Otto-Goernemann-2 Cálculo

R. Schumacher, O.
Görnemann | 2nd SISEMAQ | IVSS Seminar

March 2019 1
Functional Safety | © SICK AG
QUANTIFICATION [ISO 13849]
EXAMPLE OF APPLICATION ON ROBOTS
Rolf Schumacher / Industrial Safety - Global Competence Center

Otto Görnemann / CD Safety Management & Innovation
2019 – 03- 19
SICK AT A GLANCE
SICK – worldwide one of

the leading manufacturers
of sensors and sensor
solutions for industrial
applications
Date Name | Event 3

YOUR SPEAKER
FUNCTIONAL SAFETY APPLICATION EXPERT (SGS-TÜV SAAR)
Otto Görnemann
• Manager for machinery safety
- Standards & regulations -
• Since 1995 employee of SICK AG
- Industrial Safety Systems Division –
• FS Expert (TÜV Rheinland, #263/16, Machinery)
• Member of different standardization committees of
ISO – IEC – CEN – DIN – AENOR – ISSA
• ISO/TC 199 Safety of Machinery - Chairman
• CEN/TC114 Safety of Machinery - Chairman
• IEC TC 44 Safety of Machinery – Liaison officer
• ISO/TC 39 Machine tools
• ISO/TC110 Industrial vehicles
• ISO/TC 299 Robotics
• CEN/TC 146 Packaging Machinery
• ISSA Section Machinery & Systems Safety
March 2019 R. Schumacher, O. Görnemann | 2nd SISEMAQ | IVSS Seminar Functional Safety | © SICK AG 4
INDUSTRIAL ROBOT CELL – ISO 10218-2
1
RISK ASSESSMENT
SIGNIFICANT MECHANICAL HAZARDS
Origin
moving elements
Potential consequences
• crushing
• impact
• shearing
ISO 10218-2:2011
5.2.2. Performance requirement

Safety-related parts of control systems shall be designed so that they comply with PL=d with structure
category 3 as described in ISO 13849-1:2006, or so that they comply with SIL 2 with hardware fault
tolerance of 1 with a proof test interval of not less than 20 years as described in IEC 62061:2005.
DETERMINING THE SAFETY LEVEL
VERIFICATION OF FUNCTIONAL SAFETY
ISO 13849-1 IEC 62061
SAFETY-RELATED CONTROL SYSTEMS
THINKING IN SAFETY FUNCTIONS
Create safety requirements specification

FOR: Each safety function
Decompose safety function into subsystems
FOR: Each subsystem

IF: Validated subsystem feasible
THEN ELSE
Select a suitable subsystem Draft a specific subsystem
Quantify safety level achieved by subsystem

UNTIL: Overall safety level achieved by safety function
Safety-related system design & verification [HW & SW]

Installation, commissioning & validation
SAFETY CONCEPT
2
SAFETY REQUIREMENTS SPECIFICATION
ACCESS FOR INTERVENTIONS (ACC. TO ISO 13849-1)
Dual channel system
SF01: Initiating a stop PL r d, cat. 3

SIL 2, HFT 1
SF02: Avoiding unexpected start-up PL r d, cat. 3

SIL 2, HFT 1
SF03: Temporarily preventing access PL r d, cat. 3

SIL 2, HFT 1
SAFETY FUNCTION SF01
DECOMPOSE SAFETY FUNCTION INTO SUBSYSTEMS
Interlock Contactor
Logic Robot
Interlock Contactor
Door Robot
Power control
Sensor Logic unit
element
SAFETY CONCEPT
T01: type acc. to EN ISO 14119:2013
HARDWARE CONCEPT
3
SELECTION OF PROTECTIVE DEVICES
Interlock Contactor
Logic Robot
Interlock Contactor
Door Robot
Power control
Sensor Logic unit
element
HW SKETCH “LOGIC UNIT”
LOGIC PROCESSING SUBSYSTEMS
L01
HW SKETCH “SENSOR”
SAFETY TRIGGERING SUBSYSTEMS
T01
A2 A2
A2 A2
Dual channel antivalent
Discrepancy time 3s.
HW SKETCH “POWER CONTROL ELEMENT”
REACTION ACTUATING SUBSYSTEMS
R01a
HW SKETCH “POWER CONTROL ELEMENT”
REACTION ACTUATING SUBSYSTEMS
R01b
DETERMINE PL FOR SRP/CS
4
DATA SHEET SICK AG FX3-CPU0
SUBSYSTEM L01a
DATA SHEET SICK AG FX3-XTDI
SUBSYSTEM L01b
DATA SHEET SICK AG FX3-XTIO
SUBSYSTEM L01c
DATA SHEET SICK AG i110 LOCK /i10-R
SUBSYSTEM T01
SIEMENS STANDARD SN 31920:2012
SUBSYSTEM R01a
DATA SHEET KUKA KR C4
SUBSYSTEM R01b
QUANTIFICATION OF SRP/CS
DETERMINING THE PL ACHIEVED AS PER ISO 13849-1
Determining the level of safety for a subsystem:

1. Delimitation of the subsystem
2. Determination of the category
3. Determination of the MTTFd per channel
4. Determination of DC
5. Evaluation of the measures to prevent common cause failures
6. Evaluation of process measures
7. Result: PL for the subsystem
SAFETY TRIGGERING SUBSYSTEM
T01: INTERLOCKING GUARDS
CATEGORY
SUBSYSTEM T01
The structure of the subsystem is suitable for category 3/4

