SIRIUS Safety Integrated. Modular safety system 3RK3

Similar documents
SIRIUS Safety Integrated. Modular safety system 3RK3

Safety-related controls SIRIUS Safety Integrated

Applications & Tools. Speed monitoring with 3TK according to SIL 3 per EN or PL e per EN ISO :2006.

Industrial controls SIRIUS Innovations Star-Delta (Wye-Delta) Combination Assembly and Wiring Application description June 2010

Service & Support. Functional Safety One Position switch. Safe Machine Concepts without Detours. benefit from the Safety Evaluation Tool.

Applications & Tools. Calculation examples for safety functions according to EN ISO SINUMERIK 840D sl

3RK3 Modular Safety System. System Manual 10/2009. Safety Integrated

Applications & Tools. Technology CPU 317TF-2 DP: Example for determining the Safety Integrity Level (SIL) according to IEC

Applications & tools. Control of AS-i position switch with interlock per MSS 3RK3 SIRIUS MSS 3RK3. FAQ March Answers for industry.


Monitoring a Protective Door up to PL e / SIL 3 with a Fail-Safe S Controller. SIMATIC Safety Integrated. Siemens Industry Online Support

Emergency Stop up to PL e / SIL 3 with a Fail-Safe S Controller. SIMATIC Safety Integrated. Siemens Industry Online Support


Safe shutdown of SIRIUS 3RA6 compact starters with IO-Link interface. SIRIUS Industrial Controls, Safety Integrated, IO-Link FAQ 05.

Applications & Tools. Failsafe and standard cross communication of the MSS 3RK3 via AS-Interface. SIRIUS Safety. FAQ February 2012

Monitoring of the Feedback Circuit in the Safety Program. Safety Integrated. Siemens Industry Online Support


Functional Example AS-FE-I-013-V13-EN

Hydraulic Axis with SIMOTION D410 (Use of the Onboard Encoder Interface without Power Unit PM340)

Applications & Tools. Control of the Safety Integrated Extended Functions of the SINAMICS S110 via the fail-safe inputs of the CU305 SINAMICS S110

Energize to Trip Requirement for SIL 3 according to IEC 61511

X-Tools Loading Profile Files (LPF)

NHP SAFETY REFERENCE GUIDE

Safe and Fault Tolerant Controllers

Safety Applications with the S FC CPU

Applications & Tools. Brief instructions on the communication connection of the MSS 3RK3 to the S via AS-Interface.

Application Technique. Safety Function: Safety Camera with E-stop

Industrial Controls. Safety Integrated Application Manual. ASIsafe circuits for safety technology with AS-Interface safety monitor and DP/AS-i F-Link

Communication between HMI and Frequency Converter. Basic Panel, Comfort Panel, Runtime Advanced, SINAMICS G120. Application Example 04/2016

Display of SINAMICS Error Messages in Runtime Professional



Checking of STEP 7 Programs for the Migration of S7-318 to S CPU318 Migration Check. Application description 01/2015

SIGUARD Safety Combinations and Safe Load Feeders. safety INTEGRATED

Original operating instructions Safety relay with relay outputs G1501S / / 2016

Application for Process Automation

Industrial Controls. Motor management and control devices SIMOCODE pro. Introduction 1. Configuring a reversing starter. List of abbreviations

Key Panel Library / TIA Portal

Original operating instructions Safety relay with relay outputs with and without delay G1502S / / 2016

Applications & Tools. Configuration Examples for SIMATIC S7-400H with PROFINET. SIMATIC S7-400H as of V6.0. Application Description January 2013

Failsafe Controllers. SIMATIC Safety Integrated Two-Hand Control Panel with Integrated Emergency Stop in Category 4 according to EN 954-1

Applikationen & Tools. Safe switching of IO-Link motor starter combination 3RA27 with safety relay 3SK1. IO-Link. FAQ November 2012

Position Control with SIMATIC S and SINAMICS V90 via IRT PROFINET SINAMICS V90 PROFINET. Application description 03/2016

Set on Human Machine Interface

Configuration of an MRP ring with SIMOCODE and SIMATIC S SIMOCODE pro V PN, SIMATIC S Siemens Industry Online Support

Micro Application Example

GuardLogix: Dual Zone Gate Protection with E-stop and Trojan Interlock Switch

SIRIUS Monitoring and Controlling. Overview of safety relays. Safety Integrated. Answers for industry.

