🔥🔥 Don’t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

🔍
BSI PD IEC TS 63394:2023

BSI PD IEC TS 63394:2023

$215.11

Safety of machinery. Guidelines on functional safety of safety-related control system

Published By Publication Date Number of Pages
BSI 2023 146
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Category:

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

PDF Catalog

PDF Pages PDF Title
2 undefined
4 CONTENTS
11 FOREWORD
13 INTRODUCTION
14 1 Scope
2 Normative references
15 3 Terms and definitions
3.1 Terms and definitions
28 3.2 Alphabetical list of terms, definitions and abbreviated terms
Tables
Table 1 – Terms used in this document
30 4 Typical classification of safety functions in safety of machinery
4.1 General
4.1.1 Overview
4.1.2 Risk assessment and risk reduction according to ISO 12100
31 4.1.3 Risk reduction and interconnection to SCS and SRP/CS
4.1.4 Basic assumptions for risk reduction in machinery
Figures
Figure 1 – Integration within the risk reduction process of ISO 12100
32 4.3 Safety functions
4.3.1 General
4.3.2 Risk reduction process by safety functions
Figure 2 – Decomposition of an SCS or SRP/CS
33 4.3.3 Typical classification of safety functions
Figure 3 – Risk reduction process by safety functions
34 4.4 Interrelation between ISO 12100 and IEC 62061 or ISO 13849-1
4.4.1 General
4.4.2 Input information in accordance with IEC 62061 or ISO 13849-1
35 4.4.3 Output information from IEC 62061 or ISO 13849-1
Table 2 – Input information for the safety requirements specification (SRS)
Table 3 – Output information from SCS or SRP/CS design on overall risk assessment
36 4.5 Safety functions for protection of persons
4.5.1 General
4.5.2 Safety functions for protection of persons based on guards and protective devices
Table 4 – Safety functions for protection of persons
37 4.6 Other safety functions to prevent hazardous situations
4.6.1 General
4.6.2 Other safety functions
Table 5 – Other safety functions
38 4.7 Safety functions for protection of the integrity of the machine
4.7.1 General
4.7.2 Safety functions for the protection of integrity of the machine
4.8 Safety functions and Type-C standards
Table 6 – Safety functions for the protection of integrity of the machine
39 5 Demand mode of operation related to safety functions
5.1 General
5.2 High demand or continuous mode of operation
5.2.1 General
40 5.2.2 Approach of IEC 62061 and ISO 13849-1
5.2.3 Rarely activated safety functions
Figure 4 – High demand mode of operation
41 5.3 Low demand mode of operation
5.3.1 General
Figure 5 – Process for determining high demand mode of operation
42 5.3.2 Approach of IEC 62061 and ISO 13849-1
6 Design process of safety functions
6.1 General
6.2 Design procedure
Figure 6 – Low demand mode of operation
43 6.3 Evaluation of required safety integrity
6.4 Decomposition of a safety function
6.5 Subsystem design
6.5.1 Architectural constraints
44 Table 7 – Architectural constraints for high demand mode of operation
45 6.5.2 Fault accumulation and undetected faults
6.5.3 Evaluation of PFH
47 6.6 Examples of safety functions
7 Verification procedures for safety functions
7.1 General
7.2 Verification of the test interval of a safety function
48 7.3 Verification procedures
7.4 Initial verification
49 7.5 Periodic verification
7.5.1 General
50 7.5.2 Frequency of periodic verification
51 7.6 Verification reporting
52 Annex A (informative)Risk assessment and risk reduction according to ISO 12100
A.1 General
A.2 Risk assessment principles
A.2.1 General
A.2.2 Basic information to be available (as input to risk assessment)
53 A.2.3 Risk analysis
Table A.1 – Basic information for risk assessment according to ISO 12100
54 Table A.2 – Determination of limits of machinery according to ISO 12100
55 Table A.3 – Principles of hazard identification according to ISO 12100
56 Table A.4 – Risk estimation according to ISO 12100
Table A.5 – Additional considered aspects during risk estimationaccording to ISO 12100
57 A.3 Risk reduction by means of safeguarding and complementary protective measures
A.3.1 General
58 A.3.2 Inherently safe design measures
A.3.3 Selection of safeguarding and complementary protective measures
60 A.4 Other protective measures (procedure based)
A.4.1 General
A.4.2 Procedures for maintenance
A.4.3 Organizational work procedures
61 A.5 Guards and protective devices according to ISO 12100
A.5.1 General
A.5.2 Interlocking guard with a start function, with manual reset function
Table A.6 – Guards according to ISO 12100
62 A.5.3 Protective device according to ISO 12100
A.5.4 Manual local control device (and procedure)
Table A.7 – Examples of protective devices according to ISO 12100
