BS EN 61557-15:2014
$215.11
Electrical safety in low voltage distribution systems up to 1 000 V a.c. and 1 500 V d.c. Equipment for testing, measuring or monitoring of protective measures – Functional safety requirements for insulation monitoring devices in IT systems and equipment for insulation fault location in IT systems
| Published By | Publication Date | Number of Pages |
| BSI | 2014 | 80 |
IEC 61557-15:2014 specifies requirements related to functional safety and is based on the IEC 61508 standard series for the realization of Insulation Monitoring Devices (IMD) as specified in IEC 61557-8 and for Insulation Fault Location Systems (IFLS) according to IEC 61557-9, according to phase 10 of the IEC 61508-1 lifecycle. These devices provide safety related functions for IT systems. This part of IEC 61557 is – concerned only with functional safety requirements intended to reduce the functional risk during the use of IMDs and IFLSs; – restricted to risks arising directly from the device itself or from several IMDs or IFLSs working together in a system; and – intended to define the basic safety functions provided by the devices. This part of IEC 61557 does not – deal with electrical safety according to IEC 61010-1 and the requirements of IEC 61557-8 and IEC 61557-9; – cover the hazard and risk analysis of a particular use of the IMD or IFLS; – identify all the safety functions for the application in which the IMD or IFLS is used; and – cover the IMD or IFLS manufacturing process. Functional safety requirements depend on the application and should be considered as part of the overall risk assessment of the specific application. The supplier of IMDs and IFLSs is not responsible for the application. The application designer is responsible for the risk assessment and for specifying the overall functional safety requirements of the complete IT system and he should select the functional safety level (SIL) of the IMD and/or IFLS when their safety function is part of the functional safety assessment in the IT system. This publication is to be read in conjunction with /2 and /2
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 7 | English CONTENTS |
| 11 | INTRODUCTION Figures Figure 1 – Relationship between IEC 61557-15 and related standards |
| 13 | 1 Scope 2 Normative references |
| 14 | 3 Terms, definitions and abbreviations 3.1 Terms and definitions |
| 25 | 3.2 Abbreviations Tables Table 1 – Abbreviations with reference |
| 26 | 4 Definition of safety functions embedded in IMDs and IFLSs 4.1 General 4.2 Definition of safety functions 4.2.1 Local insulation warning (LIW) |
| 27 | 4.2.2 Remote insulation warning (RIW) 4.2.3 Local location warning (LLW) 4.2.4 Remote location warning (RLW) |
| 28 | 4.2.5 Remote enabling / disabling command (REDC) 4.2.6 Local transformer monitoring warning (LTMW) 5 Requirements on products implementing safety-related functions 5.1 Requirement on non-safety-related functions |
| 29 | 5.2 Additional performance requirements for products implementing safety functions 5.2.1 General 5.2.2 Additional performance requirements for IMDs complying with SIL 1 or SIL 2 5.2.3 Additional performance requirements for IFLSs complying with SIL 1 or SIL 2 6 Management of functional safety during the development lifecycle 6.1 Management of functional safety for the IT system |
| 30 | 6.2 Use of IMDs and IFLSs in IT systems 6.3 Safety lifecycle of IMDs and IFLSs in the realisation phase Figure 2 – Overall safety lifecycle applicable to an IT system |
| 31 | 7 Management of functional safety during the realisation lifecycle of IMDs andIFLSs 7.1 General Figure 3 – IMD and IFLS safety lifecycle (in realisation phase) |
| 32 | 7.2 IMD and IFL design requirement specification (phase 10.1) 7.2.1 Specification of functional safety requirements 7.2.2 Provisions for the development of safety functions |
| 33 | 7.2.3 Verification plan for the development of safety functions 7.2.4 Validation plan for the development of safety functions 7.2.5 Planning of commissioning, installation and setting into operation |
| 34 | 7.2.6 Planning of user documentation 7.3 IMD and IFLS safety validation planning (phase 10.2) 7.3.1 General 7.3.2 Functional safety plan |
| 35 | 7.4 IMD and IFLS design and development (phase 10.3) 7.4.1 General 7.4.2 Design standards 7.4.4 Safety integrity and fault detection |
| 36 | 7.4.5 Safety integrity level (SIL) assignment 7.4.6 Hardware requirements 7.4.7 Software requirements 7.4.8 Review of requirements |
| 37 | 7.4.9 Requirements for the probability of dangerous failure on demand (PFD) |
| 38 | 7.4.10 Failure rate data 7.4.11 Diagnostic test interval 7.4.12 Architectural constraints |
| 40 | 7.4.13 Estimation of safe failure fraction (SFF) 7.4.14 Requirements for systematic safety integrity Table 3 – Hardware safety integrity: architectural constraints on type A and type B safety-related subsystems |
| 43 | 7.5 IMD and IFLS integration (phase 10.4) 7.5.1 Hardware integration 7.5.2 Software integration 7.5.3 Modifications during integration 7.5.4 Integration tests |
| 44 | 7.6 IMD and IFLS documentation related to installation, commissioning, operation and maintenance procedures (phase 10.5) 7.6.1 General 7.6.2 Functional specification 7.6.3 Compliance information 7.6.4 Information for commissioning, installation, setting into operation, operation and maintenance |
| 45 | 7.7 IMD and IFLS safety validation (phase 10.6) 7.7.1 General 7.7.2 Test 7.7.3 Verification |
| 46 | 7.7.4 Validation 7.7.5 EMC requirements |
| 47 | 8 Requirements for modifications 8.1 General 8.2 Modification request 8.3 Impact analysis 8.4 Authorization 9 Proven in use approach |
| 48 | Annex A (informative) Risk analysis and SIL assignment for IMDs and IFLSs A.1 General Figure A.1 – Functional elements of an IT system and their relationship to the definitions and abbreviations of the IEC 61508 series |
| 49 | Table A.1 – IT system risk analysis |
| 50 | A.2 SIL assignment for IMDs and IFLSs Figure A.2 – SIL assignment for IMDs and IFLSs |
| 51 | A.3 Example of risk graph Figure A.2 – Example of risk graph Table A.3 – Link between minimum risk reduction and SIL |
| 52 | A.4 Alternative method of SIL assignment – quantitative method Table A.4 – Example of classifications according to risk graph Figure A.1 |
| 53 | Annex B (informative) Examples for the determination of PFD, DC and SFF B.1 General |
| 54 | B.2 Examples of IMD and IFLS architectures Figure B.1 – Flowchart for PFD, DC, SFF determination Table 2 – Safety integrity levels (SIL) and probability of a dangerous failure on demand (PFD) of IMDs and IFLSs |
| 55 | Annex C (informative) Failure rate databases C.1 General C.2 Failure rate references in current standards |
| 56 | Annex D (informative) Guide to embedded software design and development D.1 General D.2 Software element guidelines |
| 58 | D.3 Software development process guidelines |
| 60 | D.4 Development tools D.5 Reproduction of executable code production D.6 Software verification and validation D.7 General verification and validation guidelines |
| 61 | D.8 Verification and validation review D.9 Software testing D.9.1 General validation |
| 62 | D.9.2 Software specification verification: validation tests D.9.3 Software design verification: software integration tests |
| 63 | D.9.4 Detailed design verification: module tests |
| 64 | Annex E (informative) Information for the assessment of safety functions E.1 General E.2 Documentation management E.3 Documentation provided for conformity assessment |
| 65 | Table E.1 – Documentation to be provided |
| 66 | E.4 Documentation of the development lifecycle E.5 Design documentation E.6 Documentation of verification and validation E.7 Test documentation E.8 Documentation of modifications |
| 67 | Annex F (informative) Example of applications F.1 Overview F.2 Limitation in applications F.3 Typical applications covered by IEC 61557-15 F.3.1 General F.3.2 Local alarming |
| 68 | F.3.3 Local transformer monitoring warning Figure F.1 – Local alarming, based on the systematic presence of one person and based on a well-defined alarming management process |
| 69 | F.3.4 Alarming and processing of remote insulation warning and/or remote locationwarning Figure F.2 – Local transformer monitoring warning, based on the systematic presence of a skilled person, and based on a well-defined alarming management process |
| 70 | F.3.5 Automatic disconnection of the complete IT system in case of a first insulationfault Figure F.3 – Alarming and processing of the remote insulation warning and/or the remote location warning in a supervisory control system |
| 71 | Figure F.4 – Disconnection of the complete IT system in case of insulation fault detection |
| 72 | F.3.6 Automatic disconnection of an IT system sub-network Figure F.5 – Threshold 1 warning information and threshold 2 disconnection of the complete IT system in case of an insulation fault detection |
| 73 | Figure F.6 – Automatic disconnection of a faulty feeder via direct signal from the IFLS |
| 74 | F.3.7 Management of multiple source system (two incomers or of incomer plusgenerator) Figure F.7 – Automatic disconnection of a faulty feeder via a PLC |
| 75 | F.3.8 Management of multiple source systems (two incomers or of incomer plusgenerator – with a load shedder) Figure F.8 – Management of multiple source systems (two incomers or of one incomer plus generator) |
| 76 | Figure F.9 – Management of multiple source system (two incomers or of one incomer plus generator, with a load shedder) |
| 77 | Bibliography |
