1 / 38

Introduction to SISTEMA

Introduction to SISTEMA. Introduction. Introduction In Europe:

hova
Download Presentation

Introduction to SISTEMA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction toSISTEMA

  2. Introduction • Introduction In Europe: • Manufacturers are used to designing the safety-related part of control system (electrical, hydraulic, pneumatic & mechanical) for machines and equipments in accordance to the standard EN 954-1, based on a qualitative approach. • However, EN 954-1 does not cover the development of Electronic and Programmable Electronic Control Systemsnew European and international standards (EN ISO 13849, EN IEC 61508 & EN IEC 62061) based on a quantitative (probabilistic) approach.

  3. Introduction • Introduction • SIL calculation according to EN/IEC 62061 • What is SISTEMA ? • Web page for SISTEMA • Downloading the SISTEMA software • SISTEMA library – Schneider Electric • 7 basic items of SISTEMA • SISTEMA – Schneider Electric emergency stop system number 1 • Emergency stop device by means of a safety module – Category 3 – PLe

  4. Introduction • EN 954-1 not sufficient for increasingly complex control systems • The qualitative approach of the EN 954-1 is no longer sufficient for modern controls based on new technologies (Electronic and Programmable Electronic systems): • no consideration for programmable systems, • risk graph not specific enough • The EN 954-1 has been recently replaced by the new standardEN ISO 13849-1,which will upgrade the qualitative approach by the addition of the newquantitative (probabilistic) approach • EN 954-1 stays valid up to 31/11/2009 (transition period where both standards are valid) • EN ISO 13849-1 tackles electric hazards, pneumatic, hydraulic, etc

  5. Introduction • Select the suitable standard

  6. IEC 61508 Functional safety of Electrical / Electronic / Programmable Electronic (E/E/PE) safety-related systems EN/IEC 62061 Safety of machinery Functional safety of E/E/PE control systems IEC 61511 Functional safety Safety instrumented systems for the process industry sector IEC 61513 Nuclear power plants Instrumentation and control for systems important to safety Introduction • For complex machines, the international sector specific standard IEC 62061 based on standard IEC 61508, must be used. Published on December 31 2005 Harmonized to theMachinery Directive Restricted to electric, electronic and electronic programmable safety-related control systems Possible overlap with EN ISO 13849-1

  7. Safety of Machinery application EN IEC 62061 Introduction • The probability of failure associated to the required SIL level depends on the frequency of usage of the safety function to be performed:

  8. Assigning a SIL level Introduction EN IEC 62061 => SIL => PL EN ISO 13849-1 (EN 954-1)

  9. Introduction • Determination of performance level PL • In this example the Safety Function is the disconnection of a motor when the safety guard is open. Without the guard the possible harm is to loose an arm. With the answers for S2, F2 and P2 the graph leads to a required performance level ofPLr = e.

  10. INPUTSRP/CSa LOGIC SRP/CSb OUTPUT SRP/CSc Interlocking Switch 1 SW1 Contactor 1 CON1 Safety Module XPS Contactor 2 CON2 Interlocking Switch 2 SW2 Introduction • PL estimation according to EN/ISO 13849-1 Example calculation for an application • All parts which carry out to the safety function must be identified; in our example we use a redundant structure with 2 inputs, 2 logic channels and 2 outputs switching the power. • Each block in the diagram represents one hardware device implementing the safety function:

  11. Introduction • Evaluate the performance level PL

  12. Introduction • Verify the achieved performance level • We put the data for the example SRP/CS with MTTFd = high, DCavg = 99% and category 4 in the graph below in order to find the achieved performance level for our safety function. Achieved PL = e

  13. SIL calculation according to EN/IEC 62061 • Safety specification of the function blocks • The safety requirements for each function block are derived from the safety requirements specification of the corresponding safety-related control function (SRCF). In our example each function block needs a SIL 2 capability. (i.e. FB1 →SILCL2, etc). The SIL Claim Limited (SILCL) is the maximum SIL capability of a subsystem.

  14. SIL calculation according to EN/IEC 62061 • The subsystems • Each function block is allocated to a subsystem within the structure of the safety-related control system (SRECS). • The subsystems must achieve at the least the same SIL capability as assigned to the entire safety-related control function (SRCF).

  15. SIL calculation according to EN/IEC 62061 • Select the devices • For each subsystem select the devices or design and develop the safety solution.

  16. SIL calculation according to EN/IEC 62061 • Design the diagnostic tests

  17. SIL calculation according to EN/IEC 62061 • Calculation of subsystems SS1 and SS3

  18. SIL calculation according to EN/IEC 62061 • Verify the achieved SIL

  19. SIL calculation according to EN/IEC 62061 • Example of Risk Assessment

  20. What is SISTEMA ? • SISTEMA is a software tool safety related parts of control systems for machinery implementing EN ISO • This software was developed by BGIA in Germany • SISTEMA stands for “Safety Integrity Software Tool for the Evaluation of Machine Applications” • Here is the link to obtain the SISTEMA software : http://www.dguv.de/ifa/en/pra/softwa/sistema/index.jsp

  21. SISTEMA • (Institute for Occupational Safety and Health of the German Social Accident Insurance)

  22. Click on “Download Version 1.1.2”

  23. Downloading the SISTEMA software • After clicking on the key for “Download Version 1.1.1” • Submit e-mail address for the link to the download page • Register, download and follow installation instructions • Here is the link for the library for various manufacturers: http://www.dguv.de/ifa/en/pra/softwa/sistema/bibliotheken/index.jsp

  24. SISTEMA library – Schneider Electric • Scroll down to Schneider Electric Automation GmbH then click

  25. Schneider Electric Automation GmbH • Scroll down to “Click here to download the “Preventa library for SISTEMA” “ Then click on this link • Save the file on to the hard drive of the computer, preferably using a download manager • After this has been completed then you are ready to use the SISTEMA software and Schneider Electric’s library files

  26. 7 basic items of SISTEMA • When the SISTEMA project is being created it comprises the following basic items: • Project - PR - this generally refers to the portion of the machine that is to be analysed by SISTEMA • Safety Function - SF – this refers to the determination of the increase in risk due to failure analysis of any function of the machine • Subsystem -SB - there can multiple subsystems, and can consist of safety-related signals and safety-related processing • Channel - CH -a subsystem consists of one or two channelswhich are used for structuring the control system • Test channel – there are test channels in subsystems and these have the function of repeated testing

  27. 7 basic items of SISTEMA (continued) • Block - BL - subdivides a channel into various logical function units, for example safety devices (such as emergency stop buttons and various safety switches), the logic unit (such as a safety module), main contactors • Element - EL – the last item of items in the hierarchy. An element can be electromechanical, an item on a pneumatically operated system, or an item on a hydraulically operated system

  28. 7 basic items of SISTEMA - summary

  29. SISTEMA – general example of an emergency stop system

  30. SISTEMA – Schneider Electric emergency stop system number 1

  31. Figure (1) Example Schematic of Category 4 E-stop Circuit K3 Redundancy + Periodic Checking/ Self monitoring

  32. 7 basic items of SISTEMA – summary with Schneider Electric products

  33. Emergency stop device by means of a safety module – Category 3 – PLe • Emergency stop device by mean of a safety module (emergency stop function, STO) • Safety function • Emergency stop function, STO by actuation of an emergency stop device • Functional description • Hazardous movements or states are interrupted or prevented by actuation of an emergency stop device. Refer to figure (1), each emergency stop device triggers a safety function of its own. S1 is evaluated in a safety module K3, which actuates two redundant contactors KM1 and KM2

  34. KM1 S1 K3 KM2 Emergency stop device by means of a safety module – Category 3 – PLe • Emergency stop device by means of a safety module (emergency stop function, STO), (continued) • The signals from the emergency stop devices are read redundantly into the safety module K3 for fault detection. K3 also features internal test measures. The contactors KM1 and KM2 are also monitored in K3, by means of mechanically link feedback contacts. KM1 and Km2 are operated by switch S3 at each start-up command.

  35. Emergency stop device by means of a safety module – Category 3 – PLe • Emergency stop device by means of a safety module (emergency stop function, STO), (continued) • Design features • Basic and well-tried safety principles are observed and the requirements of Category B are met. • The emergency stop device S1 is a switching device with direct opening contacts in accordance with IEC 60947-5-1, Annex K. • The supply conductors to the switching devices are laid separately or with protection. • The safety module K3 satisfies all requirements for category 4 and PLe. • KM1 and KM2 possess mechanically linked elements to IEC60947-5-1, Annex L.

  36. Emergency stop device by means of a safety module – Category 3 – PLe • Emergency stop device by means of a safety module (emergency stop function, STO), (continued) • Calculation of the probability of failure: • S1 the emergency stop device is a standard emergency stop devices to EN ISO 13850. • The probability of failure of the final safety module K3 is added at the end of the calculation (2.31 x 10-9 per hour [M], suitable for Ple). For the subsystem KM1/KM2, the probability of failure is calculated as follows :

  37. Emergency stop device by means of a safety module – Category 3 – PLe • Emergency stop device by means of a safety module (emergency stop function, STO), (continued) • MTTFd: for the contactors KM1 and KM2, the B10 value corresponds under an inductive load (AC3) to an electrical lifetime of 1,000,000 switching operations [M]. If 50% of failures are assumed to be dangerous, the B10d value is produced by doubling of the B10 value. With three demands upon the emergency stop function and 24 start commands per year, nop is 27 cycles per year and the MTTFd is 740,740 years. This is also the symmetrical MTTFd for the channel, which is capped to 100 years (“high”). • DCavg : the DC of 90% for KM1 and KM2 is based upon testing by the safety module K3. This is also the DCavg (“medium”). • Adequate measures against common cause failure (70 points); separation (15), well-tried components (5), overvoltage protection etc. (15) and environmental conditions (25 + 10).

  38. KM1 S1 K3 KM2 Emergency stop device by means of a safety module – Category 3 – PLe • Emergency stop device by means of a safety module (emergency stop function, STO), (continued) • The subsystem KM1/KM2 corresponds to Category 3 with a high MTTFd is (100) years and medium DCavg (90%). This results in an average dangerous failure of 4.29 x 10-8 per hour. Following addition of the subsystem K3, the average probability of dangerous failure is 4.52 x 10-8 per hour. The PLr of d is thus surpassed.

More Related