P/N 133487 73
Banner Engineering Corp. • Minneapolis, U.S.A.
www.bannerengineering.com • Tel: 763.544.3164
SC22-3 Safety Controller
Instruction Manual
Appendix A
A.1 Safety Circuit Integrity and ISO 13849-1 (EN954-1)
Safety Circuit Principles
Safety circuits involve the safety-related functions of a machine
that minimize the level of risk of harm. These safety-related
functions can prevent initiation, or they can stop or remove a
hazard. The failure of a safety-related function or its associated
safety circuit usually results in an increased risk of harm.
The integrity of a safety circuit depends on several factors,
including fault tolerance, risk reduction, reliable and well-tried
components, well-tried safety principles, and other design
considerations.
Depending on the level of risk associated with the machine or
its operation, an appropriate level of safety circuit performance
(i.e., integrity) must be incorporated into its design. Standards
that detail safety performance levels include ANSI/RIA
R15.06 Industrial Robots, ANSI B11 Machine Tools, OSHA
29CFR1910.217 Mechanical Power Presses, and ISO 13849-1
(EN954-1) Safety-Related Parts of a Control System.
Safety Circuit Integrity Levels
Safety circuits in International and European standards have
been segmented into categories, depending on their ability
to maintain their integrity in the event of a failure. The most
recognized standard that details safety circuit integrity levels
is ISO 13849-1 (EN954-1), which establishes five levels:
Categories B, 1, 2, 3, and the most stringent, Category 4.
In the United States, the typical level of safety circuit integrity
has been called “control reliability.” Control reliability typically
incorporates redundant control and self-checking circuitry and
has been loosely equated to ISO 13849-1 Categories 3 and 4
(see CSA Z432 and ANSI B11.TR4).
Appendix A. Input Device and Safety Category Reference
If the requirements described by ISO 13849-1 are to be
implemented, a risk assessment must first be performed to
determine the appropriate category, in order to ensure that
the expected risk reduction is achieved. This risk assessment
must also take into account national regulations, such as U.S.
control reliability or European “C” level standards, to ensure that
the minimum level of performance that has been mandated is
complied with.
The following sections (A.2 through A.11) deal only with
Category 2, Category 3, and Category 4 applications, as
described by ISO 13849-1 (1999). Figure A-1 provides a
snapshot of the possible safety categories that can be achieved
for each device type, depending on the selected circuit option.
Refer to the text sections following, as well as the appropriate
standards, for further information.
Fault Exclusion
An important concept within the category requirements of
ISO 13849-1 is the “probability of the occurrence of the failure,”
which can be decreased using a technique termed “fault
exclusion.” The rationale assumes that the possibility of certain
well-defined failure(s) can be reduced to a point where the
resulting fault(s) can be, for the most part, disregarded—that is,
“excluded.”
Fault exclusion is a tool a designer can use during the
development of the safety-related part of the control system
and the risk assessment process. Fault exclusion allows the
designer to design out the possibility of various failures and
justify it through the risk assessment process to meet the intent
requirements of Category 2, 3 or 4. See ISO 13849-1/-2 for
further information.
WARNING . . .
Safety Categories
The level of safety circuit integrity can be greatly
impacted by the design and installation of the safety
devices and the means of interfacing of those devices. A risk
assessment must be performed to determine the appropriate
safety circuit integrity level or safety category as described
by ISO 13849-1 (EN 954-1) to ensure that the expected risk
reduction is achieved and that all relevant regulations are
complied with.
To Next Page
Loading...
Need help?
General