(dependent on DC and MTTFd)
MTTFD PER CHANNEL
SUBSYSTEM T01.1
B10 D
MTTFD =
0,1´ n op
5 ×10 6
=
0,1´ 365 d a ´ 24 h d ´ 1 h
5 ×10 7
=
8.760 a
MTTFD = 5.707 a ³ 2.500 a
B10 D
T10 D =
n op
MTTFD
=
10
T10 D = 570 a
MTTFD PER CHANNEL
SUBSYSTEM T01.2
B10 D
MTTFD =
0,1´ n op
2 ×106
=
0,1´ 365 d a ´ 24 h d ´ 1 h
2 ×10 7
=
8.760 a
MTTFD = 2.283 a
B10 D
T10 D =
n op
MTTFD
=
10
T10 D = 228 a
SYMMETRIZATION
SUBSYSTEM T01
é ù
ê 1 ú
MTTFD = 2 êMTTFD C1 + MTTFD C 2 - ú
3ê 1 1 ú
+
ê MTTFDC1 MTTFD C 2 úû
ë
é ù
ê 1 ú
= 2 ê2.500a + 2.283a -
3 1 1 ú
ê + ú
ë 2. 500 a 2 . 283a û
MTTFD = 2.393 a
ESTIMATES FOR DIAGNOSTIC COVERAGE
SUBSYSTEM T01
COMMON CAUSE FAILURES – RESISTANCE
SUBSYSTEM T01
ü
EVALUATION OF PROCESS MEASURES
SUBSYSTEM T01
Following systematic aspects for fault avoidance and fault management

shall be considered and implemented:
: Organisation and competency
: Design rules (e.g. specification masters, coding guidelines)
: Test concept and test criteria
: Documentation- and configuration-management
ü
DETERMINATION OF THE PL
SUBSYSTEM T01
REACTION ACTUATING SUBSYSTEM
R01a: AUXILIARY CONTACTORS
CATEGORY
SUBSYSTEM R01a
The structure of the subsystem is suitable for category 3/4

(dependent on DC and MTTFd)
MTTFD PER CHANNEL
SUBSYSTEM R01a
B10 D
MTTFD =
0,1´ n op
1 0,73 ´ 1×10 6
=
0,1´ 365 d a ´ 24 h d ´ 1 h
13,7 ×10 6
=
8.760 a
MTTFD = 1.564 a
T10 D = 156 a
ESTIMATES FOR DIAGNOSTIC COVERAGE
SUBSYSTEM R01a
COMMON CAUSE FAILURES – RESISTANCE
SUBSYSTEM R01a
ü
EVALUATION OF PROCESS MEASURES
SUBSYSTEM R01a
Following systematic aspects for fault avoidance and fault management

shall be considered and implemented:
: Organization and competency
: Design rules (e.g. specification masters, coding guidelines)
: Test concept and test criteria
: Documentation- and configuration-management
ü
DETERMINATION OF THE PL
SUBSYSTEM R01a
OVERALL PL ACHIEVED BY A SAFETY FUNCTION
SF01: INITIATING A STOP
ESTIMATION OF THE PL ACHIEVED
PL e PL e | PL e | PL e PL e PL d
OVERALL PL ACHIEVED BY A SAFETY FUNCTION
SIMPLIFIED METHOD
PL PL PL
ü
CALCULATION OF THE PFHd ACHIEVED
1,1 FIT
0,4 FIT
0,9 FIT
1,0 FIT + 2,4 FIT + 1,5 FIT + 100 FIT
105 FIT
( FIT = 10-9 dangerous failures/h )
DETERMINING THE SAFETY LEVEL
VERIFICATION OF FUNCTIONAL SAFETY
10-4 10-5 10-6 10-7 10-8

105 FIT
3⋅10-6
PL
a b c d e
ü
ISO 13849-1
PFHD
SIL
IEC 62061 1 2 3
DO NOT HESITATE TO ASK QUESTIONS!
Otto Görnemann Rolf Schumacher

SICK AG, CD SMI SICK AG, GBC 02
Erwin-Sick-Straße 1 Erwin-Sick-Straße 1
D-79183 Waldkirch D-79183 Waldkirch
Otto.Goernemann@sick.de Rolf.Schumacher@sick.de
R. Schumacher, O. Görnemann | 2nd SISEMAQ | IVSS Seminar
March 2019 49
Functional Safety | © SICK AG

Otto-Goernemann-2 Cálculo

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Otto-Goernemann-2 Cálculo

Uploaded by

Copyright:

Available Formats

R. Schumacher, O.

Görnemann | 2nd SISEMAQ | IVSS Seminar

Rolf Schumacher / Industrial Safety - Global Competence Center

SICK – worldwide one of

Date Name | Event 3

5.2.2. Performance requirement

ISO 13849-1 IEC 62061

Create safety requirements specification

FOR: Each subsystem

Quantify safety level achieved by subsystem

Safety-related system design & verification [HW & SW]

Dual channel system

SF01: Initiating a stop PL r d, cat. 3

SF02: Avoiding unexpected start-up PL r d, cat. 3

SF03: Temporarily preventing access PL r d, cat. 3

T01: type acc. to EN ISO 14119:2013

Determining the level of safety for a subsystem:

The structure of the subsystem is suitable for category 3/4

MTTFD = 5.707 a ³ 2.500 a

Following systematic aspects for fault avoidance and fault management

: Organisation and competency

: Design rules (e.g. specification masters, coding guidelines)

: Test concept and test criteria

: Documentation- and configuration-management

The structure of the subsystem is suitable for category 3/4

Following systematic aspects for fault avoidance and fault management

: Organization and competency

: Design rules (e.g. specification masters, coding guidelines)

: Test concept and test criteria

: Documentation- and configuration-management

10-4 10-5 10-6 10-7 10-8

Otto Görnemann Rolf Schumacher

You might also like