

This manual provides necessary requirements for meeting the IEC or IEC functional safety standards.

Solenoid Valves used in Safety Instrumented Systems

Lockout/Tagout - Control of Hazardous Energy Program

DeZURIK. KSV Knife Gate Valve. Safety Manual

E28/Q28 Safety Exhaust Valve Externally Monitored

Lockout Tagout Program

DSL, DSH: Specially designed pressure limiter

Transcription:

Introduction to Machine Safety Standards Jon Riemer Solution Architect Safety & Security Functional Safety Engineer (TÜV Rheinland) Cyber Security Specialist (TÜV Rheinland)

Agenda Understand the big picture of machine safety Connect the dots between Risk Assessment and safety control system design Work through the eight-step design process of ISO 13849-1 2

OSHA CFR 1910 Standards Question: What OSHA standards apply to machine guarding of production equipment? CFR 1910.147 Lockout / Tagout Standard Applies when employees perform maintenance and service to production equipment Requires that unexpected energization of equipment be prevented by removing all energy from a machine and locking the energy sources in the off-state whenever an employee must place any part of their body in a potentially hazardous location CFR 1910 Subpart O Machine Guarding Standards Applies when employees operate and work around equipment that is in the production state Requires that employers provide safeguarding of hazards that could cause injury or illness to employees Exception to Lockout/Tagout Applies when employees perform minor servicing to equipment Requires that employers provide effective alternative measures to safeguard employees Minor servicing must be routine, repetitive and integral to the operation 3

OSHA Connection OSHA lists National Consensus, that provide guidance https://www.osha.gov/sltc/robotics/ https://www.osha.gov/publications/mach_safeguard/chapt5.html National Consensus Note: These are NOT OSHA regulations. However, they do provide guidance from their originating organizations related to worker protection. R15.06-1999, Industrial Robots and Robot Systems - Safety Requirements ISO 10218-1:2006, Robots for Industrial Environments ANSI B11.19-1990, Machine Tools, Safe Guarding OSHA encourages employers to abide by the more current industry consensus standards since those standards are more likely to be abreast of the state of the art than an applicable OSHA standard may be. 4

EN/ISO and OSHA/ANSI Standards Hierarchy Comparison European Machine Directive 2006/42/EC OSHA Machine Safety 1910.xxx Safety of Machinery General Principles of Design and Risk Assessment ANSI/ISO 12100 Safety of Machinery General Principles of Design and Risk Assessment ANSI/ISO 12100 Machine Safety - safety-related parts of control systems EN/ISO 13849-1 PL a-e Machine Safety - Functional safety of control systems IEC 62061 SIL 1-3 Control Reliable Performance Criteria for Safe Guarding ANSI B11.19 Machine Safety - Electrical equipment of machines IEC 60204-1 Electrical equipment of machines ANSI/NFPA 79 5

Harmonization: ANSI/RIA 15.06-2012 National adoption of ISO 10218-1:2011 and ISO 10218-2:2011 Harmonization of standards ANSI: American Nation Standards Institute RIA: Robotic Industries Association ISO: International Organization of Standardization True Global Robotics Safety Standard No added North American Material 6

Machine Directive Machinery Official Journal (OJ) Published Standards Free download search Machinery OJ http://ec.europa.eu/enterprise/policies/european-standards/harmonised-standards/machinery/index_en.htm Assumption of Conformity all relevant harmonized standards and directives are obeyed BS British Standard EN European Norm ISO International Standards Organization 7

ISO Standard Development Development of ISO 13849 Technical Committee 199 Like United Nations One Country = One Vote ANSI gets one vote, BSI gets one vote Ex: Rockwell ANSI ISO 8

Functional Safety Design Process - the Safety Lifecycle 5. Operate, Maintain & Improve 1. Assessment 4. Installation & Validation 2. Functional Requirements 3. Selection, Design & Verification 9

Risk Definition Probability of Occurrence R I S K Is a function of Severity of Harm And - Exposure of Person to Hazard - Occurrence of Hazardous Event - Possibility to Avoid or Limit Harm Only changes with design ANSI/ISO 12100: 2012; Figure 3 10

Possible Mitigation Techniques Hierarchy of Protective Measures Design it out Most Effective Fixed enclosing guard Safety-Related Parts of Control Systems (SRP/CS) Monitoring Access / Interlocked Gates Awareness Means, Training and Procedures (Administrative) Personal protective equipment Least Effective 11

