ENG / SERVICES

Machinery Safety
Safety System Design

Purpose
The purpose of this module is to give you an understanding of the process of safety system design. After this session you will:
Be able to identify the two international standards related to interlocks and safety related control systems Have a basic understanding of the ISO 13849-1 process for defining the required Performance Level (PL) of a safety related control system
Note: This session is not intended to give you the specialist skills to design a safety related control systems. Persons with these skills may be available in your MES E&A group and are available from external consultants, e.g. Rockwell.

Machinery Safety Control Systems EN 954-1

S Severity of Injury S1 = Slight (normally reversible) injury S2 = Serious (normally irreversible) injury, including death F Frequency and/or duration of exposure to the hazard F1 = Seldom to quite often and/or short exposure time F2 = Frequent to continuous and/or long exposure time P Possibility of avoiding the hazard P1 = Possible under specific conditions
P2 = Nearly impossible

Risk Estimation

Circuit Category
B = Basic, Able to operate under expected conditions 1 = B + Proved components and safety principles 2 = B + Proved safety principles + tested at appropriate intervals 3 = B + Proved safety principles + a single fault does not lead to loss of
safety function + if possible, individual faults should be detected

4=

B + Proved safety principles + a single fault in each of these parts does not lead to loss of safety function + individual faults are detected before the next safety function

SUPERCEDED

New Standards
EN 62061 Safety of Machinery Functional safety of safety related electrical, electronic and programmable electronic systems Applies only to electrical control systems
International Electrotechnical Commission

ISO 13849-1 Safety of Machinery Safety related parts of control systems principles for design Applies to all types of control systems electrical, pneumatic, mechanical, hydraulic Uses the same categories for defining the system structure as EN 954-1, i.e. B,1,2,3 and 4.
International Organisation for Standardisation (ISO)

ISO 13849 Working Method (Simplified)

START Identify the Safety Functions

Determine the System Scope

(space, usage, time, environment)

Determine PLr
(Often from Risk Estimate)

Identify the Risk Sources

(all work operations during the life cycle)

Design and implement the solution for the safety function

Estimate the Risk

(determine PL with S, F and P)

Calculate the PL

Evaluate the Risk

(Is action required?)

Verify that PL PLr

Reduce the Risk

(Avoid, Protect/Safety Devices, Information) END

Calculate the PLr

Performance Level required to manage the Risk Source How significant is the risk and therefore what risk reduction performance does the solution need to have.

PLr =

S Severity of injury
S1 Slight (normally reversible, bruises, abrasions,
puncture wounds, minor crushing injuries)

S2 Serious (normally irreversible or death, skeletal

injuries, amputations, death)

F Frequency and/or exposure to hazard

F1 Seldom to less often and/or exposure time is short
(less than once per hour)

F2 Frequent to continuous and/or exposure time is long

(more than once per hour)

P Possibility of avoiding hazard or limiting harm

P1 Possible under specific conditions (slow machine
movements, plenty of space, low power)

P2 Scarcely possible (quick machine movements,

crowded, high power)

ISO 13849 Working Method (Simplified)

START Identify the Safety Functions

Determine the System Scope

(space, usage, time, environment)

Determine PLr
(Often from Risk Estimate)

Identify the Risk Sources

(all work operations during the life cycle)

Design and implement the solution for the safety function

Estimate the Risk

(determine PL with S, F and P)

Calculate the PL

Evaluate the Risk

(Is action required?)

Verify that PL PLr

Reduce the Risk

(Avoid, Protect/Safety Devices, Information) END

Eliminate the Risk

Elimination
(completely remove the hazard)

Substitution
(substitute a hazardous machine or process with a non hazardous one)

Engineering
(guarding, enclosure, automation)

Administration
(Training, SOPs, reducing number and time of exposure, LOTO, signs)

PPE
(Avoid, Protect/Safety Devices, Information)

ISO 13849 Working Method (Simplified)

START Identify the Safety Functions

Determine the System Scope

(space, usage, time, environment)

Determine PLrequired Determine PLr (Often from Risk Estimate) (Often from Risk Estimate)

Identify the Risk Sources

(all work operations during the life cycle)

Design and implement the solution for the safety function

Estimate the Risk

(determine PL with S, F and P)

Calculate the PL

Evaluate the Risk

(Is action required?)

