Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Chapter 9

Machinery Sector

Abstract

This chapter may seem to describe a different “rule-based” graph-type approach to the methods encouraged throughout this book. It has to be said that the authors believe these to be not fully “calibrated” (i.e., dimensioned) against assessments from comparative quantified risk assessment approaches or from field failure data. However, the methods have stood the test of considerable use and thus represent a benchmark which has become acceptable throughout the sector.

Keywords

Failures; Machinery sector; MTTFd; Risk assessment; SRCF; SRECS

However, the methods have stood the test of considerable use and thus represent a benchmark which has become acceptable throughout the sector.

There are two machinery standards EN ISO 13849 and EN 62061 which were previously covered by EN 954. The previous overriding standard that covered the undertaking of general risk assessment EN ISO 14121 parts 1 along with EN ISO 12100 parts 1 and 2 has been withdrawn and replaced by EN ISO 12100:2010 along with ISO/TR 14121 part 2:2012.

9.1. EN ISO 12100:2010

EN ISO 12100 provides guidance on undertaking general risk assessments associated with a machine and, if it is found necessary to provide risk reduction using an active interlock/control mechanism, the evaluation of both the requirements and design of this interlock/control mechanism can be undertaken by using either EN ISO 13849 or EN 62061 as illustrated in Figure 9.1.

EN ISO 12100 provides guidance on the principle of overall risk assessment. It covers all types of risk, not just “functional safety.”

The Standard provides general guidance on carrying out risk assessments on a machine operation assuming no protective measures. If as the result of this assessment there is a risk, not considered negligible, then appropriate protective measures need to be applied and the risk assessment repeated to ascertain whether the risk has become negligible. This process is repeated until the risk is negligible, as shown in Figure 9.2.

Figure 9.2 Risk assessment approach during machine design.

The risk assessment is required to take into account:

• The risks associated with all phases of a machine's life (i.e., construction, transport, commissioning, assembly, and adjustment)

• The intended use of the machine: correct use, non-industrial/domestic use, and reasonably foreseeable misuse

• The compatibility of the spatial limits around the machine and its range of movement

• The level of training, ability, and experience of the foreseeable users of the machine.

The existing risk reduction measures such as guarding, procedures, and signage are disregarded when identifying the hazards. When considering the relative merits of different protection measures, any assessment should be weighted to consider (1) as the most effective and (4) as the least effective.

1. Risk reduction by design, i.e., eliminate hazard at the design stage

2. Safeguarding, i.e., safety-related control function (functional safety)

3. Information for use, i.e., signage

4. Additional precautions, i.e., procedures.

The Standard provides guidance and examples of methods of undertaking risk estimation. These methods include risk matrix, risk graph, numerical scoring, and hybrid approaches. Figure 9.3 shows the general elements of risk associated with a particular hazardous situation.

Figure 9.3 General hazard risk assessment.

If from the general risk assessment some form of “Safety-Related Control Function” (SRCF) is required, then there is a choice of which of the two standards (EN ISO 13849 or EN 62061) to follow in order to assess the safety requirements for each safety function and how to assess that any proposed system meets the requirements. In general if the safety protection is an electrical-based system either standard could be used. Figure 9.4 gives guidance on which is the more suitable standard based on the type of technology to be used for the safety function.

Figure 9.4 Selecting the standard for the design of the SRCF.

9.2. EN ISO 13849

This examines complete safety functions, including all the subsystems included in the design of the safety-related parts of the control system (SRP/CS). This standard, as of 2015, was currently being reviewed (along with EN 62061) to bring them together in a single document “IEC ISO 17305: Safety of Machinery – Safety functions of control systems.” Publication was planned for 2016 but has been suspended.

Integrity of SRP/CS and safety function is expressed in terms of performance levels (PLs). Control risk assessment is used to determine the required PL (PLr) using a risk graph: see Figure 9.5.

Figure 9.5 Determining the performance level required for each risk.

The design of the SRP/CS and safety function can then be undertaken based on the required level of the PL and the PL Verification of the safety function requires assessment of:

• Diagnostic Coverage (DC)

• Architecture (category)

• Mean Time To Failure Dangerous (MTTFd)

• Common Cause Failures (CCF).

Diagnostic Coverage (DC) is a measure of the effectiveness of diagnostics, expressed as a percentage (DC_av) of a safety function, and is calculated from assessing both the total dangerous failure rate and the dangerous detected failure rate for each component in the SRP/CS, and calculating the safety function average DC:

${DC}_{av} = \frac{\sum (λ_{dd})}{\sum (λ_{d})}$ ${DC}_{av} = \frac{\sum (λ_{dd})}{\sum (λ_{d})}$

DC_av then is compared with this table to determine the coverage band:

Coverage	Range of DC
None	DC < 60%
Low	60% ≤ DC < 90%
Medium	90% ≤ DC < 99%
High	99% ≤ DC

The Architecture of a safety function is presented in a similar way to IEC 61508 and is shown in Figure 9.6:

However, the architecture is assessed in terms of five categories:

Cat.	Requirements	System behavior
B	• Apply basic safety principles	A fault can cause a loss of the safety function.
	• Can withstand expected influences
1	• Category B	A fault can cause a loss of the safety function.
	• Well-tried components
	• Well-tried safety principles
2	• Category B	A fault occurring between the checks can cause a loss of the safety function.
	• Well-tried safety principles
	• Functional check at start up and periodically (on/off check)
3	• Category B	Accumulation of undetected faults can cause a loss of the safety function.
	• Well-tried safety principles
	• Single fault does not cause a loss of safety function
	• Where practicable that fault should be detected
4	• Category B	Faults will be detected in time to prevent a loss of safety function.
	• Well-tried safety principles
	• An accumulation of faults does not cause a loss of safety function

The architectures are shown in Figures 9.7–9.11.

The Assessment

The MTTFd includes BOTH the dangerous undetected AND the dangerous detected failures. The total MTTFd of a single safety function channel is calculated from:

${MTTFd}_{Channel} = 1 / {MTTFd}_{1} + 1 / {MTTFd}_{2} + 1 / {MTTFd}_{3} + \dots 1 / {MTTFd}_{n}$ ${MTTFd}_{Channel} = 1 / {MTTFd}_{1} + 1 / {MTTFd}_{2} + 1 / {MTTFd}_{3} + \dots 1 / {MTTFd}_{n}$

The MTTFd of a channel is then compared with the following table to determine whether the MTTFd is within a given band:

Assessment	Range of MTTFd per channel
Low	3 years ≤ MTTFd < 10 years
Medium	10 years ≤ MTTFd < 30 years
High	30 years ≤ MTTFd < 100 years

The Category, DC_av, and the MTTFd (per channel) are then compared with the following table in order to determine the PL of the SRP/CS and safety function:

Category	B	1	2	2	3	3	4
DC_av	None	None	Low	Medium	Low	Medium	High
MTTFd per channel:
Low	a	Not covered	a	b	b	c	Not covered
Medium	b	Not covered	b	c	c	d	Not covered
High	Not covered	c	c	d	d	d	e

In addition, if the design of the safety function includes redundant elements then the Common Cause Failures (CCF) have to be evaluated. The various measures that can affect CCF have to be evaluated, providing a score against each measure. The greater the effectiveness against CCF the higher the score, as shown below. To ensure an adequate design a score of greater than 65 is required.

No.	Measure against CCF	Score
1	Separation/segregation	15
2	Diversity	20
3	Design/application/experience	20
4	Assessment/analysis	5
5	Competence/training	5
6	Environmental	35

9.2.1. Systematic Failures

Techniques/procedures/documentation requirements are a very much simplified requirement of that given in IEC 61508 and are more in line with those given in IEC 61511 (application-level requirements) and consist of:

• Requirement specification for the SRP/CS and safety functions

• Design and integration

• Verification and validation

• Modification

• Documentation

The design and integration includes requirement for behavior on detection of faults/selection of all components to function within manufacturer's requirements/use of de-energization for the safe state/electromagnetic immunity/clear, modular, and documented application software.

9.3. BS EN 62061

This is the closest to being the sector-specific standard to IEC 61508 and is intended to provide functional safety guidance for the design of safety-related electrical and electronic control systems for machinery and covers the whole life-cycle as covered in IEC 61508.

9.3.1. Targets

The integrity of a safety-related electrical control system (SRECS) is expressed using the SIL concept. A risk assessment has to be undertaken to determine the required SIL, typically, using risk matrices as follows.

