Detailed comparison of AS4024 and ISO13849-1. Measuring compliance against each standard True to life examples of managing, assessing and achieving compliance of a typical automated control system - PowerPoint PPT Presentation
16
Schneider Electric – Essentials of Safety – June 2010 1 Detailed comparison of AS4024 and ISO13849-1 Measuring compliance against each standard True to life examples of managing, assessing and achieving compliance of a typical automated control system Prepared scenario allowing students to assess, design and validate a safety system, while applying legal and regulatory framework, reasonably practicable concepts, hierarchy of control, and standards Sistema Workshop – Guided examples of how to use software evaluation tool for functional safety on machines. Includes 4 or more examples as time permits.
Transcript
Schneider Electric – Essentials of Safety – June 2010 1
Detailed comparison of AS4024 and ISO13849-1
Measuring compliance against each standard True to life examples of managing, assessing and achieving compliance of a typical automated control system Prepared scenario allowing students to assess, design and validate a safety system, while applying legal and regulatory framework, reasonably practicable concepts, hierarchy of control, and standards Sistema Workshop – Guided examples of how to use software evaluation tool for functional safety on machines. Includes 4 or more examples as time permits.
Schneider Electric – Essentials of Safety – June 2010 2
Agenda
●What are Performance Levels?●How are they calculated?●Why is this better or worse than Categories (AS4024)?●Who is using PL?
Schneider Electric – Essentials of Safety – June 2010 3
Category (Fault Tolerance)
DCavg (Fault Detection)
MTTFd (Reliability)
CCF (Avoidance)
Performance Level
PLa - PLe
Airbags (Fault Tolerance)
ABS(Fault Detection)
Crumple Zones (Reliability)
Stability Control (Avoidance)
ANCAP Star Rating
What are Performance Levels?
Ray Wright
I don't quite see CCF as 'Avoidance', but can't think of another word yet
Schneider Electric – Essentials of Safety – June 2010 4
Schneider Electric – Essentials of Safety – June 2010 5
Functional Safety
●Evolution not revolution●Still one common failure cause – human error
Schneider Electric – Essentials of Safety – June 2010 6
●Performance Level is the quality of the safety implementation measured as Probability of Dangerous Failures per Hour (PFH)
●Eg: PL d = 0.0000001 to 0.000001 dangerous failures per hour OR one failure every 3000 years.
Ray Wright
PL d ~ 100-1000 yearsAssuming 10000 hrs / yr
Schneider Electric – Essentials of Safety – June 2010 7
Category (Fault Tolerance)
DCavg (Fault Detection)
MTTFd (Reliability)
CCF (Avoidance)
Performance Level
Quantitive measure of level of safety
Schneider Electric – Essentials of Safety – June 2010 8
PLr
PL
Risk Assessment
Schneider Electric – Essentials of Safety – June 2010 9
Categories
Structure Category
Single-channel without testing
B and 1
Single-channel with testing 2
Two-channel with low level of testing
3
Two-channel with high level of testing
4
Designated architectures describe structures which have already been analysed, upon which the models and analysis rules of the standard are based.
Schneider Electric – Essentials of Safety – June 2010 10
Diagnostic Coverage
Description Range
None DC < 60%
Low 60% <= DC < 90%
Medium 90% <= DC < 99%
High 99% <= DC
Ray Wright
DC is the percentage of dangerous faults detected by diagnostics.DC = Lambda d det / Lambda d total
Schneider Electric – Essentials of Safety – June 2010 11
Schneider Electric – Essentials of Safety – June 2010 12
MTTFd● The mean time to dangerous failure (MTTFd) is a mean value for the duration of
operation before a component fails in a manner which gives rise to a dangerous situation. Its value is based upon data for the frequency of failures within a specified period of time, and can be calculated from the reciprocal of the failure rate (dangerous failures [FIT]). The MTTFd enables the (finite) reliability of individual subsystems, blocks and elements to be quantified and their behaviour predicted under the influence of the forces typically encountered in use.
● For the purpose of simplification, the MTTFd has been divided into the ranges low, medium and high.
B10d● Alternatively (for example in the case of pneumatic and electromechanical
components), the MTTFd value of elements can be determined from the B10d value and the number of cycles per year (nop). The quotient B10d/nop, also referred to as T10d, describes the mean time which passes before 10% of the components have failed in a dangerous manner. This value limits the operating time of the element. Ensure therefore that this value is not lower than that of 20 years specified in the standard
Ray Wright
MTTFd ... fails in a manner which inhibits the operation of the safety function.
Schneider Electric – Essentials of Safety – June 2010 13
CCF
● CCF (common cause failure) describes failures of a control system of redundant design which are attributable to a common cause (e.g. contamination, electromagnetic interference, heat, etc.). Such failures are relevant only on two-channel subsystems (as in Category 2, 3 or 4).
● The standard provides a pragmatic, points-based method for the quantitative assessment of measures against CCF
Schneider Electric – Essentials of Safety – June 2010 14
CCF Measures
Schneider Electric – Essentials of Safety – June 2010 15
Mission Time
●The mission time refers to the period which limits the operating time of a component for its intended use. The actual operating time of a component should never exceed the mission time. Ensure that the component is replaced in time.
Schneider Electric – Essentials of Safety – June 2010 16
Simplified SIL?
Typical SIL Determination
Ray Wright
Something is ringining alarm bells on the calculation for a single channel, when the diagram shows inputs and outputs are common to the channels. Hmm ...Where is D2? and what does it represent?