Verify that PL PLr

Reduce the Risk

(Avoid, Protect/Safety Devices, Information) END

Calculate the PLr

PLr = Required Performance Level for the remaining Risk Source S Severity of injury
S1 Slight - normally reversible (bruises, abrasions,
puncture wounds, minor crushing injuries)

S2 Serious - normally irreversible or death (skeletal

injuries, amputations, death)

F Frequency and/or exposure to hazard

F1 Seldom to less often and/or exposure time is short
(less than once per hour)

F2 Frequent to continuous and/or exposure time is long

(more than once per hour)

P Possibility of avoiding hazard or limiting harm

P1 Possible under specific conditions (slow machine
movements, plenty of space, low power)

P2 Scarcely possible (quick machine movements,

crowded, high power)

10

ISO 13849 Working Method (Simplified)

START Identify the Safety Functions

Determine the System Scope

(space, usage, time, environment)

Determine PLr
(Often from Risk Estimate)

Identify the Risk Sources

(all work operations during the life cycle)

Design and implement the solution for the safety function

Estimate the Risk

(determine PL with S, F and P)

Calculate the PL

Evaluate the Risk

(Is action required?)

Verify that PL PLr

Reduce the Risk

(Avoid, Protect/Safety Devices, Information) END

11

Safety Function
INPUT LOGIC OUTPUT RESULT

Interlock Switch
Light curtain Emergency Stop 1 Emergency Stop 2

Safety Relay
Safety Relay Safety Relay

Redundant monitored contractors Redundant monitored contractors Redundant monitored contractors

Line stops
Line stops Line stops

Identical to Emergency Stop 1 so no need to calculate

Two hand device Light curtain Non contact sensor

Safety PLC Safety PLC Safety PLC

Machine stop input to robot, redundant Machine stop input to robot, redundant Machine stop input to robot, redundant

Robot stops Robot stops Robot stops

12

ISO 13849 Working Method (Simplified)

START Identify the Safety Functions

Determine the System Scope

(space, usage, time, environment)

Determine PLr
(Often from Risk Estimate)

Identify the Risk Sources

(all work operations during the life cycle)

Design and implement the solution for the safety function

Estimate the Risk

(determine PL with S, F and P)

Calculate the PL
(of the Safety Solution)

Evaluate the Risk

(Is action required?)

Verify that PL PLr

Reduce the Risk

(Avoid, Protect/Safety Devices, Information) END

13

Calculate PL of the safety function (simplified)

B 1 2 Basic, Able to operate under expected conditions B + Proved components and safety principles B + Proved safety principles + tested at appropriate intervals B + Proved safety principles + a single fault does not lead to loss of safety function + if possible, individual faults should be detected B + Proved safety principles + a single fault in each of these parts does not lead to loss of safety function + individual faults are detected before the next safety function

Component Architecture
(Category B,1,2,3 or 4)

MTTF

Safety Function Design

Mean Time to Failure

Nil Low Medium High

<60% >60% to <90% >90% to <99% >99%

PL
Performance Level

Diagnostic Coverage

Nil Low Medium High

<60% >60% to <90% >90% to <99% >99%

Common Cause Failure

Diversity Separation Electromagnetic compatibility Protection against pollution

14

Calculate PL of the safety function (not simplified !!)

USE A SPECIALIST
15

ISO 13849 Working Method (Simplified)

START Identify the Safety Functions

Determine the System Scope

(space, usage, time, environment)

Determine PLr
(Often from Risk Estimate)

Identify the Risk Sources

(all work operations during the life cycle)

Design and implement the solution for the safety function

Estimate the Risk

(determine PL with S, F and P)

Calculate the PL

Evaluate the Risk

(Is action required?)

Verify that PL PLr

Reduce the Risk

(Avoid, Protect/Safety Devices, Information) END

16

17