Applications & Tools. SINAMICS S120: Control of the Safety Integrated Basic Functions via onboard terminals SINAMICS S120

Service & Support. Signal Transfer from SIPLUS CMS4000 X-Tools to the SIMATIC PCS 7 Maintenance Station via TCP/IP. SIPLUS CMS4000 X-Tools

Applications & Tools. Safe switching of the motor starters 3RM10 and 3RM12. SIRIUS Safety. FAQ February Answers for industry.

Options for ABB drives. User s manual Emergency stop, stop category 0 (option +Q951) for ACS880-07/17/37 drives

Phone: Fax: Web: -

Applications & Tools. Block for STEP 7 V5.5 for monitoring 24 V DC load circuits using SITOP PSE200U Single Channel Message and S7-300/400 CPUs

NHP SAFETY REFERENCE GUIDE

Safety relays 3TK2845 multifunction device

NHP SAFETY REFERENCE GUIDE

Setting up a secure VPN connection between two SCALANCE S Modules Using a static IP Address

Display of SINAMICS Fault Messages in WinCC V7.4

New developments about PL and SIL. Present harmonised versions, background and changes.

Using the Mobile Panels 2nd generation in Fail-Safe Applications

Safety Function: Door Locking and Monitoring Products: TLS3-GD2 GuardLogix Controller POINT Guard Safety I/O Modules

Block for SIMOTION SCOUT for Monitoring 24V-Branches

Tabular SIMATIC BATCH report for the Information Server. SIMATIC PCS 7 / SIMATIC Information Server 2014 / Customized Reporting

Setting up time synchronization of Process Historian and Information Server

GuardLogix: Safety Gate Application with SensaGuard Switch

GuardLogix: TLS Guardlocking Application

Setting up a secure VPN Connection between SCALANCE S and SSC Using a static IP Address. SCALANCE S, SOFTNET Security Client

Applications & Tools. Communication between WinAC MP and a SIMATIC S7. Application for the PUT and GET Function Blocks of the S7 Communication

Applications & Tools. Safety position, standstill and direction detection and monitoring safely limited speed (SLS) on the basis of Distributed Safety

Safety is a SIRIUS business

FSO Webnair FSO Safety Functions Module. ABB Group February 11, 2015 Slide 1

Library Description 08/2015. HMI Templates. TIA Portal WinCC V13.

Original operating instructions Photoelectric safety sensors (safety light grid) with active / passive system OY90xS

Applications & Tools. Distance and Level Measurement in Industrial Applications LOGO! Set 3 LOGO! 0BA6 / 0BA7. Brief Instructions March 2013

Industrial Controls. Parametrization and Configuration with SIRIUS. SIRIUS engineering Safety ES V1.0 (Software) Answers for industry.

Safety controller unit B1 /

NHP SAFETY REFERENCE GUIDE

Operating instructions AC010S Compact AS-i E-STOP safety module

Applications & Tools. Application to support the acceptance test of the Safety Integrated Functions of SINAMICS G120 SINAMICS G120

Drive System Application

PCS 7 Configuration Changes in RUN with Active Fieldbus Diagnosis

MANUAL Functional Safety


Service & Support. Visualization of SIPLUS CMS2000 Condition Monitoring Diagnostics Data on WinCC SIPLUS CMS2000. Application Example July 2012

Transmitting HMI data to an external monitor

Generating the Parameters for the Modbus/TCP Communication

Single Message Report for the Information Server. SIMATIC PCS 7, SIMATIC Information Server Siemens Industry Online Support

Setting up a secure VPN Connection between the TS Adapter IE Advanced and Windows 7

Low voltage switchgear and controlgear functional safety aspects


SAFETY RELAY YRB-4EML-31S MAIN FEATURES

Monitoring of 24 V load circuits

ISO SINAMICS G110D FAQ

Original operating instructions Fail-safe inductive sensor GF711S / / 2013


Function example AS-FE-I-015-V10-EN. SIMATIC Safety Integrated for Factory Automation Safety-related master-i-slave communication via PROFIBUS DP

