BS EN 61784-3:2016

$215.11

Industrial communication networks. Profiles – Functional safety fieldbuses. General rules and profile definitions

Published By	Publication Date	Number of Pages
BSI	2016	86

Guaranteed Safe Checkout

Categories: 25.040.40 - Industrial process measurement and control, BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

This part of the IEC 61784‑3 series explains some common principles that can be used in the transmission of safety-relevant messages among participants within a distributed network which use fieldbus technology in accordance with the requirements of IEC 61508 series ¹ for functional safety. These principles are based on the black channel approach. They can be used in various industrial applications such as process control, manufacturing automation and machinery.

This part ² and the IEC 61784‑3‑x parts specify several functional safety communication profiles based on the communication profiles and protocol layers of the fieldbus technologies in IEC 61784‑1 , IEC 61784‑2 and the IEC 61158 series. These functional safety communication profiles use the black channel approach, as defined in IEC 61508 . These functional safety communication profiles are intended for implementation in safety devices exclusively.

NOTE 1

Other safety-related communication systems meeting the requirements of IEC 61508 series can exist that are not included in this standard.

NOTE 2

It does not cover electrical safety and intrinsic safety aspects. Electrical safety relates to hazards such as electrical shock. Intrinsic safety relates to hazards associated with potentially explosive atmospheres.

All systems are exposed to unauthorized access at some point of their life cycle. Additional measures need to be considered in any safety-related application to protect fieldbus systems against unauthorized access. The IEC 62443 series will address many of these issues; the relationship with the IEC 62443 series is detailed in a dedicated subclause of this part.

NOTE 3

Additional profile specific requirements for security can also be specified in IEC 61784‑4 ³ .

NOTE 4

Implementation of a functional safety communication profile according to this part in a device is not sufficient to qualify it as a safety device, as defined in IEC 61508 series.

NOTE 5

The resulting SIL claim of a system depends on the implementation of the selected functional safety communication profile within this system.

PDF Catalog

PDF Pages	PDF Title
4	European foreword Endorsement notice
6	Annex ZA (normative) Normative references to international publications with their corresponding European publications
9	English CONTENTS
14	FOREWORD
16	0 Introduction 0.1 General Figures Figure 1 – Relationships of IEC 61784-3 with other standards (machinery)
17	Figure 2 – Relationships of IEC 61784-3 with other standards (process)
18	0.2 Transition from Edition 2 to extended assessment methods in Edition 3 Figure 3 – Transition from Edition 2 to Edition 3 assessment methods
19	0.3 Patent declaration
20	1 Scope 2 Normative references
22	3 Terms, definitions, symbols, abbreviated terms and conventions 3.1 Terms and definitions
29	3.2 Symbols and abbreviated terms
30	4 Conformance 5 Basics of safety-related fieldbus systems 5.1 Safety function decomposition
31	5.2 Communication system 5.2.1 General 5.2.2 IEC 61158 fieldbuses Figure 4 – Safety communication as a part of a safety function
32	5.2.3 Communication channel types 5.2.4 Safety function response time Figure 5 – Example model of a functional safety communication system
33	5.3 Communication errors 5.3.1 General 5.3.2 Corruption 5.3.3 Unintended repetition 5.3.4 Incorrect sequence Figure 6 – Example of safety function response time components
34	5.3.5 Loss 5.3.6 Unacceptable delay 5.3.7 Insertion 5.3.8 Masquerade 5.3.9 Addressing 5.4 Deterministic remedial measures 5.4.1 General 5.4.2 Sequence number 5.4.3 Time stamp
35	5.4.4 Time expectation 5.4.5 Connection authentication 5.4.6 Feedback message 5.4.7 Data integrity assurance 5.4.8 Redundancy with cross checking
36	5.4.9 Different data integrity assurance systems 5.5 Typical relationships between errors and safety measures
37	5.6 Communication phases Tables Table 1 – Overview of the effectiveness ofthe various measures on the possible errors
38	5.7 FSCP implementation aspects 5.8 Data integrity considerations 5.8.1 Calculation of the residual error rate Figure 7 – Conceptual FSCP protocol model Figure 8 – FSCP implementation aspects
39	Table 2 – Definition of items used for calculation of the residual error rates
40	5.8.2 Total residual error rate and SIL Figure 9 – Example application 1 (m=4) Figure 10 – Example application 2 (m = 2)
41	5.9 Relationship between functional safety and security Table 3 – Typical relationship of residual error rate to SIL Table 4 – Typical relationship of residual error on demand to SIL
42	5.10 Boundary conditions and constraints 5.10.1 Electrical safety 5.10.2 Electromagnetic compatibility (EMC) Figure 11 – Zones and conduits concept for security according to IEC 62443
43	5.11 Installation guidelines 5.12 Safety manual 5.13 Safety policy
44	6 Communication Profile Family 1 (Foundation™ Fieldbus) – Profiles for functional safety 7 Communication Profile Family 2 (CIP™) and Family 16 (SERCOS®) – Profiles for functional safety 8 Communication Profile Family 3 (PROFIBUS™, PROFINET™) – Profiles for functional safety
45	9 Communication Profile Family 6 (INTERBUS®) – Profiles for functional safety 10 Communication Profile Family 8 (CC-Link™) – Profiles for functional safety 10.1 Functional Safety Communication Profile 8/1 Table 5 – Overview of profile identifier usable for FSCP 6/7
46	10.2 Functional Safety Communication Profile 8/2 11 Communication Profile Family 12 (EtherCAT™) – Profiles for functional safety
47	12 Communication Profile Family 13 (Ethernet POWERLINK™) – Profiles for functional safety 13 Communication Profile Family 14 (EPA®) – Profiles for functional safety 14 Communication Profile Family 17 (RAPIEnet™) – Profiles for functional safety
48	15 Communication Profile Family 18 (SafetyNET p™ Fieldbus) – Profiles for functional safety
49	Annex A (informative) Example functional safety communication models A.1 General A.2 Model A (single message, channel and FAL, redundant SCLs) A.3 Model B (full redundancy) Figure A.1 – Model A
50	A.4 Model C (redundant messages, FALs and SCLs, single channel) A.5 Model D (redundant messages and SCLs, single channel and FAL) Figure A.2 – Model B Figure A.3 – Model C
51	Figure A.4 – Model D
52	Annex B (normative) Safety communication channel model using CRC-based error checking B.1 Overview B.2 Channel model for calculations Figure B.1 – Communication channel with perturbation
53	B.3 Bit error probability Pe Figure B.2 – Binary symmetric channel (BSC)
54	B.4 Cyclic redundancy checking B.4.1 General Figure B.3 – Example of a block with a message part and a CRC signature
55	B.4.2 Considerations concerning CRC polynomials Figure B.4 – Block codes for error detection Table B.1 – Example dependency dmin and block bit length n
56	Figure B.5 – Proper and improper CRC polynomials
57	Annex C (informative) Structure of technology-specific parts Table C.1 – Common subclause structure for technology-specific parts
59	Annex D (informative) Assessment guideline D.1 Overview D.2 Channel types D.2.1 General D.2.2 Black channel D.2.3 White channel
60	D.3 Data integrity considerations for white channel approaches D.3.1 General D.3.2 Models B and C
61	D.3.3 Models A and D Figure D.1 – Basic Markov model
62	D.4 Verification of safety measures D.4.1 General D.4.2 Implementation D.4.3 “De-energize to trip” principle D.4.4 Safe state D.4.5 Transmission errors D.4.6 Safety reaction and response times
63	D.4.7 Combination of measures D.4.8 Absence of interference D.4.9 Additional fault causes (white channel) D.4.10 Reference test beds and operational conditions D.4.11 Conformance tester
64	Annex E (informative) Examples of implicit vs. explicit FSCP safety measures E.1 General E.2 Example fieldbus message with safety PDUs E.3 Model with completely explicit safety measures Figure E.1 – Example safety PDUs embedded in a fieldbus message Figure E.2 – Model with completely explicit safety measures
65	E.4 Model with explicit A-code and implicit T-code safety measures E.5 Model with explicit T-code and implicit A-code safety measures Figure E.3 – Model with explicit A-code and implicit T-code safety measures
66	E.6 Model with split explicit and implicit safety measures Figure E.4 – Model with explicit T-code and implicit A-code safety measures Figure E.5 – Model with split explicit and implicit safety measures
67	E.7 Model with completely implicit safety measures E.8 Addition to Annex B – impact of implicit codes on properness Figure E.6 – Model with completely implicit safety measures
68	Annex F (informative) Extended models for estimation of the total residual error rate F.1 Applicability F.2 General models for black channel communications Figure F.1 – Black channel from an FSCP perspective
69	F.3 Identification of generic safety properties F.4 Assumptions for residual error rate calculations
70	F.5 Residual error rates F.5.1 Explicit and implicit mechanisms F.5.2 Residual error rate calculations
72	F.6 Data integrity F.6.1 Probabilistic considerations F.6.2 Deterministic considerations
73	F.7 Authenticity F.7.1 General Figure F.2 – Model for authentication considerations
74	F.7.2 Residual error rate for authenticity (RRA) Figure F.3 – Fieldbus and internal address errors
75	F.8 Timeliness F.8.1 General
76	Figure F.4 – Example of slowly increasing message latency
77	F.8.2 Residual error rate for timeliness (RRT) Figure F.5 – Example of an active network element failure
78	F.9 Masquerade F.9.1 General F.9.2 Other terms used to calculate residual error rate for masquerade rejection (RRM) F.10 Calculation of the total residual error rates F.10.1 Based on the summation of the residual error rates
79	F.10.2 Based on other quantitative proofs F.11 Total residual error rate and SIL Figure F.6 – Example application 1 (m = 4) Figure F.7 – Example application 2 (m = 2)
80	F.12 Configuration and parameterization for an FSCP F.12.1 General Table F.1 – Typical relationship of residual error rate to SIL Table F.2 – Typical relationship of residual error on demand to SIL
81	Figure F.8 – Example of configuration and parameterization procedures for FSCP
82	F.12.2 Configuration and parameterization change rate F.12.3 Residual error rate for configuration and parameterization
83	Bibliography

Additional information

Status	Withdrawn
Title	Industrial communication networks. Profiles – Functional safety fieldbuses. General rules and profile definitions
Publisher	BSI
Committee	GEL/65/3
Pages	86
Publication Date	2016-09-30
Withdrawn Date	2020-09-07
Replaced By	BS EN 61784-3:2016+A1:2017
ISBN	978 0 580 85166 7
Standard Number	BS EN 61784-3:2016
Identical National Standard Of	EN 61784-3:2016, IEC 61784-3:2016
Descriptors	Data transfer, Interfaces (data processing), Open systems interconnection, Data transmission, Process control, Fieldbus, Safety, Communication networks, Industrial, Bus networks, Automatic control systems, Data processing, Computer networks, Data link layer (OSI)
ICS Codes	25.040.40 - Industrial process measurement and control

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS EN 61784-3:2016

PDF Catalog

Related products