maskinsikkerhed – sikkerheds- relaterede dele af...
TRANSCRIPT
Dansk standard DS/EN ISO 13849-1
2. udgave
2008-07-10
Maskinsikkerhed – Sikkerheds-relaterede dele af styresystemer – Del 1: Generelle principper for konstruktion
Safety of machinery – Safety-related parts of control systems – Part 1: General principles for design
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
DS-publikationstyperDansk Standard udgiver forskellige publikationstyper. Typen på denne publikation fremgår af forsiden.
Der kan være tale om: Dansk standard standard, der er udarbejdet på nationalt niveau, eller som er baseret på et andet lands nationale standard, eller standard, der er udarbejdet på internationalt og/eller europæisk niveau, og som har fået status som dansk standard
DS-information publikation, der er udarbejdet på nationalt niveau, og som ikke har opnået status som standard, eller publikation, der er udarbejdet på internationalt og/eller europæisk niveau, og som ikke har fået status som standard, fx en
teknisk rapport, eller europæisk præstandard
DS-håndbog samling af standarder, eventuelt suppleret med informativt materiale
DS-hæfte publikation med informativt materiale
Til disse publikationstyper kan endvidere udgives tillæg og rettelsesblade
DS-publikationsformPublikationstyperne udgives i forskellig form som henholdsvis
fuldtekstpublikation (publikationen er trykt i sin helhed) godkendelsesblad (publikationen leveres i kopi med et trykt DS-omslag) elektronisk (publikationen leveres på et elektronisk medie)
DS-betegnelseAlle DS-publikationers betegnelse begynder med DS efterfulgt af et eller flere præfikser og et nr., fx DS 383, DS/EN 5414 osv. Hvis der efter nr. er angivet et A eller Cor, betyder det, enten at det er et tillæg eller et rettelsesblad til hovedstandarden, eller at det er indført i hovedstandarden. DS-betegnelse angives på forsiden.
Overensstemmelse med anden publikation:Overensstemmelse kan enten være IDT, EQV, NEQ eller MOD
IDT: Når publikationen er identisk med en given publikation. EQV: Når publikationen teknisk er i overensstemmelse med en given publikation, men præsentationen er ændret. NEQ: Når publikationen teknisk eller præsentationsmæssigt ikke er i overensstemmelse med en given standard, men udarbejdet på baggrund af denne. MOD: Når publikationen er modificeret i forhold til en given publikation.
DS/EN ISO 13849-1 KøbenhavnDS projekt: M227222ICS: 13.110
Første del af denne publikations betegnelse er: DS/EN ISO, hvilket betyder, at det er en international standard, der har status både som europæisk og dansk standard.
Denne publikations overensstemmelse er: IDT med: ISO 13849-1:2006. IDT med: EN ISO 13849-1:2008.
DS-publikationen er på dansk og engelsk.
Denne publikation erstatter: DS/EN ISO 13849-1:2007.
I tilfælde af tvivl om korrektheden af den danske oversættelse henvises til den engelske version.
Selve oversættelsen er idt. med forrige udgave, der er her kun ændret få ting i EN ISO'en - bl.a. tilføjelse af Ann. ZB.
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
EUROPEAN STANDARD
NORME EUROPÉENNE
EUROPÄISCHE NORM
EN ISO 13849-1
June 2008
ICS 13.110 Supersedes EN ISO 13849-1:2006
English Version
Safety of machinery - Safety-related parts of control systems -Part 1: General principles for design (ISO 13849-1:2006)
Sécurité des machines - Parties des systèmes decommande relatives à la sécurité - Partie 1: Principes
généraux de conception (ISO 13849-1:2006)
Sicherheit von Maschinen - Sicherheitsbezogene Teile vonSteuerungen - Teil 1: Allgemeine Gestaltungsleitsätze (ISO
13849-1:2006)
This European Standard was approved by CEN on 18 May 2008.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this EuropeanStandard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such nationalstandards may be obtained on application to the CEN Management Centre or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translationunder the responsibility of a CEN member into its own language and notified to the CEN Management Centre has the same status as theofficial versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland,France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATIONC O M I T É E U R O P É E N D E N O R M A LI S A T I O NEUR OP ÄIS C HES KOM ITEE FÜR NOR M UNG
Management Centre: rue de Stassart, 36 B-1050 Brussels
© 2008 CEN All rights of exploitation in any form and by any means reservedworldwide for CEN national Members.
Ref. No. EN ISO 13849-1:2008: E
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
EN ISO 13849-1:2008 (E)
2
Contents Page
Foreword..............................................................................................................................................................3
Annex ZA (informative) Relationship between this European Standard and the Essential Requirements of EU Directive 98/37/EC, amended by Directive 98/79/EC ......................................4
Annex ZB (informative) Relationship between this European Standard and the Essential Requirements of EU Directive 2006/42/EC ..........................................................................................5
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
Indholdsfortegnelse
Side
Forord ....................................................................................................................................................................................... 3
Anneks ZA (informativt) Sammenhæng mellem denne europæiske standard og de væsentlige krav i EU-direktiv 98/37/EF, ændret ved direktiv 98/79/EF ....................................................... 4
Anneks ZB (informativt) Sammenhæng mellem denne europæiske standard og de væsentlige krav i EU-direktiv 2006/42/EF .......................................................................................................... 5
2 (da)
DS/EN ISO 13849-1:2008
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
EN ISO 13849-1:2008 (E)
3
Foreword
The text of ISO 13849-1:2006 has been prepared by Technical Committee ISO/TC 199 “Safety of machinery” of the International Organization for Standardization (ISO) and has been taken over as EN ISO 13849-1:2008 by Technical Committee CEN/TC 114 “Safety of machinery” the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by December 2008, and conflicting national standards shall be withdrawn at the latest by December 2009.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO 13849-1:2006.
