Risk Assessment Methodologies. Michele M. Silva Solution Architect, Safety & Security Functional Safety Engineer (TUV Rheinland)

Similar documents
T24 Improving Productivity Using Contemporary Safety Designs

Application Technique. Safety Function: Safety Camera with E-stop

NHP SAFETY REFERENCE GUIDE

ISO INTERNATIONAL STANDARD. Safety of machinery Safety-related parts of control systems Part 1: General principles for design

Service & Support. Functional Safety One Position switch. Safe Machine Concepts without Detours. benefit from the Safety Evaluation Tool.

NHP SAFETY REFERENCE GUIDE

Introduction to Safety PLCs GuardLogix & CIP Safety

Aggregates and Mining

Original operating instructions Fail-safe inductive sensor GF711S / / 2013

T81 - Streamline the Safety System Development Process

Safety Function: Door Locking and Monitoring Products: TLS3-GD2 GuardLogix Controller POINT Guard Safety I/O Modules

MANUFACTURING TECHNICAL INSTRUCTIONS - SAFETY. Subject: Control Reliability for Machinery & Equipment

NHP SAFETY REFERENCE GUIDE

Siemens Safety Integrated Take a safe step into the future

Safety-related controls SIRIUS Safety Integrated

NHP SAFETY REFERENCE GUIDE

SIRIUS Safety Integrated. Modular safety system 3RK3

NHP SAFETY REFERENCE GUIDE

T78 - Improve Safety and Compliance Using The Connected Enterprise

New developments about PL and SIL. Present harmonised versions, background and changes.

SAFETY AND TRANSPORT ELECTRONICS

T28 Introduction to GuardLogix Integrated Safety Systems

Low voltage switchgear and controlgear functional safety aspects

Functional Safety for Electronic Control

GuardLogix: TLS Guardlocking Application

Original operating instructions Fail-safe inductive sensor GI711S / / 2010

SECTION 16 LED DIAGNOSTIC FEATURES: EXPANSION UNITS: SCR-31P-i. SCR-73-i. SEU-31-i. SCR-31-42TD-i. SEU-31TD-i

What functional safety module designers need from IC developers

UM-FA-..A Series Universal Input Safety Modules

NHP SAFETY REFERENCE GUIDE

ES-TN-1H.. E-Stop Safety Modules with Fixed Delay

Assessment of Safety Functions of Lignite Mining Equipment according to the requirements of Functional Safety.

Compact CANopen Logic Controller M241 System User Guide

DriveGuard. Safe-Off Option for PowerFlex 70 AC Drives. User Manual.

NHP SAFETY REFERENCE GUIDE

Functional Safety Processes and SIL Requirements

Application Guideline for Muting Two-Hand Control Devices in a Control Reliable Circuit

MACHINERY SAFEBOOK 5. Safety related control systems for machinery. Principles, standards and implementation. (Revision 5 of the Safebook series)

A System Approach to Safety - Drives

SAFETY RELAY YRB-4EML-31S MAIN FEATURES

LNE/G-MED North America, Inc

Safety relays PNOZsigma

Labeling accessories Art.-No. suitable. Wiring accessories Art.-No. suitable. Color: blue 10-pole spacing 6.2 mm MIRO 6.2

Application Technique. Safety Function: Safe Limited Speed and Safe Maximum Speed

GuardLogix: Dual Zone Gate Protection with E-stop and Trojan Interlock Switch

Applications & Tools. Technology CPU 317TF-2 DP: Example for determining the Safety Integrity Level (SIL) according to IEC

PowerFlex 700H AC Drive Safe Torque Off Option

Update assessment for the Guard I/O DeviceNet Safety Modules 1791DS-IB8XOBV4, 1732DS-IB8XOBV4, 1791DS-IB16 and 1732DS-IB8. Rockwell Automation

NHP SAFETY REFERENCE GUIDE

NHP SAFETY REFERENCE GUIDE

Application Note. AC500-S Usage of AC500 Digital Standard I/Os in Functional Safety Applications up to PL c (ISO )

to 12a Added Standard and Electrical requirements for UL table 1.1

ES-FA-9AA and ES-FA-11AA E-Stop Safety Modules

Applications & Tools. Speed monitoring with 3TK according to SIL 3 per EN or PL e per EN ISO :2006.

Safety Function: Safety Camera

ES-FA-9AA and ES-FA-11AA E-Stop Safety Module

EN ISO Safety Performance Levels. Transition from EN954-1 to EN ISO

Table 1: Safety Function (SF) Descriptions

E-Stop Safety Modules with Adjustable Delay

Functional Example AS-FE-I-013-V13-EN

UM-FA-xA Universal Input Safety Modules

Integrated Machine Safety Comes of Age Lowering costs, decreasing downtime, and speeding time to market

Safety Solutions NEW. Content

EM-F-7G Safety Extension Module

1. Summary. 2. Contacts. Safety Controls Guidelines. Table of Contents

Machine Safety Switches

SR101A. User Information for SR101A. Correct Use

Application Technique. Products: Guardmaster 440C-CR30 Configurable Safety Relay, PowerFlex 755 Drive. Safety Rating: CAT. 3, PLe to ISO : 2008

MSR178DP. Description. Features. Specifications

NHP SAFETY REFERENCE GUIDE

T4HD: Installation Supplement R8.1.13

Altivar Process Variable Speed Drives ATV630, ATV650, ATV660, ATV680

NE1A/DST1. DeviceNet Safety System

Functional Safety and Safety Standards: Challenges and Comparison of Solutions AA309

Original operating instructions Safety relay with relay outputs with and without delay G1502S / / 2016

Original operating instructions Safety relay with relay outputs G1501S / / 2016

T29 - Safety System Connectivity Help Reduce Cost, Downtime, and Injuries

WHITE PAPER. Drive-based functional safety How variable speed drives are playing an increasingly important role in machine safety

Process and Power Control

Options for ABB drives. User s manual Emergency stop, stop category 0 (option +Q951) for ACS880-07/17/37 drives

Tongue Switches Visit our website: Interlock. Switches. Safety Switches. Trojan 5 & 6. Specifications.

User's Manual. english

Application Technique. Safety Function: SensaGuard Non-contact Interlock Switch

EKS PROFINET Selection of Operating Mode with Pushbuttons

Mitigating Arc Flash Hazards

Industries. Switchgear Interlock Applications. Process safety Control. Power Distribution Power Generation Power Transmission.

Safety Function: Actuator Subsystems Stop Category 1 via the PowerFlex 525 and PowerFlex 527 Drives with Safe Torque-off

XUSL4E14F121N XUSL type 4 - Finger protection - Std sensing range - Hp = 1210mm, R=14mm

Safety Function: Muting Products: Light Curtain RightSight Optical Sensors GuardLogix Controller

Balluff smart safety BE ON THE SAFE SIDE. SAFETY OVER IO-LINK

MSI-T Safety Relays. SAFE IMPLEMENTATION AND OPERATION Original operating instructions. make technical changes. We reserve the right to

300W 1.5kW, QUBE Fiber Lasers

Connection of serial wired CES-AR to safety relay ESM-BA..1 Content

MECHAN. CAT 4 SIL 3 PLe. Installation Guide : SCU-1 & HE Safety Switches. Description. Operation. Applications. Declaration of Conformity

Controller CMXH. Description STO. Safe Torque Off (STO) [ ]

SMARTSCAN INFORMATION T4 SERIES LIGHT CURTAINS HANDBOOK

SALES NUMBER NUMBER OF BEAMS PROTECTIVE HEIGHT

Connection of CES-AR to safety relay ESM-BA..1 Content

Application Technique. Products: Guardmaster 440C-CR30 Configurable Safety Relay, PowerFlex 525 AC Drive

1. Introduction. 2. Design. Safety and Emergency Stop Circuit Design Standard. Safety and Emergency Stop Circuit Design Standard.

Transcription:

Risk Assessment Methodologies Michele M. Silva Solution Architect, Safety & Security Functional Safety Engineer (TUV Rheinland)

Agenda Introduction to Standards Functional Safety Design Process Risk Assessment Methodology PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 2

North America and European Standards All functional safety standards are used to demonstrate compliance to global, regional and sometimes, national legal requirements Two examples we will discuss are: North America OSHA European Directives, specifically Machinery Directive Three types of Standards A Standards basic concepts principles for design general aspects B Standards B1 - safety distances, surface temps, noise B2 - components or devices C Standards vertical standards covering a single type of machine or group of machines. Use A and B standards to create C standards. PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 3

Standards Risk Assessment Risk Assessment standards and methodologies include: ANSI RIA R15.06-1999 (R2009) - Safety Requirements for Industrial Robots and Robot Systems ANSI / RIA TR R15.306-2016 (Technical Report) ANSI B11.TR3 - Risk Assessment Technical Report ANSI ISO 12100:2010 - Safety of machinery - General principles for design - Risk assessment and risk reduction IEC 61508 - Functional Safety ISO 13849 - Safety of Machinery - Safety Related Parts of Control Systems IEC 62061-2005 - Functional Safety of safety-related electrical, electronic and programmable control systems PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 4 4

Relationship of OSHA Standards Machine Maintenance Regulation: Lockout / Tagout per CFR 1910.147 Requirement: Release stored energy Tasks: Isolation of Mechanical / Electrical Equipment for Service and Maintenance Production Operation Regulation: Machine Guarding per CFR 1910 Subpart O Requirement: Protect operators from machine production hazards Tasks: Operator Interaction for Regular Machine Production Minor Service Exception to Lockout Tagout Must provide alternative Measures that offer effective protection Minor Servicing Exception Regulation: Machine Guarding per Subpart O Requirement: Protect operators from machine production hazards when performing minor servicing Tasks: Minor servicing such as clearing minor jams, minor tool changes & adjustments, exchange of work piece, etc. Minor servicing must be routine, repetitive and integral to the operation PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 5

EN 954 vs EN/ISO 13849 ISO 13849-1 Replaces EN 954 Qualitative Quantitative Structure (Categories) MTTF d Diagnostic Coverage (DC) Common Cause Failures (CCF) Software Systematic Failure Behavior Under Fault conditions Environmental EN 954 was basically a Qualitative approach. Time & Component Reliability are Quantitative aspects which must now be considered when developing a safety control system using EN/ISO 13849-1. PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 6

Agenda Introduction to Standards Risk Assessment Process Risk Assessment Methodologies PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 7

Functional Safety Design Process Safety Life Cycle PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 8

Are Risk Assessments Required? References other consensus standards for safety NFPA NFPA 79 Safety circuit based on Risk Assessment B11.19 Safeguarding shall be based on assessment OSHA ANSI ISO ISO 13849 Risk Assessment based Safety Parts of Control System design ANSI-RIA R15.06 Robotics controls require assessment PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 9

Risk Assessment Risk Assessment is the basis of risk reduction Process of risk analysis and risk evaluation A control system is a common risk reduction method When a control system is used, you must follow the iterative design process of the safety-related parts of a control system (SRP/CS) ISO 13849-1 is an iterative design process ISO 13849-1:2015; Figure 1 PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 10

Risk Assessment Risk assessment performed as if existing safeguards are NOT in place A comprehensive risk assessment includes all hazard types and tasks Task based risk assessment identifies hazards based upon real machine interaction Shows Due Diligence and Global Compliance (Ref. ISO 12100) Provides Safety Performance Level Design Target Creates the Foundation of the Safety System Functional Requirements, System Design and Validation Protocol PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 11

