Essentials of machine process safety
This presentation is the property of its rightful owner.
Sponsored Links
1 / 81

Essentials of Machine & Process Safety PowerPoint PPT Presentation


  • 87 Views
  • Uploaded on
  • Presentation posted in: General

Essentials of Machine & Process Safety. Standards in Perspective Derrin Drew. Agenda. Why Safety What is risk based design Legal Framework State regulations, national guidelines and standards Lifecycle Risk Management Process Risk Assessment. Agenda. Tolerable risk Safe Design

Download Presentation

Essentials of Machine & Process Safety

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Essentials of machine process safety

Essentials of Machine & Process Safety

Standards in Perspective

Derrin Drew


Agenda

Agenda

  • Why Safety

  • What is risk based design

  • Legal Framework

  • State regulations, national guidelines and standards

  • Lifecycle Risk Management Process

  • Risk Assessment


Agenda1

Agenda

  • Tolerable risk

  • Safe Design

  • Definition of Reasonably Practicable

  • Integrity of a safety system

  • Approach to the design of safety systems


Why safety

Why Safety?

  • Studies indicate 51% of workplace fatalities resulted from injuries from fixed plant and machinery.

  • Failure to adequately guard the machine was a factor in 37% of these cases. 69% of cases studies occurred in the manufacturing industry.

  • WorkSafe Australia processes 47,000 workplace claims per year for injury from machinery involving 5 or more days off work.


Safety st

Safety st

Research commissioned by the National OH&S Commission (replaced by the Australian Safety and Compensation Council in 2005), examined the contribution that the design of machinery and equipment has on the incidence of fatalities and injuries in Australia. The study indicated that:

Of the 210 identified workplace fatalities, 77 (37%) definitely or probably had design-related issues involved.

In another 29 (14%) who identified workplace fatalities, the circumstances were suggestive that design issues were involved.

Design contributes to at least 30% of work-related serious non-fatal injuries.

Design-related issues were most prominent in the ‘machinery and fixed plant’ group, and mobile plant and transport’ group. Similar design problems are involved in many fatal incidents.

Design-related issues were definitely or probably involved in at least 50% of the incidents in the agriculture, trade and mining industries with between 40-50% of the incidents in construction, manufacturing and transport/storage industries.

Solutions already exist for most of the identified design problems (such as seat belts, rollover protection and guarding)


Protect people and increase productivity

Protect People and Increase Productivity

  • Investing in machine safety

    • Health & safety for all personnel

  • Cutcosts associated with:

    • Physical injuries

    • Insurance premiums

    • Lost production, penalties

  • Increased productivity

    due to the prevention of accidents

    • Betterfailuredetection

    • Worker confident at work

    • Improving maintenance efficiency


Machine safety as global concept

Machine Safety as Global Concept

Design and

production

Installation and

implementation

  • Safety must be taken into account:

    • already in the design phase

    • and must be kept in place throughoutall stages of a machine’s life cycle:

      • Transportation

      • Installation

      • Adjustment

      • Operation, Production

      • Maintenance

      • Dismantling

  • Safety is necessary to obtain CE mark

Operation

Maintenance


Legal framework

Legal Framework


Essentials of machine process safety

Legal Framework

  • The General Duties

  • Resolution of Issues

  • Safety and Health Representatives

  • Safety and Health Committees

  • Enforcement of Act and Regulations

Occupation

Safety and

Health Act

supported by

  • Set minimum requirements for specific hazards and work practices

  • Reference to National Standards developed by NOSH

  • Australian Standards developed by Standards Australia

  • National Standard of Plant

Occupation

Safety and

Health

Regulations

and

  • Codes of Practice

  • Advisory Standards

  • National Codes of Practice and National Standards developed by the NOHSC

  • Australian Standards developed by Standards Australia

Guidance

Material


What are the national ohs laws

What are the national OHS laws?

  • Safe Work Australia is developing national model OHS laws. By December 2011, each jurisdiction will be required to enact their own jurisdictional laws that mirror the national model laws.

  • The national OHS laws consist of a model OHS Act and model regulations, which will be supported by model Codes of Practice. This package of documents is referred to as model legislation.


National standard of plant

National Standard of Plant

Application

The provisions of this national standard apply to designers, manufacturers, importers, suppliers, erectors, installers, employers, self employed persons, and employees with respect to all plant

Duties & General Requirements

Hazard Identification, Risk Assessment and the Control of Risk, and relates to all plant.

Registration of Plant Design & Items of Plant

Evidence of Registration

Notification of Compliance


Standardization institutes

Standardization Institutes

IEC (electrical standards)

ISO (other standards: mechanical parts...)

CEN (mechanical standards)

CENELEC (electrical standards)

SIS

GOST

BS

CSA

DIN

NF

ANSI

UNE

CEI

JIS

UL

OSHA

SAA

(PCB making machines)

ISO: International Organization for Standardization

IEC: International Electrotechnical Commission

CEN: Comité Européen de Normalisation

CENELEC: Comité Européen de Normalisation Electrotechnique


Standardization bodies

Standardization Bodies

  • All countries use IEC and ISO standards or adapt them locally.

  • All the main institutes work jointly with other international organizations.


Australia standards

Australia Standards

AS / IEC 61511

Functional safety

Safety instrumented

systems for the

process industry sector

Process Standards

AS 3814 / AG501 Industrial and

Commercial Gas Fired Appliances

IEC 60079 series of explosive atmosphere standards,

FPA / NFPA Refer AS 3000 rather than NFPA 70

Machine Standards

AS 1755 Conveyor safety,

AS 1418 Cranes,

AS 1219 Power presses,

AS 2939 Robot Cells

AS 3533 Amusement Rides

AS / IEC 61508

Functional safety of Electrical, Electronic and Programmable Electronic safety-related systems

AS / IEC 62061

Safety of machinery

AS4024

Safety of Machinery

ISO 13849

Safety of machinery

AS/NZS ISO 31000:2009

AS/NZS 4360:2004 has been superseded by AS/NZS ISO 31000:2009,

Type A

Type B

Type C


Introduction to iec 61508

Introduction to IEC-61508

  • The following image summarizes the existing standards that define the requirements for functional safety


3 feb 2010 common sense prevails graeme kirk farmer vs workcover

3 Feb. 2010, common sense prevails: Graeme Kirk (Farmer) vs WorkCover*

  • Mr Kirk succeeded in having the decision of the Court of Appeal overturned in the High Court. The offences with which Mr Kirk and the company were charged did not identify the acts or omissions which constituted the alleged offences. Thus no measures which could reasonably practicably have been taken to obviate the risks could be identified and the defendants were denied the opportunity to properly defend the charges.

  • In making his ruling, Justice John Heydon said ”…it is time for the WorkCover Authority of New South Wales to finish its sport with Mr Kirk. The applications in the Industrial Court should be dismissed."

  • “This spells the end of what some people have called the reverse onus approach – guilty until proven innocent approach – to the legislation.

  • “It also has potential to be applied to the interpretation of the new national OHS regime which is due to commence in 2012.

*refer case history in notes below


Reasonably practicable

Reasonably Practicable

How WorkSafe applies the law in relation to Reasonably Practicable

WORKSAFE POSITION

A GUIDELINE MADE UNDER SECTION 12 OF THE OCCUPATIONAL HEALTH AND SAFETY ACT 2004 (November 2007)

In applying the concept of reasonably practicable, careful consideration must be given to each of the matters set out in section 20(2) of the Act. No one matter determines ‘what is (or was at a particular time) reasonably practicable in relation to ensuring health and safety’. The test involves a careful weighing up of each of the matters in the context of the circumstances and facts of the particular case with a clear presumption in favour of safety. Weighing up each of the matters in section 20(2) should be done in light of the following:

Likelihood

Degree of Harm

What the person knows about the risk and ways of eliminating that risk

Availability and suitability of ways to eliminate or reduce the risk

Cost of eliminating or reducing the risk


Risk assessment process

Risk assessment process


Danger and risk

Danger and Risk

  • Most people have a misunderstanding between danger / hazard and risk. A danger is ever present whereas risk is the possibility of that danger happening.

    Consider the following two statements:

    • A hungry tiger is dangerous

    • A hungry tiger is risky

  • A hungry tiger is dangerous, but it is only a risk if it is in your vicinity.

  • We can avoid or reduce risk by bounding danger

    (tiger is locked in the ZOO, so the risk to be attacked is very low)

ZOO

Risks are events or conditions that may occur, and whose occurrence,

if the event does take place, has a harmful or negative effect


Essentials of machine process safety

Overall safety life cycle

1

Concept

2

Definition of theoverall scope

3

Hazard andrisk analysis

4

Overall safetyrequirements

5

Allocation ofsafety requirements

Overall planning

9

Safety systems:E/E/PES

10

Safety systems::other technology

11

External risk

reduction

Overall safetyvalidationplanning

Overall Installationand commissioning planning

6

Overall operation andmaintenance planning

7

8

Realisation

Realisation

Realisation

12

Overall installationand commissioning

Back to the appropriate overall safety life cycle phase

13

Overall validationof safety

14

Overall operation, maintenance and repair

15

Overall modificationand retrofit

16

Decommissioning


The requirement

The Requirement


Safety acceptable risk level

Safety - Acceptable Risk Level

  • Risk 0 does not exist but risk must be reduced to an acceptable level

  • Safety is the absence of risks which could cause injury or damage the health of persons.

  • It’s one of the machine designer job to reduce all risks to a value lower than the acceptable risk.


Definition of risk

Definition of Risk

  • The concept of safety is closely linked to that of risk which, in turn, not only depends on the probability of occurrence but also on the severity of the event. It is possible to accept a life threatening risk (maximum severity) if the probability of such an event is minimal.

The level of risk is a function of both severity and probability of occurrence


Risk assessment for machines

Risk Assessment for Machines


Risk assessment flow chart

Risk Assessment Flow Chart

Analytical

Stage

Design

Stage


Design process

Design Process


Essentials of machine process safety

AS4024.2006 Safety of Machinery


Severity

Severity

Severity of injury S1 and S2

In estimating the risk arising from a failure of a safety function only slight injuries (normally reversible) and serious injuries (normally irreversible) and death are considered.

To make a decision, the usual consequences of accidents and normal healing processes should be taken into account in determining S1 or S2.

For example, bruising and/or lacerations without complications would be classified as S1, whereas amputation or death would be S2.

S

Taken from: ISO13849-1 Safety of Machinery


Frequency

F

Frequency

Frequency and/or exposure times to hazard, F2 and F2

A generally valid time period to be selected for parameter F1 or F2 cannot be specified. However, the following explanation could facilitate making the right decision where doubt exists.

F2 should be selected if a person is frequently or continuously exposed to the hazard. It is irrelevant whether the same or different persons are exposed to the hazard on successive exposures, e.g. for the use of lifts. The frequency parameter should be chosen according to the frequency and duration of access to the hazard.

Where the demand on the safety function is known by the designer, the frequency and duration of this demand can be chosen instead of the frequency and duration of access to the hazard.

The period of exposure to the hazard should be evaluated on the basis of an average value which can be seen in relation to the total period of time over which the equipment is used.

For example, if it is necessary to reach regularly between the tools of the machine during cyclic operation in order to feed and move work pieces, then F2 should be selected. If access is only required from time to time, then F1 should be selected.

NOTE: In case of no other justification F2 should be chosen if the frequency is higher than once per hour.

Taken from: ISO13849-1 Safety of Machinery


Avoidance

P

Avoidance

  • Possibility of avoiding the hazard P1 and P2

  • It is important to know whether a hazardous situation can be recognized and avoided before leading to an accident. For example, an important consideration is whether the hazard can be directly identified by its physical characteristics, or recognized only by technical means, e.g. indicators. Other important aspects which influence the selection of parameter P include, for example:

  • operation with or without supervision;

  • operation by experts or non-professionals;

  • speed with which the hazard arises (e.g. quickly or slowly);

  • possibilities for hazard avoidance (e.g. by escaping);

  • practical safety experiences relating to the process.

  • When a hazardous situation occurs, P1 should only be selected if there is a realistic chance of avoiding an accident or of significantly reducing its effect; P2 should be selected if there is almost no chance of avoiding the hazard.

Taken from: ISO13849-1 Safety of Machinery


Risk assessment principles

Risk Assessment Principles

  • Machines are sources of potential risk and the Machinery Directive requires a risk assessment to ensure that any potential risk is reduced to less than the acceptable risk

  • Risk assessment consists of a series of logic steps which make it possible to systematically analyse and evaluate machinery-related risks

  • Risk assessment steps:

    • Identification of the potential hazard

    • Risk estimation

    • Risk evaluation

      • EN/ISO 13849-1 => Performance Level (PL)

      • EN/IEC 62061 => Safety Integrity Level (SIL)

    • Risk reduction


Risk evaluation

-

d

Risk Evaluation

  • On the basis of the risk assessment, the designer has to define the safety related control system. To achieve that, the designer will choose one of the two standards appropriate to the application:

    • either standard EN/ISO 13849-1, which defines performance levels (PL)

    • or standard EN/IEC 62061, which defines safety integrity levels (SIL)

  • The table below gives relations between these two definitions

  • To select the applicable standard, a common table in both standards gives indications:

(1) For designated architectures only


Standard en iec 62061

Standard EN/IEC 62061

  • Specific to the machine sector within the framework of EN/IEC 61508:

    • gives rules for the integration of safety-related electrical, electronic and electronic programmable control systems(SRECS)

    • does not specify the operating requirements of non-electrical control components in machines (ex.: hydraulic, pneumatic)

  • The probability of failure associated with the required SIL (Safety Integrity Level) depends on the potential frequency of usage of the safety function to be performed

Safety of Machinery

application

EN/IEC 62061


Standard en iso 13849 1

Standard EN/ISO 13849-1

  • The Standard gives safety requirements for the design and integration of safety-related parts of control systems, including software design.

  • The Risk Graph helps to determine the required PL (Performance Level) of each safety function

    • S - Severity of injury

      • S1 Slight injury (reversible)

      • S2 Serious or permanent injury or death

    • F - Frequency and / or exposure to a hazard

      • F1 Seldom to less often and / or short time

      • F2 Frequent to continuous and / or long time

    • P - Possibility of avoiding the hazard or limiting the harm

      • P1 Possible under specific conditions

      • P2 Scarcely possible


Relationship between different criteria

Relationship Between Different Criteria

  • Relationship between Categories, DCavg, MTTFd and PL

    *In several application the realisation

    of performance level c by category 1

    may not be sufficient. In this case a

    higher category e.g. 2 or 3 should

    be chosen.


Basic concepts

Basic concepts

According to the requirements of standard EN/ISO 12100-1, the machine designer’s job is to reduce all risks to a value lower than the acceptable risk

It gives guidelines for the selection and installation of devices which

can be used to protect persons and identifies those measures that are implemented by the machine designer and those dependent on its user

  • This standard recognises two sources of hazardous phenomena:

    • moving parts of machines

    • moving tools and/or workpieces


Essentials of machine process safety

Safe Design

“It is the control of the design and design-associated activity that leads to a responsibility as an obligation bearer, not their classification as a manufacturer, supplier, etc.”National Occupational Health and Safety Commision - Safe Design Project Report 2000


Principles of safe design

Principles of Safe Design

Principles of Safe Design (of equal priority)

The key elements that impact on achieving a safe design are:

Principle 1: Persons with Control – persons who make decisions affecting the design of products, facilities or processes are able to promote health and safety at the source.

Principle 2: Product Lifecycle – safe design applies to every stage in the lifecycle from conception through to disposal. It involves eliminating hazards or minimising risks as early in the lifecycle as possible.

Principle 3: Systematic Risk Management – the application of hazard identification, risk assessment and risk control processes to achieve safe design.

Principle 4: Safe Design Knowledge and Capability – should be either demonstrated or acquired by persons with control over design.

Principle 5: Information Transfer – effective communication and documentation of design and risk control information between all persons involved in the phases of the lifecycle is essential for the safe design approach.

www.safeworkaustralia.gov.au


Essentials of machine process safety

Making it safe

Hierarchy of Control


Reasonably practicable1

Reasonably Practicable

How WorkSafe applies the law in relation to Reasonably Practicable

WORKSAFE POSITION

A GUIDELINE MADE UNDER SECTION 12 OF THE OCCUPATIONAL HEALTH AND SAFETY ACT 2004 (November 2007)

In applying the concept of reasonably practicable, careful consideration must be given to each of the matters set out in section 20(2) of the Act. No one matter determines ‘what is (or was at a particular time) reasonably practicable in relation to ensuring health and safety’. The test involves a careful weighing up of each of the matters in the context of the circumstances and facts of the particular case with a clear presumption in favour of safety. Weighing up each of the matters in section 20(2) should be done in light of the following:

Likelihood

Degree of Harm

What the person knows about the risk and ways of eliminating that risk

Availability and suitability of ways to eliminate or reduce the risk

Cost of eliminating or reducing the risk


Functional safety

Functional Safety

Process and Machine


Advancements in technology

Advancements in Technology

Communications

Integrated Functions

Complex architectures

2010

1968


Change of standards

Change of Standards

The qualitative approach of the EN 954-1 is no longer sufficient for modern controls based on new technologies (Electronic and Programmable Electronic systems):

insufficient requirements for programmable products,

The reliability of the components is not taken into account,

too deterministic orientation (designated architectures).

Standard EN ISO 13849-1 will totally replace the EN 954-1 on 31 December 2011, and will upgrade the qualitative approach by the new quantitative(probabilistic) approach, which is consistent with modern safety standards.

At the moment both standards EN 954-1 and EN/ISO 13849-1 are valid

For complex machines using programmable systems for safety-related control, the sector specific standard EN/IEC 62061 has to be considered

EN/IEC 62061 based on EN/IEC 61508


Redundancy and self monitoring

Redundancy and Self-monitoring

Redundancy

Self-monitoring

Consists of compensating for the failure of one component by correct operation of another, based on the assumption that

both will not fail simultaneously

Consists of automatically checking the operation of each of the components which change state at each cycle

Qualitative Approach


Redundancy and self monitoring1

Redundancy and Self-monitoring

Redundancy

Self-monitoring

= the risk of not operating safely is hardly reduced down to an acceptable level compared to the consequences

An initial fault in the safety circuit is detected before a second fault occurs (next cycle inhibited)

+

Qualitative Approach


As4024 a reminder

AS4024 – A Reminder


What is functional safety

What is Functional Safety?

Functional safety is part of the overall safety that depends on a system or equipment operating correctly in response to its inputs.


Essentials of machine process safety

None of these measures are sufficient, however, without implementing a good safety culture.

Change the work ethic/philosophy from

1. Profit Motive > Production > Maintenance > etc. > Safety

To

2. Profit Motive > Safety > Production > Maintenance > etc.

Choose 1 to have safety grafted on the side of other functions

Choose 2 to have safety integrated within other functions


Definition of functional safety

Definition of Functional Safety

  • Functional safety is the part of the overall safety that depends on a system or equipment operating correctly in response to its inputs.

  • Functional safety is a subset of safety as shown in the figure below.

    • Non-functional safety is the safety achieved by measures reliant on passive systems (example: insulation on electrical conducting parts).

    • Functional safety is the safety achieved by active systems (example: temperature measurement and de-energization of contactor).

Definition: A system is defined functionally safe if random, systematic and common cause failures do not lead to malfunctioning of the system and do not result in injury or death of humans, spills to the environment and loss of equipment or production.


Essentials of machine process safety

Two types of requirements are necessary to achieve functional safety:

safety function requirements (what the function does; its logic) and

safety integrity requirements (the likelihood of a safety function performing satisfactorily).

X+Y=Z


Essentials of machine process safety

Reliability is the ability of a system or component to perform its required functions under stated conditions for a specified period of time. It is often reported as a probability.

Probability is the likelihood or chance that something is the case or will happen.


Definition of dependability

Definition of Dependability

The dependability of a system is its ability to deliver specified services to the end users so that they can justifiably rely on and trust the services provided by the system.


Definition of reliability

Definition of Reliability

  • Reliability is a measure of the continuous delivery of service. It is defined as the probability that a device will perform its intended function during a specified period of time under stated conditions.

    • Reliability is often quantified by MTTF – Mean Time To First Failure expressed as a time in hours or in years.

    • The Failure Rate can also be expressed in Failure In Time (FIT). The Failure In Time (FIT) rate of a device is the number of failures that can be expected in one billion (109) device-hours of operation.


Other attribute definitions

Other Attribute Definitions

  • Availability:is a measure of the service delivery with respect to the alternation of the delivery and interruptions.

  • Maintainability:is a measure of the service interruption. It is usually quantified by MTTR (Mean Time To Repair).

  • Safety:is a measure of the time to catastrophic failure.


Definition of threats of dependability

Definition of Threats of Dependability

  • The threats of dependability are listed as follows and their relationship to the system is illustrated in the figure below:

    • Fault: defines an abnormal condition that may cause a reduction in, or loss of, capability of a functional unit to perform a required function. As shown in the figure below, fault is the cause of a system failure,

    • Error: defines a discrepancy between a computed, observed or measured value and condition and the true, specified or theoretically correct value or condition. An example of an error is the occurrence of an incorrect bit caused by an equipment malfunction. Error is a system state that causes failure,

    • Failure: defines the terminations of the ability of a system or functional unit to perform a required function. A failure in sub-system can be fault for higher layer system. The latency time from fault to system failure is labeled as t1, t2, and t3.

Difference between fault, error and failure


Definition of means

Definition of Means

  • Four means can be identified in order to prevent the previous threats:

    • Fault prevention: or how to prevent fault occurrence or introduction,

    • Fault tolerance: or how to provide a service complying to the specifications in the presence of faults,

    • Fault removal: or how to reduce the presence of faults, both regarding the number and seriousness of faults,

    • Fault forecasting: or how to estimate the creation and the consequences of faults.


Definition of safety loop

Definition of Safety loop

  • The safety function is always related to a safety loop, not to a component or device.

  • Safety can be carried out by decomposing system functions into:

    • Sensor

    • Logic unit

    • Actuator

    • Communication

  • Safety Functions are carried out by Safety Related Parts of the Control System SRP/CS

    • Examples: Safe Stop, Safe Position, Safely Limited Speed

SENSOR / INPUTSRP/CSa

LOGIC

SRP/CSb

ACTUATOR / OUTPUT

SRP/CSc

Interlocking Switch 1

SW1

Contactor 1

CON1

Safety PLC

Contactor 2

CON2

Interlocking Switch 2

SW2


Essentials of machine process safety

AS/IEC 61508: Overall safety life cycle: Functional Safety

1

Concept

2

Definition of theoverall scope

3

Hazard andrisk analysis

4

Overall safetyrequirements

5

Allocation ofsafety requirements

Overall planning

9

Safety systems:E/E/PES

10

Safety systems::other technology

11

External risk

reduction

Overall safetyvalidationplanning

Overall Installationand commissioning planning

6

Overall operation andmaintenance planning

7

8

Realisation

Realisation

Realisation

12

Overall installationand commissioning

Back to the appropriate overall safety life cycle phase

13

Overall validationof safety

14

Overall operation, maintenance and repair

15

Overall modificationand retrofit

16

Decommissioning


En iec 61511 overall safety life cycle for safety instrumented systems sis process

1

Hazard and risk assessment

2

Allocation of safety function to protection layers

3

Safety requirementsspecification for the safety instrumented system

Design and implementationof other means of riskreduction

4

Design and engineering of safety instrumented system

5

Installation, commissioning,and validation

6

Operation and maintenance

7

Modification

8

Decommissioning

EN/IEC 61511: Overall safety life cycle for Safety Instrumented Systems (SIS) Process

Transducer,

Transmitter

Programmable

Equipment of Safety

PES

Actuator,

Valve


Basic control process system

Basic Control Process System

Action of the Basic Process Control System

BasicProcessControlSystem

Alarm Threshold

Failure of the Basic Process Control System


Bpcs safety instrumented system

BPCS + Safety Instrumented System

Reaction of the Safety instrumented System

Action of the Basic Process Control System

Safety Threshold

BasicProcessControlSystem

Alarm Threshold

SafetyInstrumented

System

Failure of the Basic Process Control System


Layers of protection

Layers of Protection

  • Determine Overall Safety Requirement

    • A risk may be reduced by one or more ‘Layers of Protection’, eg. Access restriction, control system trips, barriers, mechanical protection devices.

    • Where an electrical/programmable electronic system is used as a protection layer, this results in a SIL being allocated to that system.

Consequence

Necessary Risk Reduction

Tolerable

Risk

Target

External Risk

Reduction

Facilities

Other

Technology

SRS

Machine

Risk

E/E/PES

SRS

Frequency


Protection layers

Frequency

Severity

Protection Layers

MITIGATION

Emergency Response

Evacuation procedure & emergency broadcasting

Mitigating Layers

Mechanical mitigation system

Other protective LayersMechanical protection system

Safety Instrumented Systems

PREVENTION

Alarm LayerMonitoring Systems & Operator Supervision

Process Control LayerBasic Process Control System

Process Design


Principals of sil allocation

4

4

3

3

2

2

1

1

0

0

Principals of SIL Allocation

  • The SIL allocated to a safety function is based on a determination of the risk reduction needed to achieve “tolerable risk” in terms of your Risk Matrix.

System

Safety

Integrity

Level

Software

Safety

Integrity

Level

Your Risk

Matrix

‘Tolerable Risk’

Frequency of

Hazardous Event

Increasing

Frequency

Required

Risk

Reduction

Risk level:

No Protective

Features

Consequence of

Hazardous Event

Increasing

Consequence

Equipment Under Control

Safety Integrity Levels

4 – Very High

3 – High

2 – Medium

1 – Low

0 – Non-Safety


Safety integrity level

LOPA

Layers of Protection Analysis

Risk Matrix

Risk Graph

Safety Integrity Level

SILs can be determined using several methods (quantitative or qualitative).


Example fault tree analysis

Example Fault Tree Analysis


Iso13849 1 functional safety of machines

ISO13849-1 Functional Safety of Machines

  • Applying quantitive measures of safety to machines

  • Applies familiar measures to ease transition

  • Already in force in the EU

  • Will replace entirely EN954 by 2012


Categories

Categories


Standard en iec 620611

Standard EN/IEC 62061

Specific to the machine sector within the framework of EN/IEC 61508:

gives rules for the integration of safety-related electrical, electronic and electronic programmable control systems (SRECS)

does not specify the operating requirements of non-electrical control components in machine (ex.: hydraulic, pneumatic)

The probability of failure associated to the required SIL (Safety Integrity Level) depends on the frequency of usage of the safety function to be performed

Safety of Machinery

application

EN/IEC 62061


Relationship between different criteria1

Relationship Between Different Criteria

Relationship between Categories, DCavg, MTTFd and PL

*In several application the realisation

of performance level c by category 1

may not be sufficient. In this case a

higher category e.g. 2 or 3 should

be chosen.


Essentials of machine process safety

  • Select the suitable standard


Essentials of machine process safety

IEC 61508

Functional safety of

Electrical / Electronic / Programmable Electronic (E/E/PE) safety-related systems

EN/IEC 62061

Safety of machinery

Functional safety

of E/E/PE control systems

IEC 61511

Functional safety

Safety instrumented

systems for the

process industry sector

IEC 61513

Nuclear power plants

Instrumentation and control

for systems

important to safety

  • For complex machines, the international sector specific standard IEC 62061 based on standard IEC 61508, must be used.

Published on December 31 2005

Harmonized to theMachinery Directive

Restricted to electric, electronic and electronic programmable safety-related control systems

Possible overlap with EN ISO 13849-1


Essentials of machine process safety

Safety of Machinery application

EN IEC 62061

  • The probability of failure associated to the required SIL level depends on the frequency of usage of the safety function to be performed:


Essentials of machine process safety

Assigning a SIL level

EN IEC 62061

=> SIL

=> PL

EN ISO 13849-1

(EN 954-1)


Essentials of machine process safety

  • Determination of performance level PL

  • In this example the Safety Function is the disconnection of a motor when the safety guard is open. Without the guard the possible harm is to loose an arm. With the answers for S2, F2 and P2 the graph leads to a required performance level ofPLr = e.


  • Login