This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association, and supports essential requirements of EC Directive(s).
For relationship with EC Directive(s), see informative Annexes ZA and ZB, which are integral part of this document.
According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom.
Endorsement notice
The text of ISO 13849-1:2006 has been approved by CEN as a EN ISO 13849-1:2008 without any modification.
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
Forord
Teksten til ISO 13849-1:2006 er udarbejdet af teknisk komité ISO/TC 199, Safety of machinery, under den internatio-nale standardiseringsorganisation ISO og er godkendt som EN ISO 13849-1:2008 af teknisk komité CEN/TC 114, Sa-fety of machinery, hvis sekretariat varetages af DIN.
Denne europæiske standard skal inden december 2008 have status som national standard, enten ved at der udgivesen identisk tekst, eller ved formel godkendelse, og modstridende nationale standarder skal være trukket tilbage se-nest november 2008.
Der gøres opmærksom på muligheden for, at dele af denne standard kan være genstand for patentrettigheder. CEN[og/eller CENELEC] kan ikke drages til ansvar for at identificere sådanne rettigheder.
Dette dokument erstatter EN ISO 13849-1 :2006.
Denne europæiske standard er udarbejdet af CEN i henhold til et mandat fra Europa-Kommissionen og EFTA, ogden underbygger væsentlige krav i ét eller flere EF-direktiver.
Sammenhængen med EF-direktiver er angivet i de informative annekser ZA og ZB, der er en integreret del af dettedokument.
I henhold til CEN/CENELEC’s interne regler er de nationale standardiseringsorganisationer i følgende lande forplig-tet til at implementere denne europæiske standard: Belgien, Bulgarien, Cypern, Danmark, Estland, Finland, Frankrig,Grækenland, Irland, Island, Italien, Letland, Litauen, Luxembourg, Malta, Nederlandene, Norge, Polen, Portugal, Rumænien, Schweiz, Slovakiet, Slovenien, Spanien, Storbritannien, Sverige, Tjekkiet, Tyskland, Ungarn og Østrig.
Godkendelse
ISO 13849-1:2006 er godkendt af CEN som EN ISO 13849-1:2008 uden ændringer.
3 (da)
DS/EN ISO 13849-1:2008
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
EN ISO 13849-1:2008 (E)
4
Annex ZA (informative)
Relationship between this European Standard and the Essential Requirements of EU Directive 98/37/EC, amended by Directive 98/79/EC
This European Standard has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association to provide a means of conforming to Essential Requirements of the New Approach Directive 98/37/EC, amended by Directive 98/79/EC.
Once this standard is cited in the Official Journal of the European Communities under that Directive and has been implemented as a national standard in at least one Member State, compliance with the normative clauses of this standard confers, within the limits of the scope of this standard, a presumption of conformity with Essential Requirements 1.2.1 and 1.2.7 of Annex I of that Directive and associated EFTA regulations.
WARNING: Other requirements and other EU Directives may be applicable to the products falling within the scope of this standard.
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
Anneks ZA(informativt)
Sammenhæng mellem denne europæiske standard og de væsentlige krav i EU-direktiv 98/37/EF, ændret ved direktiv 98/79/EF
Denne europæiske standard er udarbejdet af CEN i henhold til et mandat fra Europa-Kommissionen og EFTA for attilvejebringe en metode til opfyldelse af væsentlige krav i direktiv 98/37/EF, ændret ved 98/79/EF, der er direktiver ef-ter den nye metode.
Når denne standard er blevet omtalt i De Europæiske Fællesskabers Tidende under dette direktiv og er blevet imple-menteret som national standard i mindst én medlemsstat, giver overensstemmelse med de normative punkter idenne standard en formodning om, at de væsentlige krav i 1.2.1 og 1.2.7 i bilag I til det pågældende direktiv og til-hørende EFTA-regulativer er opfyldt inden for denne standards emne.
ADVARSEL – Andre krav og andre EU-direktiver kan gælde for de produkter, der er omfattet af denne standards an-vendelsesområde.
4 (da)
DS/EN ISO 13849-1:2008
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
EN ISO 13849-1:2008 (E)
5
Annex ZB (informative)
Relationship between this European Standard and the Essential Requirements of EU Directive 2006/42/EC
This European Standard has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association to provide a means of conforming to Essential Requirements of the New Approach Directive Machinery 2006/42/EC.
Once this standard is cited in the Official Journal of the European Communities under that Directive and has been implemented as a national standard in at least one Member State, compliance with the normative clauses of this standard confers, within the limits of the scope of this standard, a presumption of conformity with Essential Requirements 1.2.1 of Annex I of that Directive and associated EFTA regulations.
