Modern Safety Systems Technology Utilization Presentation Chris - - PowerPoint PPT Presentation

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Chris Brogli - Ross Controls Global VP of Safety Business Development Manager chris.brogli@rosscontrols.com 1-859-595-9630

Modern Safety Systems Technology Utilization Presentation

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

This morning we outlined the requirements of implementing fluid power safety solutions. Now we are going to dig a little deeper into how its done.

X

Remember we said that IEC62061 was intended for electrical, electronic and programmable electronic equipment. It can’t be used when fluid power safety is required. We are going to spend some time looking at each step in the process because most people don’t understand how to assess, select and implement fluid power safety solutions.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

In Europe the Machinery Directive defines the safety requirements that must be followed!

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Directives = Laws & Standards = Regulations

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Standards define the technical specifications that must be followed!

For access to the norms use IHS Standards (access see Peter Blanchard

• r Kerry White)

IHS Standards :

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

The safety standards in Europe are called Functional Safety Standards

Safety exists in order to protect.... Functional Safety looks at how well the safety system needs to function/perform! People and Machines!

This is where the term safety functions come from. Remember we talked about structure, reliability & diagnostics.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

There are 3 levels of standards! Type A, B & C

• Two examples we will discuss are:

– North America – OSHA Requirements – European – Machinery Directive Requirements

• There are three types of Standards

– “A” Standards (Basic Standards)

• basic concepts
• principles for design
• general aspects

– “B” Standards (Application Standards)

• B1 - safety distances, surface

temps, noise

• B2 - components or devices

– “C” Standards (Specific Machine Standards)

• Vertical standards covering a

single type of machine or group of machines.

• Use A and B standards to create C

standards.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

European/International Standards - EN, ISO and IEC

Type A General Requirements & Principles

ISO 12100 Safety of machinery. Basic terminology and methodology ISO TR14121-2 Safety of machinery — Risk assessment — Part 2: Practical guidance and examples of methods

Type B Specific Technology Requirements

ISO 13849-1 - Safety related parts of control systems IEC 62061 - Functional safety of electrical, electronic and programmable electronic control systems IEC 60204-1 - Safety of machinery and Electrical Equipment

EXAMPLES:

Type C Machine Specific Requirements

EN1114 –Machines for rubber and plastic materials – Extruders – Safety Prescriptions EN12013 – Machines for rubber and plastic materials – Internal Mixers – Safety Prescriptions

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

The Machinery Directive says that risk assessments have to be done!

ANNEX I

Essential health and safety requirementsrelating to the design and construction of machinery

GENERAL PRINCIPLES

• 1. The manufacturer of machinery or his authorized representative must ensure that a risk

assessment is carried out in order to determine the health and safety requirements which apply to the machinery. The machinery must then be designed and constructed taking into account the results of the risk assessment.

9

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

I like to think of safety as a lifecycle…..

• 5. Maintain

& Improve

• 1. Assessment
• 4. Installation

& Validation

• 2. Functional

Requirement Specification

• 3. Design, Selection & Verification

The Machinery Safety Life-cycle!

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Remember we said that the first part of ISO12100

• utlines the risk assessment process.

Determine the Limits Identify the Hazards Estimate the Risk Evaluate the Risk

Assessment

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Since harm can come from multiple sources in each mode of operation.

• Each mode should be evaluated

– Auto/Manual/Jogging/Threading

• Each type of task should be evaluated

– Production – Loading/Unloading/Adjusting – Set-up – Change-overs/Teaching – Maintenance – Service/Repairs/Replacement/Lube – Material Handling – Loading/Unloading – Sanitation – Cleaning/Washing

Every mode and every task must be evaluated in order to identify all of the hazards.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

The reason for using a multi-functional team to ensure identification of all hazards.

On average, 60 to 70% of all injuries happen outside normal production activities! The problem is that most assessments only evaluate automatic or normal operations.