Risk Assessment Risk Assessment is the basis of risk reduction Process of risk analysis and risk evaluation A control system is a common risk reduction method When a control system is used, you must follow the iterative design process of the safety-related parts of a control system (SRP/CS) ISO 13849-1 is an iterative design process ISO 13849-1:2015; Figure 1 12

Risk Assessment Risk assessment performed as if existing safeguards are NOT in place A comprehensive risk assessment includes all hazard types and tasks Task based risk assessment identifies hazards based upon real machine interaction 13

Risk Assessment: RIA TR R15.306 Tasked Based Risk Assessment Methodology PLr PLc PLc PLd PLd PLd PLe 14

Risk Assessment Use system architecture to identify hazard sources Five sources of mechanical hazards: 1) Conveyor Belt 2) Bottle Side Belt 3) Sleeve Indexer 4) Sleeve Cutter 5) Vacuum Pump Other hazards sources: 1) Pneumatics 2) Hydraulics 3) Gravitational Vacuum Pump 15

Risk Assessment Sources of Mechanical Hazard Conveyor Belt Bottle Side Belt Sleeve Indexer Sleeve Cutter Vacuum Pump Operator doing Normal Operating Tasks on the Machine Possible injuries the Operator may sustain and Risk Level for each Risk Reduction Methods are identified A Control System for Risk Reduction = Safety Function Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 2018 Rockwell Automation TechED Event #ROKTechED 16

ISO 13849-1 Big Picture Goal: Minimize Safety Control System Failures Hardware Integrity Architecture Component Reliability Fault Detection and Reaction Random hardware failure can be mathematically modeled as a Probability of Dangerous Failure per hour (PFH D ). Systematic Integrity Design Quality Measures Project Management Specification and Documentation Human error can be avoided during the hardware and software design, implementation, and operation of the system. 17

Overview of ISO 13849-1 Design Flow ISO 13849-1:2015; Figure 3 1 2 3 4 5 6 7 Use the Risk Assessment to Identify all Safety Functions Specify each Safety Function Safety Requirements Specification (SRS) Determine the required Performance Level (PL r ) for each Safety Function Design and technical realization of each Safety Function Evaluate the Performance Level (PL) of each Safety Function Verification of the PL for each Safety Function (PL PL r ) Validation The Safety Control System meets the requirements of the SRS 1 2 3 4 5 6 7 8 Review the Risk Assessment to ensure all Safety Functions are analyzed 8 18

1 Identify Primary Safety Functions Safety Function = Control system for risk reduction List each hazardous energy source and triggering event possibility SF6 SF1-5 SF1 SF2 SF3 SF4 SF5 SF6 Guard Door 1 (op side) Protective stop and prevention of restart of the conveyor when opened Guard Door 1 (op side) Protective stop and prevention of restart of the bottle feed belts when opened Guard Door 1 (op side) Protective stop and prevention of restart of the sleeve feeder when opened Guard Door 1 (op side) Protective stop and prevention of restart of the cutter when opened Guard Door 1 (op side) Unlock with conditional time delayed unlock Guard Door 2 (dr side) Protective stop and prevention of restart of the sleeve feeder opened Guard Door 2 Drive Side 19

1 Identify Complementary Safety Functions Emergency Stop safety functions are complementary List each hazardous energy source SF12 SF7-11 SF7 SF8 SF9 SF10 SF11 SF12 Emergency Stop 1 (op side) of the conveyor when the emergency stop push button is pressed Emergency Stop 1 (op side) of the bottle feed belts when the emergency stop push button is pressed Emergency Stop 1 (op side) of the sleeve feeder when the emergency stop push button is pressed Emergency Stop 1 (op side) of the cutter when the emergency stop push button is pressed Emergency Stop 1 (op side) of vacuum pump when the emergency stop push button is pressed Emergency Stop 2 (dr side) of the sleeve feeder when the emergency stop push button is pressed E-stop Only Output E-stop 2 Drive Side 20

2 Safety Requirements Specification (SRS) SRS describes the characteristics of the safety-related parts of a control system (SRP/CS) Needed for the design and technical realization of the control system 21

2 Specify Safety Requirements (SRS) Detail each safety function Provides the pass/fail criteria for future verification and validation activities Describe interaction with standard machine control Document unique behavior or requirements 22

3 Determine the Required PL (PL r ) Severity and probability data from the Risk Assessment is needed ISO 13849-1, Annex A Risk Reduction by Safety Related Parts of the Control System Shows a risk graph scoring technique to identify Performance Levels (a, b, c, d & e) As risk increases, safety performance of the control system must increase RISK S1 & S2 Severity of Injury (Slight or Serious) F1 & F2 Frequency and/or Exposure (Seldom or Frequent) P1 & P2 Possibility of Avoidance (Possible or Not Possible) ISO 13849-1:2015; Figure A.1 23

3 Determine the Required PL (PL r ) Each safety function must have a PL r based upon Risk Assessment PL r may vary depending upon Safety Function risk scoring SF Safety Function Description PL r SF1 Guard Door 1 (op side) Protective stop and prevention of restart of the conveyor when opened b SF2 Guard Door 1 (op side) Protective stop and prevention of restart of the bottle feed belts when opened b SF3 Guard Door 1 (op side) Protective stop and prevention of restart of the sleeve feeder when opened d SF4 Guard Door 1 (op side) Protective stop and prevention of restart of the cutter when opened d SF5 Guard Door 1 (op side) Unlock with conditional time delayed unlock c SF6 Guard Door 2 (dr side) Protective stop and prevention of restart of the sleeve feeder opened d SF7 Emergency Stop 1 (op side) of the conveyor when the emergency stop push button is pressed b SF8 Emergency Stop 1 (op side) of the bottle feed belts when the emergency stop push button is pressed b SF9 Emergency Stop 1 (op side) of the sleeve feeder when the emergency stop push button is pressed d SF10 Emergency Stop 1 (op side) of the cutter when the emergency stop push button is pressed d SF11 Emergency Stop 1 (op side) of vacuum pump when the emergency stop push button is pressed a SF12 Emergency Stop 2 (dr side) of the sleeve feeder when the emergency stop push button is pressed c ISO 13849-1:2015; Figure A.1 24

4 Design and Technical Realization Typical Input, Logic and Output SRP/CS devices Input Logic Output E-stop buttons Interlock Switches Light Curtains Limit Switches Safety Relays Safety PLCs Contactors Safe Torque Off Drive Relays Solenoid Valves Develop a block diagram for each safety function Identify devices and assign them to Input/Logic/Output subsystems 25

4 Design and Technical Realization SF Safety Function Description PL r SF3 Guard Door 1 (op side) Protective stop and prevention of restart of the sleeve feeder when opened d SF5 Guard Door 1 (op side) Unlock with conditional time delayed unlock c SF9 Emergency Stop 1 (op side) of the sleeve feeder when the emergency stop push button is pressed d SF11 Emergency Stop 1 (op side) of vacuum pump when the emergency stop push button is pressed a SF3 I L O SF5 I L O Guard Door Switch Safety Relay Sleeve Feeder Servo Hazards Safe State Feedback Safety Relay Guard Door Unlock Solenoid SF9 I L O SF11 I L O E-stop push button Safety Relay Sleeve Feeder Servo E-stop push button Safety Relay Vacuum Pump Contactor 26

4 Design and Technical Realization Estimate number of annual operation (Nops) of each electromechanical component Highlight any components shared by safety functions Nops must include any normal operation SF3 SF9 Nops = 17,520 I Guard Door Switch I E-stop push button L Safety Relay L Safety Relay O Sleeve Feeder Servo Shared O Sleeve Feeder Servo SF5 SF11 Nops = 17,520 I Hazards Safe State Feedback I E-stop push button L Safety Relay L Safety Relay Nops = 17,520 O Guard Door Unlock Solenoid Nops = 100 Nops = 17,620 Nops = 100 Nops = 465 O Vacuum Pump Contactor 27

4 Design and Technical Realization With safety functions defined and block diagrams created: Review safety functions for design optimization Migrate electromechanical devices with solid state (remove Nops from equation) Interlocks dry contact OSSD Contactors to Safe Torque Off drive Electromechanical Safe Torque Off to solid-state Safe Torque Off Choose safety logic level to optimize total cost of ownership: Safety: Relay, Configurable Relay, PLC Review power structure to determine cost-effective energy control Hardware standardization will simplify design, verification, and validation Exceeding PL r is common Standardized hardware choices may allow combining of safety functions 28

4 Design and Technical Realization Specify bill of material for each Safety Function control system safety devices Interlock Switch Contactor Locking Interlock Switch Servo Safety Relay Drive Emergency Stop 29

4 Design and Technical Realization Identify safety data for each safety function device 30

5 Evaluate the Performance Level (PL) The Performance Level (PL) is a way to express the ability of an SRP/CS to perform a safety function under foreseeable conditions Two aspects to safety design process: 1. Hardware Integrity (PFH D ) 2. Systematic Integrity (Design Techniques) Both must be fulfilled to claim a PL for the safety function Performance Level Probability Dangerous Failure (PFH D ) a = 1 / 10,000 b = 1 / 100,000 c = 1 / 1,000,000 d = 1 / 10,000,000 e = 1 / 100,000,000 31