Windows firewall settings for X-Tools Server Pro. CMS X-Tools / V / CPU PN/DP. Application description 6/2016

SINAMICS SINAMICS G120. Frequency inverter with Control Units CU240E-2 CU240E-2 DP CU240E-2 F CU240E-2 DP-F. Function Manual Safety Integrated 07/2010

Applications & Tools. SINAMICS G/S: Commissioningsupport scripts for SINAMICS drives. SINAMICS commissioning auxiliary scripts

Transcription:

Functional Example CD-FE-I-048-V10-EN SIRIUS Safety Integrated Modular safety system 3RK3 Emergency Stop with monitored Start and Protective Door with automatic start according to category 4 in EN 954-1. (with evaluation according to EN 62061 and EN ISO 13849-1: 2006) with MSS Basic

Comments "Safety Integrated" Functional Examples are functional, tested automation configurations based on A&D standard products for the simple, quick and low-cost performance of automation tasks involving safety technology. Each of these Functional Examples covers one frequently occurring aspect of a typical customer problem in the field of safety technology. In addition to containing a list of all of the necessary software and hardware components, and a description of their interwiring, the Functional Examples also contain tested and commented code. This enables the functions described here to be adapted quickly and thus used as a basis for individual extensions. Important note Safety Functional Examples are non-binding and do not claim to be complete with regard to configuration, equipment or any contingency. The Safety Functional Examples are not customer-specific solutions. They are merely intended to assist in dealing with typical problems. You yourself are solely responsible for the correct operation of the products described. These Safety Functional Examples do not relieve you of your safety obligations relating to usage, installation, operation and maintenance. By using these Safety Functional Examples you accept that Siemens cannot be held liable for any damage beyond the liability described above. We reserve the right to make changes to these Safety Functional Examples at any time, without prior notice. If the suggestions in these Safety Functional Examples deviate from other Siemens publications (e.g. catalogs), the contents of the other document take precedence. A&D Safety Integrated Page 2/27 CD-FE-I-048-V10-EN

Table of Contents 1 Guarantee, Liability and Support... 4 2 Function... 5 2.1 Description of Functionality... 5 2.2 Advantages / Customer Benefits... 6 3 Components Required... 7 4 Assembly and Wiring... 8 4.1 Overview of Hardware Setup... 8 4.2 Hardware Component Wiring... 9 5 Sample code... 10 5.1 Description of the MSS Program... 10 5.2 Start-up... 16 6 Evaluation according to IEC 62061 and EN ISO13849-1:2006... 20 6.1 Safety functions... 20 6.2 Evaluation of Safety Function 1... 21 6.2.1 Evaluation according to EN 62061... 21 6.2.2 Evaluation acc. to ISO 13849-1:2006... 22 6.2.3 Summary of Safety Function 1... 23 6.3 Evaluation of Safety Function 2... 24 6.3.1 Evaluation according to EN 62061... 24 6.3.2 Evaluation acc. to ISO 13849-1:2006... 25 6.3.3 Summary of Safety Function 2... 26 7 Contacts... 27 8 History... 27 A&D Safety Integrated Page 3/27 CD-FE-I-048-V10-EN

1 Guarantee, Liability and Support We provide no guarantee for the information contained in this document. We accept no liability for any damage caused by the use of the examples, information, programs, configuration and performance data, etc. described in this Safety Functional Example, regardless of the legal basis, unless we are compulsorily liable according to product liability legislation in cases of e.g. intent, gross negligence, injury to life, body or health, or unless the quality of a product has been guaranteed, or due to fraudulent concealment of a defect or serious breach of contract. Compensation based on a serious breach of contract is, however, restricted to foreseeable damage typical of the contract, provided that there is no intent or gross negligence nor any compulsory liability due to injury to life, body or health. This does not constitute a change in the burden of proof to your disadvantage. Copyright 2008 Siemens A&D. Propagation or reproduction of these Application Examples or parts thereof is not permitted without the express consent of Siemens A&D. If you have questions on this article, please contact us at the following e-mail address: technical-assistance@siemens.com A&D Safety Integrated Page 4/27 CD-FE-I-048-V10-EN

2 Function 2.1 Description of Functionality Persons in the vicinity of machinery (e.g. in production facilities) must be suitably protected by technical devices. This Safety Functional Example describes the monitoring of an emergency stop control unit and a separating protective device in the form of a protective door. The EMERGENCY STOP control unit is a widely used component for the protection of persons, machines and the environment. Another solution in the area of equipment and machines is to provide the danger zones with mechanically separating protective devices or access panels. The aim here is to monitor unauthorized entry into these areas and also to prevent hazardous machine function when the protective device is opened. In this Safety Function Example, the emergency stop command unit is monitored through the modular safety system 3RK3. When the emergency stop is actuated, the safety switching device switches off the positively driven downstream contactors Q1 and Q2 via the safe outputs according to stop category 0 as defined in EN 60204-1. Before renewed switch-on or acknowledgement of the emergency stop device via the start button, a check is carried out to monitor whether the contacts of the emergency stop control unit are closed and both contactors are switched off. The protective door is also monitored by a SIRIUS position switch through the MSS. When this protective door is opened, the safety switching device switches off the positively driven downstream contactors Q1 and Q2 via the safety-oriented outputs according to stop category 0 as defined in EN 60204-1. When the protective door is closed, an automatic start takes place after the position switch and the downstream contactors have been checked. When an emergency stop is actuated, the modular safety system then switches off the downstream contactors with positively-driven contacts via safe relay outputs according to stop category 0 in EN 60204-1. One and two drives respectively are shut down in this example. Before renewed switch-on via the start button, a check is carried out to monitor whether the contacts of the emergency stop control unit are closed and the contactors have switched off. Note Equipment, functional aspects and design guidelines for EMERGENCY STOP command devices can be found in EN 418 (ISO 13850). A&D Safety Integrated Page 5/27 CD-FE-I-048-V10-EN

2.2 Advantages / Customer Benefits Numerous functions in a single device Minimal and simple wiring Compact central module and modular design save space Can be easily extended thanks to additional I/O extension modules Integration into system diagnosis possible via DP interface Flexible range of uses Software can be parameterized A&D Safety Integrated Page 6/27 CD-FE-I-048-V10-EN

3 Components Required This chapter contains an overview of the hardware and software components required for the Functional Example. Hardware components Table 3-1 Component Type Order No. / Order Information Qty. Power supply PS307 5A 6ES73071EA00-0AA0 1 2NC 40mm mushroom 3SB3 801-0EG3 EMERGENCY STOP pushbutton with yellow top, without protective 1 collar Position switches Position switch with 3SE5 232-0RV40 separate actuator 2 Actuator for position switch Radius actuator 3SE5 000-0AV05 2 Empty enclosure one 3SB3 801-0EG3 command point 1 1NO contact block for 3SB3 420-OB Start button base mounting 1 Black pushbutton with flat 3SB3 000-0AA11 button, 22 mm nominal 1 diameter MSS central module 3RK3-Basic 3RK3111-0AA10 1 Contactor, AC-3, 3RT1015-1BB42 Contactor Q1,Q2 3KW/400V, 1NC, 24 V DC, 3-pole, size S00 2 Screw terminal Manufacturer Siemens AG Note Functionality was tested with the hardware components listed above. Similar products not found in this list may also be used. If this is the case, please note that it may be necessary to change the sample code (e.g. using other inputs or outputs). Software components and accessories Table 3-2 Component Type Order No. / Order Information Quantity Manufacturer Modular safety system ES 2008 PC cable V1.0 3ZS 1314-5CC10-0YA5 1 PC cable for PC/PG communication with MSS 3UF 7940-0AA0-0 1 SIEMENS SIEMENS A&D Safety Integrated Page 7/27 CD-FE-I-048-V10-EN

4 Assembly and Wiring This chapter describes the hardware assembly and wiring of the Functional Example. 4.1 Overview of Hardware Setup "Detect 2" Protective door "Detect 1" EMERGENCY- STOP Modular Safety System 3RK3 SIRIUS Position switch Start "Evaluate" Q1 Q2 L1 L2 L3 "Respond" M1 A&D Safety Integrated Page 8/27 CD-FE-I-048-V10-EN

4.2 Hardware Component Wiring Start Protective door Q1 EMERGENCY STOP T1 IN1 IN3 IN5 IN7 T2 Q2 IN2 IN4 IN6 IN8 Q1 3RK3111-*AA10 M L+(24V DC) Logic FK1.1 FK1.2 FK2 24V M Q1.1 Q1.2 Q2 L+ M Q1 Q2 = = MSS Basic Q2 M1 A&D Safety Integrated Page 9/27 CD-FE-I-048-V10-EN

5 Sample code Download This chapter describes which functions are implemented and how the MSS ES program is structured. Among the downloads under "Application & Tools" on the HTML page of the Safety Function Example, you will find the following file with the Modular Safety System ES Project: http://support.automation.siemens.com/ww/view/de/28997990 5.1 Description of the MSS Program Description Parameters Component information is displayed after the start of the MSS ES software. Confirm the window with OK. A start wizard now opens. This start wizard will help you to: create a new project open an existing project open a project online if a connection with the switching device has been established. Select New. Confirm the dialog now displayed with OK. Select the subdirectory "Project" in the "Identification" directory at the left in the navigation window. Fill in the following lines in the work area: Project name Name of configuration engineer Configuration engineer company name A&D Safety Integrated Page 10/27 CD-FE-I-048-V10-EN

Description Parameters Select the subdirectory "Central system" in the "Configuration" directory at the left in the navigation window. Use drag & drop to drag the basic device MSS Basic from the hardware list to the green, illuminated column of the work area for the hardware configuration. Confirm with OK (SLOT 3) if the object properties dialog box is shown. Please select "Plan1" on the left side under "Logic". Drag the "EMERGENCY STOP" monitoring function from the list (at the right side) to the work area. You can position the module as desired. The view of the Logic Plan opens A&D Safety Integrated Page 11/27 CD-FE-I-048-V10-EN

Description Parameters Open the dialog "Object properties" by double-clicking on the module. Define the following parameters in the "Object properties" dialog: Select the following in the "Parameter > Input" directory: parameter "Type" and define it as two channels (NCNC). parameter "IN1" and set it to "SLOT3_F-IN1". The parameter "IN2" is assigned automatically. Activate cross-circuit detection. Select the following in the "Start" directory: The parameter "Type of start" and set it to "Monitored". Close the window with OK. Drag the cell function "Input cell" from the list to the work area and link it as follows: A&D Safety Integrated Page 12/27 CD-FE-I-048-V10-EN

Description Parameters Open the dialog "Object properties" by doubleclicking on the module. Select the following in the "Parameter" directory: parameter "Connection Input" and position it to "SLOT3_F- IN5". Close the window with OK. Drag the "Protective door" monitoring function from the list (at the right side) to the work area. You can position the module as desired. A&D Safety Integrated Page 13/27 CD-FE-I-048-V10-EN

Description Parameters Open the dialog "Object properties" by double-clicking on the module. Define the following parameters in the "Object properties" dialog: Select the following in the "Parameter > Input" directory: parameter "Type" and define it as two channels (NCNC). The parameter "IN1" and position it to "SLOT3_F-IN3". The parameter "IN2" is assigned automatically. Close the window with OK. Drag the logic function "AND" from the list to the work area and link the outputs Q of the monitoring modules with the inputs of the AND module. Drag the output function "F output" from the list to the work area and link the output "Q" of the AND function with the input "IN" of the F output. A&D Safety Integrated Page 14/27 CD-FE-I-048-V10-EN

Description Parameters Open the dialog "Object properties" by double-clicking on the module. Select the following in the "Parameter > Type of output" directory: "Redundant F output" Select the following in the "Parameter > Feedback circuit" directory: The parameter "Monitoring" and set it to "OFF and ON status". Select the following in the "Parameter > Output circuit" directory: The parameter "Q1" and position it to "SLOT3_F-Q1- R". The parameter "Q1" and position it at "SLOT3_F-Q2". Close the window with OK. Now drag an input cell from the list to the work area and link it with the RF1 input of the F output module. Open the "Object properties" dialog by double-clicking on the module. Define the parameter "Connection input" as "SLOT3_F-IN6". You have now obtained the following plan. A&D Safety Integrated Page 15/27 CD-FE-I-048-V10-EN

5.2 Start-up Description Parameters Save the project. Activate the menu command "Target system > Load to switching device". For this, the device must be connected to the supply voltage, connected with the PC and be in configuring mode. Set the interface through which you have access to the device (e.g. COM1) and confirm with OK. A&D Safety Integrated Page 16/27 CD-FE-I-048-V10-EN

Description Parameters Confirm the window with OK. Activate the menu command "Target system > Go offline". Activate the menu command "Target system > Prepare configuration test". Confirm the window that opens with OK. The printout on the project is generated. Activate the menu command "Target system > Go offline". A&D Safety Integrated Page 17/27 CD-FE-I-048-V10-EN

Description Parameters Activate the menu command "Target system > Approve configuration" and confirm the window that opens with OK. Acknowledge the information text. Enter the name of the person giving approval and the company name of the person approving in order to release the configuration and confirm with OK. It is confirmed that configuration has been successfully released. After confirming with OK, the printout with the release information is generated. Establish an online connection with MSS via "Switching device > Open online", "Target system > Load to PC" or clicking on the button "Open online". The dialog "Set interface" is displayed. Set the interface and confirm with OK. A&D Safety Integrated Page 18/27 CD-FE-I-048-V10-EN

Description Parameters Activate the menu command "Target system > Safety mode". If a password has been assigned for device access, the dialog window "Enter password" is displayed. If no password has been assigned for device access yet, the dialog window "Activate safety mode" is displayed. Confirm the dialog window with OK. Note A new configuration can only be loaded in configuring mode. A new configuration cannot be loaded in safety mode. You can switch from safety mode to configuring mode by establishing an online connection with the device and activating the menu command "Target system > Configuring mode". A&D Safety Integrated Page 19/27 CD-FE-I-048-V10-EN

6 Evaluation according to IEC 62061 and EN ISO13849-1:2006 6.1 Safety functions Comments Emergency stop is not a means of risk mitigation. Emergency stop is a "supplementary safety function" Safety functions Further considerations are based on the following safety functions: Supplementary safety function SF 1 Safety function SF 2 The motor must be switched off when "Emergency Stop" is actuated. The motor must be switched off when the "Protective door" is opened. The safety functions listed above are evaluated below according to the two standards EN 62061 and EN ISO 13849-1: 2006. A&D Safety Integrated Page 20/27 CD-FE-I-048-V10-EN

6.2 Evaluation of Safety Function 1 6.2.1 Evaluation according to EN 62061 Parameters for the calculation of PFH D for "Detect 1" (Emergency Stop) and "Respond" (Contactor) Parameters Value Reason Definition B10 EMERGENCY STOP Contactor Proportion of hazardous failures EMERGENCY STOP Contactor T1 Service life C Number of emergency stop operations Number of operations of contactors T2 Diagnostics test interval EMERGENCY STOP Diagnostics test interval contactor β (CCF Factor) Proneness toward failures as a result of common cause DC Degree of diagnostic coverage 1 * 10 5 Manufacturer specifications 1 * 10 6 Manufacturer specifications 0.2 0.75 175,200h (20 years) 6 * 10-3 / h 0.125 / h (20%) (75%) Manufacturer specifications Assumptions: Actuated once per week (7 * 24 hours) (Test Emergency Stop). Actuated once per shift, i.e. every 8 hours. Actuation takes place every day of the year (365 days) 168h A defective contact is detected in MSS when actuating the Emergency Stop. Actuated every week (7 * 24 hours) (see "C") 8h A defective contactor is detected in MSS during actuation. Actuated once per shift, i.e. every 8 hours (see "C") 0.1 In cases of installation acc. to EN 62061, a CCF factor of 0.1 (10%) may be assumed. This is a safe value ("conservative value"). 0.99 (99%) Discrepancy evaluation for emergency stop; Evaluation of read-back signals (positively driven contacts) of both contactors Siemens User Evaluation parameter Parameter Component Value Definition PFH D (MSS) Modular safety system 5,14 * 10-9 Siemens Results SIL CL EN 62061 Detect 3 Hardware error tolerance HFT = 1 Proportion of safe failures SFF 0.99 (99%) PFH D 1.2 * 10-10 Architecture: Basic subsystem architecture D Evaluate 3 Manufacturer specifications 5,14 * 10-09 Manufacturer specifications Respond 3 Hardware error tolerance HFT = 1 Proportion of safe failures SFF 0.99 (99%) 9.4 * 10-10 Architecture: Basic subsystem architecture D Results 3 SIL CL of all tasks of the supplementary safety function is at least 3. PFH D (=6,2*10-09 ) of the entire supplementary safety function fulfils SIL 3. A&D Safety Integrated Page 21/27 CD-FE-I-048-V10-EN

