Baixe o app para aproveitar ainda mais
Prévia do material em texto
Safety Integrated for Sinumerik Introduction and Basics Basics Safety technology Legally Background Basics Safety Motion Monitoring © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 2/39 Background Hazards as a result of functional faults Functional faults for machines represent a potential hazard for: Man Machine Process This is the reason that machines must have the appropriate level of functional safety. The regulations relating to functional safety are specific to countries and regions. For instance, in the European Union, all machines that are marketed and sold must have the CE marking. With the CE marking, the manufacturers confirm that their machines are in full conformance with the European Machinery Directive. In addition, you can also mention the environment, capital investment (assets) and image. As stated by Werner von Siemens: “Accident prevention should not be seen as part of legislation, but as human responsibility and economic sense”. CE directives are passed by the EC and must be implemented by the member states in their national legislation. Presently, there are approximately 30 directives in the technical area (among others, the Machinery Directive, Low-Voltage Directive, EMC Directive, ...). CE corresponds to a technical passport (this is mandatory for export within the European Union). © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 3/39 Background The European Machinery Directive Machine Risk analysis and assessment Acceptable residual risk Measures to reduce the risk Hazard Hazard The process is specified in the appropriate legislation and defined in standards The European Machinery Directive specifies the following: Before constructing their machines, manufacturers of machines and plants (machinery OEMs) must perform a risk analysis and risk assessment and, if required, take appropriate measures to reduce the risk. Only those machines with acceptable risk levels (safe machines) may be marketed and sold. “Safe” machine Safety: Free of any unjustifiable risks. Risk: Combination of the probability with which damage can occur and the extent of this damage. Objective: To reduce the risk to a justifiable level. Prerequisite for CE marking. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 4/39 With this process, all countries take into account the same basic principles, but the precise regulations for implementation are defined in standards specific to countries and/or regions. The Directives and Standards where the plant or the machine is to be actually used are decisive. The plant or machine manufacturer is responsible in ensuring that the standards are complied with. Modify the machine or process configuration Apply additional measures to reduce dangers and hazards Use of safety technology The magnitude of damage is determined - together with the probability and the ability to avoid the risk Assigned to classes Proved using: Documentation, certificates Machine acceptance test StandardsProcess Implementation Risk analysis and assessment Acceptable residual risk Measures to reduce the risk ! The process - overview Principle of minimizing risks Clarifying the responsibility: The machine manufacturer is responsible for this! © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 5/39 North America: UL, CSA, ANSI Europe: EN Japan: JIS Standards International safety standards The regulations and standards that apply where the machine or plant is to be operated are decisive. e.g. EN 954-1 International: IEC, ISO e.g. IEC 61508, ISO 13849-1, IEC 62061 UL (Underwriters Laboratories): Certification organization for product safety in the USA. CSA (Canadian Standards Association) is a non-governmental organization, that sets rules and standards as well as testing and certifying products with regard to safety. ANSI (American National Standards Institute): US body responsible for drawing up the standards for industrial processes. IEC (International Electrotechnical Commission): This is an international standardization body based in Geneva, Switzerland for standards in the area of electrical and electronic engineering. Some of the standards are developed jointly together with ISO. ISO (International Organisation for Standardization): This organization works out international standards in all areas except electrical and electronic engineering, for which the International Electrotechnical Commission (IEC) is responsible, and telecommunication, for which the International Telecommunication Union (ITU) is responsible. EN (European standards) are rules that have been ratified by one of the three European committees for standardization CEN, CENELEC or ETSI. All EN standards have been produced through a public standardization process. JIS (Japan Industrial Standard): This is comparable with DIN in Germany. DIN Deutsches Institut für Normung e. V. (DIN) is the national standardization organization of Germany, based in Berlin. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 6/39 B1-Normen Allg. Sicherheitsaspekte Standards The classification of EN standards Basic standards Design guidelines and basic terminology for machines TYPE A standards TYPE B standards B2 standards Reference to special protective equipment TYPE C standards Specific safety features of individual machine types (e.g. presses). If a specific standard exists, then it must be applied! Group standards Special standards EN safety standards are hierarchically classified in three groups : e.g. IEC 61508 e.g. EN 954-1 IEC 62061 ISO 13849-1 IEC 60204 e.g. IEC 61800-5-2B1 standards General safety aspects A standards: Basic safety standards; these apply to all machines; they address those that are responsible for drawing-up B and C standards; manufacturers take these into consideration if there is no applicable B/C standard. B standards: Safety standards; include statements that are applicable to several types of (similar) machines – in an identical or similar fashion; they predominantly address those responsible for drawing-up C standards; manufacturers take these into consideration if there is no applicable C standard. B1 standards: For higher-level safety aspects (basics of ergonomics, safety clearances, etc.); are not device-specific. B2 standards: For safety equipment (e.g. Emergency Stop, two-hand control device, ...); are device-specific. C standards: Machine-specific standards (e.g. for machine tools, woodworking machines, etc.); they include machine-specific requirements that under certain circumstances can deviate from A and B standards; they have the highest priority for machine manufactures. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 7/39 Standards The relevant European standards (EN) The Standards that have been established over timein various countries have been harmonized and have been reduced to just a few European standards. The frequently applied EN 954-1 Standard will be replaced by November 2009 after a transition period. The remaining relevant Standards are: EN 61508: ■ Base standard for functional safety (also covers PLCs). EN 62061: ■ Application standard for machine construction. This covers electrical and electronic safety technology. EN ISO 13849-1:■ Application standard for machine construction. Covers electrical, electronic and other technologies (e.g. pneumatics, hydraulics). This replaces EN 954-1. EN 61800-5-2: ■ Product-specific standard for variable-speed electric drives with integrated safety functions. EN 62061 and EN ISO 13849-1 are mostly used to assess the risk for machines. EN 61508 is mostly used to assess the risk for safety devices (e.g. also PLCs). EN 954-1: Specifies categories; however, it does not include any programmable logic (-> only capable with some restrictions); it is not possible to check the result by making a calculation; it will be replaced by ISO 13849-1; harmonized under the Machinery Directive; relevant for machine manufactures. ISO 13849-1: Also includes programmable controllers (specified architectures); provides PLs; during a transition period up to 10/2009, both the 13849-1 and 954-1 Standards may be applied; relevant for machine manufactures. IEC 61508: This is called the base standard for functional safety; it is not harmonized under the Machinery Directive -> there is no assumption of compliance; however, IEC 61508 may still be applied when fulfilling European Directives if there is no applicable harmonized standard – or, if reference is made to IEC 61508 in a harmonized standard; includes PES independent of the architecture; designates the “state-of-the-art technology”; provides SILs (Safety Integrity Levels); this standard is relevant for manufacturers of safety devices. IEC 62061: Harmonized under the Machinery Directive; this is a sector-specific (machine) standard positioned below IEC 61508; includes controllers; provides as result, SILs; relevant for machine manufactures. IEC 61800-5-2: Standard for electric drives; here, for example, the behavior of a machine is defined for STO, SS1, etc. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 8/39 Risk assessment The individual steps ; R is k an al ys is R is k as se ss m en t These steps apply for all standards. The name of the safety levels depends on the specific standard. The limits of the machine are determined Hazards are identified Risk is assessed Risk assessment Safety level Safety level fulfilled? Measures Yes Ö Risk analysis and assessment Acceptable residual risk Measures to reduce risk No © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 9/39 ■ The magnitude of the risk is obtained from: ■ The precise calculation differs depending on the specific standard. ■ Depending on the magnitude of the risk, a certain safety level is required. The designations of the safety levels are as follows: ■ For EN 954-1: Category B, 1 - 4 ■ For ISO 13849-1: Performance Level (PL) a - e ■ For IEC 62061: Safety Integrity Level (SIL) 1 - 3 Risk assessment Risk assessment and safety levels ■ Severity of the possible injury Wie schwer ■ Frequency and/or time exposed to the risk ■ Possibilities of avoiding risk • Severe • Slight • Frequently • Infrequently • Hardly possible • Possible Severity: What is to be protected (personnel, environment, machine); how severe is the injury to persons (slight, severe, fatal); scope of the damage (one or several persons involved). Probability of occurrence: How often and for how long is the person exposed to the hazard (access to a hazardous area is necessary, how many persons are involved, the time that they stay in the hazardous area); probability that a hazardous situation occurs (accident statistics, consideration of similar machines). Avoidance: What can be done to avoid the particular hazard (trained personnel, automation); how quickly does the hazardous situation arise (is there time to avoid injury). © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 10/39 Risk assessment Determining the required category according to EN 954-1 Risk = function of: Severity (S) Frequency and duration (F) Possibility of avoiding (P) Graphic determination: S F P Category Starting point to assess the risk of the safety- relevant part of the control Category selection Preferred categories for reference points Possible categories that require additional measures Measures that can be over-dimensioned in relation to the risk involved S1: Slight (reversible) injuries, e.g. bruising, cuts without any complications S2: Severe injuries, e.g. amputation, death F1: Infrequent up to often and/or short exposure to the hazard F2: Frequently up to continuously and/or longer exposure to the hazard No generally valid time period can be defined P1: Possible under certain conditions P2: Hardly possible Can the hazard be detected in good time; is the hazard directly visible or only indirectly (using displays) © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 11/39 Risk assessment Determining the required PL acc. to ISO 13849-1 Risk = function of: Severity (S) Frequency and duration (F) Possibility of avoiding (P) Graphic determination : RequiredPerformance Level PL Low risk High risk The questions are the same as for EN954-1; however, as a result in this case, a Performance Level is obtained instead of categories. EN954-1 has a qualitative and structure-orientated approach, but there is no possibility of making a quantitative check (calculation); this can only be done in ISO 13849-1. The quantitative evaluation is based on the parameters of the components involved. PFHd (Probability of Dangerous Failures per Hour): This is the result of the calculation. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 12/39 Risk assessment Determining the required SIL acc. to IEC 62061 Risk = Severity (S) Probability of the hazard (W) Frequency and duration (F) Possibility of avoiding (P)+ + + Probability of occurrence of the damage (Class K)Formula: Example: Fault class (K) S ev er ity (S ) SIL If the exposure to the hazard is less than 10 min, then the level may be reduced by 1 (exception <1 h, in this case, no reduction is permissible). IEC61508 also provides SILs (in this case, even up to SIL 4) that are identical with these. However, additional measures are required to issue a certificate according to IEC 61508. This also permits a quantitative evaluation – the result of which is again a PFHd value (Probability of Dangerous Failures per Hour). © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 13/39 Risk assessment Meaning of the categories for EN 954-1 The categoriesin EN 954-1 define various requirements placed on the implementation and system behavior: This definition of the categories does not sufficiently cover the software aspects, for example. Therefore, as of November 2009, EN 954-1 will be replaced by EN ISO 13849-1. Cat. MeasuresDefinition B 1 2 3 4 Safety-relevant parts of a control must be designed so that they can withstand the environmental effects that can be expected, e.g. temperature, EMC (basis measures) Cat. B plus proven technology and principles (over- dimensioning, positively driven contacts, etc.) Cat. B plus cyclic test of the system Cat. B plus detection of a single error, a safe state is reached when a fault occurs Cat. B plus detection of a single fault, no hazard as a result of multiple faults or detection of multiple faults Mainly by using “proven components” Mainly by using the appropriate control structures System behavior B: A fault can lead to the loss of the safety function. 1: As for B, however, a higher degree of reliability. 2: A fault that has occurred is only detected at the next check. 3: The safety function is always maintained when an individual fault occurs. 4: If faults occur, then the safety function is maintained. The faults are detected. Supplementary information 3: Several but not all of the faults are detected. The accumulation of faults that are not detected can result in the failure of the safety function. 4: The faults are detected in time to prevent the safety function being lost. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 14/39 Safety level Required reliability of the Measures to achieve safety system the reliability SIL PL (in failures/hour) - PL a 10-5 to 10-4 SIL 1 PL b 3x10-6 to 10-5 SIL 1 PL c 10-6 to 3x10-6 SIL 2 PL d 10-7 to 10-6 SIL 3 PL e 10-8 to 10-7 Use of “proven components”, regular function test, automatic fault detection, redundant design, redundancy plus fault detection The SIL and PL safety levels define how reliable a safety system has to be: Risk assessment Meaning of the safety levels for IEC 62061 and ISO 13849-1 When a safety system is correctly used, its probability of failure is the same as the probability of a hazard. This means that IEC 62061 and ISO 13849-1 define a quantitative risk and therefore go further than EN 954-1. R eliability Both assessments provide a result where the failure rate permits a clear statement regarding the risk; it is defined as to how high the probability of a hazard may be. Using device-specific parameters, this rate can be calculated according to the two standards and therefore permits a statement as to whether the implementation of the safety function is sufficient in order to achieve the specified safety level. PLs and SILs can be easily compared with one another, but they cannot be considered to be the same. The other respective certificate cannot be achieved without applying additional measures. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 15/39 Risk assessment Comparison of EN 954-1, ISO 13849-1 and IEC 62061 Cat. B PL a - Cat. 1 PL b SIL 1 Cat. 2 PL c SIL 1 Cat. 3 PL d SIL 2 Cat. 4 PL e SIL 3 EN 954-1 ISO 13849-1 IEC 62061 SIL and PL are comparable in both directions. SIL and PL are also comparable with the categories of EN 954-1. However, no comparison is possible in the other direction, as EN 954-1 only uses a qualitative basis. Simplified comparison of the different standards. Comparison of EN954-1 with IEC62061 and ISO13849-1 is only possible, orientated to the structure. The reason for this is that with EN954-1 there is no quantitative basis. It is possible to conclude a category from PL or SIL, but not vice versa. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 16/39 Risk analysis and assessment Acceptable residual risk Measures to reduce risk Machine manufacturer Acceptable risk Certificates for safety devices Safety devices SIL3 ■ Safety devices must be tested in accordance with the relevant standards. ■ They then receive a certificate regarding the safety level reached, e.g. SIL 2. ■ TÜV (German Technical Inspectorate), BG/BGIA or other similar testing bodies carry out the tests/acceptances. An efficient measure to achieve an acceptable residual risk for the machine is to use certified safety devices: Certified safety devices make the acceptance process easier. Our drives are certified e.g. G120 (Cat. 3, SIL2), S120 (Cat. 3, SIL2, PL d) Other components for detection and processing (logic) also have certificates. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 17/39 “Safe” machine Acceptance test / proof Before the machine can be marketed and sold, the machine manufacturer must prove that it is in full compliance with the applicable directives, e.g. the European Machinery Directive. If the machine was designed in accordance with the relevant harmonized standards, then this simplifies proof: it is then assumed that the machine fulfills the machine directive. When the European Machinery Directive is fulfilled, this is confirmed by the CE marking. For machines with special hazards (e.g. presses with manual feed), an external testing body must perform the acceptance test. If there is full compliance, then the machine manufacturer can apply the CE marking to the machine and it can then be exported. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety technology Legally Background Seite 18/39 Risk analysis and assessment Acceptable residual risk Measures to reduce risk Machine “Safe” machine Hazard Hazard Is specified in the appropriate legislation and defined in standards. EN 954-1, IEC 62061 and ISO 13849-1 are the standards that are generally applied. The risk itself is determined from the severity, probability and the possibility of avoiding the risk in the first place. Depending on the magnitude of the risk, a specific safety level is specified for the machine. These safety levels are called Category, SIL or PL. For instance, modified machine design or the use of safety technology. The safety devices that are used should comply with the required safety level and have the appropriate certificates. Is applicable, when the machine fulfills the required safety level. The machine manufacturer must provide proof, e.g. by proving that the machine was designed in conformance with applicable standard and by testing the safety functions on the finished machine. Legal framework: Summary Safety Integrated for Sinumerik Introduction and Basics Basics Safety technology Legally Background Basics Safety Motion Monitoring © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 20/39 Hazards and responses Hazardous situations Immediate danger: Emergency Situation: Response: Present in the equipping area, low danger Present in the active protective zone, high danger Different hazardous situationsrequire different responses Emergency stop E.g. warning light, restricted field of motion E.g. limited velocity, motion is stopped Emergency stop would also be possible here, but a situation-specific response enables greater productivity © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 21/39 Safety system The principle of safety systems A safety system always comprises components for: Sensors and control devices: Commands, mode, state of the machine and protective devices Actuators: The appropriate response is executed Signal evaluation, safe logic: A hazardous situation is identified and the appropriate response is determined Detection Evaluation Response Pushbuttons + sensors Safety relay or Fail-safe controller Contactors, indicators, power controllers, etc. & ≥1 OFF 3 subsystems: Detection, evaluation and response. Detection: can be subdivided into the areas of optical sensors (light barriers, light curtains, laser scanners, ...) and switching technology (Emergency Stop pushbutton, position switches, ...). Evaluation: This also includes safety relays (3TK28) and controllers with the associated I/O components (DIs, DOs and bus systems); the logical interconnection between “detection” and “response” is performed here. Response: The actuators execute the response; in the simplest case, these are lights or contactors; but they also include more complex pieces of equipment and devices such as frequency converters (including S120). © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 22/39 Safety systems with different structures (using a safety door as example): Safety level, Category 1: Safety level, Category 4: Reliability of a safety system EN 954-1 The safety levels in the standards specify how high the probability of a hazard may be: EN 954-1 describes structures for safety systems (qualitative) for this Positively actuated K1 2 1 S1 Open Closed K1 Safety circuit M K2 Ein K2 K1 K1 K2 K1 Open Closed Safety relay Safety circuit M © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 23/39 Reliability of a safety system ISO 13849-1 and IEC 62061 IEC 62061 and ISO 13849-1 define the reliability of a safety system quantitatively using the probability of failure (PFHD = Probability of Dangerous Failure per Hour) or MTTFD (Mean Time To Failure dangerous). Manufacturers specify the PFHD values of individual components. The probability of failure of the total system is obtained from the sum of the PFHD values of the subsystems/components and must be calculated. Subsystem detection Subsystem response Subsystem evaluation or Safety system PFHD PFHD PFHD+ + = PFHD total system Starting from the separation into subsystems, a quantitative variable can now be calculated that can be used to make a statement regarding PL or SIL. To do this, the individual PFHd values of the components must be known. Either the manufacturer determines these and then specifies them or they must be calculated using other variables. However, this will not be discussed in any more detail in this presentation. S120: The PFHd value depends on the hardware being used (power units, encoders, etc.), the topology (number of axes, encoder concept) and the type of control (terminals, PROFIsafe, TM54F). Refer to the Summary section for values. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 24/39 Reliability of a safety system Example of the probability of failure = <2 x 10-10 + +< 10-9 1.29 x 10-7 1.3 x 10-7 Safety level Reliability of the safety system SIL PL (in failures/hour) - PL a 10-5 to 10-4 SIL 1 PL b 3 x 10-6 to 10-5 SIL 1 PL c 10-6 to 3 x 10-6 SIL 2 PL d 10-7 to 10-6 SIL 3 PL e 10-8 to 10-7 Component: PFHD : (manufacturer‘s data) PFHD total (calculated) © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 25/39 The implementation Traditional: External circuit Detection Evaluation Distributed I/Os Response AutomationSafety technology Conventional bus Drive External components (safety relays, contactors, etc.) Two-channel wiring Controller This is the version that was generally used until now; this was because the drives – as actuators – and the controllers did not have any integrated safety technology. Using this technology, the drive is generally de-energized; it may have first been braked along a ramp. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 26/39 Detection integrated in the Fail-safe controller Distributed I/Os with F modules Fail-safe bus Drive with integrated safety Evaluation Response Controller, drive and I/O modules with 2-channel processing Fieldbus with fail-safe PROFIsafe protocol The implementation Innovative: Integrated safety automationSafety technology Safety Integrated This is the new version; the advantages are especially substantial if safety technology is to be used on many drives and a controller (PLC) is required anyway for the normal operator control. Presently, only PROFIBUS can be used as bus system; PROFIsafe via PROFINET will be available in Version 2.6. In some cases, sensors can be directly connected to the bus system - > this further reduces the wiring time and costs. With suitable drives (e.g. S120, G120), more safety functions are available than the previous STO and SS1. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 27/39 The implementation Example The same cabinet with integrated safety technology Cabinet for machines with conventional safety technology Integrated safety reduces the number of components and the wiring time & costs © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 28/39 Safety Integrated means: Less hardware Reduction of the cabinet volume Faster installation and commissioning Safety Integrated Advantages for the machine manufacturer (1/2) Time and cost saving for every machine that is produced 9 Installation and wiring of the safety devices 9 Testing of the function 9 Loading of the safety functions 9 Testing of the function External components Safety Integrated For instance, for the S120 and G120, additional safety functions and increased safety by using safety passwords on the drive and controller side. A mixed form is also possible as sensors can in some cases also be directly connected to the drives. However: Electrical isolation from the line supply is not possible (integrated), i.e. an Emergency off cannot be implemented with the integrated functions. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integratedfor Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 29/39 Safety Integrated means: Greater flexibility for expansions and adaptations Faster machine acceptance through certified functions Safety Integrated Advantages for the machine manufacturer (2/2) Greater flexibility, shorter time-to-market External components Safety Integrated Drive Drive Safety function 1 Safety function 2 … Expansion requires: 9 Selection of a safety device 9Design of the wiring 9Having an external body check the implementation Expansion requires: 9 Activation of the safety functions 9 Proof that the use is in compliance with the appropriate standard SIL ? SIL2 © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 30/39 Safety Integrated Advantages for the machine operator (1/4) Simple and optimum adaptation to individual working processes and growing safety regulations Greater flexibility for the machine manufacturer thanks to Safety Integrated also means the following for machine operator: Special demands can be implemented quicker and at a more favorable cost Simpler adaptation to modified processes and/or regulations Different working processes and safety regulations Individual safety concepts © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 31/39 Increased productivity through shorter downtimes Safety Integrated Advantages for the machine operator (2/4) Example: Setting up during productive operation Internal safety functions prevent the robot encroaching on the setting up zone. 100% productivity, no lost time when setting up or removing workpieces Safety Integrated enables new safety concepts where the machine remains active, but is safely monitored. Using the SLS safety function for instance, an area can be protected and production can still be maintained. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 32/39 Greater protection against accidents through less manipulation Safety Integrated Advantages for the machine operator (3/4) Most accidents on machines occur because the safety systems are manipulated and tampered with. Safety devices are manipulated in 37% of all German companies. The main reasons for this are safety concepts that significantly restrict & obstruct the working process. Integrated safety technology offers a significantly higher degree of protection against manipulation: Safety concepts that are more practice-related increase the level of acceptance with machine operators Safety functions that are internally implemented are better protected against manipulation Reasons why safety systems are manipulated (Source: Study from the Schweizerischen Unfallversicherungs- anstalt [Swiss accident insurance associated], SUVA 2007) Time is gained Unsuitable machine Poor ergonomics Level of comfort Ignorance / underestimated risk Custom Does not know Instructed, tolerated A high degree of protection against manipulation is provided by the safety passwords in the PLC and the drive. Variable functions suppress the desire to disable protective functions. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 33/39 With Safety Integrated, electro-mechanical components are eliminated, i.e. Service & maintenance is not required – there is no wear Less space required (smaller cabinets) Fewer components and spare parts are required Safety Integrated Advantages for the machine operator (4/4) Lower costs for spare parts inventory and maintenance Safety IntegratedExternal components Fewer components -> There are fewer components to break down or fail and that have to be serviced and maintained. Smaller cabinets are sufficient. The number of spare parts that has to be stocked can be reduced. Simpler error diagnostics as there are fewer error sources. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 34/39 Reliability of the system: EN 954-1 defines specific structures, IEC 62061 and ISO 13849-1 also define the maximum permissible failure rates. In order to achieve a specified safety level – SIL or PL – it is necessary to calculate the failure rate (PFH) of the complete system. Sa fe ty s ys te m s Detecting the hazardous situation Principle: Type of hazard: Electrical, mechanical (motion) Situation: Emergency, operation (e.g. setting-up) Hazardous situation Response Depends on the hazardous situation: Power is completely or partially disconnected Motion is stopped, limited or monitored, … Detection Evaluation response Determining the appropriate response Executing the action Implementation: Using supplementary components and external interconnections or with integrated safety technology (Safety Integrated). Safety Integrated changes safety technology: from a necessity, an opportunity is provided to increase the productivity Basics of safety technology: Summary Safety Integrated for Sinumerik Introduction and Basics Basics Safety technology Legally Background Basics Safety Motion Monitoring © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 36/39 Stop categories according to IEC 60204-1 For Emergency Stop, a drive can be stopped in various ways. This is the reason that IEC 60204-1 (2005) defines three stop categories: Stop category 0: The power supply is immediately disconnected Either electromechanical or electronic shutdown Electrical isolation is not required Stop category 1 The drive is electrically braked down to standstill At standstill, the power supply is disconnected Either electromechanical or electronic shutdown Electrical isolation is not required Stop category 2 The drive is electrically braked down to standstill At standstill, the power supply is maintained n t Braking Uncontrolled t Braking Controlled n Coast down Uncontrolled n t Power off Power off Power remains Power remains Safety of machines – electrical equipment installed on machines – Part 1: General requirements (IEC 60204-1:2005, modified); German Edition EN 60204-1:2006 Stop cat. 0: Stopping by immediate disconnection of the power supply to the machines / drive elements; this does not necessarily have to be performed electro-mechanically; i.e. electrical isolation is not mandatory. Stop cat. 1: Controlled shutdown, whereby the power supply to the machines / drive elements is maintained in order to stop the machine; the power supply is interrupted once the machine has come to a standstill. Controlled shutdown: Machine motion is stopped with power supply to the machines / drive elements, which is maintained while the machine is coming to a standstill. Stop cat. 2: Controlled shutdown during which the power supply to the machine / drive elements is maintained. © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics SafetyMotion Monitoring Basics Safety Technology Legally Background Seite 37/39 Electric shock Unexpected movementDanger: Emergency stop Same pushbutton, but with different function Response in emergency: Safe disconnection (electrical isolation) Safe stop An action in an emergency to stop a process or a movement that would result in a danger (from EN 60204-1). Disconnection of the power supply permitted, but not required. An action in an emergency to disconnect the power supply to the entire or part of the installation if there is a danger of electric shock (from EN 60204-1). Emergency off Command: (standardized) Emergency Stop and Emergency Off according to IEC 60204-1 © Siemens AG 2008 - Änderungen vorbehalten Industry SectorSafety Integrated for Drives Basics Safety Motion Monitoring Basics Safety Technology Legally Background Seite 38/39 Electronic shutdown (no electrical isolation) Example for drive safety: A drive is stopped according to Stop Category 0 Traditional: With external interconnection Innovative: Implemented using integrated drive functions: ■ This reduces the number of components and the wiring costs ■ Permits new and more intelligent functions t Power off Implementation of the drive safety functions Principle External Integrated Power supply External power disconnection External power disconnection External monitoring Drive Drive
Compartilhar