View
9
Download
0
Category
Preview:
Citation preview
1 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
CMA/Flodyne/Hydradyne Drive for Technology Expo 2014
Current 2014 Safety Standards Gary Thrall – Bosch Rexroth
CMA/F/D Drive for Technology Expo – April 15-16, 2014
2 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Functional Safety of Machines
Contents
Motivation, Basics, Scope
Safety Standards and Laws
10 Steps to Performance Level
Risk Assessment – the important
FIRST STEP
5 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Functional Safety of Machines
Laws and Standards Landscape
ISO 13849: Guideline to fulfill the
safety requirements in the
design of control systems
of machine
Presumption Principle
EU directives are fulfilled through the
application of Standards which are listed in
EU official journal
Legal Consequence:
Reverse the obligation to prove in case of
harm
standards
6 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Functional Safety of Machines
Focus on safety-related parts of control system (SRP/CS)
Functional
Safety:
When the safety
of a machine
relies on the
control system,
then the control
system has a
safety function
and should fulfil
the requirements
of the standard
ISO 13849.
7 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Functional Safety of Machines
Contents
Motivation, Basics, Scope
Safety Standards and Laws
10 Steps to Performance Level
Risk Assessment – the important
FIRST STEP
8 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Mechanics, Pneumatics,
Hydraulics,
Electrics, Electronics,
Software (simple)
Electric, Electronic,
Software (complex)
Functional Safety of Machines
Technology Laws and Standards Landscape
valid standard
IEC 61508
In some cases, the EN 954-1 could still be applied
IEC 61800-5-2
valid standard Nov. 2007
Com
pone
nt
Man
ufac
ture
r
98/37/EG Machinery Directive
valid standard
EN 954-1
ISO 13849-1
IEC 62061
2006/42/EG
transition period
valid standard
valid standard
Nov. 2006 Jan. 2010
Jan. 2012
Jan. 2006
replaced
Mac
hine
In
dust
ry
9 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Functional Safety of Machines
Laws and Standards Landscape
ISO 13849 and IEC 62061 are to be merged into new standard ISO 17305
Current target date is 2018
13849
+ 62061
17305
On the horizon:
10 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights..
Reliability and Safety Parameters
Bathtub Curve
Wear-Out Period (Wear-out Failures)
Useful Life (Random Failures)
Infant Mortality (Early Failures)
Failures
(Failure
Rate)
exponential increase
constant failure rate
minimized through quality tests
Time
11 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Reliability and Safety Parameters
Reliability Parameters (Machine Availability)
MTTR
MTTF MTTF
Start Restart Failure Failure
MTBF
Reliability parameter: MTTF: Mean Time To Failure (t: 63%), MTBF: Mean Time Between Failures, MTTR: Mean Time To Repair, B10: time until 10% of products failed, are mean values over several time periods!
Time
Availability (A) =
MTTF
MTTF + MTTR
Statistical
Expected Value:
no Guarantee!
12 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Reliability and Safety Parameters
Reliability Parameters: Example
Life Expectation of Men in Germany:
Under consideration of the whole population:
Mean Lifetime Expectation: MTTF = 77 years (with constant failure rate)
Under consideration only from the people, which are not older than 50 years:
Mean Lifetime Expectation : MTTF = 1 005 years (with constant failure rate)
Sterbewahrscheinlichkeit Männer in Deutschland
0%
5%
10%
15%
20%
25%
30%
35%
40%
0 10 20 30 40 50 60 70 80 90 100
Alter [Jahre]
An
teil
[%
]
Age [years]
Perc
en
tag
e [
%]
Source: Statistisches Bundesamt Deutschland 2005/2007
13 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Reliability and Safety Parameters
State of the components from a control system
State:
No failure: COK
Safety failure: CSAFE
Control system has a failure but stays in
a safety position (no dangerous!)
Dangerous failure: CD
Detected dangerous failure: CDD
Undetected dangerous failure: CDU
Event: s: Component is not dangerous failed
u: Component has been replaced
d: Component is dangerous failed
(MTTFd: Mean Time to dangerous Failure)
d,d: Dangerous failure is detected
t: Test-Rate
(DC: failure is detected)
d,u: Dangerous failure is not detected
OK dangerous Failure
safe Failure
(COK) (CD.)
