BSI PD CLC IEC/TS 63394:2024
$215.11
Safety of machinery. Guidelines on functional safety of safety-related control system
| Published By | Publication Date | Number of Pages |
| BSI | 2024 | 148 |
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 2 | undefined |
| 5 | Annex ZA (normative)Normative references to international publicationswith their corresponding European publications |
| 6 | CONTENTS |
| 13 | FOREWORD |
| 15 | INTRODUCTION |
| 16 | 1 Scope 2 Normative references |
| 17 | 3 Terms and definitions 3.1 Terms and definitions |
| 30 | 3.2 Alphabetical list of terms, definitions and abbreviated terms Tables Table 1 โ Terms used in this document |
| 32 | 4 Typical classification of safety functions in safety of machinery 4.1 General 4.1.1 Overview 4.1.2 Risk assessment and risk reduction according to ISO 12100 |
| 33 | 4.1.3 Risk reduction and interconnection to SCS and SRP/CS 4.1.4 Basic assumptions for risk reduction in machinery Figures Figure 1 โ Integration within the risk reduction process of ISO 12100 |
| 34 | 4.3 Safety functions 4.3.1 General 4.3.2 Risk reduction process by safety functions Figure 2 โ Decomposition of an SCS or SRP/CS |
| 35 | 4.3.3 Typical classification of safety functions Figure 3 โ Risk reduction process by safety functions |
| 36 | 4.4 Interrelation between ISO 12100 and IEC 62061 or ISO 13849-1 4.4.1 General 4.4.2 Input information in accordance with IEC 62061 or ISO 13849-1 |
| 37 | 4.4.3 Output information from IEC 62061 or ISO 13849-1 Table 2 โ Input information for the safety requirements specification (SRS) Table 3 โ Output information from SCS or SRP/CS design on overall risk assessment |
| 38 | 4.5 Safety functions for protection of persons 4.5.1 General 4.5.2 Safety functions for protection of persons based on guards and protective devices Table 4 โ Safety functions for protection of persons |
| 39 | 4.6 Other safety functions to prevent hazardous situations 4.6.1 General 4.6.2 Other safety functions Table 5 โ Other safety functions |
| 40 | 4.7 Safety functions for protection of the integrity of the machine 4.7.1 General 4.7.2 Safety functions for the protection of integrity of the machine 4.8 Safety functions and Type-C standards Table 6 โ Safety functions for the protection of integrity of the machine |
| 41 | 5 Demand mode of operation related to safety functions 5.1 General 5.2 High demand or continuous mode of operation 5.2.1 General |
| 42 | 5.2.2 Approach of IEC 62061 and ISO 13849-1 5.2.3 Rarely activated safety functions Figure 4 โ High demand mode of operation |
| 43 | 5.3 Low demand mode of operation 5.3.1 General Figure 5 โ Process for determining high demand mode of operation |
| 44 | 5.3.2 Approach of IEC 62061 and ISO 13849-1 6 Design process of safety functions 6.1 General 6.2 Design procedure Figure 6 โ Low demand mode of operation |
| 45 | 6.3 Evaluation of required safety integrity 6.4 Decomposition of a safety function 6.5 Subsystem design 6.5.1 Architectural constraints |
| 46 | Table 7 โ Architectural constraints for high demand mode of operation |
| 47 | 6.5.2 Fault accumulation and undetected faults 6.5.3 Evaluation of PFH |
| 49 | 6.6 Examples of safety functions 7 Verification procedures for safety functions 7.1 General 7.2 Verification of the test interval of a safety function |
| 50 | 7.3 Verification procedures 7.4 Initial verification |
| 51 | 7.5 Periodic verification 7.5.1 General |
| 52 | 7.5.2 Frequency of periodic verification |
| 53 | 7.6 Verification reporting |
| 54 | Annex A (informative)Risk assessment and risk reduction according to ISO 12100 A.1 General A.2 Risk assessment principles A.2.1 General A.2.2 Basic information to be available (as input to risk assessment) |
| 55 | A.2.3 Risk analysis Table A.1 โ Basic information for risk assessment according to ISO 12100 |
| 56 | Table A.2 โ Determination of limits of machinery according to ISO 12100 |
| 57 | Table A.3 โ Principles of hazard identification according to ISO 12100 |
| 58 | Table A.4 โ Risk estimation according to ISO 12100 Table A.5 โ Additional considered aspects during risk estimationaccording to ISO 12100 |
| 59 | A.3 Risk reduction by means of safeguarding and complementary protective measures A.3.1 General |
| 60 | A.3.2 Inherently safe design measures A.3.3 Selection of safeguarding and complementary protective measures |
| 62 | A.4 Other protective measures (procedure based) A.4.1 General A.4.2 Procedures for maintenance A.4.3 Organizational work procedures |
| 63 | A.5 Guards and protective devices according to ISO 12100 A.5.1 General A.5.2 Interlocking guard with a start function, with manual reset function Table A.6 โ Guards according to ISO 12100 |
| 64 | A.5.3 Protective device according to ISO 12100 A.5.4 Manual local control device (and procedure) Table A.7 โ Examples of protective devices according to ISO 12100 |
| 65 | A.5.5 Manual parameter selection device (and procedure) A.5.6 Manual operating mode selection device (and procedure) A.5.7 Energy control device (and procedure) A.6 Matrix assignment approach A.6.1 Overview |
| 66 | A.6.2 General A.6.3 Methodology of IEC 62061:2021, Annex A |
| 67 | A.7 Risk graph approach A.7.1 General A.7.2 Methodology of ISO 13849-1:2015, Annex A with assigned SIL Figure A.1 โ SIL assignment approach |
| 68 | Figure A.2 โ Risk graph approach of ISO 13849-1:2015, Figure A.1 with assigned SIL |
| 69 | Annex B (informative)Methodology of SCS or SRP/CS design B.1 General B.2 Functional safety plan Table B.1 โ Overview functional safety plan |
| 70 | B.3 Safety requirements specification B.3.1 General B.3.2 Functional requirements B.3.3 Safety integrity requirements Table B.2 โ Overview of basic functional requirements |
| 71 | B.4 Protection against unexpected start-up B.5 Decomposition of the safety function B.5.1 General B.5.2 Subsystem architecture based on top-down decomposition B.6 Design of the SCS by using subsystems Table B.3 โ SIL and limits of PFH values |
| 72 | B.7 Requirements for systematic safety integrity B.7.1 General B.7.2 SCS level Figure B.1 โ Example of decomposition of a safety function |
| 73 | Table B.4 โ Avoidance of systematic failures (SCS or SRP/CS level) Table B.5 โ Control of systematic failures (SCS or SRP/CS level) |
| 74 | B.7.3 Subsystem level Table B.6 โ Avoidance of systematic failures (subsystem level) |
| 75 | B.8 Electromagnetic immunity B.9 Software-based manual parameterization Table B.7 โ Control of systematic failures (subsystem level) |
| 76 | Table B.8 โ Software-based manual parameterization |
| 77 | B.10 Security aspects B.11 Aspects of testing Figure B.2 โ Possible effects of security risk(s) to a SCS (IEC TR 63074:2019, Figure 2) |
| 78 | B.12 Design and development of a subsystem B.12.1 General B.12.2 Subsystem architecture design |
| 80 | B.12.3 Fault consideration and fault exclusion B.12.4 Architectural constraints of a subsystem Figure B.3 โ Rarely activated safety functions and mode of operation of subsystems Table B.9 โ Cause and effects of rarely activated safety functions |
| 81 | Table B.10 โ Architectural constraints and basic requirements on a subsystem |
| 82 | B.12.5 Subsystem design architectures B.12.6 PFH value of subsystems B.13 Validation |
| 83 | Table B.11 โ Overview of validation process with required information |
| 84 | B.14 Documentation |
| 85 | Table B.12 โ Technical documentation based on the design process(Table 9 of IEC 62061:2021, modified) |
| 86 | Table B.13 โ Overview of documentation |
| 87 | Annex C (informative)Examples of MTTFD values for single components Table C.1 โ MTTFD or B10D values for components (derived from ISO 13849-1:2015) Table C.2 โ Relationship of ฮปD, MTTFD and B10D |
| 88 | Annex D (informative)Examples for diagnostic coverage (DC) D.1 General |
| 89 | D.2 Influence of cabling, wiring and interconnections D.2.1 General D.2.2 “Serial wiring” Table D.1 โ Measures to prevent of short circuit |
| 90 | D.3 Use of manufacturing process information D.3.1 General D.3.2 Use of expected timing or awaiting of signal status D.4 Typical DC measures |
| 91 | Table D.2 โ DC values and recommended measures |
| 92 | Annex E (informative)Measures for the achievement of functional safetywith regards to electromagnetic phenomena E.1 General E.2 Measures E.2.1 General E.2.2 Recommendation for electrical/electronic items of equipment (devices or apparatus) |
| 93 | E.2.3 Recommendation for the integration of an SCS or SRP/CS into the electrical equipment of the machine Table E.1 โ Non-exhaustive list of recommendations regarding EMI measures for integration of devices or equipment into the electrical equipment of the machine |
| 94 | Annex F (informative)Guidelines for software F.1 General F.2 Documentation Table F.1 โ Documents for SW level 1 and SW level 2 |
| 95 | Table F.2 โ Coding guidelines |
| 96 | F.3 Activities Table F.3 โ Overview of protocols |
| 97 | Table F.4 โ SW level 1 โ Overview of basic activities |
| 98 | Table F.5 โ SW level 2 โ Overview of basic activities (1/2) |
| 99 | Table F.5 โ SW level 2 โ Overview of basic activities (1/2) (continued) |
| 100 | Table F.6 โ SW level 2 โ Overview of basic activities (2/2) |
| 101 | Annex G (informative)Examples of safety functions G.1 General G.2 Safety functions G.2.1 Basic information Table G.1 โ Examples of safety functions and associated safety-related devices |
| 102 | G.2.2 Detailed description of safety requirements Table G.2 โ Basic information related to the safety requirements specification |
| 103 | G.2.3 Example of interlocking guard |
| 104 | Table G.3 โ Example of safety-related parameters fora safety function with required SIL 1 Table G.4 โ Example of safety-related parameters fora safety function with required SIL 3 |
| 105 | Annex H (informative)Evaluation of PFH value of a subsystem H.1 General H.2 Table allocation approach (IEC 62061) H.3 Simplified formulas for the estimation of PFH value (IEC 62061) H.4 Approaches of IEC 61508, IEC 62061 and ISO 13849-1 H.4.1 General |
| 106 | H.4.2 Approach of IEC 61508 |
| 107 | H.4.3 Approach of IEC 62061 H.4.4 Approach of ISO 13849-1:2015, Annex K |
| 111 | H.5 Basic considerations regarding exponential and Weibull distributions H.5.1 Exponential distribution H.5.2 Weibull distribution |
| 113 | H.6 T10 and B10 H.6.1 General H.6.2 T10 with exponential distribution |
| 114 | H.6.3 T10 with Weibull distribution |
| 115 | Figure H.1 โ Cumulative distribution functions (CDF) |
| 116 | H.7 Overview of PFH formulas H.7.1 Definitions H.7.2 Formulas Table H.1 โ Formulas for basic subsystem architecture A (1oo1) |
| 117 | Table H.2 โ Formulas for basic subsystem architecture C (1oo1D) Table H.3 โ Formulas for basic subsystem architecture B (1oo2) |
| 118 | H.7.3 Examples Table H.4 โ Formulas for basic subsystem architecture D (1oo2D) |
| 119 | Table H.5 โ Examples of PFH values based on B10D |
| 120 | H.8 Methodology for the estimation of CCF Table H.6 โ Examples of PFH values based on T10D and B10D |
| 121 | H.9 Basic subsystem architecture A (1oo1) H.9.1 General Figure H.2 โ Common cause failure Figure H.3 โ Basic subsystem architecture A (1oo1) reliability block diagram Figure H.4 โ Unavailability function of basic subsystem architecture A (1oo1) |
| 122 | H.9.2 PFH H.9.3 Simplified Weibull approach Figure H.5 โ 1oo1 reliability block diagram, simplified Weibull approach |
| 123 | H.10 Basic subsystem architecture C (1oo1D) H.10.1 General H.10.2 Fault reaction performed by another subsystem Figure H.6 โ Basic subsystem architecture C (1oo1D) logical viewwith safe state initiation using another subsystem Figure H.7 โ Basic subsystem architecture C (1oo1D) reliability block diagram with safe state initiation using another subsystem |
| 124 | H.10.3 Fault reaction to be considered in the subsystem Figure H.8 โ Unavailability functions of basic subsystem architecture C (1oo1D) Figure H.9 โ Basic subsystem architecture C (1oo1D) logical view with fault reaction |
| 125 | Figure H.10 โ Basic subsystem architecture C (1oo1D) reliabilityblock diagram with fault reaction Figure H.11 โ Unavailability functions of basic subsystem architecture C (1oo1D) |
| 126 | H.10.4 PFH H.10.5 Influence of CCF |
| 127 | H.11 Basic subsystem architecture B (1oo2) H.11.1 General Figure H.12 โ Basic subsystem architecture B (1oo2) reliability block diagram Figure H.13 โ Unavailability functions of basic subsystem architecture B (1oo2) |
| 128 | H.11.2 PFH H.11.3 Influence of CCF H.12 Basic subsystem architecture D (1oo2D) H.12.1 General |
| 129 | Figure H.14 โ Basic subsystem architecture D (1oo2D) reliability block diagram Figure H.15 โ Unavailability functions of basic subsystem architecture D (1oo2D) |
| 130 | H.12.2 PFH evaluation of Term A H.12.3 PFH evaluation of Term B H.12.4 PFH evaluation of Term C and Term D |
| 131 | H.12.5 PFH H.12.6 Influence of CCF H.13 Basic subsystem architecture D (1oo2D) with two periods of time consideration H.13.1 General |
| 132 | H.13.2 PFH evaluation of Term A H.13.3 PFH evaluation of Term B H.13.4 PFH evaluation of Term C and Term D |
| 133 | H.13.5 PFH H.13.6 Influence of CCF |
| 134 | Annex I (informative)Commented examples of current regulations I.1 General I.2 European Union I.2.1 General European legislation I.2.2 New proposed machinery regulation (under preparation) |
| 135 | I.2.3 Relevant legislation I.2.4 Duties of the manufacturer of the machine |
| 136 | I.3 North America โ USA I.4 North America โ Canada I.5 South America โ Brazil |
| 137 | I.6 China I.7 Japan |
| 138 | Annex J (informative)Combination of modes of operation J.1 General J.2 Basic approaches with different modes of operation J.2.1 General Figure J.1 โ Basic approach in high demand or continuous modeof operation based on IEC 61508 (and IEC 62061) |
| 139 | J.2.2 Risk reduction measures on low demand mode of operation Figure J.2 โ Basic approach in low demand mode of operation basedon IEC 61508 (and IEC 61511) |
| 140 | J.3 Use of subsystems in different modes of operation J.3.1 General J.3.2 Example with different modes of operation |
| 141 | Figure J.3 โ Functional view Figure J.4 โ Logical view |
| 142 | J.3.3 Subsystem(s) used for different modes of operation Figure J.5 โ Decomposition view |
| 143 | Figure J.6 โ Quantitative SIL evaluation using the approach of ratioof probability of failures of each subsystem |
| 144 | Figure J.7 โ Example of quantitative SIL evaluation using the approachof ratio of probability of failures of each subsystem Table J.1 โ PFDavg max and PFHmax for respective target SIL |
| 145 | Bibliography |
Related products
-
IEEE 802.3-2022(Redline)
IEEE Standard for Ethernet (Redline) Published By Publication Date Number of Pages IEEE 2022 7025
-
IEEE 8802-3-2014
ISO/IEC/IEEE International Standard for Ethernet Published By Publication Date Number of Pages IEEE 2014 3754
-
IEEE 8802-3-2014
ISO/IEC/IEEE International Standard for Ethernet Published By Publication Date Number of Pages IEEE 2014 3754
-
IEEE ISO IEC 8802 3 2014
ISO/IEC/IEEE International Standard for Ethernet Published By Publication Date Number of Pages IEEE 2014 3754
-
IEEE 802.3-2022
IEEE Standard for Ethernet Published By Publication Date Number of Pages IEEE 2022 7025
-
IEEE 802.3-2022
IEEE Standard for Ethernet Published By Publication Date Number of Pages IEEE 2022
-
IEEE 802.3-2022(Redline)
IEEE Standard for Ethernet (Redline) Published By Publication Date Number of Pages IEEE 2022 7025
-
IEEE 802.3-2022
IEEE Standard for Ethernet Published By Publication Date Number of Pages IEEE 2022
-
IEEE 802.3-2022(Redline)
IEEE Standard for Ethernet (Redline) Published By Publication Date Number of Pages IEEE 2022