6.2.2 Evaluation acc. to ISO 13849-1:2006 Parameters for the calculation of MTTF d for "Detect 1" (Emergency stop) and "Respond" (Contactor) Parameters Value Reason Definition B10 EMERGENCY STOP Contactor Proportion of hazardous failures EMERGENCY STOP Contactor d op Mean operating time in days per year h op Mean operating time in hours per day T Cycle Mean time between the start of two consecutive cycles of the component EMERGENCY STOP Contactor 1 * 10 5 1 * 10 6 0.2 0.75 365 days per year 24 hours per day 168 h/cycle 8 h/cycle Manufacturer specifications Manufacturer specifications (20%) (75%) Assumption: Actuation takes place every day of the year Assumption: There is an interval of one week between actuations of the Emergency Stop (Emergency Stop test) (7 * 24 hours) There is an interval of 8 hours between actuations of the contactors (one shift) Siemens Interim results (are identical in this example for Emergency Stop and Contactor): Interim results Reason MTTF d High MTTF d 30 years DC High DC=99% Discrepancy evaluation for Emergency Stop; evaluation of User read-back signals (positively driven contacts) of both contactors It is assumed that the necessary measures are taken by the user. Measures Fulfilled against CCF Category 4 System behavior: A single fault does not cause the loss of the safety function. The single fault is detected. MTTF d : High, DC: High, measures against CCF: Fulfilled Evaluation parameter Parameter Component Value Definition PFH D (MSS) Modular safety system 5,14 * 10-9 Siemens Results ISO 13849-1:2006 PL Average probability of a hazardous failure per hour Detect e 2.47*10-08 (from Annex K; see note) Evaluate e 5,14*10-09 Respond e 2.47*10-08 (from Annex K; see note) Results e PL of all tasks of the supplementary safety function is at least e. Number of tasks is smaller than /equal to 3. Note: The MTTF d for each channel is limited to max. 100 years! A&D Safety Integrated Page 22/27 CD-FE-I-048-V10-EN

6.2.3 Summary of Safety Function 1 EN 62061 ISO 13849-1:2006 SIL CL PFH D PL Average probability of a hazardous failure per hour Detect 3 1.2 * 10-10 e 2.47 * 10-08 Evaluate 3 5,14 * 10-09 e 5,14 * 10-09 Respond 3 9.4 * 10-10 e 2.47 * 10-08 Results SIL3 PL e A&D Safety Integrated Page 23/27 CD-FE-I-048-V10-EN