63 A.5.5 Manual parameter selection device (and procedure)
A.5.6 Manual operating mode selection device (and procedure)
A.5.7 Energy control device (and procedure)
A.6 Matrix assignment approach
A.6.1 Overview
64 A.6.2 General
A.6.3 Methodology of IEC 62061:2021, Annex A
65 A.7 Risk graph approach
A.7.1 General
A.7.2 Methodology of ISO 13849-1:2015, Annex A with assigned SIL
Figure A.1 – SIL assignment approach
66 Figure A.2 – Risk graph approach of ISO 13849-1:2015, Figure A.1 with assigned SIL
67 Annex B (informative)Methodology of SCS or SRP/CS design
B.1 General
B.2 Functional safety plan
Table B.1 – Overview functional safety plan
68 B.3 Safety requirements specification
B.3.1 General
B.3.2 Functional requirements
B.3.3 Safety integrity requirements
Table B.2 – Overview of basic functional requirements
69 B.4 Protection against unexpected start-up
B.5 Decomposition of the safety function
B.5.1 General
B.5.2 Subsystem architecture based on top-down decomposition
B.6 Design of the SCS by using subsystems
Table B.3 – SIL and limits of PFH values
70 B.7 Requirements for systematic safety integrity
B.7.1 General
B.7.2 SCS level
Figure B.1 – Example of decomposition of a safety function
71 Table B.4 – Avoidance of systematic failures (SCS or SRP/CS level)
Table B.5 – Control of systematic failures (SCS or SRP/CS level)
72 B.7.3 Subsystem level
Table B.6 – Avoidance of systematic failures (subsystem level)
73 B.8 Electromagnetic immunity
B.9 Software-based manual parameterization
Table B.7 – Control of systematic failures (subsystem level)
74 Table B.8 – Software-based manual parameterization
75 B.10 Security aspects
B.11 Aspects of testing
Figure B.2 – Possible effects of security risk(s) to a SCS (IEC TR 63074:2019, Figure 2)
76 B.12 Design and development of a subsystem
B.12.1 General
B.12.2 Subsystem architecture design
78 B.12.3 Fault consideration and fault exclusion
B.12.4 Architectural constraints of a subsystem
Figure B.3 – Rarely activated safety functions and mode of operation of subsystems
Table B.9 – Cause and effects of rarely activated safety functions
79 Table B.10 – Architectural constraints and basic requirements on a subsystem
80 B.12.5 Subsystem design architectures
B.12.6 PFH value of subsystems
B.13 Validation
81 Table B.11 – Overview of validation process with required information
82 B.14 Documentation
83 Table B.12 – Technical documentation based on the design process(Table 9 of IEC 62061:2021, modified)
84 Table B.13 – Overview of documentation
85 Annex C (informative)Examples of MTTFD values for single components
Table C.1 – MTTFD or B10D values for components (derived from ISO 13849-1:2015)
Table C.2 – Relationship of λD, MTTFD and B10D
86 Annex D (informative)Examples for diagnostic coverage (DC)
D.1 General
87 D.2 Influence of cabling, wiring and interconnections
D.2.1 General
D.2.2 “Serial wiring”
Table D.1 – Measures to prevent of short circuit
88 D.3 Use of manufacturing process information
D.3.1 General
D.3.2 Use of expected timing or awaiting of signal status
D.4 Typical DC measures
89 Table D.2 – DC values and recommended measures
90 Annex E (informative)Measures for the achievement of functional safetywith regards to electromagnetic phenomena
E.1 General
E.2 Measures
E.2.1 General
E.2.2 Recommendation for electrical/electronic items of equipment (devices or apparatus)
91 E.2.3 Recommendation for the integration of an SCS or SRP/CS into the electrical equipment of the machine
Table E.1 – Non-exhaustive list of recommendations regarding EMI measures for integration of devices or equipment into the electrical equipment of the machine
92 Annex F (informative)Guidelines for software
F.1 General
F.2 Documentation
Table F.1 – Documents for SW level 1 and SW level 2
93 Table F.2 – Coding guidelines
94 F.3 Activities
Table F.3 – Overview of protocols
95 Table F.4 – SW level 1 – Overview of basic activities
96 Table F.5 – SW level 2 – Overview of basic activities (1/2)
97 Table F.5 – SW level 2 – Overview of basic activities (1/2) (continued)
98 Table F.6 – SW level 2 – Overview of basic activities (2/2)
99 Annex G (informative)Examples of safety functions
G.1 General
G.2 Safety functions
G.2.1 Basic information
Table G.1 – Examples of safety functions and associated safety-related devices
100 G.2.2 Detailed description of safety requirements
Table G.2 – Basic information related to the safety requirements specification
101 G.2.3 Example of interlocking guard
102 Table G.3 – Example of safety-related parameters fora safety function with required SIL 1
Table G.4 – Example of safety-related parameters fora safety function with required SIL 3
103 Annex H (informative)Evaluation of PFH value of a subsystem
H.1 General
H.2 Table allocation approach (IEC 62061)
H.3 Simplified formulas for the estimation of PFH value (IEC 62061)
H.4 Approaches of IEC 61508, IEC 62061 and ISO 13849-1
H.4.1 General
104 H.4.2 Approach of IEC 61508
105 H.4.3 Approach of IEC 62061
H.4.4 Approach of ISO 13849-1:2015, Annex K
109 H.5 Basic considerations regarding exponential and Weibull distributions
H.5.1 Exponential distribution
H.5.2 Weibull distribution
111 H.6 T10 and B10
H.6.1 General
H.6.2 T10 with exponential distribution
112 H.6.3 T10 with Weibull distribution
113 Figure H.1 – Cumulative distribution functions (CDF)
114 H.7 Overview of PFH formulas
H.7.1 Definitions
H.7.2 Formulas
Table H.1 – Formulas for basic subsystem architecture A (1oo1)
115 Table H.2 – Formulas for basic subsystem architecture C (1oo1D)
Table H.3 – Formulas for basic subsystem architecture B (1oo2)
116 H.7.3 Examples
Table H.4 – Formulas for basic subsystem architecture D (1oo2D)
117 Table H.5 – Examples of PFH values based on B10D
118 H.8 Methodology for the estimation of CCF
Table H.6 – Examples of PFH values based on T10D and B10D
119 H.9 Basic subsystem architecture A (1oo1)
H.9.1 General
Figure H.2 – Common cause failure
Figure H.3 – Basic subsystem architecture A (1oo1) reliability block diagram
Figure H.4 – Unavailability function of basic subsystem architecture A (1oo1)
120 H.9.2 PFH
H.9.3 Simplified Weibull approach
Figure H.5 – 1oo1 reliability block diagram, simplified Weibull approach
121 H.10 Basic subsystem architecture C (1oo1D)
H.10.1 General
H.10.2 Fault reaction performed by another subsystem
Figure H.6 – Basic subsystem architecture C (1oo1D) logical viewwith safe state initiation using another subsystem
Figure H.7 – Basic subsystem architecture C (1oo1D) reliability block diagram with safe state initiation using another subsystem
122 H.10.3 Fault reaction to be considered in the subsystem
Figure H.8 – Unavailability functions of basic subsystem architecture C (1oo1D)
Figure H.9 – Basic subsystem architecture C (1oo1D) logical view with fault reaction
123 Figure H.10 – Basic subsystem architecture C (1oo1D) reliabilityblock diagram with fault reaction
Figure H.11 – Unavailability functions of basic subsystem architecture C (1oo1D)
124 H.10.4 PFH
H.10.5 Influence of CCF
125 H.11 Basic subsystem architecture B (1oo2)
H.11.1 General
Figure H.12 – Basic subsystem architecture B (1oo2) reliability block diagram
Figure H.13 – Unavailability functions of basic subsystem architecture B (1oo2)
126 H.11.2 PFH
H.11.3 Influence of CCF
H.12 Basic subsystem architecture D (1oo2D)
H.12.1 General
127 Figure H.14 – Basic subsystem architecture D (1oo2D) reliability block diagram
Figure H.15 – Unavailability functions of basic subsystem architecture D (1oo2D)
128 H.12.2 PFH evaluation of Term A
H.12.3 PFH evaluation of Term B
H.12.4 PFH evaluation of Term C and Term D
129 H.12.5 PFH
H.12.6 Influence of CCF
H.13 Basic subsystem architecture D (1oo2D) with two periods of time consideration
H.13.1 General
130 H.13.2 PFH evaluation of Term A
H.13.3 PFH evaluation of Term B
H.13.4 PFH evaluation of Term C and Term D
131 H.13.5 PFH
H.13.6 Influence of CCF
132 Annex I (informative)Commented examples of current regulations
I.1 General
I.2 European Union
I.2.1 General European legislation
I.2.2 New proposed machinery regulation (under preparation)
133 I.2.3 Relevant legislation
I.2.4 Duties of the manufacturer of the machine
134 I.3 North America – USA
I.4 North America – Canada
I.5 South America – Brazil
135 I.6 China
I.7 Japan
136 Annex J (informative)Combination of modes of operation
J.1 General
J.2 Basic approaches with different modes of operation
J.2.1 General
Figure J.1 – Basic approach in high demand or continuous modeof operation based on IEC 61508 (and IEC 62061)
137 J.2.2 Risk reduction measures on low demand mode of operation
Figure J.2 – Basic approach in low demand mode of operation basedon IEC 61508 (and IEC 61511)
138 J.3 Use of subsystems in different modes of operation
J.3.1 General
J.3.2 Example with different modes of operation
139 Figure J.3 – Functional view
Figure J.4 – Logical view
140 J.3.3 Subsystem(s) used for different modes of operation
Figure J.5 – Decomposition view
141 Figure J.6 – Quantitative SIL evaluation using the approach of ratioof probability of failures of each subsystem
142 Figure J.7 – Example of quantitative SIL evaluation using the approachof ratio of probability of failures of each subsystem
Table J.1 – PFDavg max and PFHmax for respective target SIL
143 Bibliography

Related products

BSI PD IEC TS 63394:2023
$215.11