(CSAFE)
d
t u
d.u. Failure (CDU.)
d,u
d.d. Failure
(CDD)
s d,d
uddd
dd
d
dd
d
sd
DC,,
,,
1
1
dMTTF
MTTF
: Failure rate DC: Diagnostic coverage, percent of dangerous failure, which can be detected.
14 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Reliability and Safety Parameters
Determination of Reliability (MTTFd, B10)
1. Preconditions
Basics and well-tried safety principles
(ISO 13849-2)
Other standards (e. g. ISO 4413)
Appropriated operating conditions
2. Determination of the reliability
MTTFd from a database
(e.g. hydraulics: MTTFd = 150 years)
B10 from lifetime tests
MTTF from field data
By missing data: MTTFd = 10 years!
3. Percent of dangerous failure
General estimation:
Estimation through a FMEA /
FTA: e.g. for electronics
4. Calculation of the total MTTFd
Parts count method
De
finitio
n
low: 3 years≤ MTTFd < 10 years
Ra
ng
e
medium: 10 years ≤ MTTFd < 30 years
high: 30 years ≤ MTTFd < 100 years
MTTFd = 2 x MTTF
B10d = 2 x B10
ISO 13849-1:
50% of failures
are dangerous! }
HDBK 217 (MIL USA)
Telcordia SN 29500
(Siemens) ISO 13849
(Annex)
N
1i id,d MTTFMTTF11
15
Reliability and Safety Parameters
| 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Determination of Reliability: Calculation P
arts
cou
nt
Telcordia
ISO 13849 (Appendix)
SN 29500 (Siemens)
HDBK 217 (MIL USA)
Own Field data
Database Electronic Component
Part 1
Part 2
Part 3
stress (T): A dangerous: 50% FIT = x
stress (T): A dangerous: 50% FIT = y
stress (T): A dangerous: 50% FIT = z
Par
ts s
tress
Electronic Component
Part 1
Part 2
Part 3
stress (T): A dangerous: 50% FIT = x
stress (T): B dangerous: 0% FIT = y
stress (T): C dangerous: 100% FIT = z
MTTF
MTTFd
DC
16
Reliability and Safety Parameters
| 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Determination of Reliability: Lifetime Tests
10,00 100,00
1,00
5,00
10,00
50,00
90,00
99,00
0,9
1,0
1,2
1,4
1,6
2,0
3,0
6,0
b
h
Weibull Distribution (Example of a pneumatic valve family)
Number of cycles [in millions]
Pro
babi
lity
of F
ailu
re F
(t)
Legend
Performance in millions of cycles
Probability of failure: 10 %
Target: B10 20 million cycles
Failed probe (1: 40 million)
Failed probe (2 : 40 million)
Failed probe (8: 90 million)
Surviving probe (9 - 14>90 mio.)
Confidence interval (90%)
Result: B 10 @ 24 million cycles
in the confidence interval
MTTF in the confidence interval
Lifetime test of a
pneumatic valve family
14 probes by representative
load (e.g., pressure = 10 bar)
By applications with low loads:
longer lifetime
24
17
Reliability and Safety Parameters
| 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Determination of Reliability: Lifetime Tests
1,00 100,00 10,00
1,00
5,00
10,00
50,00
90,00
99,90 0,5
0,6
0,7
0,8
0,9
1,0
1,2
1,4
1,6
2,0
3,0
4,0
6,0
b
h
Weibull Distribution (Example of a hydraulic valve family)
Number of cycles [in millions]]
Pro
babi
lity
of fa
ilure
F(t)
Legend
Performance in million of cycles
Probability of failure: 10 %
Target: B10 10 million cycles
Surviving probes (24>10 mio.)
Assumption (VDA vol. 3, part 2):
Weibull form parameter b = 2
Determined Weibull curve -
with confidence interval (90%)
Result: B 10 @ 10 million cycles
in the confidence interval
MTTF in the confidence interval
Lifetime test of a
hydraulic valve family 24 probes by representative
load (e. g., pressure, stroke)
By applications with low loads:
longer lifetime
b = 2,00
18
Reliability and Safety Parameters
| 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights..
Determination of Reliability: Field Data
0,10 100000,00 1,00 10,00 100,00 1000,00 10000,00
1,00E-3
5,00E-3
0,01
0,05
0,10
0,50
1,00
5,00
10,00
50,00
90,00
99,00
1,00E-3
0,5
0,6
0,7
0,8
1,0
1,2
1,6
2,0
3,0
6,0
b
h
Weibull Distribution (Evaluation of field data – hydraulic valve)
Operating time [h]
Pro
babi
lity
of F
ailu
re, F
(t)
Legend
Performance in operating hours
Probability of failure: 10 %
Failed probe (1: 250 h)
Failure with time shift
Failed probe (2 : 450 h )
Failed probe (n: 15 075 h)
Surviving probe (< 16 200 h)
Confidence interval (90%)
Result: B 10 @ 15 500 h
in the confidence interval
MTTF in the confidence interval
Evaluation of field data from
a hydraulic component
Observation of approx. 25 000
components from 2004 to 2009
by different loads
Application with extremely high
loads: lower lifetime
19
1. B10d:
2. nOP:
3. MTTFd:
4. T10d:
5. d:
| 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Reliability and Safety Parameters
MTTFd from B10: application load (cycles / year)
Inputs:
B10: Number of cycles until 10% of failure
hOP: Mean working time [hours/days]
dOP: Mean working time [days/year]
TCycle: Mean cycle time [seconds]
Outputs:
nOP: Mean number of cycles per year
B10d: Number of cycles until10% dangerous
failures
T10d:Mean time until 10% dangerous failure [years]
MTTFd: Mean time to dangerous failure [years]
d: Dangerous failure rate
1010 2 BB d
Cycle
OPOP
OPt
hshd
n3600
OP
d
d
dn
BMTTF
1,0
1 10
OP
dd
n
BT 10
10
OP
dd
d
dn
BTMTTF
1,01,0
1 1010
20
Reliability and Safety Parameters
| 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
MTTFd and the Availability of the Safety Function
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
0 5 10 15 20 25 30
Service Time of the Machine [years]
Pro
ba
bil
ity o
f F
ail
ure
[%
]
MTTFd = 3 years MTTFd = 10 years MTTFd = 30 years MTTFd = 100 years
MTTFd @ 63%
dangerous failure
MTTFd = 10 years
safety function can
dangerous fail in
63% of machines
in 10 years!
Service Time of the
Machine:
20 years (ISO13849)
MTTFd = 100 years
safety functions can
dangerous fail in
18% of machines
in 20 years!
63%
MTTFd MTTFd
18%
21 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Reliability and Safety Parameters
Performance Level (PL) means risk reduction
high risk
not acceptable risk
low risk e. g., 10-8/h for dangerous situation
median risk
PL = e risk reduction
PL = c risk reduction
PL = d risk reduction
risk
1st Case: a life dangerous risk
2nd Case: high risk of damage
tolerated
3rd Case: median risk of damage
Safe Machine
press control
systems
common hydr.aulic
applications
clamp
circuits
22
IEC
620
61
| 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Reliability and Safety Parameters
Performance Level (PL)
Contribution of the control system to reduce the risk of an accident
Directly related to probability of dangerous failure per hour (PFHd):
Safety Integrity Level
SIL
IEC 61508
Probability of dangerous
failure per hour (1/h)
PFHd
Performance Level
PL
ISO 13849
- >= 10-5 to 10-4 a
1 >= 3 x 10-6 to 10-5 b
1 >= 10-6 to 3 x 10-6 c
2 >= 10-7 to 10-6 d
3 >= 10-8 to 10-7 e
4 < 10-8 -
ISO
138
49
PL d or SIL 2 means that the safety function can dangerous fail in the period of
one working hour with a probability between 10-7 and 10-6.
23 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Reliability and Safety Parameters
Performance Level (PL) depends on:
24 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Reliability and Safety Parameters
The right parameters for different technologies
1:For the calculation of MTTFd from the B10 value see ISO 13849-1. 2: Calculation of PL by adding the PFHd values.
25 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Functional Safety of Machines
Electric: Certified Safety Components
Safe Torque Off
Safe Stop 1
Safe Stop 1
Safely Limited Speed
Safe Direction
Safely Monitored Position
Safely Limited Position
Safe Maximum Speed
Safe Braking and Holding System
Safe Door Locking
Safely Limited Increment
Safely Monitored Deceleration
26 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Functional Safety of Machines
Electric: Safe Logic Compact
Compact electric control system
with integrated safety functions
Properties:
Economical Logic Processing up to PL e
Category 4 / SIL3 for compact machines
Modular system design to minimize the volume
of electrical cabinet
Safe connection of the individual stations
for complex machine in reduced space
Efficient Engineering Tool with fast
configuration per Drag-and-Drop
Simulation and report function for fast
verification and completely documentation
IndraDrive Cs with integrated Safety Function Drag & Drop
Function blocks
27 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Functional Safety of Machines
Hydraulics: Standard and Certified Components
A1
A5 4
1 2
3
5
Active Logic
special for
safety
applications
Certified
Press
Block
28
Hydraulics: Standard and Certified Components
| 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Functional Safety of Machines
Standardized Safety Control System for
Press Machines
for application in to the safety functions:
1. Safety related stop function / Stop of a
dangerous movement: PLr = e
2. Prevention of unexpected start-up from the stop
position: PLr = e
3. Prevention of unexpected drop under own
weight: PLr = e
4. Prevention of unexpected drop under own weight
during the return: PLr = d
5. Speed reduction (<10mm/s) by the closing
movement for the operating modes: adjustment,
start up and maintenance: PLr = c
29
Functional Safety of Machines
| 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Pneumatics: appropriate Standard Components
Directional valves
Check valves
Halt units
Proportional valve (pressure control valve)
Bus module
All components which can avoid a dangerous
movement or have outputs which control a movement.
30 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Functional Safety of Machines
Pneumatics: approved Safety Circuits
Safety Functions prepared to be
build up by yourself
13 circuit examples from Bosch Rexroth have been evaluated by “Institut für Arbeitsschutz” (IFA).
31
Functional Safety of Machines
| 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Mobile Hydraulics: Control Blocks
1. Control Plate:
MTTFd = 50 years (PL = c)
Elect.: 160 a
P-Valve 150 a
M-Valve: 150 a
32
Functional Safety of Machines
| 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Mobile Hydraulics: Control Blocks
Safety Functions?
From the risk assessment
Overlapping of hazards (movement)?
Analysis of each moving system!
33 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Functional Safety of Machines
Contents
Motivation, Basics, Scope
Safety Standards and Laws
10 Steps to Performance Level
Risk Assessment – the important
FIRST STEP
34 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Functional Safety of Machines
10 Steps to Performance Level
1. Risk assessment and reduction
2. Identification of the
Safety Functions
3. Specification of the required PLr
4. Choice of System Architecture
(Category)
5. Modeling the System with
Block Diagram
6. Failure and Diagnose
7. Determination of PL
8. Evaluation of System Robustness
9. Software Requirements
10. Verification and Validation
35 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
1. Risk assessment and reduction Is there a C Standard for this machine? If yes, use this as a model.
Start
Is the Machinery safe?
no
yes
Determination of the limits of the machinery
Hazard identification
Risk estimation
Risk evaluation
Measures for risk reduction
Ris
k an
alys
is
Ris
k as
sess
men
t
End
36 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
1. Risk assessment and reduction
Risk reduction process according to ISO 12100
1. Avoidance by intrinsic design
2. Avoidance by safeguards
(protective devices)
3. Avoidance by information for use
Does the measure depend on a control system?
yes
Rest risks (new hazards)? Repeat risk assessment
no
Everything done?
Safety Function (SRP/CS) based on ISO 13849 Safety Function 2: Stop and avoidance of
unexpected start up (activated by
protective door)
Safety Function 1: Emergency Stop
37 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
2. Identification of the Safety Function
Earlier: Safety Reaction: Turn Off
Today: Safety Condition: SafeMotion
SDL: Safe Door Locking
STO: Safe Torque Off / Stop Category 0
SLS: Safety Limited Speed
SLP: Safety Limited Position
38 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
3. Specification of the required Performance Level
Example: If the function fails, a deadly accident could occur. The user needs less than once per work shift access to the machine. In case of failure, he is not able to avoid the hazard.
39 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
4. Choice of System Architecture (Category): PL d
40
Which components are relevant for
the Safety Function?
Which hazards (dangerous movement)
are there? Cylinder!
Which elements avoid this (stop the
movement)? Valve!
Who controls these elements?
Safety PLC!
What activates this function?
Sensor (Laser scanner)!
Who tests this function, how and
how often? Position Monitoring!
Support Elements/Safety Principles?
Temp., level, pressure, filter etc!
| 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
5. Modeling the System with Block Diagram
Source: BGIA-Report 2/2008
BIA Report 02 2008 (Chapter 8.2.15): Protective area monitored by Laser scanner with electro - hydraulic deactivation (stop) of the dangerous movement.
41
Connection of the blocks with each
other (backward analysis):
What does this element depend on?
Serial Connection (Dependency)
Who takes his function by a failure of
this element?
Parallel Connection (Redundancy)
| 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
5. Modeling the System with Block Diagram
Source: BGIA-Report 2/2008
1. Option (Channel 1) for Safe Stop
or
2. Option (Channel 2) for Safe Stop
Valve 1V5 stop,
which is controlled by PLC K1,
which is activated by Sensor F1!
with
Tests: Monitored by 1S3 (S1)
1V5
Channel 1
1S3 S1
Channel 2
Tests
K1 F1 1V3 1V4
F1a
F1b
K1a
K1b
SRP/CS1 SRP/CS2 SRP/CSc
42 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
6. Failure and Diagnostics Diagnostic Coverage (DC): Percentage of dangerous failure, which can be detected.
DC: Measure of the effectiveness of diagnostics, which may be determined as the ratio between the failure rate of detected dangerous failures (d,d) and the failure rate of total dangerous failures (d; λd = λd,u + λd,d)
Example of design possibilities:
dd, ud,
De
no
tatio
n
none: DC < 60% DC
ran
ge
low: 60% ≤ DC < 90%
medium: 90% ≤ DC < 99%
high: 99% ≤ DC
Measure Technology DC
Process (cyclic test) Fluid technique 0% ≤ DC < 99%
Cross monitoring between 2 channels Electronic DC = 99%
Indirect monitoring (e.g. pressure) Fluid technique 90% ≤ DC < 99%
Direct position monitoring Fluid technique DC = 99%
Integrated self-monitoring Safety on Board 90% ≤ DC ≤ 99%
43 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
7. Determination of Performance Level
Calculation of the Performance Level using the Software SISTEMA:
44 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
8. Evaluation of System Robustness Start
Category B?
no
yes
Measures against CCF
Basic safety principles
Well-tried safety principles
Well-tried components
8. E
valu
atio
n of
Sys
tem
Rob
ustn
ess
End
Category 1?
Category 2,3 or 4?
Man
ufac
ture
r sta
tem
ent:
appl
icab
ility
of
the
com
pone
nt fo
r saf
ety
func
tions
Measures against systematic failures
yes yes
no no
45 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
8. Robustness: Common Cause Failure (CCF)
CCF: Failures of different items, resulting from a single event, where these failures are not consequences of each other.
Measure against CCF Fluid technology Electronic Points Fulfilled?
Separation between
signal paths
Separation in piping
(e.g. in control blocks)
Clearance and creep age
distances between printed-
circuit boards
15
Diversity e.g. different valves e.g. different processors 20
Protection against over-
voltage, …
Design based on ISO 4413 or
ISO 4414 (pressure limiter
valve)
(e.g. air gap switch, power
supply) 15
Application of
well-tried components Application designer 5
FMEA in the
Development FMEA by the system design 5
Competence / Training Qualification measures (training) 5
Protection against
contamination and EMC Fluid quality
EMC testing (product
instructions, user) 25
other Influences (e.g.
temperature, shock)
Fulfillment of ISO 4413 or ISO
4414 and product specification
Environment conditions of
product specification 10
CCF Total Total of points (65 CCF 100):
46 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
8. Robustness: Safety Principles
Extract from ISO 13849-2:
Measures for the design (component and machine) and the operation
Basic Safety Principles
□ Use of de-energization principle
(e.g. central positioning by springs)
□ Pressure limitation
□ Speed limitation / speed reduction
□ Avoidance of fluid contamination
□ Proper range of switching time
□ Protection against unexpected start–up
□ Separation of the Energy
□ …
Well-Tried Safety Principles
□ Overdesign / Safety factor
□ Safe position
□ Use of well–tried spring
□ Speed limitation / speed reduction
□ Force limitation / force reduction
□ Monitoring of the condition of the fluid
□ Sufficient positive overlapping in
piston valves
□ ...
Legend: red = consideration by the selection of the valves; blue = information for machine user
47 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
9. Software Requirements
Safety-related application software? See requirements (Check-List)
Safety-related software specification Validation
System design
Integration tests
Module design
Module tests
Coding
Validation
Validated software
Specifi- cation
Result
Verification
48 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
9. Software Requirements
Safety-related application software? See requirements (Check-List)
Limited Variability Languages (like FBD or Ladder) simplify validation
49 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights..