Source: International Labor Organization

OSHA did a similar study and showed similar results.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Yesterday we said that we should use the ISO13849 when designing fluid power safety solutions so we are going to do the assessment according to ISO13849.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Let’s assume that we are evaluating a hydraulic metal forming press that punches holes in sheets of steel.

The injury would be an amputation if you were caught in the press. The press has to be loaded & unloaded every 15 seconds. The press moves at a speed of less than 250mm/sec. This would result in a Required Performance Level

• f d (PLd)

+ + =

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

A step that many companies skip is mapping the job tasks to determine where they fall. This will help in the development of the specification. Maintenance, service and repair tasks require the use of Lock-out & Tag-out. Minor servicing tasks that are routine, repetitive and integral to the operation of the equipment can use alternative methods of control. Normal machine operations can use safeguarding methods. Most risk assessments do not identify and categorize risks associated with job tasks. They simple identify and quantify risk levels.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

This is an example of how a “Best in Class” company is mapping their job tasks to identify where they fall in order to understand how to treat them! Machine Maintenance, Service & Repair Tasks

• Regulation: Lock-out / Tag-out or

Energy Isolation

• Requirement: Release stored energy
• Tasks: Service and Maintenance

Normal Production Operations

• Regulation: Machine Guarding or

alternative protection means

• Requirement: Protect operators from

machine production hazards

• Tasks: Operator Interaction for Regular

Machine Production

Minor servicing must be routine, repetitive and integral to the operation of the system. Minor Servicing Activities

• minor jams, minor tool changes & adjustments, exchange
• Regulation: Machine Guarding, alternative protection means and

procedures

• Requirement: Protect operators from machine production hazards

when performing minor servicing

• Tasks: Minor servicing such as clearing f work piece, etc.

Minor Service Exception to Lockout Tagout Must provide alternative Measures that offer effective protection

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Step 2 is developing the functional specification that determines how the machine will operate.

• 5. Maintain

& Improve

• 1. Assessment
• 4. Installation

& Validation

• 2. Functional

Requirement Specification

• 3. Design, Selection & Verification

The Machinery Safety Life-cycle!

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

This is where the Second part of the ISO1200 and ANSI B11.0 come into play.

Reduction by Design Measures Reduction by Guarding Reduction by Safeguards Reduction by Information

Risk Reduction

19

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Elimination Fixed Guarding Engineered Safeguards Awareness Means, Training and Procedures (Administrative) Personal protective equipment

Hierarchy of Protective Measures

They are mapping the tasks and are using the hierarchy of risk reduction measure to determine the best solutions.

20

Many people say that LOTO is a form of elimination because it eliminates energy!

DEFEATIBILITY Elimination Engineered Safeguards Administrative Controls Warning PPE Fixed Guarding

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Let’s look at the risk reduction hierarchy in common terms.

Elimination Guarding & Access Control Awareness (Signs/Training/Procedures ) PPE Original Hazard

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Lock-out & Tag-out (LOTO) is used for repairs and servicing activities and prevents unexpected start-up. (Elimination)

LOTO Requirements from ISO14118 & OSHA CFR 29/Part1910/Subpart J

• Employers should:
• Create a program and establish procedures that foster a safe working

environment.

• In the case of lock-out/tag-out compliance, any program must

include procedures for the attachment of a suitable lockout or tagout apparatus to energy-isolating devices. In addition, OSHA requires

• Educate all affected workers are aware of energy control systems and

procedures.

• Conduct periodic inspection of programs and procedures involving

energy control.

• The program should:

– Identify when lock-out and tag-out is necessary! – Identify the energy sources to be locked out & tagged out! – Provide the necessary lock-out & tag-out procedures! – Provide the necessary lock-out & tag-out hardware/devices! – Provide lock-out & tag-out training for employees and contractors! – Complete periodic inspections of the programs, procedures and hardware!

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Procedures have to be written & documented and many companies are adding pictures to improve the process.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Where do LOX valves go on the machine?

ROSS LOX Valve Basics

• They go on the air supply line coming to the machine.
• They go before any other pneumatic devices.
• They are used for control of hazardous energy for machine

servicing & repairs to protect maintenance personnel.

Don’t worry about how complex the machine is or how many pneumatic devices there are! All you need to look for is the incoming air supply line. The first devices should be a Lock-out/Tag-out device. The Global Leader in Fluid Power Safety Solutions

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Where would you use a hydraulic LOX Valve?

Hydraulic LOX Valve Basics

• The LOX valve goes in the

hydraulic supply line immediately after the pump and before any valves or actuating devices.

• They are used for control of

hazardous energy for maintenance and service activities.

What to look for:

1. Find the hydraulic pump and the line leaving the pump and trace the piping/tubing. 2. The first thing in the line should be the LOTO valve. 3. The second the second will be a safe Block & Bleed valve or standard control valves. 4. If the standard control valves are the first thing you see you should suggest that a LOTO valve be implemented.

The Global Leader in Fluid Power Safety Solutions

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

The hydraulic LOX valve should go after the hydraulic pressure pump and before any control and monitoring devices.

Special considerations for hydraulic systems with accumulators:

• Do you want the accumulator to drain

during a LOTO event?

• Can you main tank handle that volume
• f fluid?
• Do you want to shut down the entire

system or part of the system?

• Is there a possibility of stored energy in

the system at LOTO?

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

The standards identify 2 Types of Guarding (Separating & Non-Separating)

27

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Separating Guard Requirements

Any moveable guard requires utilization of an interlocking device.

28

(EN-ISO14120 Standard)

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Interlock Requirements & Definitions

29

We need to step back here because we are now starting to design a safeguarding solution.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Step 3 is where we start selecting solutions & devices and we start verifying the design!

• 5. Maintain

& Improve

• 1. Assessment
• 4. Installation

& Validation

• 2. Functional

Requirement Specification

• 3. Design, Selection & Verification

The Machinery Safety Life-cycle!

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

When selecting and engineering safeguards we need to identify the safeguarding method and need to design it to meet the required Performance level PLr

Identify the required Safety Functions (SF) Define the characteristics of each SF Define the PLr of each SF Calculate the systems reliability, diagnostic coverage and CCF and select a structure to determine the Performance Level that was achieved achieved (Pla) Identify the components to be used in each SF Determine if the PLr = PLa are equal or greater, if not redesign. Test the safety function once installed to prove that it met the requirements of the risk assessment. This should be a documented test process.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Identify the safety Function that is to be used. Remember this from this morning!

The ones circled in red apply to fluid power safety as well. The following slides will show how these are used in modern safety solutions.

Elimination Safeguard Safeguard Safeguard

Parameterized Safeguards

Safeguard

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Identify the components to be used in each SF

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Non-separating Protective Measures

34

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Now we are going to discuss non-separating protective equipment!

35

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

All of these input devices have specific requirements and standards as shown below! All input devices must be installed in accordance with these standards and to manufacturers instructions!

36

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

The Safety Logic System is the heart of the safety system!

• Safety systems are typically made up of input, logic and output
• devices. The logic device monitors inputs, controls outputs and

does diagnostic checks on the components in the system!

37

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Logic systems come in a variety of options ranging from simple relay to complex controllers.

• Considerations when selecting which product

would be based on system complexity, needed functionality and overall systems needs (Standard control/motion control and safety control).

Relays Configurable Relays & Controllers Safety PLC’s

38

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

The Safety output devices control the sources of hazardous energy!

• Safety output devices isolate/turn off the devices that

are likely to cause harm/injury to personnel!

39 39 Note the output might also be fluid power related and will require safety rated valves.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Performance Levels are made up of 4 components/attributes!

40

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

When we determine that we needed a safeguarding solution we need to combine it to meet the system performance that determined in the risk assessment.

Inputs Logic Outputs

+ + =

Complete Safety Function Safety Functions are the result of the combination of input, logic and output components/hardware!