WARNING — Other requirements and other EU Directives may be applicable to the product(s) falling within the scope of this standard.
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
Anneks ZB(informativt)
Sammenhæng mellem denne europæiske standard og de væsentlige krav i EU-direktiv 2006/42/EF
Denne europæiske standard er udarbejdet af CEN i henhold til et mandat fra Europa-Kommissionen og EFTA for attilvejebringe en metode til opfyldelse af væsentlige krav i direktiv 2006/42/EF, der er et direktiv efter den nye metode.
Når denne standard er blevet omtalt i De Europæiske Fællesskabers Tidende under dette direktiv og er blevet imple-menteret som national standard i mindst én medlemsstat, giver overensstemmelse med de normative punkter idenne standard en formodning om, at de væsentlige krav i 1.2.1 i bilag I til det pågældende direktiv og tilhørendeEFTA-regulativer er opfyldt inden for denne standards emne.
ADVARSEL – Andre krav og andre EU-direktiver kan gælde for de produkter, der er omfattet af denne standardsemne.
5 (da)
DS/EN ISO 13849-1:2008
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
Reference numberISO 13849-1:2006(E)
© ISO 2006
INTERNATIONALSTANDARD
ISO13849-1
Second edition2006-11-01
Safety of machinery — Safety-related parts of control systems — Part 1: General principles for design
Sécurité des machines — Parties des systèmes de commande relatives à la sécurité —
Partie 1: Principes généraux de conception
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
ISO 13849-1:2006(E)
iii © ISO 2006 – All rights reserved
Contents Page
Foreword .............................................................................................................................................................v
Introduction........................................................................................................................................................vi
1 Scope......................................................................................................................................................1
2 Normative references............................................................................................................................1
3 Terms, definitions, symbols and abbreviated terms .........................................................................23.1 Terms and definitions ...........................................................................................................................23.2 Symbols and abbreviated terms ..........................................................................................................8
4 Design considerations..........................................................................................................................94.1 Safety objectives in design ..................................................................................................................94.2 Strategy for risk reduction .................................................................................................................114.2.1 General .................................................................................................................................................114.2.2 Contribution to the risk reduction by the control system...............................................................114.3 Determination of required performance level (PLr) .........................................................................144.4 Design of SRP/CS................................................................................................................................144.5 Evaluation of the achieved performance level PL and relationship with SIL................................154.5.1 Performance level PL ..........................................................................................................................154.5.2 Mean time to dangerous failure of each channel (MTTFd) ..............................................................174.5.3 Diagnostic coverage (DC)...................................................................................................................184.5.4 Simplified procedure for estimating PL ............................................................................................184.6 Software safety requirements ............................................................................................................214.6.1 General .................................................................................................................................................214.6.2 Safety-related embedded software (SRESW) ...................................................................................214.6.3 Safety-related application software (SRASW)..................................................................................224.6.4 Software-based parameterization......................................................................................................254.7 Verification that achieved PL meets PLr ...........................................................................................264.8 Ergonomic aspects of design ............................................................................................................26
5 Safety functions...................................................................................................................................265.1 Specification of safety functions .......................................................................................................265.2 Details of safety functions..................................................................................................................285.2.1 Safety-related stop function...............................................................................................................285.2.2 Manual reset function .........................................................................................................................295.2.3 Start/restart function...........................................................................................................................295.2.4 Local control function.........................................................................................................................305.2.5 Muting function....................................................................................................................................305.2.6 Response time .....................................................................................................................................305.2.7 Safety–related parameters .................................................................................................................305.2.8 Fluctuations, loss and restoration of power sources......................................................................31
6 Categories and their relation to MTTFd of each channel, DCavg and CCF ....................................316.1 General .................................................................................................................................................316.2 Specifications of categories...............................................................................................................326.2.1 General .................................................................................................................................................326.2.2 Designated architectures ...................................................................................................................326.2.3 Category B ...........................................................................................................................................326.2.4 Category 1 ............................................................................................................................................336.2.5 Category 2 ............................................................................................................................................346.2.6 Category 3 ............................................................................................................................................356.2.7 Category 4 ............................................................................................................................................366.3 Combination of SRP/CS to achieve overall PL.................................................................................39
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
Indholdsfortegnelse
Side
Forord ....................................................................................................................................................................................... v
Indledning................................................................................................................................................................................ vi
1 Emne og anvendelsesområde.................................................................................................................................... 1
2 Normative referencer ................................................................................................................................................... 1
3 Termer, definitioner, symboler og forkortelser....................................................................................................... 23.1 Termer og definitioner....................................................................................................................................... 23.2 Symboler og forkortelser.................................................................................................................................. 8
4 Konstruktionsmæssige overvejelser ........................................................................................................................ 94.1 Sikkerhedsmål for konstruktionen .................................................................................................................. 94.2 Strategi for nedsættelse af risici ...................................................................................................................... 11
4.2.1 Generelt ................................................................................................................................................. 114.2.2 Styresystemets bidrag til risikonedsættelse .................................................................................... 11
4.3 Fastlæggelse af krævet PL-niveau (PLr).......................................................................................................... 144.4 Konstruktion af sikkerhedsrelaterede dele af styresystemer (SRP/CS)...................................................... 144.5 Vurdering af det opnåede PL-niveau og sammenhængen med SIL-niveau............................................. 15
4.5.1 PL-niveau............................................................................................................................................... 154.5.2 Middeltid til farligt svigt for hver kanal (MTTFd) .............................................................................. 174.5.3 Diagnostisk dækning (DC)................................................................................................................... 184.5.4 Forenklet metode til et skøn af PL-niveau......................................................................................... 18
4.6 Sikkerhedskrav til software .............................................................................................................................. 214.6.1 Generelt ................................................................................................................................................. 214.6.2 Sikkerhedsrelateret indlejret software (SRESW)............................................................................. 214.6.3 Sikkerhedsrelateret anvendelsessoftware (SRASW)...................................................................... 224.6.4 Softwarebaseret parametrering ........................................................................................................ 25
4.7 Verifikation af, at det opnåede PL-niveau opfylder PLr................................................................................. 264.8 Ergonomiske aspekter ved konstruktion........................................................................................................ 26
5 Sikkerhedsfunktioner................................................................................................................................................... 265.1 Specifikation af sikkerhedsfunktioner............................................................................................................. 265.2 Nærmere oplysninger om sikkerhedsfunktioner.......................................................................................... 28
5.2.1 Sikkerhedsrelateret stopfunktion....................................................................................................... 285.2.2 Manuel tilbagestillingsfunktion.......................................................................................................... 295.2.3 Start/genstartfunktion.......................................................................................................................... 295.2.4 Lokal styrefunktion............................................................................................................................... 305.2.5 Forbikoblingsfunktion (muting) ......................................................................................................... 305.2.6 Svartid.................................................................................................................................................... 305.2.7 Sikkerhedsrelaterede parametre ....................................................................................................... 305.2.8 Udsving, tab og genetablering af energikilder................................................................................. 31
6 Kategorier og deres relation til MTTFd i hver kanal, DCavg og CCF .................................................................... 316.1 Generelt............................................................................................................................................................... 316.2 Specifikation af kategorier................................................................................................................................ 32
6.2.1 Generelt ................................................................................................................................................. 326.2.2 Udpegede arkitekturer......................................................................................................................... 326.2.3 Kategori B.............................................................................................................................................. 326.2.4 Kategori 1 .............................................................................................................................................. 336.2.5 Kategori 2 .............................................................................................................................................. 346.2.6 Kategori 3 .............................................................................................................................................. 356.2.7 Kategori 4 .............................................................................................................................................. 36
6.3 Kombination af SRP/CS for at opnå et samlet PL-niveau ............................................................................ 39
iii (da)
DS/EN ISO 13849-1:2008
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
ISO 13849-1:2006(E)
iv © ISO 2006 – All rights reserved
7 Fault consideration, fault exclusion ................................................................................................. 407.1 General................................................................................................................................................. 407.2 Fault consideration............................................................................................................................. 407.3 Fault exclusion.................................................................................................................................... 41
8 Validation............................................................................................................................................. 41
9 Maintenance ........................................................................................................................................ 41
10 Technical documentation .................................................................................................................. 41
11 Information for use ............................................................................................................................. 42
Annex A (informative) Determination of required performance level (PLr)................................................ 44
Annex B (informative) Block method and safety-related block diagram.................................................... 47
Annex C (informative) Calculating or evaluating MTTFd values for single components.......................... 49
Annex D (informative) Simplified method for estimating MTTFd for each channel................................... 57
Annex E (informative) Estimates for diagnostic coverage (DC) for functions and modules ................... 59
Annex F (informative) Estimates for common cause failure (CCF)............................................................. 62
Annex G (informative) Systematic failure ...................................................................................................... 64
Annex H (informative) Example of combination of several safety-related parts of the control system.................................................................................................................................................. 67
Annex I (informative) Examples ...................................................................................................................... 70
Annex J (informative) Software....................................................................................................................... 77
Annex K (informative) Numerical representation of Figure 5 ...................................................................... 80
Bibliography..................................................................................................................................................... 83
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
7 Fejlbetragtning, fejludelukkelse ................................................................................................................................ 407.1 Generelt............................................................................................................................................................... 407.2 Fejlbetragtning................................................................................................................................................... 407.3 Fejludelukkelse................................................................................................................................................... 41
8 Validering........................................................................................................................................................................ 41
9 Vedligeholdelse ............................................................................................................................................................. 41
10 Teknisk dokumentation............................................................................................................................................... 41
11 Brugerinformation ........................................................................................................................................................ 42
Anneks A (informativt) Bestemmelse af krævet PL-niveau (PLr) ............................................................................... 44
Anneks B (informativt) Blokmetode og sikkerhedsrelateret blokdiagram .............................................................. 47
Anneks C (informativt) Beregning eller vurdering af MTTFd-værdier for enkelte komponenter ........................ 49
Anneks D (informativt) Forenklet metode til vurdering af MTTFd for hver kanal................................................... 57
Anneks E (informativt) Skøn af diagnostisk dækning (DC) for funktioner og moduler ........................................ 59
Anneks F (informativt) Skøn af fælles svigt med samme årsag (CCF)...................................................................... 62
Anneks G (informativt) Systematisk svigt ...................................................................................................................... 64
Anneks H (informativt) Eksempler på kombination af forskellige sikkerhedsrelaterede dele i styresystemet ............................................................................................................................. 67
Anneks I (informativt) Eksempler...................................................................................................................................... 70
Anneks J (informativt) Software ....................................................................................................................................... 77
Anneks K (informativt) Numerisk præsentation af figur 5 .......................................................................................... 80
Bibliografi................................................................................................................................................................................. 83
iv (da)
DS/EN ISO 13849-1:2008
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
ISO 13849-1:2006(E)
v © ISO 2006 – All rights reserved
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 13849-1 was prepared by the European Committee for Standardization (CEN) Technical Committee CEN/TC 114, Safety of machinery, in collaboration with Technical Committee ISO/TC 199, Safety of machinery, in accordance with the Agreement on technical cooperation between ISO and CEN (Vienna Agreement).
This second edition cancels and replaces the first edition (ISO ISO 13849-1:1999), which has been technically revised.
ISO 13849 consists of the following parts, under the general title Safety of machinery — Safety-related parts of control systems:
Part 1: General principles for design
Part 2: Validation
Part 100: Guidelines for the use and application of ISO 13849-1 [Technical Report]
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
Forord
ISO (the International Organization for Standardization) er en verdensomspændende sammenslutning af nationalestandardiseringsorganer (ISO’s medlemslande). Internationale standarder udarbejdes normalt af ISO’s tekniske ko-mitéer. Hvert medlemsland, som er interesseret i et emne, inden for hvilket der er oprettet en teknisk komité, har rettil at være repræsenteret i den pågældende komité. Internationale organisationer, både statslige og ikke-statslige,der har en samarbejdsaftale med ISO, deltager ligeledes i arbejdet. ISO samarbejder tæt med IEC (the InternationalElectrotechnical Commission) i alle anliggender vedrørende elektroteknisk standardisering.
Internationale standarder udarbejdes i overensstemmelse med reglerne i ISO/IEC Directives, Part 2.
Tekniske komitéers primære opgave er at udarbejde internationale standarder. Forslag til internationale standarder,der er godkendt af de tekniske komitéer, sendes ud til medlemslandene til afstemning. Offentliggørelse som interna-tional standard kræver godkendelse af mindst 75 % af de medlemslande, som afgiver deres stemme.
Der gøres opmærksom på muligheden for, at dele af dette dokument kan være genstand for patentrettigheder. ISOkan ikke drages til ansvar for at identificere sådanne rettigheder.
ISO 13849-1 er udarbejdet af den europæiske standardiseringsorganisations (CEN) tekniske komité CEN/TC 114, Sa-fety of machinery, i samarbejde med teknisk komité ISO/TC 199, Safety of machinery, i henhold til aftalen om teknisksamarbejde mellem ISO og CEN (Wien-aftalen).
Denne 2. udgave ophæver og erstatter første udgave (ISO 13849-1:1999), hvis indhold er blevet revideret.
ISO 13849 består af følgende dele med den overordnede titel Safety of machinery – Safety-related parts of controlsystems:
– Part 1: General principles for design
– Part 2: Validation
– Part 100: Guidelines for the use and application of ISO 13849-1 [Technical Report].
v (da)
DS/EN ISO 13849-1:2008
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
ISO 13849-1:2006(E)
vi © ISO 2006 – All rights reserved
Introduction
The structure of safety standards in the field of machinery is as follows.
a) Type-A standards (basis standards) give basic concepts, principles for design and general aspects that can be applied to machinery.
b) Type-B standards (generic safety standards) deal with one or more safety aspect(s), or one or more type(s) of safeguards that can be used across a wide range of machinery:
type-B1 standards on particular safety aspects (e.g. safety distances, surface temperature, noise);
type-B2 standards on safeguards (e.g. two-hands controls, interlocking devices, pressure sensitive devices, guards).
c) Type-C standards (machinery safety standards) deal with detailed safety requirements for a particular machine or group of machines.
This part of ISO 13849 is a type-B-1 standard as stated in ISO 12100-1.
When provisions of a type-C standard are different from those which are stated in type-A or type-B standards, the provisions of the type-C standard take precedence over the provisions of the other standards for machines that have been designed and built according to the provisions of the type-C standard.
This part of ISO 13849 is intended to give guidance to those involved in the design and assessment of control systems, and to Technical Committees preparing Type-B2 or Type-C standards which are presumed to comply with the Essential Safety Requirements of Annex I of the Council Directive 98/37/EC, The Machinery Directive. It does not give specific guidance for compliance with other EC directives.
As part of the overall risk reduction strategy at a machine, a designer will often choose to achieve some measure of risk reduction through the application of safeguards employing one or more safety functions.
Parts of machinery control systems that are assigned to provide safety functions are called safety-related parts of control systems (SRP/CS) and these can consist of hardware and software and can either be separate from the machine control system or an integral part of it. In addition to providing safety functions, SRP/CS can also provide operational functions (e.g. two-handed controls as a means of process initiation).
The ability of safety-related parts of control systems to perform a safety function under foreseeable conditions is allocated one of five levels, called performance levels (PL). These performance levels are defined in terms of probability of dangerous failure per hour (see Table 3).