Risk Definition Probability of Occurrence R I S K Is a function of Severity of Harm And - Exposure of Person to Hazard - Occurrence of Hazardous Event - Possibility to Avoid or Limit Harm Only changes with design ANSI/ISO 12100: 2012; Figure 3 PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 12

Risk Assessment Sources of Mechanical Hazard Conveyor Belt Bottle Side Belt Sleeve Indexer Sleeve Cutter Vacuum Pump Operator doing Normal Operating Tasks on the Machine Possible injuries the Operator may sustain and Risk Level for each Risk Reduction Methods are identified A Control System for Risk Reduction = Safety Function PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 14

Agenda Introduction to Standards Risk Assessment Process Risk Assessment Methodologies PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 15

Risk Estimation (ISO 13849-1) Severity and probability data from the Risk Assessment is needed ISO 13849-1, Annex A Risk Reduction by Safety Related Parts of the Control System Shows a risk graph scoring technique to identify Performance Levels (a, b, c, d & e) As risk increases, safety performance of the control system must increase S1 & S2 Severity of Injury (Slight or Serious) F1 & F2 Frequency and/or Exposure (Seldom or Frequent) P1 & P2 Possibility of Avoidance (Possible or Not Possible) RISK ISO 13849-1:2015; Figure A.1 PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 16

Risk Estimation RIA TR15.306 RIA TR R15.306:2016 Tasked Based Risk Assessment Methodology PLr PLc PLc PLd PLd PLd PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 17 PLe

Risk Estimation IEC 62061 PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 18

Risk Estimation IEC 62061 Cl = Fr + Pr + Av Example: Se = 4 Fr = 4 Pr = 3 Av = 5_ 12 PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 19

Risk Estimation (HRN system) There are numerous ways of assessing risk involved with a hazard, one of which is the Hazard Rating Number system. In this technique, numerical values are assigned to descriptive phrases relating to... The likelihood of occurrence (LO) of coming into contact with the hazard The frequency of exposure (FE) The degree of possible harm (DPH) The number of persons at risk (NP) A Hazard Rating Number is completed using the following calculation: LO x FE x DPH x NP = HRN PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 20

Bringing it all together ISO 13849-1:2015 ANSI-RIA TR15.306-2016 PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 21

Possible Mitigation Techniques Hierarchy of Protective Measures Design it out Most Effective Fixed enclosing guard Safety-Related Parts of Control Systems (SRP/CS) Monitoring Access / Interlocked Gates Awareness Means, Training and Procedures (Administrative) Personal protective equipment Least Effective PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 22

Risk Reduction ANSI-RIA TR15.306-2016 PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 23

Identify Safety Functions Safety Function = Control system for risk reduction List each hazardous energy source and triggering event possibility SF6 SF1-5 SF1 SF2 SF3 SF4 SF5 SF6 Guard Door 1 (op side) Protective stop and prevention of restart of the conveyor when opened Guard Door 1 (op side) Protective stop and prevention of restart of the bottle feed belts when opened Guard Door 1 (op side) Protective stop and prevention of restart of the sleeve feeder when opened Guard Door 1 (op side) Protective stop and prevention of restart of the cutter when opened Guard Door 1 (op side) Unlock with conditional time delayed unlock Guard Door 2 (dr side) Protective stop and prevention of restart of the sleeve feeder opened Guard Door 2 Drive Side PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 24

Performance Level (PL) The Risk Assessment determines Required Performance Level (PLr) Choose the most suitable combination of : Structure (Category), Reliability (MTTFd) and Diagnostics (DC) Odds (PFHd) 1 / 10,000 1 / 100,000 1 / 1,000,000 1 / 10,000,000 1 / 100,000,000 PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 25

Functional Safety Design Process Safety Life Cycle PUBLIC Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 26

Questions? PUBLIC www.rockwellautomation.com Copyright 2018 Rockwell Automation, Inc. All Rights Reserved. 27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback