Design method for "safety-related parts of control systems" based on the international standard ISO13849-1
When ensuring safety by stopping mechanical equipment, the stop control function must be designed as a "safety-related part of the control system."
If this control function fails, it will lead to an accident, so rather than simply designing a stop control function circuit, we must design a "circuit that can maintain the stop function even if a failure occurs" according to the risk of the hazard that causes the stop. yeah.
This circuit design and evaluation method is summarized in the international standard "ISO13849-1". ISO13849-1 requires a control circuit that meets the performance level (PL) according to the risk of the hazard.
PL is evaluated by the probability of occurrence of dangerous failures per hour, and is divided into five stages from "a" to "e" in the alphabet.
In order to design a control circuit according to the magnitude of the risk of a hazard that should be stopped, the PL required for the magnitude of the risk is determined from the results of the risk assessment, and the circuit is designed to achieve that PL. , evaluate whether the completed control circuit achieves the required PL, and if it does, the design of the safety-related parts of the control system is complete.
At this time, the circuit configuration is designed according to the performance requirements of the circuit called "category", and the reliability of the parts used (MTTFD), the detection level of the dangerous failure of the circuit (DC), and the common cause failure (CCF) are avoided. We evaluate the design and determine whether the required PL has been achieved.
Required Performance Level (PLr)
The PLr (a to e) determined by the previous evaluation is the minimum required PL for a safety-related control system. should be at or above the required performance level (PLr).
Four Factors that Determine Performance Level (PL)
PLr (a to e) determined by the previous evaluation is the minimum "performance level" required for a safety-related control system. The number must exceed the required performance level (PLr).
1. Category
It defines the performance requirements for the safety-related parts of the control system (the parts that perform the safety functions of the machine).The structure of the circuit is specifically shown using the elements of I (input device), L (logic processing), and O (output device).
2.MTTFD (Mean Time To Dangerous Failure): Mean time to dangerous failure
MTTFD is defined in ISO13849-1 as "expected mean time to dangerous failure".
It is the average usage time from the start of use of a system or device to the occurrence of a dangerous failure, and is classified into High, Medium, and Low.
3.DC (Diagnostic Coverage): Diagnostic coverage
CCF is defined in ISO13849-1 as "a measure of diagnostic effectiveness that can be determined as the ratio of the detected dangerous failure rate (numerator) to the total dangerous failure rate (denominator)."
Diagnostic coverage is expressed as a percentage of detectable dangerous failures out of all dangerous failures in the control system.
4.CCF (Common Cause Failure)
CCF is defined in ISO13849-1 as ``Failure of different items resulting from a single event, and these failures are not the result of each other.''
Evaluation of common cause failures in the safety-related part of the control system confirms whether the design procedures and engineering methods that eliminate common cause failures are appropriately used, using the checklist (ISO13849-1Annex F), and the overall points of the check items determines whether the design takes CCF into consideration.