Safety of machinery - Integrity assessment of safety-related control systems
MetadataVis full innførsel
This project had two phases. The first phase was of an exploring nature and had as main objectives to (1) give an introduction to the machinery directive, its structure, and main safety requirements with special focus on requirements regarding safety-related control systems, to (2) give an introduction to functional safety, to (3) present the two competing standards IEC 62061 and ISO 13849, highlighting their similarities and differences, and to (4) present current issues within the design of reliable and safe control system for machinery. The second phase focused on current issues within the design of reliable and safe control systems for machinery. It had as main objectives to (1) give an in-depth analysis of the issue regarding safety-functions that operate in continuous mode and to (2) present concepts and solutions that might be used to resolve the issues regarding safety-functions that operate in continuous mode. Phase one:The Machinery Directive 2006/42/EC is European legislation that promotes free movement of machinery within the EU and guarantees a high level of protection of the EU workers and citizens. It does this by dictating essential health and safety requirements relating to the design and construction of machinery. It is the manufacturer s responsibility to assess if the machinery meets the requirements from the Machinery Directive. Guidance on how to meet the requirements from the Machinery Directive is provided by harmonized standards. During the project, the standards have been analysed. It is concluded that at the core of achieving safety of machinery lies a risk based approach. This risk based approach is described in the standard ISO 12100:2010; "Safety of machinery - General principles for design - Risk assessment and risk reduction". It specifies principles of risk assessment and risk reduction. The part of machine safety which depends on the correct functioning of active control and safety systems is called functional safety. Control systems that contribute to functional safety are in general referred to as safety-related control systems. These systems provide the required risk reduction and are an integral subset of the machine. The Machinery Directive imposes requirements regarding the safety and reliability of control systems. ISO 13849-1: "Safety of machinery - Safety-related parts of control systems" and IEC 62061: "Safety of machinery- Functional safety of safety-related electrical, electronic and programmable electronic control systems", specify requirements for the design and implementation of safety-related control systems. ISO 13849-1 introduces the concept of Performance levels (PL) and the IEC 62061 adopts the concept of Safety Integrity Levels (SIL). Both concepts are studied and it shows that both concepts use methods and tools to establish the risk that needs to be reduced, and give guidance and requirements on designing systems that shall reduce the risk. Some oddities within the standards are researched and explored. It is concluded that, although the standards might show guidance, the designer of the control system needs to assess whether they are applicable on the system at hand. Throughout the first phase of the project it became clear that in both standards the phenomenon of basic control systems that conduct safety-related control functions that operate in continuous mode (SRCFcont.) is underexposed. SRCFcont. means that the function is continuously controlling the machinery. Their failure results in a hazardous event that may lead to harm. Phase two:To reduce risk of a certain hazardous event, it is common practice to add safety barriers (safety functions) to machinery. Throughout the second phase of the project it became apparent that incremental adding of safety barriers as promoted in the ISO 12100, ISO 13849-1 and IEC 62061, leads to inaccurate safety integrity assessments of safety barrier sequences that consist out of at least one SRCFcont. This may lead to inaccurate reliability requirements for barriers during the design of such barrier sequences.To develop a method that results in a more accurate safety integrity assessment of such sys- tems, this thesis proposes an integral approach. Instead of assessing the safety integrity of each individual safety barrier in the sequence, the safety integrity of the full barrier sequence is assessed. The approach is based on modelling the full barrier sequence and establishing the value of the risk metric "Hazardous event frequency" (HEF). Once the HEF is found, this can be eval- uated if this HEF is deemed to be acceptable or not.During the project a model of such a system is constructed. It does not yet include common cause failures nor is it checked. The model is therefore not completed nor validated. Still, initial simulation shows plausible results and it is a promising start for further research into completing the integral method.