10 Steps to Performance Level
10. Verification and Validation
10.a Verification of the reached Performance Level (PL PLr)
10.b Validation of the reached Performance Level (Machine builder)
Validation procedure according to ISO 13849-2
Check of implemented safety function
Creation of technical documentation
Design of the control system (Steps 4 to 9)
PL PLr
yes
no
Next safety function
Requirement: PLr (Steps 1 to 3)
PL
Safety Function “1” is ready!
50 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Further Information about Machine Safety
www.boschrexroth.com/SAFETY
264 page Handbook
in English
since May 2012!
E-Learning also available
in English!
ISBN-Number: 978-3-9814879-2-3
R961006998
51 | 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing,
distribution, as well as in the event of applications for industrial property rights.
Functional Safety of Machines
Contents
Motivation, Basics, Scope
Safety Standards and Laws
10 Steps to Performance Level
Risk Assessment – the important
FIRST STEP
52 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Functional Safety of Machines
Laws and Standards Landscape
ISO 12100:
Safety of machinery –
General principles for design –
Risk assessment and risk reduction
New version since March 2011
integrates the old versions:
ISO 14121
+ ISO 12100-1
+ ISO 12100-2
ISO 12100
53 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
ISO 12100
Machine Safety:
“The concept of safety of machinery considers the ability of a machine to
perform its intended function during its life cycle where risk has been
adequately reduced.”
Intended use:
“use of a machine in accordance with the information for use provided in the instructions”
Reasonably foreseeable misuse:
“use of a machine in a way not intended by the designer, but which can result from readily predictable human behavior”
54 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
Why documentation?
How do lawyers evaluate the quality of work
done by engineers?
As it would have been done by lawyers!
This means…
What is not documented, has not been
done!
So in case of an accident…
You should be able to show that you
have taken appropriate measures to
reduce the risk of all main hazards.
55 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
Who should do it? When?
Multidisciplinary Team!
Machine designers / development
Quality management
Sales
Service
Production
When?
Before the machine design
56 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
Regulations?
Which regulations apply to my product?
Directives
Laws
Standards
- Machine specific standard (type C)?
If yes, use it as template.
- Norm-Master by Bosch:
https://rb-normen.bosch.com/NormMaster/
Internal-Standards
- See intranet “Guidelines & Standards”
Which requirements do they have to produce?
Document requirements
57 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
component producer machine producer machine user
Collecting of relevant information
Developing functional requirements
document
Functional requirements
document of component with
specific safety requirements
Conception of components
Risk assessment
Risk reduction
Component production
Component
Product documentation for
user (machine manufacturer)
including specification
of residual risks
Type-C-Standard
Developing functional requirements document
Functional requirements document
with safety requirements from user statement
Machine conception
Risk assessment
Is the machine
sufficiently safe?
Risk reduction
•Inherent safety construction
•Protection
•User information
Machine production
Instruction manual with
specification of residual risks
Start
Need for a new machine with new risk
Provision of safety requirements
Protection measures for users
•Organisation
•Risk protection equipment
•Training Machine
Collecting relevant information
End
New machine is safety installed
58 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Functional Safety of Machines
10 Steps to Performance Level
1. Risk assessment and reduction
2. Identification of the
Safety Functions
3. Specification of the required PLr
4. Choice of System Architecture
(Category)
5. Modeling the System with
Block Diagram
6. Failure and Diagnose
7. Determination of PL
8. Evaluation of System Robustness
9. Software Requirements
10. Verification and Validation
59 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
1. Risk assessment and reduction Is there a C Standard for this machine? If yes, use this as a model.
Start
Is the Machinery safe?
no
yes
Determination of the limits of the machinery
Hazard identification
Risk estimation
Risk evaluation
Measures for risk reduction
Ris
k an
alys
is
Ris
k as
sess
men
t
End
60 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
10 Steps to Performance Level
1. Risk assessment and reduction
Risk reduction process according to ISO 12100
1. Avoidance by intrinsic design
2. Avoidance by safeguards
(protective devices)
3. Avoidance by information for use
Does the measure depend on a control system?
yes
Remaining risks (new hazards)? Repeat risk assessment
no
Everything done?
Safety Function (SRP/CS) based on ISO 13849 Safety Function 2: Stop and avoidance of
unexpected start up (activated by protective
door)
Safety Function 1: Emergency Stop
61 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
1.1 Determination of the limits of the machinery
Use limits
different machine operating modes use of the machinery:
- intended use
- reasonably foreseeable misuse
- misuse
users (skills, behavior etc.)
exposure of other persons to the hazards
Space limits
Dimensioning
Time limits (machine life cycle)
Transport, Assembly and Installation, Set-Up and Start-Up
Operation: normal, automatic => ISO 13849: Machine Lifetime = 20 years
Maintenance, recycling
Other limits
materials to be processed …
Operating Manual
62 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
1.1 Determination of the limits of the machinery
Hazard zone / danger zone
“any space within and/or around machinery in which a person can be exposed to a hazard”
TC
Y X B
Safety zone 2
Door 1
Door 2
ES1
ES2
MBA
Door 4
Z
S
Safety zone 1
Safety zone 3
63 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
1.2 Hazard identification
Human interaction during the whole life cycle of the machine, examples:
Teaching / programming
Feeding
Cleaning and housekeeping
Maintenance
Possible states of the machine, examples:
machine performs the intended function
machine has malfunctions
Unintended behavior of the operator or
reasonably foreseeable misuse of the machine, examples:
reflex behavior of a person in case of malfunction,
behavior resulting from pressures to keep the machine running in all
circumstances
64 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
1.2 Hazard
identification
Source: ISO 12100:2010
65 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
1.2 Hazard
identification
Source: ISO 12100:2010
66 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
“Risk” – The risk related to the considered hazard
is a function of
Severity of harm (S), that can result
from the considered hazard
The probability of occurrence of that
harm (K)
&
Exposure of a person / several
persons to the hazard (F)
The probability of occurrence of the
hazardous event (W)
The possibility to avoid or to limit
the harm (P)
Risk index ( R ) = S • K = S • (F + W + P)
1.3 Risk estimation
67 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
1.3 Risk estimation
Estimation of the probability of occurrence of given harm (Class K)
the exposure of person to the hazard (F): frequency and duration
the probability of occurrence of a hazardous event (W), and
the technical and human possibilities to avoid or limit the harm (P).
1 1 1 2 2 2 3 3 3 4 4 4 5 5 5
prob
able
poss
ible
impo
ssib
le
prob
able
poss
ible
impo
ssib
le
prob
able
poss
ible
impo
ssib
le
prob
able
poss
ible
impo
ssib
le
prob
able
poss
ible
impo
ssib
le
1 3 5 1 3 5 1 3 5 1 3 5 1 3 5
1 > 1 year 2 4 6 8 5 7 9 6 8 10 7 9 11 8 10 121 > 2 weeks to 1 year 3 5 7 9 6 8 10 7 9 11 8 10 12 9 11 13F > 1 day to 2 weeks 4 6 8 10 7 9 11 8 10 12 9 11 13 10 12 141 > 1 hour to 1 day 5 7 9 11 8 10 12 9 11 13 10 12 14 11 13 151 1 hour 5 7 9 11 8 10 12 9 11 13 10 12 14 11 13 15
1 > 1 year 1 3 5 7 4 6 8 5 7 9 6 8 10 7 9 111 > 2 weeks to 1 year 2 4 6 8 5 7 9 6 8 10 7 9 11 8 10 12F > 1 day to 2 weeks 3 5 7 9 6 8 10 7 9 11 8 10 12 9 11 131 > 1 hour to 1 day 4 6 8 10 7 9 11 8 10 12 9 11 13 10 12 141 1 hour 5 7 9 11 8 10 12 9 11 13 10 12 14 11 13 15
Class (K) = F + W + P
Probability of Occurrence (W)negligible rare possible probable frequent
Possibility to Avoid (P)
Frequency by Duration >10 minutes
Frequency by Duration <=10 minutes
68 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
1.3 Risk estimation
Estimation of the the severity of injuries or damage to health
(Severity S)
3 4 5 7 8 10 11 13 14 15
Dead, injury of an eye or arm 4 12 16 20 28 32 40 44 52 56 60
Permanent, injury of a finger 3 9 12 15 21 24 30 33 39 42 45
Reversibel, medical treatments 2 6 8 10 14 16 20 22 26 28 30
Reversibel, first aid 1 3 4 5 7 8 10 11 13 14 15
Class (K) = F + W + PRisk index (R) = S * K
Severity of Injury
(S)
69
3 4 5 7 8 10 11 13 14 15
Dead, injury of an eye or arm 4 12 16 20 28 32 40 44 52 56 60
Permanent, injury of a finger 3 9 12 15 21 24 30 33 39 42 45
Reversibel, medical treatments 2 6 8 10 14 16 20 22 26 28 30
Reversibel, first aid 1 3 4 5 7 8 10 11 13 14 15
Class (K) = F + W + PRisk index (R) = S * K
Severity of Injury
(S)
04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
1.4 Risk evaluation
Risk evaluation with recommendation of measures for risk reduction:
The risk evaluation is a team decision!