The probability of dangerous failure of the safety function depends on several factors, including hardware and software structure, the extent of fault detection mechanisms [diagnostic coverage (DC)], reliability of components [mean time to dangerous failure (MTTFd), common cause failure (CCF)], design process, operating stress, environmental conditions and operation procedures.
In order to assist the designer and help facilitate the assessment of achieved PL, this document employs a methodology based on the categorization of structures according to specific design criteria and specified behaviours under fault conditions. These categories are allocated one of five levels, termed Categories B, 1, 2, 3 and 4.
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
Indledning
Sikkerhedsstandarder på maskinområdet inddeles efter følgende struktur.
a) Type A-standarder (grundlæggende standarder) indeholder grundlæggende begreber, principper for konstrukti-on og generelle forhold, der kan gælde for maskiner.
b) Type B-standarder (generiske sikkerhedsstandarder) behandler ét eller flere sikkerhedsaspekter eller én eller fleretyper af beskyttelsesanordninger, der kan anvendes til en række maskiner:– type B1-standarder om særlige sikkerhedsaspekter (fx sikkerhedsafstande, overfladetemperatur, støj)– type B2-standarder om beskyttelsesanordninger (fx tohåndsbetjeninger, tvangskoblingsudstyr, trykfølsomme
anordninger, afskærmninger).
c) Type C-standarder (maskinsikkerhedsstandarder) omhandler detaljerede sikkerhedskrav til en bestemt maskineeller gruppe af maskiner.
Denne del af ISO 13849 er en type B1-standard som angivet i ISO 12100-1.
Hvis bestemmelser i en type C-standard er forskellige fra bestemmelserne i type A- eller B-standarder, har bestem-melserne i type C-standarden forrang for bestemmelserne i de andre standarder for maskiner, der er konstrueret ogudført i overensstemmelse med bestemmelserne i type C-standarden.
Formålet med denne del af ISO 13849 er at vejlede personer, der konstruerer og bedømmer styresystemer, og tekni-ske komitéer, der udarbejder type B2- eller type C-standarder, som formodes at opfylde de væsentlige sikkerheds-krav i bilag I til Rådets Direktiv 98/37/EF, Maskindirektivet. Standarden indeholder ikke specifikke retningslinjer foroverensstemmelse med andre EF-direktiver.
Som en del af den samlede strategi for nedsættelse af risikoen ved en maskine vil en konstruktør ofte vælge at opnåen vis grad af risikonedsættelse ved at anvende beskyttelsesanordninger, som anvender en eller flere sikkerheds-funktioner.
Dele af maskiners styresystemer, der er beregnet til at udføre sikkerhedsfunktioner, kaldes sikkerhedsrelaterede deleaf styresystemer (SRP/CS, safety related parts of control systems), og disse kan bestå af hardware og software ogkan enten være adskilt fra eller være en integreret del af maskinens styresystem. Ud over sikkerhedsfunktioner kansikkerhedsrelaterede dele også udføre driftsfunktioner (fx tohåndsbetjeninger som et middel til igangsættelse af enproces).
Evnen ved styresystemers sikkerhedsrelaterede dele til at udføre en sikkerhedsfunktion under forudseelige betingel-ser indplaceres på et af fem niveauer, der kaldes PL-niveauer. Disse PL-niveauer defineres som sandsynligheden forfarligt svigt pr. time (se tabel 3).
Sandsynligheden for farligt svigt af sikkerhedsfunktionen afhænger af flere forskellige faktorer, herunder hardware-og softwareopbygningen, omfanget af fejldetekteringsmekanismer [diagnostisk dækning (DC)], komponenters påli-delighed [middeltid til farligt svigt (MTTFd), fælles svigt med samme årsag (CCF)], konstruktionsprocessen, driftsbe-lastningen, miljøbetingelserne og driftsprocedurerne.
Som en hjælp til konstruktøren og for gøre det lettere at vurdere, hvilket PL-niveau der er opnået, benyttes der i det-te dokument en metodik, der er baseret på at kategorisere konstruktioner efter specifikke konstruktionskriterier ogspecificerede virkemåder under fejltilstande. Disse kategorier er opdelt i fem niveauer og betegnes kategori B, 1, 2, 3og 4.
vi (da)
DS/EN ISO 13849-1:2008
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
ISO 13849-1:2006(E)
vii © ISO 2006 – All rights reserved
The performance levels and categories can be applied to safety-related parts of control systems, such as
protective devices (e.g. two-hand control devices, interlocking devices), electro-sensitive protective devices (e.g. photoelectric barriers), pressure sensitive devices,
control units (e.g. a logic unit for control functions, data processing, monitoring, etc.), and
power control elements (e.g. relays, valves, etc),
as well as to control systems carrying out safety functions at all kinds of machinery — from simple (e.g. small kitchen machines, or automatic doors and gates) to manufacturing installations (e.g. packaging machines, printing machines, presses).
This part of ISO 13849 is intended to provide a clear basis upon which the design and performance of any application of the SRP/CS (and the machine) can be assessed, for example, by a third party, in-house or by an independent test house.
Information on the recommended application of IEC 62061 and this part of ISO 13849
IEC 62061 and this part of ISO 13849 specify requirements for the design and implementation of safety-related control systems of machinery. The use of either of these International Standards, in accordance with their scopes, can be presumed to fulfil the relevant essential safety requirements. The following table summarizes the scopes of IEC 62061 and this part of ISO 13849.
Table 1 — Recommended application of IEC 62061 and ISO 13849-1
Technology implementing the safety-related control function(s) ISO 13849-1 IEC 62061
A Non-electrical, e.g. hydraulics X Not covered
B Electromechanical, e.g. relays, and/or non complex electronics
Restricted to designated architectures a and up to PL e
All architectures and up to SIL 3
C Complex electronics, e.g. programmable
Restricted to designated architectures a and up to PL d
All architectures and up to SIL 3
D A combined with B Restricted to designated architectures a and up to PL e X c
E C combined with B Restricted to designated architectures (see Note 1) and up to PL d
All architectures and up to SIL 3
F C combined with A, or C combined with A and B X b X c
X indicates that this item is dealt with by the International Standard shown in the column heading.
a Designated architectures are defined in 6.2 in order to give a simplified approach for quantification of performance level.
b For complex electronics: use designated architectures according to this part of ISO 13849 up to PL d or any architecture according to IEC 62061.
c For non-electrical technology, use parts in accordance with this part of ISO 13849 as subsystems.
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
PL-niveauer og kategorier kan gælde for sikkerhedsrelaterede dele af styresystemer som fx
– beskyttelsesudstyr (fx tohåndsbetjeninger, tvangskoblingsudstyr), berøringsløst beskyttelsesudstyr (fx fotoelektri-ske afspærringer), trykfølsomt udstyr,
– styreenheder (fx en logisk enhed til styrefunktioner, databehandling, overvågning osv.)
– effektregulerende dele (fx relæer, ventiler osv.)
samt for styresystemer, der udfører sikkerhedsfunktioner i alle slags maskiner – fra enkle maskiner (fx små køkken-maskiner eller automatiske døre og porte) til produktionsanlæg (fx pakkemaskiner, trykkerimaskiner, presser).
Denne del af ISO 13849 har til formål at skabe et klart grundlag for, hvordan bedømmelse af konstruktion og funktionaf styresystemers sikkerhedsrelaterede dele (og maskinen) kan udføres fx af en tredjepart, en intern part eller et uaf-hængigt prøvningsorgan.
Oplysninger om den anbefalede anvendelse af IEC 62061 og denne del af ISO 13849
IEC 62061 og denne del af ISO 13849 fastlægger krav til konstruktion og anvendelse af sikkerhedsrelaterede styresy-stemer i maskiner. Når en af disse internationale standarder anvendes i overensstemmelse med anvendelsesområ-det, kan det formodes, at de relevante væsentlige sikkerhedskrav er opfyldt. Nedenstående tabel er en oversigt overanvendelsesområdet for IEC 62061 og denne del af ISO 13849.
Tabel 1 – Anbefalet anvendelse af IEC 62061 og ISO 13849-1
Teknologi, der implementerer ISO 13849-1 IEC 62061
sikkerhedsrelaterede styrefunktioner
A Ikke-elektrisk, fx hydraulik X Ikke omfattet
B Elektromekanisk, fx relæer, og/eller Begrænset til udpegede arkitekturera Alle arkitekturer og indtil SIL 3ikke-kompleks elektronik og indtil PL = e
C Kompleks elektronik, Begrænset til udpegede arkitekturera Alle arkitekturer og indtil SIL 3fx programmerbar og indtil PL = d
D A kombineret med B Begrænset til udpegede arkitekturera
og indtil PL = eXc
E C kombineret med B Begrænset til udpegede arkitekturer Alle arkitekturer og indtil SIL 3(se note 1) og indtil PL = d
F C kombineret med A, eller C kombineret med A og B
Xb Xc
X angiver, at den internationale standard anført i kolonneoverskriften omhandler det pågældende emne.a Udpegede arkitekturer er defineret i 6.2 med det formål at give en forenklet tilgang til kvantificeringen af PL-niveau.
b For kompleks elektronik anvendes bestemte arkitekturer ifølge denne del af ISO 13849 indtil PL = d eller en anden arkitektur ifølge IEC62061.
c Til ikke-elektrisk teknologi anvendes dele i overensstemmelse med denne del af ISO 13849 som delsystemer.
vii (da)
DS/EN ISO 13849-1:2008
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
INTERNATIONAL STANDARD ISO 13849-1:2006(E)
1 © ISO 2006 – All rights reserved
Safety of machinery — Safety-related parts of control systems —
Part 1: General principles for design
1 Scope
This part of ISO 13849 provides safety requirements and guidance on the principles for the design and integration of safety-related parts of control systems (SRP/CS), including the design of software. For these parts of SRP/CS, it specifies characteristics that include the performance level required for carrying out safety functions. It applies to SRP/CS, regardless of the type of technology and energy used (electrical, hydraulic, pneumatic, mechanical, etc.), for all kinds of machinery.
It does not specify the safety functions or performance levels that are to be used in a particular case.
This part of ISO 13849 provides specific requirements for SRP/CS using programmable electronic system(s).
It does not give specific requirements for the design of products which are parts of SRP/CS. Nevertheless, the principles given, such as categories or performance levels, can be used.
NOTE 1 Examples of products which are parts of SRP/CS: relays, solenoid valves, position switches, PLCs, motor control units, two-hand control devices, pressure sensitive equipment. For the design of such products, it is important to refer to the specifically applicable International Standards, e.g. ISO 13851, ISO 13856-1 and ISO 13856-2.
NOTE 2 For the definition of required performance level, see 3.1.24.
NOTE 3 The requirements provided in this part of ISO 13849 for programmable electronic systems are compatible with the methodology for the design and development of safety-related electrical, electronic and programmable electronic control systems for machinery given in IEC 62061.
NOTE 4 For safety-related embedded software for components with PLr = e see IEC 61508-3:1998, Clause 7.
NOTE 5 See also Table 1.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 12100-1:2003, Safety of machinery — Basic concepts, general principles for design — Part 1: Basic terminology, methodology
ISO 12100-2:2003, Safety of machinery — Basic concepts, general principles for design — Part 2: Technical principles
ISO 13849-2:2003, Safety of machinery — Safety-related parts of control systems — Part 2: Validation
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
1 Emne og anvendelsesområde
Denne del af ISO 13849 indeholder sikkerhedskrav og giver vejledning om principperne for konstruktion og integre-ring af sikkerhedsrelaterede dele af styresystemer (SRP/CS), herunder konstruktion af software. For disse dele afSRP/CS specificerer den karakteristika, som omfatter det PL-niveau, der kræves for at udføre sikkerhedsfunktioner.Den gælder for SRP/CS uanset den anvendte type teknologi og energi (elektrisk, hydraulisk, pneumatisk, mekaniskosv.) i alle slags maskiner.
Den specificerer ikke, hvilke sikkerhedsfunktioner eller PL-niveauer der skal anvendes i et bestemt tilfælde.
Denne del af ISO 13849 indeholder specifikke krav til SRP/CS, som anvender et eller flere programmerbare elektroni-ske systemer.
Den indeholder ikke specifikke krav til konstruktion af produkter, der er dele af SRP/CS. Ikke desto mindre kan de op-stillede principper, såsom kategorier og PL-niveauer, anvendes.
NOTE 1 – Eksempler på produkter, der er dele af SRP/CS: relæer, elektromagnetiske ventiler, positionsafbrydere, PLC´er, motor-styreenheder, tohåndsbetjeninger, trykfølsomt udstyr. Ved konstruktion af sådanne produkter er det vigtigt at henvise til de spe-cifikt anvendelige internationale standarder, fx ISO 13851, ISO 13856-1 og ISO 13856-2.
NOTE 2 – For definitionen af krævet PL-niveau, se 3.1.24.
NOTE 3 – De krav, der er indeholdt i denne del af ISO 13849, til programmerbare elektroniske systemer er forenelige med meto-dikken for konstruktion og udvikling af sikkerhedsrelaterede elektriske, elektroniske og programmerbare elektroniske styresy-stemer for maskiner angivet i IEC 62061.
NOTE 4 – For sikkerhedsrelateret indlejret software til komponenter med PLr = e se IEC 61508-3:1998, pkt. 7.
NOTE 5 – Se også tabel 1.
2 Normative referencer
Følgende nævnte dokumenter er absolut nødvendige for anvendelsen af dette dokument. Ved daterede referencergælder kun den nævnte udgave. For udaterede referencer gælder den nyeste udgave af det pågældende dokument(med tillæg).
ISO 12100-1:2003, Safety of machinery – Basic concepts, general principles for design – Part 1: Basic terminology,methodology
ISO 12100-2:2003, Safety of machinery – Basic concepts, general principles for design – Part 2: Technical principles
ISO 13849-2:2003, Safety of machinery – Safety-related parts of control systems – Part 2: Validation
1 (da)
DS/EN ISO 13849-1:2008
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8
ISO 13849-1:2006(E)
2 © ISO 2006 – All rights reserved
ISO 141211), Safety of machinery — Principles of risk assessment
IEC 60050-191:1990, International electrotechnical vocabulary — Chapter 191: Dependability and quality of service, and IEC 60050-191-am1:1999 and IEC 60050-191-am2:2002:1999, Amendment 1 and Amendment 2,International Electrotechnical Vocabulary. Chapter 191: Dependability and quality of service
IEC 61508-3:1998, Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 3: Software requirements, and IEC 61508-3 Corr.1:1999, Corrigendum 1 — Functional safety of electrical/electronic/programmable electronic safety-related systems — Part 3: Software requirements
IEC 61508-4:1998, Functional safety of electrical/electronic/programmable electronic safety-related systems — Part 4: Definitions and abbreviations, and IEC 61508-4 Corr.1:1999, Corrigendum 1 — Functional safety of electrical/electronic/programmable electronic safety-related systems — Part 4: Definitions and abbreviations
1) To be published. (Revision of ISO 14121:1999)
CO
PY
RIG
HT
Dan
ish
Sta
nd
ard
s. N
OT
FO
R C
OM
ME
RC
IAL
US
E O
R R
EP
RO
DU
CT
ION
. DS
/EN
ISO
138
49-1
:200
8