6.3 Evaluation of Safety Function 2 6.3.1 Evaluation according to EN 62061 Parameters for the calculation of PFH D for "Detect2" (Position switch) and "Respond" Contactor) Parameters Value Reason Definition B10 Position switches Contactor Proportion of hazardous failures Position switches Contactor T1 Service life C Number of actuations of position switches Number of operations of contactors T2 Diagnostics test interval Position switches Diagnostics test interval contactor β (CCF Factor) Proneness toward failures as a result of common cause DC Degree of diagnostic coverage 1 * 10 6 Manufacturer specifications 1 * 10 6 Manufacturer specifications 0.2 0.75 175,200h (20 years) 0.125 / h 0.125/h (20%) (75%) Manufacturer specifications Assumptions: Actuated once per shift, i.e. every 8 hours. Actuation takes place every day of the year (365 days) 8h A defective contact is detected in MSS when opening the protective door. Actuated once per shift, i.e. every 8 hours (see "C") A defective contactor is detected in MSS 8h during actuation. Actuated once per shift, i.e. every 8 hours (see "C") 0.1 In cases of installation acc. to EN 62061, a CCF factor of 0.1 (10%) may be assumed. This is a safe value ("conservative value"). 0.99 (99%) Discrepancy evaluation at emergency stop; Evaluation of read-back signals (positively driven contacts) of both contactors Siemens User Evaluation parameter Parameter Component Value Definition PFH D (MSS) Modular safety system 5,14 * 10-9 Siemens Results SIL CL EN 62061 Detect 3 Hardware error tolerance HFT = 1 Proportion of safe failures SFF 0.99 (99%) PFH D 2.5 * 10-10 Architecture: Basic subsystem architecture D Evaluate 3 Manufacturer specifications 5,14 * 10-09 Manufacturer specifications Respond 3 Hardware error tolerance HFT = 1 Proportion of safe failures SFF 0.99 (99%) 9.4 * 10-10 Architecture: Basic subsystem architecture D Results 3 SIL CL of all tasks of the safety function is at least 3. PFH D (=6,33*10-09 ) of the entire supplementary safety function fulfils SIL 3. A&D Safety Integrated Page 24/27 CD-FE-I-048-V10-EN

6.3.2 Evaluation acc. to ISO 13849-1:2006 Parameters for the calculation of MTTF d for "Detect2" (Position switch) and "Respond" (Contactor) Parameters Value Reason Definition B10 Position switches Contactor Proportion of hazardous failures Position switches Contactor d op Mean operating time in days per year h op Mean operating time in hours per day T Cycle Mean time between the start of two consecutive cycles of the component Position switches Contactor 1 * 10 6 1 * 10 6 0.2 0.75 365 days per year 24 hours per day 8 h/cycle 8 h/cycle Manufacturer specifications Manufacturer specifications (20%) (75%) Assumption: Actuation takes place every day of the year Assumption: There is an interval of 8 hours between opening the protective door and actuating the contactors (one shift) Siemens Interim results (are identical in this example for Position Switch and Contactor): Interim results Reason MTTF d High MTTF d 30 years DC High DC=99% Discrepancy evaluation for position switches; evaluation of User read-back signals (positively driven contacts) of both contactors It is assumed that the necessary measures are taken by the user. Measures Fulfilled against CCF Category 4 System behavior: A single fault does not cause the loss of the safety function. The single fault is detected. MTTF d : High, DC: High, measures against CCF: Fulfilled Evaluation parameter Parameter Component Value Definition PFH D (MSS) Modular safety system 5,14 * 10-9 Siemens Results ISO 13849-1:2006 PL Average probability of a hazardous failure per hour Detect e 2.47*10-08 (from Annex K; see note) Evaluate e 5,14*10-09 Respond e 2.47*10-08 (from Annex K; see note) Results e PL of all tasks of the safety function is at least e. Number of tasks is smaller than /equal to 3. Note: The MTTF d for each channel is limited to max. 100 years! A&D Safety Integrated Page 25/27 CD-FE-I-048-V10-EN

6.3.3 Summary of Safety Function 2 EN 62061 ISO 13849-1:2006 SIL CL PFH D PL Average probability of a hazardous failure per hour Detect 3 2.5 * 10-10 e 2.47 * 10-08 Evaluate 3 5,14 * 10-09 e 5,14 * 10-09 Respond 3 9.4 * 10-10 e 2.47 * 10-08 Results SIL3 PL e A&D Safety Integrated Page 26/27 CD-FE-I-048-V10-EN

7 Contacts Technical Assistance for Low-Voltage Controls and Distribution In person from Mon. - Fri. 8 a.m. to 5 p.m. (CET) Phone: +49 (911) -895-5907 e-mail: technical-assistance@siemens.com Internet: 2http://www.siemens.de/lowvoltage By fax around the clock. Fax: +49 (911)-895-5907 8 History Table 8-1 History Version Date Change V1.0 24.04.2008 First issue A&D Safety Integrated Page 27/27 CD-FE-I-048-V10-EN

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback