Buscar

Intorduction Basics uk

Faça como milhares de estudantes: teste grátis o Passei Direto

Esse e outros conteúdos desbloqueados

16 milhões de materiais de várias disciplinas

Impressão de materiais

Agora você pode testar o

Passei Direto grátis

Faça como milhares de estudantes: teste grátis o Passei Direto

Esse e outros conteúdos desbloqueados

16 milhões de materiais de várias disciplinas

Impressão de materiais

Agora você pode testar o

Passei Direto grátis

Faça como milhares de estudantes: teste grátis o Passei Direto

Esse e outros conteúdos desbloqueados

16 milhões de materiais de várias disciplinas

Impressão de materiais

Agora você pode testar o

Passei Direto grátis

Você viu 3, do total de 39 páginas

Faça como milhares de estudantes: teste grátis o Passei Direto

Esse e outros conteúdos desbloqueados

16 milhões de materiais de várias disciplinas

Impressão de materiais

Agora você pode testar o

Passei Direto grátis

Faça como milhares de estudantes: teste grátis o Passei Direto

Esse e outros conteúdos desbloqueados

16 milhões de materiais de várias disciplinas

Impressão de materiais

Agora você pode testar o

Passei Direto grátis

Faça como milhares de estudantes: teste grátis o Passei Direto

Esse e outros conteúdos desbloqueados

16 milhões de materiais de várias disciplinas

Impressão de materiais

Agora você pode testar o

Passei Direto grátis

Você viu 6, do total de 39 páginas

Faça como milhares de estudantes: teste grátis o Passei Direto

Esse e outros conteúdos desbloqueados

16 milhões de materiais de várias disciplinas

Impressão de materiais

Agora você pode testar o

Passei Direto grátis

Faça como milhares de estudantes: teste grátis o Passei Direto

Esse e outros conteúdos desbloqueados

16 milhões de materiais de várias disciplinas

Impressão de materiais

Agora você pode testar o

Passei Direto grátis

Faça como milhares de estudantes: teste grátis o Passei Direto

Esse e outros conteúdos desbloqueados

16 milhões de materiais de várias disciplinas

Impressão de materiais

Agora você pode testar o

Passei Direto grátis

Você viu 9, do total de 39 páginas

Faça como milhares de estudantes: teste grátis o Passei Direto

Esse e outros conteúdos desbloqueados

16 milhões de materiais de várias disciplinas

Impressão de materiais

Agora você pode testar o

Passei Direto grátis

Prévia do material em texto

Safety Integrated for 
Sinumerik
Introduction and Basics
Basics Safety technology
Legally Background
Basics Safety Motion Monitoring
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 2/39
Background
Hazards as a result of functional faults
Functional faults for machines represent a potential hazard for:
Man Machine Process
This is the reason that machines must have the appropriate level of 
functional safety. The regulations relating to functional safety are specific to 
countries and regions.
For instance, in the European Union, all machines that are marketed and 
sold must have the CE marking.
With the CE marking, the manufacturers confirm that their machines are in 
full conformance with the European Machinery Directive. 
ƒIn addition, you can also mention the environment, capital investment 
(assets) and image.
ƒAs stated by Werner von Siemens: “Accident prevention should not be 
seen as part of legislation, but as human responsibility and economic 
sense”.
ƒCE directives are passed by the EC and must be implemented by the 
member states in their national legislation.
ƒPresently, there are approximately 30 directives in the technical area 
(among others, the Machinery Directive, Low-Voltage Directive, EMC 
Directive, ...).
ƒCE corresponds to a technical passport (this is mandatory for export 
within the European Union).
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 3/39
Background
The European Machinery Directive
Machine
Risk analysis 
and assessment
Acceptable
residual risk
Measures to 
reduce the risk
Hazard
Hazard
The process is 
specified in the 
appropriate 
legislation and 
defined in 
standards
The European Machinery Directive specifies the following:
Before constructing their machines, manufacturers of machines and plants (machinery 
OEMs) must perform a risk analysis and risk assessment and, if required, take 
appropriate measures to reduce the risk. Only those machines with acceptable risk 
levels (safe machines) may be marketed and sold.
“Safe” machine
ƒSafety: Free of any unjustifiable risks.
ƒRisk: Combination of the probability with which damage can occur and the 
extent of this damage.
ƒObjective: To reduce the risk to a justifiable level.
ƒPrerequisite for CE marking.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 4/39
With this process, all 
countries take into account 
the same basic principles,
but the
precise regulations for 
implementation are defined 
in standards specific to
countries and/or regions.
The Directives and 
Standards where the plant 
or the machine is to be 
actually used are decisive.
The plant or machine 
manufacturer is 
responsible in ensuring 
that the standards are 
complied with.
„ Modify the machine or 
process configuration
„ Apply additional measures 
to reduce dangers and 
hazards
„ Use of safety technology
„ The magnitude of damage 
is determined - together 
with the probability and the 
ability to avoid the risk
„ Assigned to classes
Proved using:
„ Documentation, certificates
„ Machine acceptance test
StandardsProcess Implementation
Risk analysis 
and assessment
Acceptable
residual risk
Measures to 
reduce the risk
!
The process - overview
ƒPrinciple of minimizing risks
ƒClarifying the responsibility: The machine manufacturer is responsible for this!
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 5/39
North America:
UL, CSA, ANSI
Europe:
EN
Japan:
JIS
Standards
International safety standards
The regulations and standards that apply where the machine or plant is 
to be operated are decisive.
e.g. EN 954-1
International:
IEC, ISO
e.g. IEC 61508, ISO 13849-1, IEC 62061
ƒUL (Underwriters Laboratories): Certification organization for product safety 
in the USA.
ƒCSA (Canadian Standards Association) is a non-governmental organization, that sets 
rules and standards as well as testing and certifying products with regard to safety. 
ƒANSI (American National Standards Institute): US body responsible for 
drawing up the standards for industrial processes.
ƒIEC (International Electrotechnical Commission): This is an international 
standardization body based in Geneva, Switzerland for standards in the area 
of electrical and electronic engineering. Some of the standards are developed 
jointly together with ISO. 
ƒISO (International Organisation for Standardization): This organization works out 
international standards in all areas except electrical and electronic engineering, for which 
the International Electrotechnical Commission (IEC) is responsible, and telecommunication, 
for which the International Telecommunication Union (ITU) is responsible. 
ƒEN (European standards) are rules that have been ratified by one of the three 
European committees for standardization CEN, CENELEC or ETSI. All EN standards have 
been produced through a public standardization process. 
ƒJIS (Japan Industrial Standard): This is comparable with DIN in Germany.
ƒDIN Deutsches Institut für Normung e. V. (DIN) is the national standardization organization
of Germany, based in Berlin.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 6/39
B1-Normen
Allg. Sicherheitsaspekte
Standards
The classification of EN standards
Basic
standards
Design guidelines
and 
basic terminology for machines
TYPE
A standards
TYPE
B standards
B2 standards
Reference to special
protective equipment
TYPE
C standards
Specific safety features of individual machine types (e.g. presses). 
If a specific standard exists, then it must be applied!
Group
standards
Special
standards
EN safety standards are hierarchically classified in three groups :
e.g.
IEC 61508
e.g.
EN 954-1
IEC 62061
ISO 13849-1
IEC 60204
e.g.
IEC 61800-5-2B1 standards
General safety
aspects
ƒA standards: Basic safety standards; these apply to all machines; they 
address those that are responsible for drawing-up B and C standards; 
manufacturers take these into consideration if there is no applicable B/C 
standard.
ƒB standards: Safety standards; include statements that are applicable to 
several types of (similar) machines – in an identical or similar fashion; they 
predominantly address those responsible for drawing-up C standards; 
manufacturers take these into consideration if there is no applicable C 
standard.
ƒB1 standards: For higher-level safety aspects (basics of ergonomics, safety 
clearances, etc.); are not device-specific.
ƒB2 standards: For safety equipment (e.g. Emergency Stop, two-hand control 
device, ...); are device-specific.
ƒC standards: Machine-specific standards (e.g. for machine tools, 
woodworking machines, etc.); they include machine-specific requirements 
that under certain circumstances can deviate from A and B standards; they 
have the highest priority for machine manufactures.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 7/39
Standards
The relevant European standards (EN)
„ The Standards that have been established over timein various countries have been 
harmonized and have been reduced to just a few European standards.
„ The frequently applied EN 954-1 Standard will be replaced by November 2009 after a 
transition period.
„ The remaining relevant Standards are:
EN 61508: ■ Base standard for functional safety (also covers PLCs).
EN 62061: ■ Application standard for machine construction. This covers 
electrical and electronic safety technology.
EN ISO 13849-1:■ Application standard for machine construction. Covers electrical, 
electronic and other technologies (e.g. pneumatics, hydraulics).
This replaces EN 954-1.
EN 61800-5-2: ■ Product-specific standard for variable-speed electric drives with 
integrated safety functions.
„ EN 62061 and EN ISO 13849-1 are mostly used to assess the risk for machines. 
EN 61508 is mostly used to assess the risk for safety devices (e.g. also PLCs).
ƒEN 954-1: Specifies categories; however, it does not include any 
programmable logic (-> only capable with some restrictions); it is not possible to 
check the result by making a calculation; it will be replaced by ISO 13849-1; 
harmonized under the Machinery Directive; relevant for machine manufactures.
ƒISO 13849-1: Also includes programmable controllers (specified architectures); 
provides PLs; during a transition period up to 10/2009, both the 13849-1 and 
954-1 Standards may be applied; relevant for machine manufactures. 
ƒIEC 61508: This is called the base standard for functional safety; it is not 
harmonized under the Machinery Directive -> there is no assumption of 
compliance; however, IEC 61508 may still be applied when fulfilling European 
Directives if there is no applicable harmonized standard – or, if reference is 
made to IEC 61508 in a harmonized standard; includes PES independent of the 
architecture; designates the “state-of-the-art technology”; provides SILs (Safety 
Integrity Levels); this standard is relevant for manufacturers of safety devices.
ƒIEC 62061: Harmonized under the Machinery Directive; this is a sector-specific 
(machine) standard positioned below IEC 61508; includes controllers; provides 
as result, SILs; relevant for machine manufactures. 
ƒIEC 61800-5-2: Standard for electric drives; here, for example, the behavior of a 
machine is defined for STO, SS1, etc.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 8/39
Risk assessment
The individual steps
;
R
is
k 
an
al
ys
is
R
is
k 
as
se
ss
m
en
t
„ These steps apply for all standards.
„ The name of the safety levels depends on the specific 
standard. 
The limits of the machine are determined
Hazards are identified
Risk is assessed
Risk assessment Safety level
Safety level
fulfilled?
Measures
Yes
Ö
Risk 
analysis 
and 
assessment
Acceptable
residual risk
Measures
to reduce
risk
No
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 9/39
■ The magnitude of the risk
is obtained from:
■ The precise calculation differs depending on the specific standard.
■ Depending on the magnitude of the risk, a certain safety level is required. The 
designations of the safety levels are as follows:
■ For EN 954-1: Category B, 1 - 4
■ For ISO 13849-1: Performance Level (PL) a - e 
■ For IEC 62061: Safety Integrity Level (SIL) 1 - 3
Risk assessment
Risk assessment and safety levels
■ Severity of the 
possible injury
Wie
schwer
■ Frequency and/or 
time exposed to 
the risk
■ Possibilities of 
avoiding risk
• Severe
• Slight
• Frequently
• Infrequently
• Hardly 
possible
• Possible
ƒSeverity: What is to be protected (personnel, environment, machine); 
how severe is the injury to persons (slight, severe, fatal); scope of the 
damage (one or several persons involved).
ƒProbability of occurrence: How often and for how long is the person 
exposed to the hazard (access to a hazardous area is necessary, how 
many persons are involved, the time that they stay in the hazardous 
area); probability that a hazardous situation occurs (accident statistics, 
consideration of similar machines).
ƒAvoidance: What can be done to avoid the particular hazard (trained 
personnel, automation); how quickly does the hazardous situation arise 
(is there time to avoid injury).
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 10/39
Risk assessment
Determining the required category according to EN 954-1
Risk = function of: Severity (S)
Frequency and 
duration (F)
Possibility of
avoiding (P)
Graphic determination: S F P Category
Starting point to assess 
the risk of the safety-
relevant part of the 
control
Category selection
Preferred categories for reference points
Possible categories that require additional measures
Measures that can be over-dimensioned in relation to the risk involved
ƒS1: Slight (reversible) injuries, e.g. bruising, cuts without any complications
S2: Severe injuries, e.g. amputation, death
ƒF1: Infrequent up to often and/or short exposure to the hazard
F2: Frequently up to continuously and/or longer exposure to the hazard No 
generally valid time period can be defined
ƒP1: Possible under certain conditions
P2: Hardly possible
Can the hazard be detected in good time; is the hazard directly visible or only 
indirectly (using displays)
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 11/39
Risk assessment
Determining the required PL acc. to ISO 13849-1
Risk = function of: Severity (S) Frequency and duration (F)
Possibility of
avoiding (P)
Graphic determination : RequiredPerformance Level PL
Low risk
High risk
ƒThe questions are the same as for EN954-1; however, as a result in this case, a 
Performance Level is obtained instead of categories.
ƒEN954-1 has a qualitative and structure-orientated approach, but there is no 
possibility of making a quantitative check (calculation); this can only be done in 
ISO 13849-1.
ƒThe quantitative evaluation is based on the parameters of the components 
involved.
PFHd (Probability of Dangerous Failures per Hour): This is the result of the 
calculation.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 12/39
Risk assessment
Determining the required SIL acc. to IEC 62061
Risk = Severity (S) Probability of the hazard (W)
Frequency and
duration (F)
Possibility of
avoiding (P)+ + +
Probability of occurrence of the damage (Class K)Formula:
Example:
Fault class (K)
S
ev
er
ity
 (S
)
SIL
ƒIf the exposure to the hazard is less than 10 min, then the level may be 
reduced by 1 (exception <1 h, in this case, no reduction is permissible).
ƒIEC61508 also provides SILs (in this case, even up to SIL 4) that are 
identical with these. However, additional measures are required to issue 
a certificate according to IEC 61508.
ƒThis also permits a quantitative evaluation – the result of which is again 
a PFHd value (Probability of Dangerous Failures per Hour).
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 13/39
Risk assessment
Meaning of the categories for EN 954-1
„ The categoriesin EN 954-1 define various requirements placed on the 
implementation and system behavior:
„ This definition of the categories does not sufficiently cover the software aspects, for 
example. Therefore, as of November 2009, EN 954-1 will be replaced by 
EN ISO 13849-1.
Cat. MeasuresDefinition
B
1
2
3
4
Safety-relevant parts of a control must be designed so that 
they can withstand the environmental effects that can be 
expected, e.g. temperature, EMC (basis measures)
Cat. B plus proven technology and principles (over-
dimensioning, positively driven contacts, etc.)
Cat. B plus cyclic test of the system
Cat. B plus detection of a single error, a safe state is 
reached when a fault occurs
Cat. B plus detection of a single fault, no hazard as a result of 
multiple faults or detection of multiple faults
Mainly by 
using “proven 
components”
Mainly by 
using the 
appropriate 
control 
structures
ƒSystem behavior
ƒB: A fault can lead to the loss of the safety function.
ƒ1: As for B, however, a higher degree of reliability.
ƒ2: A fault that has occurred is only detected at the next check.
ƒ3: The safety function is always maintained when an individual fault occurs.
ƒ4: If faults occur, then the safety function is maintained. The faults are detected.
ƒSupplementary information
ƒ3: Several but not all of the faults are detected. The accumulation of faults that 
are not detected can result in the failure of the safety function.
ƒ4: The faults are detected in time to prevent the safety function being lost.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 14/39
Safety level Required reliability of the Measures to achieve
safety system the reliability
SIL PL (in failures/hour)
- PL a 10-5 to 10-4
SIL 1 PL b 3x10-6 to 10-5
SIL 1 PL c 10-6 to 3x10-6
SIL 2 PL d 10-7 to 10-6
SIL 3 PL e 10-8 to 10-7
Use of “proven components”, 
regular function test,
automatic fault detection,
redundant design, redundancy
plus fault detection
„ The SIL and PL safety levels define how reliable a safety system has to be:
Risk assessment
Meaning of the safety levels for IEC 62061 and ISO 13849-1
„ When a safety system is correctly used, its probability of failure is the same as the
probability of a hazard.
„ This means that IEC 62061 and ISO 13849-1 define a quantitative risk and therefore 
go further than EN 954-1.
R
eliability
ƒBoth assessments provide a result where the failure rate permits a 
clear statement regarding the risk; it is defined as to how high the 
probability of a hazard may be.
ƒUsing device-specific parameters, this rate can be calculated 
according to the two standards and therefore permits a statement as to 
whether the implementation of the safety function is sufficient in order 
to achieve the specified safety level.
ƒPLs and SILs can be easily compared with one another, but they 
cannot be considered to be the same.
ƒThe other respective certificate cannot be achieved without applying 
additional measures.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 15/39
Risk assessment
Comparison of EN 954-1, ISO 13849-1 and IEC 62061
Cat. B PL a -
Cat. 1 PL b SIL 1
Cat. 2 PL c SIL 1
Cat. 3 PL d SIL 2
Cat. 4 PL e SIL 3
EN 954-1 ISO 13849-1 IEC 62061
„ SIL and PL are comparable in both directions.
„ SIL and PL are also comparable with the categories of EN 954-1. However, no 
comparison is possible in the other direction, as EN 954-1 only uses a qualitative 
basis. 
ƒSimplified comparison of the different standards.
ƒComparison of EN954-1 with IEC62061 and ISO13849-1 is only 
possible, orientated to the structure. The reason for this is that with 
EN954-1 there is no quantitative basis.
ƒIt is possible to conclude a category from PL or SIL, but not vice 
versa.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 16/39
Risk analysis 
and assessment
Acceptable 
residual risk
Measures to
reduce risk
Machine manufacturer
Acceptable risk
Certificates for safety devices
Safety 
devices
SIL3
■ Safety devices must be tested in accordance with the relevant standards.
■ They then receive a certificate regarding the safety level reached, e.g. SIL 2.
■ TÜV (German Technical Inspectorate), BG/BGIA or other similar testing bodies carry 
out the tests/acceptances.
„ An efficient measure to achieve an acceptable residual risk for the machine is to use 
certified safety devices:
ƒCertified safety devices make the acceptance process easier.
ƒOur drives are certified
e.g. G120 (Cat. 3, SIL2), S120 (Cat. 3, SIL2, PL d)
ƒOther components for detection and processing (logic) also have 
certificates.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 17/39
“Safe” machine 
Acceptance test / proof
„ Before the machine can be marketed and sold, the machine manufacturer must 
prove that it is in full compliance with the applicable directives, e.g. the European 
Machinery Directive.
„ If the machine was designed in accordance with the relevant harmonized standards, 
then this simplifies proof: it is then assumed that the machine fulfills the machine 
directive.
„ When the European Machinery Directive is fulfilled, this is confirmed by the CE 
marking.
„ For machines with special hazards (e.g. presses with manual feed), an external 
testing body must perform the acceptance test.
ƒIf there is full compliance, then the machine manufacturer can apply the 
CE marking to the machine and it can then be exported.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
technology
Legally 
Background
Seite 18/39
Risk analysis 
and assessment
Acceptable
residual risk
Measures 
to reduce risk
Machine
“Safe” machine
Hazard
Hazard
Is specified in the appropriate legislation 
and defined in standards. EN 954-1,
IEC 62061 and ISO 13849-1 are the 
standards that are generally applied. 
The risk itself is determined from the 
severity, probability and the possibility 
of avoiding the risk in the first place. 
Depending on the magnitude of the 
risk, a specific safety level is specified 
for the machine. These safety levels are 
called Category, SIL or PL.
For instance, modified machine design or the use of 
safety technology. The safety devices that are used 
should comply with the required safety level and have 
the appropriate certificates.
Is applicable, when the machine fulfills the required 
safety level. The machine manufacturer must provide 
proof, e.g. by proving that the machine was designed in 
conformance with applicable standard and by testing 
the safety functions on the finished machine.
Legal framework:
Summary
Safety Integrated for 
Sinumerik
Introduction and Basics
Basics Safety technology
Legally Background
Basics Safety Motion Monitoring
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 20/39
Hazards and responses
Hazardous situations
Immediate
danger:
Emergency
Situation:
Response:
Present in the 
equipping area,
low danger
Present in the 
active protective zone,
high danger
Different hazardous situationsrequire different responses
Emergency 
stop
E.g. warning light, 
restricted field of
motion
E.g. limited velocity, 
motion is stopped
Emergency stop would also be possible here, but a 
situation-specific response enables greater productivity
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 21/39
Safety system
The principle of safety systems
A safety system always comprises components for:
Sensors and 
control devices:
Commands, mode, 
state of the machine 
and protective devices
Actuators:
The appropriate 
response is executed
Signal evaluation, 
safe logic:
A hazardous situation 
is identified and the 
appropriate response 
is determined
ƒ Detection ƒ Evaluation ƒ Response
Pushbuttons + sensors Safety relay or Fail-safe 
controller
Contactors, indicators, 
power controllers, etc. 
& ≥1
OFF
ƒ3 subsystems: Detection, evaluation and response.
ƒDetection: can be subdivided into the areas of optical sensors (light 
barriers, light curtains, laser scanners, ...) and switching technology 
(Emergency Stop pushbutton, position switches, ...).
ƒEvaluation: This also includes safety relays (3TK28) and controllers 
with the associated I/O components (DIs, DOs and bus systems); the 
logical interconnection between “detection” and “response” is 
performed here.
ƒResponse: The actuators execute the response; in the simplest case, 
these are lights or contactors; but they also include more complex 
pieces of equipment and devices such as frequency converters 
(including S120).
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 22/39
Safety systems with different structures (using a safety door as example):
Safety level, Category 1: Safety level, Category 4:
Reliability of a safety system
EN 954-1
„ The safety levels in the standards specify how high the probability of a hazard may 
be:
„ EN 954-1 describes structures for safety systems (qualitative) for this
Positively
actuated
K1
2
1
S1
Open
Closed K1
Safety 
circuit
M
K2
Ein
K2
K1
K1
K2
K1
Open
Closed
Safety 
relay
Safety 
circuit
M
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 23/39
Reliability of a safety system
ISO 13849-1 and IEC 62061 
„ IEC 62061 and ISO 13849-1 define the reliability of a safety system quantitatively
using the probability of failure (PFHD = Probability of Dangerous Failure per Hour) or 
MTTFD (Mean Time To Failure dangerous). 
„Manufacturers specify the PFHD values of individual components.
„ The probability of failure of the total system is obtained from the sum of the PFHD
values of the subsystems/components and must be calculated.
Subsystem
detection
Subsystem
response
Subsystem
evaluation
or
Safety system
PFHD PFHD PFHD+ + =
PFHD
total system
ƒStarting from the separation into subsystems, a quantitative variable 
can now be calculated that can be used to make a statement regarding 
PL or SIL.
ƒTo do this, the individual PFHd values of the components must be 
known. Either the manufacturer determines these and then specifies 
them or they must be calculated using other variables. However, this 
will not be discussed in any more detail in this presentation.
ƒS120: The PFHd value depends on the hardware being used (power 
units, encoders, etc.), the topology (number of axes, encoder concept) 
and the type of control (terminals, PROFIsafe, TM54F). Refer to the 
Summary section for values.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 24/39
Reliability of a safety system
Example of the probability of failure 
= <2 x 10-10 + +< 10-9 1.29 x 10-7 1.3 x 10-7
Safety level Reliability of the
safety system
SIL PL (in failures/hour)
- PL a 10-5 to 10-4
SIL 1 PL b 3 x 10-6 to 10-5
SIL 1 PL c 10-6 to 3 x 10-6
SIL 2 PL d 10-7 to 10-6
SIL 3 PL e 10-8 to 10-7
Component:
PFHD :
(manufacturer‘s data)
PFHD total
(calculated)
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 25/39
The implementation
Traditional: External circuit
Detection Evaluation
Distributed 
I/Os
Response
AutomationSafety technology
Conventional bus
Drive
„ External components
(safety relays, contactors, etc.) 
„ Two-channel wiring
Controller
ƒThis is the version that was generally used until now; this was 
because the drives – as actuators – and the controllers did not have 
any integrated safety technology.
ƒUsing this technology, the drive is generally de-energized; it may have 
first been braked along a ramp.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 26/39
Detection
integrated in the
Fail-safe
controller
Distributed 
I/Os with F 
modules
Fail-safe bus
Drive with 
integrated 
safety
Evaluation
Response
„ Controller, drive and I/O modules with 
2-channel processing
„ Fieldbus with fail-safe PROFIsafe protocol
The implementation
Innovative: Integrated safety
automationSafety technology
Safety Integrated
ƒThis is the new version; the advantages are especially substantial if 
safety technology is to be used on many drives and a controller (PLC) 
is required anyway for the normal operator control.
ƒPresently, only PROFIBUS can be used as bus system; PROFIsafe 
via PROFINET will be available in Version 2.6.
ƒIn some cases, sensors can be directly connected to the bus system -
> this further reduces the wiring time and costs.
ƒWith suitable drives (e.g. S120, G120), more safety functions are 
available than the previous STO and SS1.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 27/39
The implementation
Example
The same cabinet with 
integrated safety technology
Cabinet for machines with 
conventional safety technology
Integrated safety reduces the number of components and the wiring time & costs
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 28/39
Safety Integrated means:
„ Less hardware 
„ Reduction of the cabinet volume
„ Faster installation and commissioning
Safety Integrated
Advantages for the machine manufacturer (1/2)
Time and cost saving for every machine that is produced
9 Installation and wiring of the 
safety devices
9 Testing of the function
9 Loading of the safety functions
9 Testing of the function
External components Safety Integrated
ƒFor instance, for the S120 and G120, additional safety functions and 
increased safety by using safety passwords on the drive and controller 
side.
ƒA mixed form is also possible as sensors can in some cases also be 
directly connected to the drives.
ƒHowever: Electrical isolation from the line supply is not possible 
(integrated), i.e. an Emergency off cannot be implemented with the 
integrated functions.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integratedfor Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 29/39
Safety Integrated means:
„ Greater flexibility for expansions and adaptations
„ Faster machine acceptance through certified functions
Safety Integrated
Advantages for the machine manufacturer (2/2)
Greater flexibility, shorter time-to-market
External components Safety Integrated
Drive Drive
Safety function 1
Safety function 2
…
Expansion requires:
9 Selection of a safety device
9Design of the wiring
9Having an external body check 
the implementation
Expansion requires:
9 Activation of the safety functions
9 Proof that the use is in compliance 
with the appropriate standard
SIL ?
SIL2
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 30/39
Safety Integrated
Advantages for the machine operator (1/4)
Simple and optimum adaptation to individual working processes and 
growing safety regulations
Greater flexibility for the machine manufacturer thanks to Safety Integrated
also means the following for machine operator:
„ Special demands can be implemented quicker and at a more favorable cost
„ Simpler adaptation to modified processes and/or regulations
Different working processes and safety regulations
Individual safety concepts
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 31/39
Increased productivity through shorter downtimes
Safety Integrated
Advantages for the machine operator (2/4)
Example:
Setting up during 
productive operation
ƒ Internal safety functions 
prevent the robot encroaching 
on the setting up zone.
ƒ 100% productivity, no lost time 
when setting up or removing 
workpieces
Safety Integrated enables new safety concepts where the machine
„ remains active, but 
„ is safely monitored.
ƒUsing the SLS safety function for instance, an area can be protected 
and production can still be maintained.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 32/39
Greater protection against accidents through less manipulation
Safety Integrated
Advantages for the machine operator (3/4)
„ Most accidents on machines occur because the safety systems are manipulated and 
tampered with. 
„ Safety devices are manipulated in 37% of all German companies. The main reasons for 
this are safety concepts that significantly restrict & obstruct the working process. 
Integrated safety technology offers a significantly higher degree of protection against 
manipulation:
„ Safety concepts that are more practice-related increase the level of acceptance with machine 
operators
„ Safety functions that are internally implemented are better protected against manipulation
Reasons why safety systems 
are manipulated
(Source: Study from the 
Schweizerischen Unfallversicherungs-
anstalt [Swiss accident insurance 
associated], SUVA 2007)
Time is gained
Unsuitable machine
Poor ergonomics
Level of comfort
Ignorance / underestimated risk
Custom 
Does not know
Instructed, tolerated
ƒA high degree of protection against manipulation is provided by the 
safety passwords in the PLC and the drive.
ƒVariable functions suppress the desire to disable protective functions.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 33/39
With Safety Integrated, electro-mechanical components are eliminated, i.e.
„ Service & maintenance is not required – there is no wear
„ Less space required (smaller cabinets)
„ Fewer components and spare parts are required
Safety Integrated
Advantages for the machine operator (4/4)
Lower costs for spare parts inventory and maintenance
Safety IntegratedExternal components
ƒFewer components ->
ƒThere are fewer components to break down or fail and that have to be 
serviced and maintained.
ƒSmaller cabinets are sufficient.
ƒThe number of spare parts that has to be stocked can be reduced.
ƒSimpler error diagnostics as there are fewer error sources.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 34/39
Reliability of the system:
„ EN 954-1 defines specific structures, IEC 62061 and ISO 13849-1 also define the 
maximum permissible failure rates.
„ In order to achieve a specified safety level – SIL or PL – it is necessary to calculate the 
failure rate (PFH) of the complete system.
Sa
fe
ty
 s
ys
te
m
s
Detecting the 
hazardous situation
Principle:
„ Type of hazard:
Electrical, mechanical (motion)
„ Situation:
Emergency, operation (e.g. setting-up)
Hazardous situation Response
„ Depends on the hazardous situation:
Power is completely or partially 
disconnected
Motion is stopped, limited or monitored, …
Detection Evaluation response
Determining the
appropriate response
Executing the
action
Implementation:
„ Using supplementary components and external interconnections or with integrated 
safety technology (Safety Integrated).
„ Safety Integrated changes safety technology: from a necessity, an opportunity is 
provided to increase the productivity
Basics of safety technology:
Summary
Safety Integrated for 
Sinumerik
Introduction and Basics
Basics Safety technology
Legally Background
Basics Safety Motion Monitoring
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 36/39
Stop categories according to IEC 60204-1
For Emergency Stop, a drive can be stopped in various ways.
This is the reason that IEC 60204-1 (2005) defines three stop categories:
Stop category 0:
ƒ The power supply is immediately disconnected
ƒ Either electromechanical or electronic shutdown
ƒ Electrical isolation is not required
Stop category 1
ƒ The drive is electrically braked down to standstill 
ƒ At standstill, the power supply is disconnected
ƒ Either electromechanical or electronic shutdown
ƒ Electrical isolation is not required
Stop category 2
ƒ The drive is electrically braked down to standstill
ƒ At standstill, the power supply is maintained
n
t
Braking Uncontrolled
t
Braking Controlled
n
Coast down Uncontrolled
n
t
Power off
Power
off
Power
remains
Power remains
ƒSafety of machines – electrical equipment installed on machines –
ƒPart 1: General requirements
ƒ(IEC 60204-1:2005, modified);
ƒGerman Edition EN 60204-1:2006
ƒStop cat. 0: Stopping by immediate disconnection of the power supply to the machines / 
drive elements; this does not necessarily have to be performed electro-mechanically; i.e. 
electrical isolation is not mandatory. 
ƒStop cat. 1: Controlled shutdown, whereby the power supply to the machines / drive 
elements is maintained in order to stop the machine;
the power supply is interrupted once the machine has come to a standstill. 
Controlled shutdown: Machine motion is stopped with power supply to the machines / drive 
elements, which is maintained while the machine is coming to a standstill.
ƒStop cat. 2: Controlled shutdown during which the power supply to the machine / drive 
elements is maintained.
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics SafetyMotion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 37/39
Electric shock Unexpected movementDanger:
Emergency
stop
Same pushbutton,
but with different function
Response
in emergency:
Safe disconnection
(electrical isolation)
Safe stop
An action in an emergency to 
stop a process or a 
movement that would result in 
a danger (from EN 60204-1). 
Disconnection of the power 
supply permitted, but not 
required.
An action in an emergency to 
disconnect the power 
supply to the entire or part of 
the installation if there is a 
danger of electric shock (from 
EN 60204-1).
Emergency
off
Command:
(standardized)
Emergency Stop and Emergency Off according to IEC 60204-1
© Siemens AG 2008 - Änderungen vorbehalten
Industry SectorSafety Integrated for Drives
Basics Safety 
Motion Monitoring
Basics Safety 
Technology
Legally 
Background
Seite 38/39
Electronic
shutdown
(no electrical
isolation)
Example for drive 
safety:
A drive is stopped 
according to Stop 
Category 0
„ Traditional: With external interconnection
„ Innovative: Implemented using integrated drive functions:
■ This reduces the number of components and the wiring costs
■ Permits new and more intelligent functions
t
Power off
Implementation of the drive safety functions 
Principle
External Integrated 
Power supply 
External power 
disconnection
External power 
disconnection
External
monitoring
Drive Drive

Outros materiais