安全標(biāo)準(zhǔn)相關(guān)說(shuō)明

功能平安

－新標(biāo)準(zhǔn)理論和實(shí)踐ENISO13849-1Agenda關(guān)于標(biāo)準(zhǔn)的當(dāng)前狀態(tài)ISO13849-1定義應(yīng)用設(shè)計(jì)過(guò)程ISO13849-1和IEC62061的比較/Name/Department/DateAgenda關(guān)于標(biāo)準(zhǔn)的當(dāng)前狀態(tài)ISO13849-1定義應(yīng)用設(shè)計(jì)過(guò)程ISO13849-1和IEC62061的比較/Name/Department/Date關(guān)于標(biāo)準(zhǔn)的當(dāng)前狀態(tài)平安標(biāo)準(zhǔn)－控制系統(tǒng)與平安相關(guān)局部EN954-1和機(jī)械指令相一致，用于CE認(rèn)證應(yīng)用在電氣機(jī)械系統(tǒng)、水壓系統(tǒng)……IEC61508和機(jī)械指令不一致定義了電子系統(tǒng)執(zhí)行平安功能任務(wù)的需求反映了技術(shù)開(kāi)展水平/Name/Department/DateEN954-1存在的問(wèn)題沒(méi)有覆蓋復(fù)雜的電子系統(tǒng)可編程電子系統(tǒng)μC單片機(jī)和ASICs系統(tǒng)的故障模式?jīng)]有關(guān)注平安功能的復(fù)雜性沒(méi)有涉及系統(tǒng)故障概率的要求平安等級(jí)劃分不明確B1234關(guān)于標(biāo)準(zhǔn)的當(dāng)前狀態(tài)/Name/Department/Date功能平安標(biāo)準(zhǔn)IEC61508:1999系統(tǒng)與平安相關(guān)的電氣、電子、可編程電子系統(tǒng)E/E/PE的功能平安Generic:IndependentofApplicationEN954-1/-2:1996機(jī)器安全機(jī)器安全–控制系統(tǒng)與安全相關(guān)的部分ENISO13849-1:2007機(jī)器安全–控制系統(tǒng)與安全相關(guān)的部分(SRPCS)IEC/EN62061:2005機(jī)器安全–控制系統(tǒng)與安全相關(guān)的電氣、電子、可編程電子系統(tǒng)E/E/PE的功能安全機(jī)器安全協(xié)調(diào)標(biāo)準(zhǔn)/Name/Department/Date為什么需要功能平安?過(guò)去，平安標(biāo)準(zhǔn)采取的是定性評(píng)估方法，但是現(xiàn)在：控制系統(tǒng)變得越來(lái)越復(fù)雜大多數(shù)的平安控制系統(tǒng)采用了復(fù)雜的零部件行業(yè)需要平安設(shè)計(jì)，以減少風(fēng)險(xiǎn),降低傷害,保護(hù)—人、設(shè)備、加工材料……設(shè)計(jì)人員希望標(biāo)準(zhǔn)有利于應(yīng)用，不要受標(biāo)準(zhǔn)的約束系統(tǒng)需求—減少系統(tǒng)故障/Name/Department/Date監(jiān)控系統(tǒng)的平安功能依賴于系統(tǒng)或設(shè)備在操作條件下正確的輸入信號(hào)“功能平安“確保：在正常條件下在故障條件下平安功能不喪失！“功能平安〞和“電氣平安〞是不同的！電氣平安是保護(hù)免受觸電關(guān)于標(biāo)準(zhǔn)的當(dāng)前狀態(tài)/Name/Department/Date依賴于風(fēng)險(xiǎn)、故障概率的描述平安等級(jí)B,1,2,3,4平安等級(jí)確定的和風(fēng)險(xiǎn)之間的關(guān)系不明確現(xiàn)在:SIL(SafetyIntegrityLevel)/PL(PerformanceLevel)是一種定性評(píng)估的方法明確了與風(fēng)險(xiǎn)之間的關(guān)系系統(tǒng)故障評(píng)估的方法B1234關(guān)于標(biāo)準(zhǔn)的當(dāng)前狀態(tài)/Name/Department/Date功能平安標(biāo)準(zhǔn)DINENISO13849-1和2007年5月8日公報(bào)EC機(jī)械指令相一致將取代EN954-1，2021年12月29日將正式生效覆蓋了氣壓系統(tǒng)、水壓系統(tǒng)和機(jī)械平安控制系統(tǒng)至高性能PerformanceLevel等級(jí)“e〞(類似于SIL(1～3)MTTFd、DC、CCFDINENISO13849-1/Name/Department/DateAgenda關(guān)于標(biāo)準(zhǔn)的當(dāng)前狀態(tài)ISO13849-1定義應(yīng)用設(shè)計(jì)過(guò)程ISO13849-1和IEC62061的比較/Name/Department/Date定義

PerformanceLevel(PL) 控制系統(tǒng)執(zhí)行平安功能的能力,以每小時(shí)發(fā)生危險(xiǎn)故障的概率表示10-410-53x10-610-610-710-8abcde低風(fēng)險(xiǎn)高風(fēng)險(xiǎn)/Name/Department/Date定義PLDINENISO13849-1EN954-1

B1423

平均無(wú)危險(xiǎn)故障時(shí)間：MTTFd系統(tǒng)診斷檢測(cè)范圍：DC共因故障預(yù)防與控制：CCFISOEN13849-1PLrabecd=+/Name/Department/Date平均無(wú)危險(xiǎn)故障時(shí)間MTTFdDINENISO13849-1lowmiddlehigh時(shí)間(年)100年30

年10年3年Source:BGIAreport

Notacceptable定義/Name/Department/Date平均無(wú)危險(xiǎn)故障時(shí)間MTTFd是統(tǒng)計(jì)值,不是可以保證的壽命值分成3種等級(jí):此值如果低于3,是不能接受的DINENISO13849-1MTTFd等級(jí)范圍低3～10年中10～30年高30～100年定義/Name/Department/Date系統(tǒng)診斷檢測(cè)范圍DC通過(guò)所有的在線測(cè)試和診斷結(jié)果識(shí)別DC值來(lái)自于制造廠商或參見(jiàn)標(biāo)準(zhǔn)的表格附件E同樣,也可以根據(jù)評(píng)估DINENISO13849-1DC等級(jí)DC值無(wú)DC<60%低60%≤DC<90%中90%≤DC<99%高99%≤DC定義/Name/Department/Date系統(tǒng)診斷檢測(cè)范圍DC參考值DINENISO13849-1部件措施DC傳感器通過(guò)改變輸入信號(hào)，反復(fù)測(cè)試90%邏輯部件簡(jiǎn)單的定時(shí)監(jiān)視，例如：看門狗監(jiān)視60%輸出部件直接監(jiān)視，例如：停止監(jiān)視99%繼電器/接觸器通過(guò)觸點(diǎn)機(jī)械聯(lián)動(dòng)測(cè)試99%定義/Name/Department/Date共因故障預(yù)防與控制CCF多結(jié)構(gòu)通道,用于防止由于相同的原因?qū)е碌墓收?CCF-commoncausefailures)此措施文件參見(jiàn)附件F表格DINENISO13849-1通道2故障通道1故障CCF定義/Name/Department/DateCCF值計(jì)算DINENISO13849-1方法分值從物理上將信號(hào)通道隔開(kāi):配線隔開(kāi),PCB板上足夠的空間,保證足夠的爬電距離15采用不同的技術(shù)/設(shè)計(jì)/物理特性,例如:第一個(gè)通道采用可編程電子系統(tǒng),第二個(gè)通道采用硬接線20采用過(guò)電壓保護(hù),過(guò)電流保護(hù),過(guò)壓力保護(hù)措施15采用可靠的零部件5設(shè)計(jì)過(guò)程中考慮FMEA失效模式和影響分析,以防止共因故障CCF5設(shè)計(jì)人員/維護(hù)人員都經(jīng)過(guò)培訓(xùn),明白共因故障CCF的原因和后果5依照標(biāo)準(zhǔn),考慮了外部污染防護(hù)和電磁兼容性(EMC),以防止共因故障25其它影響:對(duì)所有和環(huán)境相關(guān)的需求,例如:溫度,震動(dòng),潮濕……10定義/Name/Department/DateAgenda關(guān)于標(biāo)準(zhǔn)的當(dāng)前狀態(tài)ISO13849-1定義應(yīng)用設(shè)計(jì)過(guò)程ISO13849-1和IEC62061的比較/Name/Department/DateISO13849-1應(yīng)用平安功能設(shè)計(jì)DINENISO13849-1此機(jī)器安全嗎？結(jié)束風(fēng)險(xiǎn)降低方法：設(shè)計(jì)安全防護(hù)使用者有足夠的知識(shí)安全防護(hù)是依靠控制系統(tǒng)嗎？控制系統(tǒng)與安全相關(guān)部分(SRP/CS)設(shè)計(jì)標(biāo)準(zhǔn)是否有其它危險(xiǎn)？否否是是NoISO13849-1/Name/Department/DateYesYesIdentificationofthesafetyfunctionthatshouldbeexecutedbythecontrolDeterminetypeofsafetyfunctione.g.Stop,InhibitStart,Muting…DetermineRequiredPerformanceLevel(Riskgraph)=>PLrDesignthesafetyrelatedpartofthecontrolsystemCalculatetheachievedPerformanceLevel=>PLPL>PLr?ValidationAllsafetyfunctionsanalyzed?YesNoNoNo對(duì)于每一個(gè)平安功能ISO13849-1應(yīng)用SafeConstructionDINENISO13849-1/Name/Department/DateAgenda關(guān)于標(biāo)準(zhǔn)的當(dāng)前狀態(tài)ISO13849-1定義應(yīng)用設(shè)計(jì)過(guò)程ISO13849-1和IEC62061的比較/Name/Department/Date設(shè)計(jì)過(guò)程平安功能設(shè)計(jì)方法：PL等級(jí)定確定設(shè)計(jì)和技術(shù)確認(rèn)PL等級(jí)確認(rèn)

PL≥PLr?控制系統(tǒng)確認(rèn)，是否所有要求都符合？DINENISO13849-1/Name/Department/DatePL定義風(fēng)險(xiǎn)評(píng)估圖DINENISO13849-1abcde低風(fēng)險(xiǎn)P1P2P1P1P1P2P2P2F1F2F1F2S1S2Start高風(fēng)險(xiǎn)S=傷害的嚴(yán)重性S1:輕微的,S2:嚴(yán)重的,不可恢復(fù)的F=風(fēng)險(xiǎn)發(fā)生的頻率或暴露的時(shí)間F1:很少,F2:頻繁P=防止風(fēng)險(xiǎn)的可能性P1:可能,P2:幾乎不可能/Name/Department/Date設(shè)計(jì)過(guò)程平安功能設(shè)計(jì)方法：PL等級(jí)定確定設(shè)計(jì)和技術(shù)確認(rèn)PL等級(jí)確認(rèn)

PL≥PLr?控制系統(tǒng)確認(rèn)，是否所有要求都符合？DINENISO13849-1/Name/Department/Date功能平安設(shè)計(jì)等級(jí)B～4EN954-1指定的結(jié)構(gòu)(結(jié)構(gòu)圖)根據(jù)需要到達(dá)的PLr等級(jí)選擇適宜的結(jié)構(gòu)等級(jí)對(duì)應(yīng)關(guān)系一覽:ISO13849-1標(biāo)準(zhǔn)中沒(méi)有其它的對(duì)應(yīng)關(guān)系!DINENISO13849-1B1234PLa-bca-da-ee/Name/Department/Date等級(jí)B～4根據(jù)需要到達(dá)的PLr等級(jí)選擇適宜的結(jié)構(gòu)DINENISO13849-1功能平安設(shè)計(jì)MTTFd=低MTTFd=中MTTFd=高abcdePLCat.BCat.1Cat.2Cat.2Cat.3Cat.3Cat.4DC無(wú)DC無(wú)DC低DC中DC高DC低DC中/Name/Department/DateInputLogicOutput傳感器平安輸入設(shè)備電源控制設(shè)備平安輸出設(shè)備邏輯處理設(shè)備平安控制設(shè)備平安功能設(shè)計(jì)

控制系統(tǒng)與平安相關(guān)的局部/Name/Department/Date平安防護(hù)裝置

平安傳感器(輸入)急停按鈕電磁門開(kāi)關(guān)雙手控制按鈕平安光柵/Name/Department/Date平安繼電器總線控制器平安防護(hù)裝置

平安控制局部(邏輯)/Name/Department/Date聯(lián)動(dòng)裝置接觸器AC驅(qū)動(dòng)ELR固態(tài)接觸器平安防護(hù)裝置

平安輸出局部(輸出)/Name/Department/Date等級(jí)B系統(tǒng)組件:I:輸入,傳感器L:邏輯,控制設(shè)備O:輸出,(馬達(dá)-)開(kāi)關(guān)Im:相連線定義ILOImImDINENISO13849-1MTTFd低–中DC--CCF--/Name/Department/Date系統(tǒng)結(jié)構(gòu)等級(jí)B按照相關(guān)標(biāo)準(zhǔn)設(shè)計(jì)應(yīng)用根本平安原理在指定的操作條件下使用系統(tǒng)可容許故障=0一個(gè)故障發(fā)生會(huì)導(dǎo)致平安功能的喪失！主要通過(guò)選擇比較好的零部件至高可到達(dá):PLmax=bDINENISO13849-1/Name/Department/DateILOImImDINENISO13849-1MTTFd高DC--CCF--定義等級(jí)1系統(tǒng)組件:I:輸入,傳感器L:邏輯,控制設(shè)備O:輸出,(馬達(dá)-)開(kāi)關(guān)Im:相連線/Name/Department/Date系統(tǒng)結(jié)構(gòu)等級(jí)1滿足等級(jí)B的要求設(shè)計(jì)時(shí)使用比較好的零部件，以及使用平安設(shè)計(jì)原那么(參見(jiàn)ISO13849-2)系統(tǒng)可容許故障=0一個(gè)故障發(fā)生會(huì)導(dǎo)致平安功能的喪失！〔但概率比等級(jí)B要低〕主要通過(guò)選擇比較好的零部件至高可到達(dá):PLmax=cDINENISO13849-1/Name/Department/Date等級(jí)2系統(tǒng)組件:TE:測(cè)試設(shè)備OTE:測(cè)試設(shè)備輸出局部ILOImImTEOTEImmDINENISO13849-1MTTFd低–高DC低、中CCF滿足定義/Name/Department/Date系統(tǒng)結(jié)構(gòu)等級(jí)2滿足等級(jí)B的要求使用平安設(shè)計(jì)原那么(參見(jiàn)ISO13849-2)平安功能必須在合理的時(shí)間間隔之間進(jìn)行檢測(cè)設(shè)備啟動(dòng)時(shí)優(yōu)先于任何危險(xiǎn)情況DINENISO13849-1/Name/Department/Date系統(tǒng)結(jié)構(gòu)等級(jí)2系統(tǒng)可容許故障=0在兩個(gè)測(cè)試周期之間，一個(gè)故障可能導(dǎo)致平安功能的喪失！然而，周期性的測(cè)試可以發(fā)現(xiàn)這個(gè)故障。主要通過(guò)結(jié)構(gòu)設(shè)計(jì)至高可到達(dá):PLmax=dDINENISO13849-1/Name/Department/Date等級(jí)3I1L1O1ImcI2L2O2ImImmImmDINENISO13849-1MTTFd低–高DC低、中CCF滿足定義/Name/Department/Date系統(tǒng)結(jié)構(gòu)等級(jí)3滿足等級(jí)B的要求使用平安設(shè)計(jì)原那么(參見(jiàn)ISO13849-2)系統(tǒng)可容許故障=1當(dāng)一個(gè)故障發(fā)生時(shí)，平安功能仍然保持；一些，但不是所有的故障都能被發(fā)現(xiàn)；未檢測(cè)到的故障累計(jì)起來(lái)可能導(dǎo)致平安功能的喪失！主要通過(guò)結(jié)構(gòu)設(shè)計(jì)至高可到達(dá):PLmax=eDINENISO13849-1/Name/Department/Date等級(jí)4I1L1O1ImcI2L2O2ImImmImmDINENISO13849-1MTTFd高DC高CCF滿足定義/Name/Department/Date系統(tǒng)結(jié)構(gòu)等級(jí)4滿足等級(jí)B的要求使用平安設(shè)計(jì)原那么(參見(jiàn)ISO13849-2)系統(tǒng)可容許故障=1一個(gè)故障不會(huì)導(dǎo)致平安功能的喪失！在下一個(gè)命令發(fā)生的時(shí)候或之前〔例如：接通或機(jī)器操作周期結(jié)束〕，這個(gè)故障會(huì)被發(fā)現(xiàn)，如果Thesinglefaultisdetectedatorbeforethenextdemanduponthesafetyfunctions,e.g.immediately,atswitchon,oratendofamachineoperatingcycle如果沒(méi)有發(fā)現(xiàn)，累計(jì)故障也不會(huì)導(dǎo)致平安功能的喪失！主要通過(guò)結(jié)構(gòu)設(shè)計(jì)至高可到達(dá):PLmax=eDINENISO13849-1/Name/Department/Date系統(tǒng)結(jié)構(gòu)對(duì)于電子系統(tǒng)，此標(biāo)準(zhǔn)適用于需要執(zhí)行以下要求中的一種：性能等級(jí)PLr=“a〞或“b〞通過(guò)在故障條件下其特點(diǎn)已經(jīng)有明確定義的硬件，執(zhí)行平安功能可編程電子系統(tǒng)最高PLr等級(jí)為“d〞例如：監(jiān)視最高PLr“d〞平安功能通過(guò)不同的可編程電子系統(tǒng)執(zhí)行不同的應(yīng)用軟件、操作系統(tǒng)或硬件與平安相關(guān)的局部(包括軟件)需要執(zhí)行適宜的標(biāo)準(zhǔn)(e.g.IEC61508)DINENISO13849-1/Name/Department/Date軟件軟件要求Alllifecycleactivitiesofsafety-relatedembeddedorapplicationsoftwareshallprimarilyconsidertheavoidanceoffaultsintroducedduringthesoftwarelifecycle.Themainobjectiveofrequirementsistohavereadable,understandable,testableandmaintainablesoftware.DINENISO13849-1/Name/Department/Date軟件軟件類型內(nèi)置軟件硬件、

操作系統(tǒng)應(yīng)用軟件某種類型機(jī)械設(shè)備特殊控制軟件參數(shù)參數(shù)配置的軟件DINENISO13849-1/Name/Department/Date軟件軟件平安需求軟件平安生命周期V模型DINENISO13849-1技術(shù)標(biāo)準(zhǔn)系統(tǒng)設(shè)計(jì)模塊設(shè)計(jì)編碼模塊測(cè)試綜合測(cè)試確認(rèn)確認(rèn)/Name/Department/DateSoftwareForsafety-relatedembeddedsoftware(SRESW)components(PLatod)LimitedvariabilityLanguage(LVL)SoftwaresafetylifecyclewithVandVactivitiesDocumentationofspecificationanddesignModularandstructureddesignandcodingAppropriatelifecycleactivitiesaftermodificationsDINENISO13849-1/Name/Department/DateSoftwareAdditionalmeasuresforPLcord(Excerpt)Projectmanagementandqualitymanagementsystemcomparableto,e.g.IEC61508orISO9001;Documentationofallrelevantactivitiesduringsoftwaresafetylifecycle;ConfigurationmanagementtoidentifyallconfigurationitemsanddocumentsrelatedtoaSRESWrelease;Structuredspecificationwithsafetyrequirementsanddesign;Useofsuitableprogramminglanguagesandcomputer-basedtoolswithconfidencefromuse;etc…..DINENISO13849-1/Name/Department/DateDesignDesigningaSafetyFunctionMethod:DeterminationoftherequiredPLDesignandtechnicalrealizationVerificationoftheachievedPL;

PL≥PLr?Validationofthecontrolsystem;

haveallrequirementsbeenfulfilled?DINENISO13849-1/Name/Department/DateVerificationofPLEvaluationoftheprobabilityoffailureTodeterminethePL,thefollowingisrequiredMTTFdDCCCFGoal:asinglevalueistobedeterminedforeachcharacteristicDINENISO13849-1/Name/Department/DateInterlockTimerSpeedMonitorSSMRelayVerificationofPLExample:ProtectivedoorwithinhibitG1K1F1K2FaultexclusiononF1Category3structureProtectiveDoor/Name/Department/DateVerificationofPLDeterminationofMTTFdMTTFdDetailsfromsupplierGoodengineeringpracticeforMTTFdDINENISO13849-1,AppendixCThecomponentmanufacturerconfirmswell-triedsafetyprinciples

(ISO13849-2)ThecomponentmanufacturerspecifiesdeterministicusageorapplicationWell-triedsafetyprinciplesareappliedMTTFd=10yearsDINENISO13849-1/Name/Department/DateVerificationofPLEvaluationofMTTFdManufacturer’sinformationDowntimemonitorforsafetyapplicationsMTTFdK1=15,220yearsProofTestInterval4.5yearsDINENISO13849-1K1/Name/Department/DatePL評(píng)估參數(shù)DINENISO13849-1電動(dòng)機(jī)械部件MTTFdB10d-值發(fā)生10％危險(xiǎn)故障概率時(shí)，開(kāi)關(guān)動(dòng)作的次數(shù)B10d-來(lái)自于制造廠商,或B10d=0.5xB10(發(fā)生故障,開(kāi)關(guān)動(dòng)作的次數(shù))B10供給商提供，我們認(rèn)為其中50％為危險(xiǎn)故障取決于應(yīng)用中開(kāi)關(guān)動(dòng)作的頻率/Name/Department/DatePL確認(rèn)MTTFd

和B10d參數(shù)DINENISO13849-1來(lái)源：ISO13849-1,附件C/Name/Department/DatePL確認(rèn)B10d值轉(zhuǎn)換成MTTFd,計(jì)算公式DINENISO13849-1=平均動(dòng)作次數(shù)/年=工作天數(shù)/年=工作小時(shí)/天=動(dòng)作一次的時(shí)間(以s為時(shí)間單位)，例如600s動(dòng)作一次/Name/Department/DateVerificationofPL更換時(shí)間T10d

零部件更換時(shí)間零部件發(fā)生10%危險(xiǎn)故障的平均時(shí)間在故障概率太高時(shí),零部件必須更換DINENISO13849-1/Name/Department/DateVerificationofPLMTTFd評(píng)估良好的工程使用習(xí)慣限位開(kāi)關(guān)B10d=400,000動(dòng)作次數(shù)=>MTTFdG1=76years=>T10dG1=7.6years即7.6年，產(chǎn)品需要更換一次DINENISO13849-1G1/Name/Department/DateVerificationofPLMTTFd評(píng)估良好的工程使用習(xí)慣時(shí)間繼電器B10d=400,000動(dòng)作次數(shù)=>MTTFdK2=76years(機(jī)械的!)MTTFd(電氣的)

=1,000years

(評(píng)估)MTTFdK2(機(jī)械的!)+MTTFd(電氣的)

?DINENISO13849-1K2/Name/Department/DateVerificationofPLEvaluationofMTTFd由各個(gè)零部件的MTTFd，可以計(jì)算出整個(gè)系統(tǒng)的MTTFd值！DINENISO13849-1/Name/Department/DateVerificationofPLEvaluationofMTTFdUsingthe?Partscountmethod“onK2MTTFdMechanic=76yearsMTTFdElectronic=1,000yearsMTTFdK2=70.7yearsT10dK2=7.6yearsDINENISO13849-1K2/Name/Department/DateVerificationofPLEvaluationofMTTFdUsingthe?Partscountmethod“onG1andK1MTTFdG1=76yearsMTTFdK1=15,220yearsMTTFdKanal1=75,6yearsDINENISO13849-1G1K1/Name/Department/DateVerificationofPLEvaluationofMTTFdSymmetrizationof2channelsDINENISO13849-1/Name/Department/DateVerificationofPLEvaluationofDCEvaluationofDCforthecomponentsManufacturer’sdataEstimationaccordingtomeasuresinAnnexEExample:G1:crosscomparisonwithoutdynamictestthroughK1:

DC=90%K1:manufacturer’sdata:DC=90%K2:forciblyguidedcontacts:DC=99%DINENISO13849-1/Name/Department/DateVerificationofPLEvaluationofDCEstimationofDCforthecompletecontrolsystemNontestedpartsDC=0PartswithfaultexclusionMTTFd=∞

DINENISO13849-1/Name/Department/DateVerificationofPLEvaluationofDCEstimationofDCforthecompletecontrolsystemCategorizationDCavg:90%≤DC<99%=middleDINENISO13849-1/Name/Department/DateVerificationofPLMeasuresagainstCCFDINENISO13849-1MeasurePointsPhysicalseparationbetweensignalpaths:Separationinwiringpiping,sufficientclearanceandcreepagedistancesonPCBs15Differenttechnologies/designorphysicalpropertiesareused,forexample:firstchannelprogrammableelectronicandthesecondchannelhardwired20Protectionagainstover-voltage,over-current,over-pressureetc.15Componentsusedarewelltried5AretheresultsofanFMEAtakenintoaccounttoavoidCCFindesign5Designers/maintainersbeentrainedtounderstandthecausesandconsequencesofCCF?5Preventionofcontaminationandelectromagneticcompatibility(EMC)againstCCFinaccordancewithstandards25Otherinfluences:Havetherequirementsforimmunitytoallrelevantenvironmentalinfluencessuchastemperature,shockvibration,humiditybeenconsidered10/Name/Department/DateVerificationofPLDeterminationoftheachievedPLPossibilitiestodeterminethePLTableinAnnexKCategory3DC=middleMTTFd=73.2yearsResultingPL?e“6.62x10-8<PFHd<7.68x10-8DINENISO13849-1/Name/Department/DateVerificationofPLDeterminationoftheachievedPLFromthediagramDINENISO13849-1Cat.1DCavgnoneCat.BDCavgnoneabcdeCat.4DCavghighCat.2DCavglowCat.2DCavgmiddleCat.3DCavglowCat.3DCavgmiddleMTTFdlowMTTFdmiddleMTTFdhighPL?e“/Name/Department/DateVerificationofPLDeterminationoftheachievedPLCalculationwithsoftwareSoftware:SiSteMaSupportcalculationofthePLEstimationofDCandCCFIncludesdocumentationBG-InstituteforOccupationalSafetyandHealthInternet:DINENISO13849-1/Name/Department/DateVerificationofPLDeterminationofthePLAlternative:

CombinationofdifferentsafetyrelatedcontrolpartsEingangLogikAusgangPLInputPLOutputPLLogicDINENISO13849-1/Name/Department/DateVerificationofPLDeterminationofthePLLowestPL

PLlowAnzahlderTeile

n(PLlow)ResultingPLa>3

≤3none

ab>2

≤2a

bc>2

≤2b

cd>3

≤3c

de>3

≤3d

eDINENISO13849-1/Name/Department/DateVerificationofPLExampleDINENISO13849-1功能需求當(dāng)有人站在下方的時(shí)候,平安門不能關(guān)閉操作模式自動(dòng)/Name/Department/DateVerificationofPLDINENISO13849-1PLr等級(jí)定義舉例開(kāi)始需要的PL等級(jí)abcdeP1P2P1P2P1P2P1P2F1F2F1F2S2S1低

風(fēng)險(xiǎn)高

風(fēng)險(xiǎn)S:傷害的嚴(yán)重性F:風(fēng)險(xiǎn)發(fā)生頻率P:防止風(fēng)險(xiǎn)的可能性/Name/Department/DateVerificationofPL控制系統(tǒng)設(shè)計(jì)案例EingangLogikAusgangPLePLePLeResult:PLlow=e;n(PLlow)=3 => PLeDINENISO1