Important is to achieve an “Adequate risk reduction”
SIL PLr
SIL 3 eSIL 2 dSIL 1 c
- b- a
other measures or Safety Functionperharps orther measure or SF
Risk evaluation
according to Severity (S) and Class (K)
Colour Measure for Risk Reduction
needed, e.g. Safety Function (SF)needed, e.g. Safety Function (SF)needed, e.g. Safety Function (SF)
70 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
1.4 Risk evaluation
Adequate risk reduction (Criteria):
all operating conditions and all intervention procedures have been considered,
the hazards have been eliminated or risks reduced to the lowest practicable level,
any new hazards introduced by the protective measures have been properly
addressed,
users are sufficiently informed and warned about the residual risks
protective measures are compatible with one another,
sufficient consideration has been given to the consequences that can arise from the
use in a non-professional/non-industrial context of a machine designed for
professional/industrial use, and
the protective measures do not adversely affect the operator's working conditions or
the usability of the machine.
Comparison of risks
Comparison with similar machines or other type-C-Standards…
71 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
1.5 Risk reduction
1st Priority: Avoidance by intrinsic design
Inherently safe design measure: protective measure which either eliminates
hazards or reduces the risks associated with hazards by changing the design
or operating characteristics of the machine without the use of guards or protective
devices
This is because protective measures inherent to the characteristics of the
machine are likely to remain effective…
Object Before: Risk: Measure:
72 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
1.5 Risk reduction
1st Priority: Avoidance by intrinsic design
Ergonomic principles:
Ergonomic principles shall be taken into account in designing machinery so as
to reduce the mental or physical stress of, and strain on, the operator.
Pay attention!
Manipulation of the Machine Safety is quite often caused by machines
where the ergonomic principles have not been appropriated
implemented!
73 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
1.5 Risk reduction
2nd Priority: Avoidance by safeguards (protective devices)
Safeguard: “guard or protective device”
Guard: “physical barrier, designed as part of the machine to provide protection”
Fixed, movable, adjustable, interlocking
Protective device: “safeguard other than a guard“
Sensitive Protective Equipment (SPE): “equipment for detecting persons or
parts of persons which generates an appropriate signal to the control system to
reduce risk to the persons detected”
Safety function: “function of a machine whose failure can result in an immediate
increase of the risks”
Enabling device: “additional manually operated device used in conjunction with a
start control and which, when continuously actuated, allows a machine to function”
74 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
1.5 Risk reduction
3rd Priority: Avoidance by information for use
Where risks remain despite inherently safe
design measures, safeguarding and the
adoption of complementary protective measures,
the residual risks shall be identified
in the information for use.
operating procedures for the use of the machinery…
the recommended safe working practices…
sufficient information, including warning of residual risks…
recommended personal protective equipment…
Do not forget:
Operating Manual!
75 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Risk Assessment
1.5 Risk reduction
Risk reduction process according to ISO 12100
1. Avoidance by intrinsic design
2. Avoidance by safeguards
(protective devices)
3. Avoidance by information for use
Does the measure depend on a control system?
yes
Rest risks (new hazards)?
Repeat risk assessment
no
Everything done?
Safety Function (SRP/CS) based on ISO 13849 Safety Function 2: Stop and avoidance of
unexpected start up (activated by protective
door)
Safety Function 1: Emergency Stop
76 04/15/2014 | DCUS/SPF11 Gary Thrall | © Bosch Rexroth AG 2014. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution,
as well as in the event of applications for industrial property rights.
Functional Safety of Machines
Thank you for your attention!
Bosch Rexroth
Securing Your Future!
Recommended