SIL assignment

Frequency and duration, Fr		Probability of hazard event, Pr		Avoidance, Av
≤1 hrs	5	Very high	5
>1 hrs–≤1 day	5	Likely	4
>1 day–≤2 weeks	4	Possible	3	Impossible	5
>2 weeks–≤1 year	3	Rarely	2	Possible	3
>1 year	2	Negligible	1	Likely	1

Consequence	Severity (Se)	Class Cl = Fr + Pr + Av
Consequence	Severity (Se)	Classes 3–4	Classes 5–7	Classes 8–10	Classes 11–13	Classes 14–15
Death, losing eye or arm	4	SIL2	SIL2	SIL2	SIL3	SIL3
Permanent, losing fingers	3		(OM)	SIL1	SIL2	SIL3
Reversible, medical attention	2			(OM)	SIL1	SIL2
Reversible, first aid	1				(OM)	SIL1

9.3.2. Design

The design of the SRECS can then be undertaken based on the SIL target. SIL verification of the SRECS is very similar to the requirements of IEC 61508 for a continuous/high-demand system:

• Probability of dangerous failure per hour (PFH_D) requirements

• Architecture/Diagnostic Coverage (DC)

• Techniques/procedures/documentation

• Functional safety management.

PFH_D requirements are the same as for the IEC 61508 high-demand table (Table 1.1 in Chapter 1) with the exception that SIL 4 is not used in the machinery standards. As in IEC 61508, common cause failures have to be considered when there are redundant paths.

Architecture/Diagnostic Coverage requirements are the same as for IEC 61508, see Section 3.3.2 for type B components (type A component table is not used), with the exception that SIL 4 is not used in the machinery standards.

Techniques/procedures/documentation requirements are a very much simplified version of that given in IEC 61508 and are more in line with those given in IEC 61511 (application-level requirements) and consist of:

• Requirement specification for the SRCFs

• Design and integration

• Verification and validation

• Modification

• Documentation

Functional safety management requires that a safety plan is produced to identify the required activities/strategy for SREC design, application software, integration, verification, and validation.

There is a general relationship between PLs and SILs:

Category B	PL a	–
Category 1	PL b	SIL 1
Category 2	PL c	SIL 1
Category 3	PL d	SIL 2
Category 4	PL e	SIL 3

9.3.3. Template Assessment Checklist for BS EN 62061

Clause 4 Management of Functional Safety

This Clause specifies management and technical activities that are necessary for the achievement of the required functional safety of the Safety-Related Electrical Control System (SRECS).

Reference documents
4.2 Management of functional safety	A functional safety plan should be in place and shall: (a) identify the relevant activities specified in Clauses 5–9; (b) describe the policy and strategy to fulfil the specified functional safety requirements; (c) describe the strategy to achieve functional safety for the application software, development, integration, verification and validation; (d) identify persons, departments or other units and resources that are responsible; (e) identify or establish the procedures and resources to record and maintain information relevant to the functional safety of an SRECS; (f) describe the strategy for configuration management; (g) establish a verification plan; (h) establish a validation plan. The plan should include review of all documents by a competent person and requirement to close out all outstanding issues.

Reference documents

Item

Requirements

Evidence and outstanding actions

4.2

Management of functional safety

A functional safety plan should be in place and shall:

(a) identify the relevant activities specified in Clauses 5–9;

(b) describe the policy and strategy to fulfil the specified functional safety requirements;

(c) describe the strategy to achieve functional safety for the application software, development, integration, verification and validation;

(d) identify persons, departments or other units and resources that are responsible;

(e) identify or establish the procedures and resources to record and maintain information relevant to the functional safety of an SRECS;

(f) describe the strategy for configuration management;

(g) establish a verification plan;

(h) establish a validation plan.

The plan should include review of all documents by a competent person and requirement to close out all outstanding issues.

Clause 5 Requirements for the Specification of Safety-Related Control Functions (SRCFs)

This Clause sets out the procedures to specify the requirements of SRCF(s) to be implemented by the SRECS.

Reference documents
5.2 Specification of requirements for SRCFs	A risk assessment needs to be undertaken to identify the need for safety functions and where SRECS are to be implemented to reduce the risk, in whole or part, the requirements for the SRECS are to be specified and include the following information: (a) Specifications of each SRCF shall comprise of a functional requirements specification and safety-integrity requirements specification and these shall be documented in the safety requirement specifications (SRS). (b) Results of the risk assessment for the machine including all safety functions determined to be necessary along with their required SIL level. (c) Machine operating characteristics, including: – modes of operation; – cycle time; – response time performance; – environmental conditions; – Operator interface to the machine. (d) All relevant information that can have influence on the SRCF design, e.g.: – a description of the behavior of the machine that an SRCF is intended to achieve or to prevent; – all interfaces between the SRCFs and any other function (either within or outside the machine); – required fault reaction functions of the SRCF. (e) Each SRECS safety loop the following will be specified, as applicable: • the condition of the machine in which the SRCF shall be active or disabled; • the priority of those functions that can be simultaneously active and that can cause conflicting action; • the frequency of operation of each SRCF; • the required response time of each SRCF; • the interface(s) of the SRCFs to other machine functions; • the required response times; • a description of each SRCF; • a description of fault reaction function(s) and any constraints on, for example, re-starting or continued operation of the machine in cases where the initial reaction is to stop the machine. The SRS shall be reviewed by a competent person to verify to ensure consistency and completeness for its intended use.

Reference documents

Item

Requirements

Evidence and outstanding actions

5.2

Specification of requirements for SRCFs

A risk assessment needs to be undertaken to identify the need for safety functions and where SRECS are to be implemented to reduce the risk, in whole or part, the requirements for the SRECS are to be specified and include the following information:

(a) Specifications of each SRCF shall comprise of a functional requirements specification and safety-integrity requirements specification and these shall be documented in the safety requirement specifications (SRS).

(b) Results of the risk assessment for the machine including all safety functions determined to be necessary along with their required SIL level.

– modes of operation;

– cycle time;

– response time performance;

– environmental conditions;

– Operator interface to the machine.

(d) All relevant information that can have influence on the SRCF design, e.g.:

– a description of the behavior of the machine that an SRCF is intended to achieve or to prevent;

– all interfaces between the SRCFs and any other function (either within or outside the machine);

– required fault reaction functions of the SRCF.

(e) Each SRECS safety loop the following will be specified, as applicable:

• the condition of the machine in which the SRCF shall be active or disabled;

• the priority of those functions that can be simultaneously active and that can cause conflicting action;

• the frequency of operation of each SRCF;

• the required response time of each SRCF;

• the interface(s) of the SRCFs to other machine functions;

• the required response times;

• a description of each SRCF;

• a description of fault reaction function(s) and any constraints on,

for example, re-starting or continued operation of the machine in cases where the initial reaction is to stop the machine.

The SRS shall be reviewed by a competent person to verify to ensure consistency and completeness for its intended use.

Clause 6 Design and Integration of the SRECS

This Clause specifies requirements for the selection or design of an SRECS to meet the functional and safety integrity requirements specified in the SRS.

Reference documents
Item	Requirements	Evidence and outstanding actions
6.2 General requirements	The SRECS shall be selected or designed to meet the safety requirements specification (SRS) and where relevant the software SRS and include consideration of human limitations for actions assigned to operators and maintenance staff. Maintainability and testability shall be considered during the design. All design, implementation, and testing requirements shall be reviewed by a competent person to verify to ensure consistency and completeness for their intended use.
6.3 Requirements for behavior (of the SRECS) on detection of a fault in the SRECS	The detection of a dangerous fault in any subsystem shall result in the performance of the specified fault reaction function. • System with a hardware fault tolerance of zero then the required reaction shall occur before any hazard can occur. • System with a hardware fault tolerance of more than zero then the machine can continue operation whilst the fault is repaired, but if not repaired in the specified time (to meet the required PFH) then system must be put into a safe condition. • For a system required to meet SIL 3, it shall not be possible to re-start, after SRCF has performed a shutdown, before the fault is repaired.
6.4 Requirements for systematic safety integrity of the SRECS	The following measures shall be applied for avoidance of systematic faults: (a) the SRECS shall be designed and implemented in accordance with the functional safety plan; (b) correct selection, assembly, and installation of subsystems; (c) use of the SRECS within the manufacturer's specification; (d) use of manufacturer's application notes, for example, catalogue sheets, installation, instructions, and use of good engineering practice; (e) use of subsystems that have compatible operating characteristics; (f) the SRECS shall be electrically protected, including EMC, in accordance with IEC 60204-1; (g) prevention of the loss of functional earth connection(s) in accordance with IEC 60204-1; (h) undocumented modes of component operation shall not be used; and (i) consideration of foreseeable misuse, environmental changes, or modifications.
	At least one of the following techniques shall be applied: (a) SRECS hardware design review; (b) advisory tools such as computer-aided design packages capable of simulation or analysis; (c) simulation.
	The following measures shall be applied for the control of systematic faults: a) use of de-energization to safe state; b) measures to control the effect of temporary subsystem failures; c) measures to control the effects of data communication errors;
6.5 Selection of safety-related electrical control system	A predesigned SRECS may be selected instead of a custom design providing that it meets the requirements of the SRS.
6.6 SRECS design and development	Design and Development Process • For each SRCF the design shall be decomposed into function blocks • Define the inputs/outputs for each function block • Define function block logic • Define function block integrity level • Allocate the function blocks to each subsystem • Document the architecture of each subsystem
	Estimate the SIL that can be achieved by the SRECS in terms of: • Random hardware safety integrity (including common cause) • Architectural constraints (based on SFF against this standard or ISO 13849 Category/SFF/DC) • Systematic safety integrity
6.7 Realization of subsystems	The following information shall be available for each subsystem: a) a functional specification of the subsystem; b) the estimated dangerous rates of failure; c) constraints on the subsystem; d) any test and/or maintenance requirements; e) the diagnostic coverage and the diagnostic test interval; f) any additional information to determine the mean time to restoration (MTTR) following detection of a fault; g) the SIL CL (SIL Claim Limits) due to architectural constraints; h) any limits on the application of the subsystem to avoid systematic failures; i) the highest safety integrity level that can be claimed for an SRCF; j) any information which is required to identify the hardware and software configuration of the subsystem in order to enable the configuration management of an SRECS.
	Requirements for the avoidance of systematic failures The following measures shall be applied: (a) proper selection, assembly and installation of components; (b) use of the subsystem and subsystem elements within the manufacturer's specification and installation instructions; (c) withstanding specified environmental conditions; (d) use of components that are in accordance with an appropriate standard and have their failure modes well defined; (e) use of suitable materials and adequate manufacturing; (f) correct dimensioning and shaping. Requirements for the control of systematic failures The following measures shall be applied: (a) measures to control the effects of insulation breakdown, voltage variations and interruptions, overvoltage, and undervoltage; (b) measures to control or avoid the effects of the physical environment; (c) measures to control or avoid the effects of temperature increase or decrease, if temperature variations can occur.
6.8 Realization of diagnostic functions	A clear description of the SRECS diagnostic function(s), their failure detection/reaction, and an analysis of their contribution towards the safety integrity of the associated SRCFs shall be provided.
6.9 Hardware implementation of the SRECs	The SRECS shall be implemented in accordance with the documented SRECS design.
Table Continued

Reference documents
Item	Requirements	Evidence and outstanding actions
6.10 Software safety requirements specification	The specification of the requirements for software safety for each subsystem shall be derived from: (1) the specified safety requirements of the SRCF; (2) the requirements resulting from the SRECS architecture and; (3) any requirements of the functional safety plan.
	The requirements for the following software-based SRCFs shall be specified: • the logic (i.e., the functionality) of all function blocks assigned to each subsystem; • input and output interfaces assigned for each function block; • format and value ranges of input and output data and their relation to function blocks; • relevant data to describe any limits of each function block, for example, maximum response time, limit values for plausibility checks; • diagnostic functions of other devices within the SRECS (e.g., sensors and final elements) to be implemented by that subsystem; • functions that enable the machine to achieve or maintain a safe state; • functions related to the detection, annunciation and handling of faults; • functions related to the periodic testing of SRCFs online and offline; • functions that prevent unauthorized modification of the SRECS; • interfaces to non-SRCFs; and • capacity and response time performance.
6.11 Software design and development	Embedded software incorporated into subsystems shall comply with IEC 61508-3 (or prior use) as appropriate for the required SIL.
6.11 Software design and development	Parameterization Software-based parameterization of safety-related parameters shall be considered as a safety-related aspect of SRECS design that is described in the software SRS. Parameterization shall be carried out using a dedicated tool provided by the supplier of the SRECS subsystem(s) e.g., analog sensors, intelligent safety relays, etc.
Table Continued

Reference documents
Item	Requirements	Evidence and outstanding actions
	Application software design and development (for LVL) shall include: • software configure management • requirements for software architecture • requirements for support tools • user manual and application languages • requirements for application software design (including data integrity checks, reasonability checks, for communication data, field sensor data, etc.) • requirements for application code development, in terms of design principles, readable and follow relevant coding standard • requirements for application module testing • requirements for application software integration testing • application programme verification (including code review)
6.12 Safety-related electrical control system integration and testing	During SRECS integration testing, the following shall be documented: a) the version of the test specification used; b) the criteria for acceptance of the integration tests; c) the version of the SRECS being tested; d) the tools and equipment used along with calibration data; e) the results of each test; f) all discrepancies between expected and actual results, the analysis made and the decisions taken on whether to continue the test or issue a change request, in the case where discrepancies occur.
	The following tests shall be applied: a) functional tests b) dynamic tests.
6.13 SRECS installation	The SRECS shall be installed as per the safety plan and appropriate records of the installation along with any faults found.

Clause 7 Information for Use of the SRECS

This Clause sets out the procedures to specify the requirements of SRCF(s) to be implemented by the SRECS.

Reference documents
7.1 Documentation for installation, use and maintenance	Information on the SRECS shall be provided to: • Detailed description of the system and its subsystem including circuit diagrams. • Correctly install the equipment. • Use the equipment. • Proof test requirements. • Maintenance requirements.

Reference documents

Item

Requirements

Evidence and outstanding actions

7.1

Documentation for installation, use and maintenance

Information on the SRECS shall be provided to:

• Detailed description of the system and its subsystem including circuit diagrams.

• Correctly install the equipment.

• Use the equipment.

• Proof test requirements.

• Maintenance requirements.

Clause 8 Validation of the SRECS

This Clause specifies the requirements for the validation process to be applied to the SRECS. This includes inspection and testing of the SRECS to ensure that it achieves the requirements stated in the SRS.

Reference documents
Item	Requirements	Evidence and outstanding actions
8.0 Validation of SRECS	The validation of the each SRECS shall be carried out in accordance with a prepared plan.	:
8.0 Validation of SRECS	Required documentation for the SRECS safety validation testing: a) version of the SRECS safety validation plan and SRECS being tested; b) the requirement specified; c) tools and equipment used, along with calibration data; d) the results of each test.	:
	The following shall be applied: a) full functional testing b) interference immunity testing c) fault insertion testing shall be performed where the required safe failure fraction ≥90%. In addition one or more of the following analytical techniques shall be applied: a) static and failure analysis b) static, dynamic and failure analysis c) simulation and failure analysis In addition one or more of the following testing techniques shall be applied: a) black-box testing b) fault insertion (injection) testing c) “worst-case” testing d) field experience

Clause 9 Modification

This Clause specifies the modification procedure(s) to be applied when modifying the SRECS during design, integration, and validation (e.g., during SRECS installation and commissioning).

Reference documents
9.0 Modification	The following should be documented: • Reason for request for a modification; • The modification impact analysis; • All modifications shall return to an appropriate design phase for its hardware and/or for its software; • A complete action plan shall be prepared and documented before carrying out any modification; • Configuration management, including chronological document of changes, description and reason, for change, detail of change; • Configuration status; • Release status.

Reference documents

Item

Requirements

Evidence and outstanding actions

9.0

Modification

The following should be documented:

• Reason for request for a modification;

• The modification impact analysis;

• All modifications shall return to an appropriate design phase for its hardware and/or for its software;

• A complete action plan shall be prepared and documented before carrying out any modification;

• Configuration management, including chronological document of changes, description and reason, for change, detail of change;

• Configuration status;

• Release status.

9.4. BS EN ISO 13850: 2015 Safety of Machinery—Emergency Stop—Principles for Design

This standard is currently being revised with a planned publication date of 2015. It specified functional requirements and design principles for the emergency stop function on machinery, independently of the type of energy involved.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 9. Machinery Sector

Create new playlist

Sign In

Sign Up

Abstract

Keywords

9.1. EN ISO 12100:2010

9.2. EN ISO 13849

The Assessment

9.2.1. Systematic Failures

9.3. BS EN 62061

9.3.1. Targets

SIL assignment

9.3.2. Design

9.3.3. Template Assessment Checklist for BS EN 62061

Clause 4 Management of Functional Safety

Clause 5 Requirements for the Specification of Safety-Related Control Functions (SRCFs)

Clause 6 Design and Integration of the SRECS

Clause 7 Information for Use of the SRECS

Clause 8 Validation of the SRECS

Clause 9 Modification

9.4. BS EN ISO 13850: 2015 Safety of Machinery—Emergency Stop—Principles for Design

Table of Contents for
Chapter 9. Machinery Sector