WIXLIB

10 Steps to Performance Level

2This brochure is a helpful accessory for the design ofa control system based on the standards ISO 13849-1and ISO 13849-2. It has no claim of completeness.The statements in this document have been donecarefully, but without guarantee. Only the originaltext from the relevant standards and directives areobligatory.

304 Realizing machine safetyintelligently and economically06 Focus on Safety-RelatedParts of a Control System(SRP/CS)07 Knowing what’s important:Functional safety toISO 1384908 Choose a partner who isable to join the dots.10 Rexroth Safety on Board:25 Let us be quite clearMore safety and productivityon this 12 1 Risk assessment26 Make use of the13 2 Identification of the safetycomprehensive service.functionsBenefit from practical14 3 Determination of thetraining.required Performance27 Benefit overviewLevel (PLr)15 4 Category selection16 5 Modeling of the blockdiagram18 6 Faults and diagnosis19 7 Determination of the PL20 8 Evaluation of control systemrobustness22 9 Software requirements24 10 Verification and validationof the reached PL (PL PLr)

4Realizing machine safetyintelligently and economicallyThe requirements regarding safety technologyare increasing worldwide. The design of modernmachinery and plants is regulated by the2006/42/EC Machine Directive in Europe as wellas by the international standards ISO 13849and IEC 62061 governing functional safety.Machine manufacturers are obliged to provideevidence of personal protection in a comprehensive evaluation with statistical parameters,whereby all of the components and systems ofcontrol relevance used in the machine or plantare included. In the form of Safety on Board,Rexroth supports machine and plant manufacturers by providing know-how and individualconsulting.These guidelines not only help you to evaluaterisks, they also show you how to design,implement, and commission the correspondingsafety technology for your control systems ―systematically and conformant with therespective standards.We would be delighted to provide you withsupport.

5Machinery Safety standardsEN 1010 EN 693ISO 23125EN 474IEC 61800-5-2Electric drivesIEC 60204IEC 61508Electric equipmentsElectronic systemsISO 4413Legal basesHydraulicsExample: Machinery DirectiveIEC 62061Electricmachine systemISO 4414ISO 13849Machine systemsISO 12100Risk assessmentISO 13850PneumaticsBasic standardsType A standardsGeneric standardsEmergency stopType B standardsISO 13855SafeguardsProduct standardsType C standards

6Focus on Safety-RelatedParts of a Control System (SRP/CS)Control: Interaction between several systems

7Knowing what’s important:Functional safety to ISO 13849ISO 13849 demonstrates how the safetyrequirements for machine controls arecomplied with. It considers the design andintegration of the safety-related parts ofcontrols (SRP/CS), regardless of whetherelectrical, hydraulic, mechanical, or pneumatictechnologies are involved, for example.Specifications for electronic controls are alsoregulated by the IEC 62061.The focus is on those parts of the controlsystem that are of relevance for machine safety.As soon as safety is dependent on a correctcontrol function, it is referred to as “functionalsafety” ― with particular requirements onavailability of the safety function.More information on functional safety(ISO 13849) is available at:www.boschrexroth.com/machinesafety

8Choose a partnerwho is able to join the dots.Rexroth has intensive automation expertise andinternational application experience. That’swhy we know the interactions and connectionsassociated with systems with different technologies. Take benefit from this know-how andfrom our Safety on Board training offers andextensive services.To take just one example: The design criteriaand probability calculations affect the technicalsafety classification of components and systems ― in practically all stationary and mobilemachines. To this aim, suppliers must providedetails concerning the reliability of all electrical, hydraulic, mechanical, and pneumaticcomponents involved. By choosing BoschRexroth as a reliable partner, it goes withoutsaying that you receive this data ― along withall of the additional information you require.Bosch Rexroth is one of the world’s leadingproviders of drive and control technologies.Regardless of the motion task that customersface anywhere in the world, they will alwaysfind a Bosch Rexroth team with the local experience and the appropriate know-howfrom a variety of industries and all drive andcontrol technologies. As the Drive & ControlCompany, the company develops, produces,and distributes its components and systemsolutions in over 80 countries.

9 Simplify the safe operation of machine tools Ensure the knowledge of your associates Protect your employees from moving loads Enable safe working practices in the public sector

10Rexroth Safety on Board:More safety and productivityDivide complex tasks into clearly definedwork packages: This brochure guides youfrom the risk assessment through to the finalrealization and evaluation of the safety levelreached. This intelligent approach helps youto realize the state of the art for the protectionof personnel and machinery in a feasible anddocumented manner.Rexroth Safety on Board also enables youto increase your machine performance. Forexample, you do not need to shut down theentire plant in the event of faults or whenreplacing tools. Simply ensure that the areain question is briefly and effectively in a safestate, enabling you to diagnose errors andeliminate them without delay.

1112Risk assessmentIdentification ofthe safety functions3 Determination of therequired PerformanceLevel (PLr)4 Category selection5 Modeling the blockdiagram6 Faults and diagnosis7 Determination of the PL8 Evaluation of controlsystem robustness ―failure avoidance9 Software requirements10 Verification and validationof the reached PL (PL PLr)

121 Risk assessmentIs there a C standard for this machine? If yes, use it as a template.Graphic continued on page 13

132 Identification of the safety functionsGraphic continued from page 12Safe Torque Off (STO)Stop category 0 in accordance withIEC 60204-1: Safe drive torque cutoffExample: An unexpected startup must beavoided by opened protective door!

143 Determination of the required Performance Level (PLr)Performance Level (PL): A benchmark for the safety levelExample:Functional failurecan lead to fatalaccidents. Theoperator requiresaccess to themachine less thanonce per shift. Inthe event of afault, they areunable to avoidthe danger.

154 Category selection

165a Modeling the block diagramSource:BGIA Report2/2008

175b Modeling the circuit as a block diagramConnecting the blocks with each other(reverse analysis):What does this element depend on?Serial connection (dependency)If this element fails, what takes overits function?Parallel connection (redundancy)Channel 1Channel 2Safe holding with valvecombination 1V3 and 1V4Safe holding with 1V5Both channels are controlled by PLC K1,which receives the request of the safetyfunction from sensor F1.With tests: monitoring by 1S3

186 Faults and diagnosisDiagnostic coverage (DC) — proportion ofthe faults that can be detected:DenominationDC rangeNone:DC 60 %Low:60 % DC 90 %Medium:90 % DC 99 %High:99 % DCExample of design possibilities:MeasureTechnologyDCProcess (cyclic test)Fluid technology0 % DC 99 %Cross-monitoring between 2 channelsElectronicsDC 99 %Indirect monitoring (e.g., pressure)Fluid technology90 % DC 99 %Direct position monitoringFluid technologyDC 99 %Integrated self-monitoringSafety on board90 % DC 99 %DC in %: Measure of the effectiveness ofdiagnostics, which may be determinedas the ratio between the failure rate ofdetected dangerous failures (λd,d) and thefailure rate of total dangerous failures (λd).λd λd,u λd,d

197 Determination of the PL12Please also refer to ISO 13849-1 for calculating the MTTFd value from the B10 value.Calculate the PL value by adding the PFH d values.

208a Evaluation of the system robustnessChecklist of examples of measures against CCFCCF: Common Cause FailureMeasureFluid technologyElectronicsPointsSeparation betweensignal pathsSeparation in pipingClearances and creep age distances onprinted circuit boards.15Diversitye.g., different valvese.g., different processors20Protection against over-voltage,over-pressure Assembly acc. to ISO 4413 or ISO 4414 Protection against over-voltage(e.g., pressure-relief valve)(e.g., contactors, power supply unit)Components used are well triedTo be examined by the machine manufacturer for each specific application5FMEA in developmentFMEA in the design of the systemFMEA in the design of the system5Competency/trainingQualification measureQualification measure5Protection againstcontaminants and EMCFluid qualityEMV test25Other influences(incl. temperature, shock)Fulfillment of ISO 4413 or ISO 4414and product specificationFulfillment of the environmentalconditions acc. to product specifications10CCF totalTotal number of points (65 CCF 100)15Fulfilled?

218b Evaluation of the system robustness ― safety principlesOverview of the well-tried safety principles as a checklist Force limitation/reductionAppropriate range of working conditions(environmental parameters)Avoidance of contamination of the compressed airMonitoring of the condition of the hydraulic fluidMinimize possibility of faults/separationMachineend OEM)Safe positionImplementation, e.g., by*ComponentmanufacturerOverdimensional/safety factorPneumaticsWell tried safety principlesMechanicalsystemCan be used for technologyBlue: Principle is not listed in ISO 13849-2 for the corresponding technology.*These columns of the table serve as a basis for the machine manufactures and are to be adjusted by them.The full chart is depicted in the handbook entitled “10 Steps to Performance Level”.Comment(see commentsin ISO 13849-2)

229a Software requirementsAchieve more safety using high-qualitysoftware to avoid errors ― across the entiresoftware life cycle. You receive software thatis legible and comprehensible, which can beboth tested and updated.If, however, you do not use any parameterizableor programmable components, simply skip thisstep.

239b Safety-related softwareUsing SafeLogic Designer suppliedby Rexroth, you can implement yoursafety-related software with ease andspeed.More requirements are depicted in thehandbook entitled “10 Steps toPerformance Level”.

2410 Verification and validation of the reached PL (PL PLr)10a Verification of the reached performance level (PL PLr)Evaluation of the design10b Validation of the reached performance level(machine manufacturer)Have these requirements been met? Validation procedure acc. to ISO 13849-2 Checking of implemented safety function Creation of technical documentationA useful checklist is supplied in the handbookentitled “10 Steps to Performance Level”.