The sources of energy may include fluid power!

41

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

For example: Selecting S2 + F2 + P1 tells us that we have to design our safety solutions to meet Performance Level d.

42

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Evaluate PL by examining the 4 attributes!

L H M B 2 1 3 4

I don’t expect you to completely understand this but you should know enough to ask for the final design verification calculations to prove that the system was done correctly.

43

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Architecture Types (Categories)

Indicates monitoring on demand Indicates continuous monitoring

44

I don’t expect you to understand how to determine a Category but you need to know enough to ask.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Cat2 circuits are single circuits with safety rated input, logic and output devices.

A number of machine have significant risk so Cat2 circuits cannot be used.

The Pneumatic valve must have monitoring capabilities for diagnostic feedback.

45

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Most Goodyear machines use dual channel circuits which are Cat 3 or Cat 4 depending on their capabilities.

Indicates monitoring on demand Indicates continuous monitoring

46

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

A typical Goodyear circuit is a dual channel Cat 3 or Cat 4 as shown below!

Cat 3 & 4 systems have dual channels so that a single fault does not lead to the loss of safety function.

47

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

L H M B 2 1 3 4

System Reliability

Next we will evaluate the reliability of the selected components.

48

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Reliability is listed in terms of MTTFd or B10d by most manufacturers!

49

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Table C.1 of ISO13849-1 has default data for MTTFd and B10d for a number of technologies. We use this table when there is no published data on a device/product!

50

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Calculations example for MTTFd

• MTTFd: The B10d value of 2,000,000 cycles [manufacturer’s value] is stated for the

mechanical part of LS1 and LS2. At 360 working days per year, 16 working hours per day and a cycle time of 300 seconds (5 minutes), nop is 69,120 cycles per year for these components.

Noted: (calculated by using equations C.2 and C.7. per ISO 13849-1)

y cycles cycle s h s d h y d 69120 300 3600 16 360 =  

y y cycles cycles n B MTTF

• p

d LS d

289 69120 1 . 2000000 1 .

10 2 1 ,

=  =  =

−

y y cycles cycles n B T

• p

d LS d

9 . 28 69120 2000000

10 2 1 , 10

= = =

−

51

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

The Reliability Ranges as defined by ISO13849!

Denotation of MTTFd Level of MTTFd low 3 years  MTTFd < 10 years medium 10 years  MTTFd < 30 years high 30 years  MTTFd < 100 years

D = 1/MTTFd

• MTTFd = Mean Time to dangerous Failure
• Average value of the operating time without dangerous failure in one channel
• Statistical value, no guaranteed lifetime!

52

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

L H M B 2 1 3 4

Diagnostic Coverage

53

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Diagnostic Estimation Annex E from ISO13849-1

54

54

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Classification of the Quality of the Diagnostic Measures – (DC)

dangerous, remains undetected (du) Failure safe (s) dangerous (d) dangerous, but detected before it can result in a hazard (dd)

DC =

Failure rate of the detected dangerous failures (dd) Failure rate of all dangerous failures (d)

Denotation of DC Level of DC None DC < 60% Low 60%  DC < 90% Medium 90%  DC < 99% High 99%  DC

All products fail and we need to know how well we can detect the dangerous failures!

55

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Estimation of the Quality of the Measures for Failure Detection (DC)

• Identification of all online-tests and diagnostics
• DC values for each measure from Annex E of ISO13849-2
• If diagnosis is not contained in Annex E, look in IEC 61508-2 tables A.2 – A.15
• If diagnosis is not contained in IEC 61508-2, estimate the diagnostic coverage DC
• Calculation of the average DC (DCavg) using the formula in E.2 (Interpolation)
• Denotation (classification) of quality of the measures for failure detection (DC) via

table 4

dO dL dI dO O dL L dI I avg

MTTF MTTF MTTF MTTF DC MTTF DC MTTF DC DC 1 1 1 + + + + =

56

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Calculation of the average DCavg using the formula:

% 3 . 73 269 1 70 1 40 1 269 % 99 70 % 90 40 % 60 1 1 1

1 1 1 1 1 1

= + + + + = + + + + = years years years years years years MTTF MTTF MTTF MTTF DC MTTF DC MTTF DC DC

dO dL dI dO A dL L dI E avg

DC Average Determination Example

Input 1 Logic 1 Output 1

DC = 60 % MTTFdI = 40 years DC = 90 % MTTFdL = 70 years DC = 99 % MTTFdO = 269 years

57

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

We calculated a DC of 73.3 for our example on the previous page. That means that we have low DC!

Denotation of DC Level of DC None DC < 60% Low 60%  DC < 90% Medium 90%  DC < 99% High 99%  DC

73.3 =

58

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

L H M B 2 1 3 4

Common Cause Failures

59

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Common Cause Failures (CCF)

(Only for multi-channel systems!)

• Common Cause Failures (CCF) result from a single cause and affect more

than one channel.

• One part of the failures in both channels reveals as CC failures; that means

due to one cause a failure in one channel is followed by the same failure in the other channel, either at the same time or some time later.

• Common causes are:

– External stress as excessive temperature, high EM-interferences, e.g. – Systematic design failures due to the high complexity of the product or missing experience with the new technology – No spatial separation between channels, use of common cables, on

• ne PCB, etc.

– Human errors during maintenance and repair

Failure channel 2 common cause failure CCF Failure channel 1

60

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Determination of CCF according to Annex F

Separation / Segregation Score Physical separation between signal paths: Separation in wiring/piping, sufficient clearance and creepage distances on printed-circuit boards 15 Diversity Different technologies/design or physical principles are used, for example: first channel programmable electronic and the second channel hardwired, etc. 20 Design / application / experience Protection against over-voltage, over-current, over-pressure, etc. 15 Components used are well-tried 5 Assessment / analysis Are the result of a failure mode and effect analysis taken into account to avoid common cause failures in design? 5 Competence / training Have designers / maintainers been trained to understand the causes and consequences of common cause failures? 5 Environmental Prevention of contamination and electromagnetic compatibility (EMC) against CCF in accordance with appropriate standards? Electric systems: Has the system been checked for electromagnetic immunity, e.g. as specified in relevant standards against CCF? 25 Other influences: Have the requirements for immunity to all relevant environmental influences such as temperature, shock, vibration, humidity (e.g. as specified in the relevant standards) been considered? 10

65

We are required to have a score of 65 or higher from CCF

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Performance Level Achieved = PL

62

62

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Our examples showed a MTTFd of 279 years and a DC of 73.3% and a CCF of 65. Let’s see how we did! Our PLr was PLd

63

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Step 4 is installation and validation!

• 5. Maintain

& Improve

• 1. Assessment
• 4. Installation

& Validation

• 2. Functional

Requirement Specification

• 3. Design, Selection & Verification

The Machinery Safety Life-cycle!

Every safety system must be validated and tested to ensure proper operation.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Validation Guidelines

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Validation Testing Requirements

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Step 5 is maintenance and improvement!

• 5. Maintain

& Improve

• 1. Assessment
• 4. Installation

& Validation

• 2. Functional

Requirement Specification

• 3. Design, Selection & Verification

The Machinery Safety Life-cycle!

Every safety system improvement or change must be evaluated and the system must be maintained.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Closing Comments

• Fluid Power Safety is Important
• The Standards require us to address Fluid Power Safety
• Fluid Power needs to be part of the risk assessment

– Based on ANSI B11.0 2015 requirements and ISO4413 and ISO4414

• Fluid Power components are part of the SRP/CS

– Safety Related Parts of the Control System according to ISO13849-1

• Fluid Power Safety implementation requires a systematic

approach using ISO13849.

ROSS Controls

The Global Leader in Fluid Power Safety Solutions

Thanks and have a safe day!