-
Safety Integrity Level SILPerformance Level PL
Safety and availabilityof machinery.
Safety Integrity Level SILPerformance Level PL
ww
w.if
m.c
om
/gb
/saf
eSa
fety
Tec
hn
olo
gy
fluid sensorsand diagnostic
systems
bus,identification
and control systems
positionsensors
and objectrecognition
-
For industrialapplications
The EC Machinery Directive stip -ulates machinery should
notpresent a risk risk assessmentto EN 1050 and EN ISO
14121-1.Since there is no zero risk, theaim is to achieve an
acceptableresidual risk. If safety is depend -ent on control
systems, thesemust be designed so as to mini-mise malfunction.
Safety-related parts of machinecontrol systems used to
bedesigned to EN 954-1. This wasbased on the calculated risk(formed
in categories). The aimwas to set an appropriate be -haviour
(control category)against a category.
New electronics, above all theprogrammable controllers, couldnot
be measured in terms of thesimple category system found inEN 954-1.
Test interval, lifetimeand probability of failure were,for example,
not considered inthe old standard.
Help is now available fromEN 62061 and EN ISO 13849-1,
thesuccessor standard of EN 954-1.
The classification is made eitherin the Safety Integrity
Level(SIL 1-3 in EN 62061) or in thePerformance Level (PL a-e in EN
ISO 13849-1).
Safety,risk
Analysingrisk
Assessing availabilityand reliability
Step by step to safety Step 1Risk assessment toEN 1050 / EN ISO
14121-1
Without any protective measures arisk will lead to harm.
Therefore thedesigner has to assess the risk asbelow:
establish the limits and theintended use of the machinery
identify any hazardous situations
assess the risk for each hazardidentified
estimate the risk and decide on theneed for risk reduction
Availability,reliability
Machine
-
4. Does application software have to becertified? If yes, to
what standard?
3. Is there a PFH value for componentsthat are subject to
wear?
No. The MTTF is a mathematical average valueof the time to
failure. For electronic systems 63 % failed from the statistical
point of viewafter the time t = MTTF.
2. Does the MTTF indicate the guaranteedlifetime?
PFH: Probability of failure per hour(average probability of a
dangerous failure perhour)
1. Is there an analogy between PL and SIL?
SRECSSafety-related electrical / electronic controlsystem
SRP / CSSafety-related part of a control system
CCFCommon cause failure
DCavgAverage diagnostic coverage (relationshipbetween the
failure rate of the noticeddangerous failures and the failure rate
of thetotal dangerous failures)
MTTFd Mean time to dangerous failureAverage (statistical) time
(expectation) todangerous failure (EN ISO 13849)
PFH / PFHdAverage probability of a dangerous failure perhour
(corresponds to a [failure] rate ofdangerous failures) (IEC 61508 /
EN 62061)
SFFSafe failure fraction(IEC 61508 / EN 62061)
PLAbility of safety-related parts to perform asafety function
under foreseeable conditionsto achieve the expected risk
reduction(EN ISO 13849)
PLrRequired performance level for each safetyfunction SF (e.g.
from risk graph)
SILSafety integrity level
SILCLSIL claim limit (suitability)(e.g. for a subsystem ->
sensor)
T1 (Test interval)Interval of the repetition test or mission
time(in hours)(IEC 61508/ EN 62061)
TM (mission time)Mission time (EN ISO 13849-1)
RiskThe product of probability of occurrence ofthe damage and
the extent of damage
Risk reductionReduction of the hazard by using systems
ororganisation methods
Residual riskThe residual risk is the hazard remaining evenafter
all safety measures theoretically possiblehave been taken.
B10dThe B10d value for components subject towear is expressed in
the number of cycles:This is the number of cycles during which10 %
of the specimen failed dangerously inthe course of a lifetime
test.
MTBF Mean Time Between FailuresThe average (statistical) time
(expectation)between two failures
MTTF Mean Time To FailuresThe average (statistical) time
(expectation) tofailure
MTTR Mean Time To RepairThe average repair time (always
considerablysmaller than MTTF)
Availability (A)The availability is the probability to find
arepairable item at a defined point of time t inthe functional
state
Terms and abbreviations functional safety
Terms and abbreviations reliability / availability
Reliability (function) R(t)The reliability function R(t)
(survival probabili-ty) is the probability that an item is
functionalin an assessment period (0...t)
Probability of failure F(t)The probability of failure F(t) is
the comple-ment of the reliability function R(t)
d stands for dangerous, the MTTFddescribes the mean
(statistical) time to adangerous failure.
5. What does the letter d mean onMTTFd?
No. There is no mandatory certification /approval for either
standard. There may,however, be mandatory certification/approvalfor
Annex IV-machines. Requirements forsoftware production can be found
in bothEN 62061 and EN ISO 13849-1.
The user can calculate a PFH value for wearingcomponents using
the B10d value in relationto the number of duty cycles.
A relationship between PL and SIL can beestablished through the
PFH value.
PLPerformance
Level(EN ISO
13849-1)
Average probabilityof a dangerousfailure per hour
SIL toEN 62061
a
b
c
d
e
10-5 PFH < 10-4
310-6 PFH < 10-5
10-6 PFH < 310-6
10-7 PFH < 10-6
10-8 PFH < 10-7
SIL1
SIL1
SIL2
SIL3
Frequently asked questions
6. What difference is there betweenreliability and
safety?Reliability: Total of characteristics referring tothe
suitability for fulfilling the requirements atgiven conditions for
a given time interval.Safety: Circumstances under which the risk
isnot greater than the limit risk, include theability not to cause
or not to let occur any riskfor a given period of time within
definedlimits.7. Are safety modules required for theoperation of
machinery / plant?No. Standard components may be used forthe
operation of machinery / plant.
-
This standard may be applied tosafety-related parts of
controlsystems and all types of machineryregardless of the type of
technologyand energy used (electrical, pneu -matic, hydraulic,
mechanical, etc).
This standard is to be applied to safety-related electrical,
electronic andprogrammable control systems formachines.
EN 62061:
Step 2Defining the measures requiredto reduce the calculated
risks
The objective is to reduce risk asmuch as possible, taking
variousfactors into account.
safety of the machine in all phasesof its mission time
ability of the machine to performits function
user friendliness of the machine
Only then shall the machines manu-facturing, operating and
disassemblycosts be taken into consideration.
The hazard analysis and the riskreduction process require
hazards tobe eliminated or reduced through ahierarchy of
measures:
hazard elimination or risk reductionthrough design
risk reduction through protectiondevices and additional
protectivemeasures
risk reduction through the avail-ability of user information
aboutresidual risk
Step 3Risk reduction through controlmeasures
If the risk is to be reduced by takingcontrol measures, the
design ofsafety-relevant control units is anintegral part of the
whole designprocedure for the machine.
The safety-relevant control systemwill provide the safety
function(s)with a SIL or PL which achieves thenecessary risk
reduction.
Step 4Implementation of controlmeasures using
EN ISO 13849-1:
ifm electronic provides characteristicvalues (MTTF, MTBF) for
thecalculation of reliability / availabilityof electronic
systems:
MTBF;MTTF;MTTR;Availability (A)
A = MTTFMTBF
Reliability (function) R(t)
Probability of failure F(t)
Requirement ofthe requested SIL
Determination ofthe required PLr
Extent ofinjury
S
Consequences
Death, losing an eye or arm 4
3
2
1
Permanent, losing fingers
Reversible, medical attention
Reversible, first aid
EN 62061
serious (normally irreversible) injury
Severity of injury
S
Frequency and / or exposure to a hazard
F
Possibility of avoiding the hazardor limiting the harm
P
slight (normally reversible) injury S1
S2
frequent to continuous and /or the exposure time is long
seldom to less often and /or the exposure time is short F1
F2
scarcely possible
possible under specific circumstances P1
P2
Operating and maintenance units o
condition of anitem
functional
not functional
MTTFoperating
time 1
MTTRrepairtime 1
MTBF1
~0.37 t
R(t)
1/ = MTTF
(t)= = constant
1
t
F(t)
-
ab
c
d
e
P1
P2
P1
P2
P1
P2
P1
P2
F1
F2
F1
F2
S1
S2
starting point forthe assessment ofthe risk reduction
req
uir
ed p
erfo
rman
cele
vel (
PLr)
Frequency and / orexposure to a hazard
F
Probability ofhazardous event
W
Probability ofavoidance
P
1 h
> 1 h to 1 day
> 1 day to 2 wks
> 2 wks to 1 year
> 1 year
very high
likely
possible
rarely
negligible
impossible
possible
likely
5
5
4
3
2
5
4
3
2
1
5
3
1
Class C = C + W + P
SIL2
other measures
SIL2 SIL2
SIL1
SIL3
SIL2
SIL1
SIL3
SIL3
SIL2
SIL1
3-4 5-7 8-10 11-13 14-15
EN ISO 13849-1
Step 5Determination of the achievedperformance level, selection
ofthe subsystems
The PL or SIL(cl) shall be estimated foreach selected SRP/CS and
SRECSand / or combination of SRP/CS andSRECS that perform a
safetyfunction.
Step 6Validation / verification
Verification if the selected unitsor systems meet the
requirementsdefined in the system design.
ifm evaluationunitsifm safetycontroller
fail-safeinductiveifm sensors
AS-iSafety at Work
SRECS or SRP/CS
detection processing switching
ifm sensors forindustrial applications
of an item
operatingtime 2
repairtime 2
operatingtime 3
repairtime 3
t
Sensor Logic Actuator
-
ifm a
rtic
le n
o. 7
5113
14
We
rese
rve
the
right
to
mak
e te
chni
cal a
ltera
tions
with
out
prio
r no
tice.
Pr
inte
d in
Ger
man
y on
non
-chl
orin
e bl
each
ed p
aper
. 11/
08
Over 70 locations worldwide at a glance atwww.ifm.com
visit our website:
www.ifm.com
Position sensorsand object recognitionInductive
sensorsCapacitive sensorsMagnetic sensors,cylinder sensorsSafety
technologyValve sensorsPhotoelectric sensorsObject
recognitionEncodersEvaluation systems,power suppliesConnection
technology
Fluid sensorsand diagnostic systemsLevel sensorsFlow
sensorsPressure sensorsTemperature sensorsDiagnostic
systemsEvaluation systems,power suppliesConnection technology
Bus systemsBus system AS-InterfacePower suppliesConnection
technology
Identification systemsMulticode reading systemsRF-identification
systemsPower suppliesConnection technology
Control systemsControl systemsfor mobile vehiclesConnection
technology
Overview ifm main catalogues:
ifm electronic gmbhTeichstrae 445127 EssenTel. +49 / 0201 / 2 42
20Fax +49 / 0201 / 2 42 22 00E-Mail: [email protected]
