Beruflich Dokumente
Kultur Dokumente
EN ISO 13849-1
Applicable for electrical/electronic/ programmable electronic/hydraulic/ pneumatic/mechanical systems
EN/IEC 62061
Applicable for electrical/electronic/ programmable electronic systems
START
The following versions of the standards have been quoted: EN ISO 12100-1 2003 EN ISO 12100-2 2003 EN ISO 13849-1 2008 EN ISO 14121-1 2007 EN/IEC 62061 2005
Risk analysis
in accordance with EN ISO 14121
Risk estimation
Determination of the required performance level (PLr)
S Severity of injury S1 = Slight (normally reversible injury) S2 = Serious (normally irreversible injury or death) F Frequency and/or exposure to hazard F1 = Seldom to less often and/or exposure time is short F2 = Frequent to continuous and/or exposure time is long
Yes
Determination of the limits of the machinery space, time, environmental conditions, use EN ISO 14121-1 Clause 5 EN ISO 12100-1 Clause 5.2
Hazard identication for all lifecycles and operating modes EN ISO 14121-1 Clause 6 and A EN ISO 12100-1 Clause 4 and 5.3
5 3 1
P Possibility of avoiding hazard or limiting harm P1 = Possible under specic conditions P2 = Scarcely possible Low risk
Consequences Death, losing an eye or arm Permanent, losing ngers Reversible, medical attention Reversible, rst aid S 4 3 2 1 3-4 SIL 2
Risk estimation Severity, possibility of avoidance, frequency, duration EN ISO 14121-1 Clause 7 EN/IEC 62061 Annex A EN ISO 13849-1 Annex A (risk graph)
High risk
Risk evaluation in accordance with C standards or risk estimation EN ISO 14121-1 Clause 8
END
Unit type Units with internal diagnostics Programmable control system, safety relays Input devices PFH SIL T1 MTTFd d s B10d d s
EN/IEC 62061 -
B10d
Risk reduction
in accordance with EN ISO 12100-1 Clause 5.4 +5.5
Yes
Component 1
Non-wearing; without internal diagnostics
Component 2
Subject to wear; without internal diagnostics
MTTFd , s , d
B10d , s , d Component 3
with internal diagnostics
Yes
MTTFd
Component 5
Non-wearing; without internal diagnostics
SIL, PFH
No No
B10d , s , d
MTTFd , s , d
Component 4
Subject to wear; without internal diagnostics
Component 5
Non-wearing; without internal diagnostics
Can the risk be reduced through guards and other safety devices?
Yes
Risk reduction through safeguarding measures Incorporation of additional safeguarding EN ISO 12100-2 Clause 5
Yes
B10d
MTTFd
No No Yes
nop MTTFd
SIL, PFH
Can the limits be redened? No Risk reduction through user information EN ISO 12100-2 Clause 6 Has the intended risk minimisation been achieved?
Calculation is made in accordance with the graphic from inside outwards; data source: Data from manufacturer Data from the application
No Yes
PL, PFH
Lexicon
B10d nop Residual risk SIL claim limit (SILCL) Validation Diversity Mean frequency of Remaining risk left over Maximum SIL that can A conrmation process Lifetime of products before Use of diverse means to once safety measures have be claimed for an SRECS which takes the form of 10 % of the product range execute a required function. operation per year been put in place. subsystem in relation to an investigation and the fails dangerously dop PAScal Risk architectural constraints provision of a certicate Average operating time in Calculation software for Combination of the and systematic safety and is carried out in order days per year Beta factor or common verifying functional safety probability of occurrence integrity to demonstrate complicause factor; Performance Level (PL) of harm and the severity SRCF Safety-related ance with the special Fault CCF measurements; Discrete level to specify of that harm control function requirements of a specic State of an item charproportion of failures which the ability of safety-related Risk analysis Control function impleintended use acterised by inability to have a common cause Combination of the specimented by an SRECS with Verication perform a required function, parts of control systems to perform a safety function cation of the limits of the a specied integrity level A conrmation process excluding the inability dur Category (CAT) under foreseeable condimachine, hazard identicathat is intended to maintain which takes the form of ing preventive maintenance Classication of the safety tions tion and risk estimation the safe condition of the an investigation and the or other planned actions, related parts of a control Performance Level, Risk assessment machine or to prevent an provision of a certicate or due to lack of external system in respect of their required (PLr) The overall process immediate increase of the and is carried out in order resources resistance to faults and Performance level (PL) comprising risk analysis risk(s) to demonstrate compliance their subsequent behaviour in order to achieve the and risk evaluation SRECS with requirements hop in the fault condition, and required risk reduction for Risk evaluation Electrical control system Average operating time which is achieved by the each safety function Judgement, on the basis of a machine whose failure in hours per day structural arrangement of PFH = PFHd of risk analysis, of whether can result in an immediate the parts, fault detection Probability of dangerous risk reduction objectives increase of the risk Intended use of and/or by their reliability failure per hour with have been achieved SRP/CS Safety-related a machine CCF continual use part of a control system Use of a machine in Failure due to a common Probability of Safety function Part of a control system accordance with the cause a dangerous failure Function of the machine that responds to safetyinformation provided in per hour whose failure can result in related input signals and the user information DCavg ( PFH) an immediate increase of generates safety-related Average diagnostic Proof test (T1) the risk(s) output signals coverage Periodic test performed to Safety integrity Subsystem Diagnostic coverage Average probability of detect failures in a safetyProbability of a safety-reEntity of the top-level (DC) failure related system so that, if lated system satisfactorily architectural design of the Measure for the effectivity D necessary, the system can performing the required SRECS where a failure of Dangerous failure rate of diagnostics, may be debe restored to an as-new safety functions under all any subsystem will result in S termined as ratio between condition or as close as stated conditions within a a failure of a safety-related Safe failure rate the failure rate of detected practical to this condition. stated period of time control function dangerous failures and For most units, a proof test Safety Integrity Level (SIL) Mission time (TM) the failure rate of total cannot be implemented for Discrete level (one out of a T1 Period of time covering the dangerous failures technical reasons possible four) for specify( Proof test) intended use of a SRP/CS Diagnostic test interval MTTFd ing the safety integrity TM Time period between Mean time to dangerous Redundancy requirements of the safety ( Mission time) online tests carried out in failure The duplication of means functions to be allocated to tCycle order to detect faults in a required by a functional the E/E/PE system, where Mean time between the safety-related system with entity to perform a required SIL 3 (SIL 4 in the process start of two consecutive the specied degree of function or in order for data industry) has the highest cycles of a component diagnostic coverage to represent information level of safety integrity and (e.g. switching a valve) in SIL 1 has the lowest seconds per cycle
Category B,1
Subsystem A
Category 2
Subsystem C
Category 3
Subsystem B
instantaneous
Category 4
Subsystem D
OSSD1
OSSD2
delayed
Achieved PL PLr?
The measures outlined on this sheet are simplied descriptions and are intended to provide an overview of the standards EN ISO 13849-1 and EN/IEC 62061. Detailed understanding and correct application of all relevant standards and directives are needed for validation of safety circuits. As a result, we cannot accept any liability for omissions or incomplete information.