| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 4<\/td>\n | CONTENTS <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | FOREWORD <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | INTRODUCTION <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | 1 Scope 2 Normative references <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 3 Terms and definitions 3.1 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 3.2 Alphabetical list of terms, definitions and abbreviated terms Tables Table 1 \u2013 Terms used in this document <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 4 Typical classification of safety functions in safety of machinery 4.1 General 4.1.1 Overview 4.1.2 Risk assessment and risk reduction according to ISO 12100 <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 4.1.3 Risk reduction and interconnection to SCS and SRP\/CS 4.1.4 Basic assumptions for risk reduction in machinery Figures Figure 1 \u2013 Integration within the risk reduction process of ISO 12100 <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 4.3 Safety functions 4.3.1 General 4.3.2 Risk reduction process by safety functions Figure 2 \u2013 Decomposition of an SCS or SRP\/CS <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 4.3.3 Typical classification of safety functions Figure 3 \u2013 Risk reduction process by safety functions <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | 4.4 Interrelation between ISO 12100 and IEC 62061 or ISO 13849-1 4.4.1 General 4.4.2 Input information in accordance with IEC 62061 or ISO 13849-1 <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 4.4.3 Output information from IEC 62061 or ISO 13849-1 Table 2 \u2013 Input information for the safety requirements specification (SRS) Table 3 \u2013 Output information from SCS or SRP\/CS design on overall risk assessment <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | 4.5 Safety functions for protection of persons 4.5.1 General 4.5.2 Safety functions for protection of persons based on guards and protective devices Table 4 \u2013 Safety functions for protection of persons <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 4.6 Other safety functions to prevent hazardous situations 4.6.1 General 4.6.2 Other safety functions Table 5 \u2013 Other safety functions <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | 4.7 Safety functions for protection of the integrity of the machine 4.7.1 General 4.7.2 Safety functions for the protection of integrity of the machine 4.8 Safety functions and Type-C standards Table 6 \u2013 Safety functions for the protection of integrity of the machine <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | 5 Demand mode of operation related to safety functions 5.1 General 5.2 High demand or continuous mode of operation 5.2.1 General <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | 5.2.2 Approach of IEC 62061 and ISO 13849-1 5.2.3 Rarely activated safety functions Figure 4 \u2013 High demand mode of operation <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | 5.3 Low demand mode of operation 5.3.1 General Figure 5 \u2013 Process for determining high demand mode of operation <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | 5.3.2 Approach of IEC 62061 and ISO 13849-1 6 Design process of safety functions 6.1 General 6.2 Design procedure Figure 6 \u2013 Low demand mode of operation <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | 6.3 Evaluation of required safety integrity 6.4 Decomposition of a safety function 6.5 Subsystem design 6.5.1 Architectural constraints <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | Table 7 \u2013 Architectural constraints for high demand mode of operation <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | 6.5.2 Fault accumulation and undetected faults 6.5.3 Evaluation of PFH <\/td>\n<\/tr>\n | ||||||
| 47<\/td>\n | 6.6 Examples of safety functions 7 Verification procedures for safety functions 7.1 General 7.2 Verification of the test interval of a safety function <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | 7.3 Verification procedures 7.4 Initial verification <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | 7.5 Periodic verification 7.5.1 General <\/td>\n<\/tr>\n | ||||||
| 50<\/td>\n | 7.5.2 Frequency of periodic verification <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | 7.6 Verification reporting <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | Annex A (informative)Risk assessment and risk reduction according to ISO 12100 A.1 General A.2 Risk assessment principles A.2.1 General A.2.2 Basic information to be available (as input to risk assessment) <\/td>\n<\/tr>\n | ||||||
| 53<\/td>\n | A.2.3 Risk analysis Table A.1 \u2013 Basic information for risk assessment according to ISO 12100 <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | Table A.2 \u2013 Determination of limits of machinery according to ISO 12100 <\/td>\n<\/tr>\n | ||||||
| 55<\/td>\n | Table A.3 \u2013 Principles of hazard identification according to ISO 12100 <\/td>\n<\/tr>\n | ||||||
| 56<\/td>\n | Table A.4 \u2013 Risk estimation according to ISO 12100 Table A.5 \u2013 Additional considered aspects during risk estimationaccording to ISO 12100 <\/td>\n<\/tr>\n | ||||||
| 57<\/td>\n | A.3 Risk reduction by means of safeguarding and complementary protective measures A.3.1 General <\/td>\n<\/tr>\n | ||||||
| 58<\/td>\n | A.3.2 Inherently safe design measures A.3.3 Selection of safeguarding and complementary protective measures <\/td>\n<\/tr>\n | ||||||
| 60<\/td>\n | A.4 Other protective measures (procedure based) A.4.1 General A.4.2 Procedures for maintenance A.4.3 Organizational work procedures <\/td>\n<\/tr>\n | ||||||
| 61<\/td>\n | A.5 Guards and protective devices according to ISO 12100 A.5.1 General A.5.2 Interlocking guard with a start function, with manual reset function Table A.6 \u2013 Guards according to ISO 12100 <\/td>\n<\/tr>\n | ||||||
| 62<\/td>\n | A.5.3 Protective device according to ISO 12100 A.5.4 Manual local control device (and procedure) Table A.7 \u2013 Examples of protective devices according to ISO 12100 <\/td>\n<\/tr>\n | ||||||
| 63<\/td>\n | A.5.5 Manual parameter selection device (and procedure) A.5.6 Manual operating mode selection device (and procedure) A.5.7 Energy control device (and procedure) A.6 Matrix assignment approach A.6.1 Overview <\/td>\n<\/tr>\n | ||||||
| 64<\/td>\n | A.6.2 General A.6.3 Methodology of IEC 62061:2021, Annex A <\/td>\n<\/tr>\n | ||||||
| 65<\/td>\n | A.7 Risk graph approach A.7.1 General A.7.2 Methodology of ISO 13849-1:2015, Annex A with assigned SIL Figure A.1 \u2013 SIL assignment approach <\/td>\n<\/tr>\n | ||||||
| 66<\/td>\n | Figure A.2 \u2013 Risk graph approach of ISO 13849-1:2015, Figure A.1 with assigned SIL <\/td>\n<\/tr>\n | ||||||
| 67<\/td>\n | Annex B (informative)Methodology of SCS or SRP\/CS design B.1 General B.2 Functional safety plan Table B.1 \u2013 Overview functional safety plan <\/td>\n<\/tr>\n | ||||||
| 68<\/td>\n | B.3 Safety requirements specification B.3.1 General B.3.2 Functional requirements B.3.3 Safety integrity requirements Table B.2 \u2013 Overview of basic functional requirements <\/td>\n<\/tr>\n | ||||||
| 69<\/td>\n | B.4 Protection against unexpected start-up B.5 Decomposition of the safety function B.5.1 General B.5.2 Subsystem architecture based on top-down decomposition B.6 Design of the SCS by using subsystems Table B.3 \u2013 SIL and limits of PFH values <\/td>\n<\/tr>\n | ||||||
| 70<\/td>\n | B.7 Requirements for systematic safety integrity B.7.1 General B.7.2 SCS level Figure B.1 \u2013 Example of decomposition of a safety function <\/td>\n<\/tr>\n | ||||||
| 71<\/td>\n | Table B.4 \u2013 Avoidance of systematic failures (SCS or SRP\/CS level) Table B.5 \u2013 Control of systematic failures (SCS or SRP\/CS level) <\/td>\n<\/tr>\n | ||||||
| 72<\/td>\n | B.7.3 Subsystem level Table B.6 \u2013 Avoidance of systematic failures (subsystem level) <\/td>\n<\/tr>\n | ||||||
| 73<\/td>\n | B.8 Electromagnetic immunity B.9 Software-based manual parameterization Table B.7 \u2013 Control of systematic failures (subsystem level) <\/td>\n<\/tr>\n | ||||||
| 74<\/td>\n | Table B.8 \u2013 Software-based manual parameterization <\/td>\n<\/tr>\n | ||||||
| 75<\/td>\n | B.10 Security aspects B.11 Aspects of testing Figure B.2 \u2013 Possible effects of security risk(s) to a SCS (IEC TR 63074:2019, Figure 2) <\/td>\n<\/tr>\n | ||||||
| 76<\/td>\n | B.12 Design and development of a subsystem B.12.1 General B.12.2 Subsystem architecture design <\/td>\n<\/tr>\n | ||||||
| 78<\/td>\n | B.12.3 Fault consideration and fault exclusion B.12.4 Architectural constraints of a subsystem Figure B.3 \u2013 Rarely activated safety functions and mode of operation of subsystems Table B.9 \u2013 Cause and effects of rarely activated safety functions <\/td>\n<\/tr>\n | ||||||
| 79<\/td>\n | Table B.10 \u2013 Architectural constraints and basic requirements on a subsystem <\/td>\n<\/tr>\n | ||||||
| 80<\/td>\n | B.12.5 Subsystem design architectures B.12.6 PFH value of subsystems B.13 Validation <\/td>\n<\/tr>\n | ||||||
| 81<\/td>\n | Table B.11 \u2013 Overview of validation process with required information <\/td>\n<\/tr>\n | ||||||
| 82<\/td>\n | B.14 Documentation <\/td>\n<\/tr>\n | ||||||
| 83<\/td>\n | Table B.12 \u2013 Technical documentation based on the design process(Table 9 of IEC 62061:2021, modified) <\/td>\n<\/tr>\n | ||||||
| 84<\/td>\n | Table B.13 \u2013 Overview of documentation <\/td>\n<\/tr>\n | ||||||
| 85<\/td>\n | Annex C (informative)Examples of MTTFD values for single components Table C.1 \u2013 MTTFD or B10D values for components (derived from ISO 13849-1:2015) Table C.2 \u2013 Relationship of \u03bbD, MTTFD and B10D <\/td>\n<\/tr>\n | ||||||
| 86<\/td>\n | Annex D (informative)Examples for diagnostic coverage (DC) D.1 General <\/td>\n<\/tr>\n | ||||||
| 87<\/td>\n | D.2 Influence of cabling, wiring and interconnections D.2.1 General D.2.2 “Serial wiring” Table D.1 \u2013 Measures to prevent of short circuit <\/td>\n<\/tr>\n | ||||||
| 88<\/td>\n | D.3 Use of manufacturing process information D.3.1 General D.3.2 Use of expected timing or awaiting of signal status D.4 Typical DC measures <\/td>\n<\/tr>\n | ||||||
| 89<\/td>\n | Table D.2 \u2013 DC values and recommended measures <\/td>\n<\/tr>\n | ||||||
| 90<\/td>\n | Annex E (informative)Measures for the achievement of functional safetywith regards to electromagnetic phenomena E.1 General E.2 Measures E.2.1 General E.2.2 Recommendation for electrical\/electronic items of equipment (devices or apparatus) <\/td>\n<\/tr>\n | ||||||
| 91<\/td>\n | E.2.3 Recommendation for the integration of an SCS or SRP\/CS into the electrical equipment of the machine Table E.1 \u2013 Non-exhaustive list of recommendations regarding EMI measures for integration of devices or equipment into the electrical equipment of the machine <\/td>\n<\/tr>\n | ||||||
| 92<\/td>\n | Annex F (informative)Guidelines for software F.1 General F.2 Documentation Table F.1 \u2013 Documents for SW level 1 and SW level 2 <\/td>\n<\/tr>\n | ||||||
| 93<\/td>\n | Table F.2 \u2013 Coding guidelines <\/td>\n<\/tr>\n | ||||||
| 94<\/td>\n | F.3 Activities Table F.3 \u2013 Overview of protocols <\/td>\n<\/tr>\n | ||||||
| 95<\/td>\n | Table F.4 \u2013 SW level 1 \u2013 Overview of basic activities <\/td>\n<\/tr>\n | ||||||
| 96<\/td>\n | Table F.5 \u2013 SW level 2 \u2013 Overview of basic activities (1\/2) <\/td>\n<\/tr>\n | ||||||
| 97<\/td>\n | Table F.5 \u2013 SW level 2 \u2013 Overview of basic activities (1\/2) (continued) <\/td>\n<\/tr>\n | ||||||
| 98<\/td>\n | Table F.6 \u2013 SW level 2 \u2013 Overview of basic activities (2\/2) <\/td>\n<\/tr>\n | ||||||
| 99<\/td>\n | Annex G (informative)Examples of safety functions G.1 General G.2 Safety functions G.2.1 Basic information Table G.1 \u2013 Examples of safety functions and associated safety-related devices <\/td>\n<\/tr>\n | ||||||
| 100<\/td>\n | G.2.2 Detailed description of safety requirements Table G.2 \u2013 Basic information related to the safety requirements specification <\/td>\n<\/tr>\n | ||||||
| 101<\/td>\n | G.2.3 Example of interlocking guard <\/td>\n<\/tr>\n | ||||||
| 102<\/td>\n | Table G.3 \u2013 Example of safety-related parameters fora safety function with required SIL 1 Table G.4 \u2013 Example of safety-related parameters fora safety function with required SIL 3 <\/td>\n<\/tr>\n | ||||||
| 103<\/td>\n | Annex H (informative)Evaluation of PFH value of a subsystem H.1 General H.2 Table allocation approach (IEC 62061) H.3 Simplified formulas for the estimation of PFH value (IEC 62061) H.4 Approaches of IEC 61508, IEC 62061 and ISO 13849-1 H.4.1 General <\/td>\n<\/tr>\n | ||||||
| 104<\/td>\n | H.4.2 Approach of IEC 61508 <\/td>\n<\/tr>\n | ||||||
| 105<\/td>\n | H.4.3 Approach of IEC 62061 H.4.4 Approach of ISO 13849-1:2015, Annex K <\/td>\n<\/tr>\n | ||||||
| 109<\/td>\n | H.5 Basic considerations regarding exponential and Weibull distributions H.5.1 Exponential distribution H.5.2 Weibull distribution <\/td>\n<\/tr>\n | ||||||
| 111<\/td>\n | H.6 T10 and B10 H.6.1 General H.6.2 T10 with exponential distribution <\/td>\n<\/tr>\n | ||||||
| 112<\/td>\n | H.6.3 T10 with Weibull distribution <\/td>\n<\/tr>\n | ||||||
| 113<\/td>\n | Figure H.1 \u2013 Cumulative distribution functions (CDF) <\/td>\n<\/tr>\n | ||||||
| 114<\/td>\n | H.7 Overview of PFH formulas H.7.1 Definitions H.7.2 Formulas Table H.1 \u2013 Formulas for basic subsystem architecture A (1oo1) <\/td>\n<\/tr>\n | ||||||
| 115<\/td>\n | Table H.2 \u2013 Formulas for basic subsystem architecture C (1oo1D) Table H.3 \u2013 Formulas for basic subsystem architecture B (1oo2) <\/td>\n<\/tr>\n | ||||||
| 116<\/td>\n | H.7.3 Examples Table H.4 \u2013 Formulas for basic subsystem architecture D (1oo2D) <\/td>\n<\/tr>\n | ||||||
| 117<\/td>\n | Table H.5 \u2013 Examples of PFH values based on B10D <\/td>\n<\/tr>\n | ||||||
| 118<\/td>\n | H.8 Methodology for the estimation of CCF Table H.6 \u2013 Examples of PFH values based on T10D and B10D <\/td>\n<\/tr>\n | ||||||
| 119<\/td>\n | H.9 Basic subsystem architecture A (1oo1) H.9.1 General Figure H.2 \u2013 Common cause failure Figure H.3 \u2013 Basic subsystem architecture A (1oo1) reliability block diagram Figure H.4 \u2013 Unavailability function of basic subsystem architecture A (1oo1) <\/td>\n<\/tr>\n | ||||||
| 120<\/td>\n | H.9.2 PFH H.9.3 Simplified Weibull approach Figure H.5 \u2013 1oo1 reliability block diagram, simplified Weibull approach <\/td>\n<\/tr>\n | ||||||
| 121<\/td>\n | H.10 Basic subsystem architecture C (1oo1D) H.10.1 General H.10.2 Fault reaction performed by another subsystem Figure H.6 \u2013 Basic subsystem architecture C (1oo1D) logical viewwith safe state initiation using another subsystem Figure H.7 \u2013 Basic subsystem architecture C (1oo1D) reliability block diagram with safe state initiation using another subsystem <\/td>\n<\/tr>\n | ||||||
| 122<\/td>\n | H.10.3 Fault reaction to be considered in the subsystem Figure H.8 \u2013 Unavailability functions of basic subsystem architecture C (1oo1D) Figure H.9 \u2013 Basic subsystem architecture C (1oo1D) logical view with fault reaction <\/td>\n<\/tr>\n | ||||||
| 123<\/td>\n | Figure H.10 \u2013 Basic subsystem architecture C (1oo1D) reliabilityblock diagram with fault reaction Figure H.11 \u2013 Unavailability functions of basic subsystem architecture C (1oo1D) <\/td>\n<\/tr>\n | ||||||
| 124<\/td>\n | H.10.4 PFH H.10.5 Influence of CCF <\/td>\n<\/tr>\n | ||||||
| 125<\/td>\n | H.11 Basic subsystem architecture B (1oo2) H.11.1 General Figure H.12 \u2013 Basic subsystem architecture B (1oo2) reliability block diagram Figure H.13 \u2013 Unavailability functions of basic subsystem architecture B (1oo2) <\/td>\n<\/tr>\n | ||||||
| 126<\/td>\n | H.11.2 PFH H.11.3 Influence of CCF H.12 Basic subsystem architecture D (1oo2D) H.12.1 General <\/td>\n<\/tr>\n | ||||||
| 127<\/td>\n | Figure H.14 \u2013 Basic subsystem architecture D (1oo2D) reliability block diagram Figure H.15 \u2013 Unavailability functions of basic subsystem architecture D (1oo2D) <\/td>\n<\/tr>\n | ||||||
| 128<\/td>\n | H.12.2 PFH evaluation of Term A H.12.3 PFH evaluation of Term B H.12.4 PFH evaluation of Term C and Term D <\/td>\n<\/tr>\n | ||||||
| 129<\/td>\n | H.12.5 PFH H.12.6 Influence of CCF H.13 Basic subsystem architecture D (1oo2D) with two periods of time consideration H.13.1 General <\/td>\n<\/tr>\n | ||||||
| 130<\/td>\n | H.13.2 PFH evaluation of Term A H.13.3 PFH evaluation of Term B H.13.4 PFH evaluation of Term C and Term D <\/td>\n<\/tr>\n | ||||||
| 131<\/td>\n | H.13.5 PFH H.13.6 Influence of CCF <\/td>\n<\/tr>\n | ||||||
| 132<\/td>\n | Annex I (informative)Commented examples of current regulations I.1 General I.2 European Union I.2.1 General European legislation I.2.2 New proposed machinery regulation (under preparation) <\/td>\n<\/tr>\n | ||||||
| 133<\/td>\n | I.2.3 Relevant legislation I.2.4 Duties of the manufacturer of the machine <\/td>\n<\/tr>\n | ||||||
| 134<\/td>\n | I.3 North America \u2013 USA I.4 North America \u2013 Canada I.5 South America \u2013 Brazil <\/td>\n<\/tr>\n | ||||||
| 135<\/td>\n | I.6 China I.7 Japan <\/td>\n<\/tr>\n | ||||||
| 136<\/td>\n | Annex J (informative)Combination of modes of operation J.1 General J.2 Basic approaches with different modes of operation J.2.1 General Figure J.1 \u2013 Basic approach in high demand or continuous modeof operation based on IEC 61508 (and IEC 62061) <\/td>\n<\/tr>\n | ||||||
| 137<\/td>\n | J.2.2 Risk reduction measures on low demand mode of operation Figure J.2 \u2013 Basic approach in low demand mode of operation basedon IEC 61508 (and IEC 61511) <\/td>\n<\/tr>\n | ||||||
| 138<\/td>\n | J.3 Use of subsystems in different modes of operation J.3.1 General J.3.2 Example with different modes of operation <\/td>\n<\/tr>\n | ||||||
| 139<\/td>\n | Figure J.3 \u2013 Functional view Figure J.4 \u2013 Logical view <\/td>\n<\/tr>\n | ||||||
| 140<\/td>\n | J.3.3 Subsystem(s) used for different modes of operation Figure J.5 \u2013 Decomposition view <\/td>\n<\/tr>\n | ||||||
| 141<\/td>\n | Figure J.6 \u2013 Quantitative SIL evaluation using the approach of ratioof probability of failures of each subsystem <\/td>\n<\/tr>\n | ||||||
| 142<\/td>\n | Figure J.7 \u2013 Example of quantitative SIL evaluation using the approachof ratio of probability of failures of each subsystem Table J.1 \u2013 PFDavg max and PFHmax for respective target SIL <\/td>\n<\/tr>\n | ||||||
| 143<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Safety of machinery. Guidelines on functional safety of safety-related control system<\/b><\/p>\n |