5 Evaluate the Performance Level (PL) Most systems have both electronic and electromechanical devices Using the manufacturer s safety data makes the PFH D calculation easier Sum up the device PFH D numbers to get the total safety function PFH D The PL is determined from ISO 13849-1, Table 2 Goal: Determine the PL of the Safety Function Electromechanical Category MTTF D (B10d/NOP) DC CCF PFH D : ISO 13849-1, Table K.1 Electronic PFH D : Manufacturer PFH D for all subsystems (Input, Logic & Output) Total PFH D Input PFH D Logic PFH D Output PFH D Safety Function (PL) from ISO 13849-1, Table 2 32

5 PL Variables: CATEGORY Cat 1 Contactor Motor Cat 3 Safety Safety Contactor 1Contactor 2 Motor Guard Interlock Switch Guard Interlock Switch Safety Monitoring Relay with startup check Cat 2 Guard Interlock Switch Safety Contactor Motor Cat 4 Guard Interlock Switch With Monitor Safety Safety Contactor 1Contactor 2 Motor OSSD Test 100x demand rate Safety Monitoring Relay Safety Monitoring Relay with startup check with startup check 33

5 Evaluate the Performance Level (PL) Interlock Switch and E-stop have B10d data and will require the complete ISO 13849-1 calculation A summary of the calculations are shown in the table Interlock Switch: PFH D = 4.29E-08 / PLe E-stop Button: PFH D = 4.29E-08 / PLe Contactor: PFH D = 1.14E-06 / PLc 34

5 Evaluate the Performance Level (PL) The total PFH D for each safety function is calculated by adding the PFHd values for each safety device SF3 Guard Door 1 Sleeve Feeder SF9 E-stop 1 Sleeve Feeder SF11 E-stop 1 Vacuum Pump Interlock Switch (I) Cat. 3/PLe PFH D = 4.29E-8 E-stop push button (I) Cat. 3/PLe PFH D = 4.29E-8 E-stop Push button (I) Cat. 3/PLe PFH D = 4.29E-8 Safety Relay (L) Cat. 4/PLe PFH D = 4.35E-9 Safety Relay (L) Cat. 4/PLe PFH D = 4.35E-9 Safety Relay (L) Cat. 4/PLe PFH D = 4.35E-9 Feeder Servo (O) Cat. 3/PLd PFH D = 5.90E-10 Feeder Servo (O) Cat. 3/PLd PFH D = 5.90E-10 Vac Pump Contactor (O) Cat. 1/PLc PFH D = 1.14E-6 Safety Function 1: Cat. 3/PLd PFH D = 4.78E-8 Safety Function 2: Cat. 3/PLd PFH D = 4.89E-8 Safety Function 3: Cat. 1/PLc PFH D = 1.18E-6 35

6 Verification of the PL (PL PL r ) For each safety function, the PL of the SRP/CS shall meet or exceed the PL r identified in Step 3 36

5 6 SISTEMA Software SISTEMA software supports SRP/CS designers with the calculation and documentation requirements of ISO 13849-1 The tool enables modeling of the SRP/CS devices and safety functions Calculation of the safety device reliability values and total safety function Performance Level (PL) The SISTEMA software free online: http://www.dguv.de/ifa/praxishilfen/practical-solutions-machine-safety/software-sistema http://www.marketing.rockwellautomation.com/safety-solutions/en/machinesafety/toolsanddownloads/sistema_download 37

7 Validation SRP/CS Meets the SRS SRP/CS shall be validated as a system ISO 13849-2 sets the requirements for validation and calls for a documented plan to confirm the requirements in the SRS are met Validation includes functional testing and fault injection to determine the system responds accordingly Use a checklist to document the validation of the SRP/CS 38

8 Verify all Safety Functions Analyzed The final step in the ISO 13849-1 design process is to review the Risk Assessment to ensure all Safety Functions have been identified and analyzed The Functional Safety Design process is iterative As changes are made, the risk assessment is used to review the impact to safety SF6 SF12 SF1-5 SF7-11 39

Share your Feedback Please complete a session survey on the mobile app Download the Rockwell Automation Events App Select Rockwell Automation TechED and login Click on Session Surveys or Schedule in the main menu Select the session you are attending Click on the survey tab Complete the survey and submit 40

Questions? www.rockwellautomation.com #ROKTechED

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback