If you examine the potential risks on servo axes you'll see that a vertical axis is also a good example for increasing awareness of the mechatronic view. Removal of power is not enough to bring an axis to a safe condition. In many cases, the load's own weight is enough for the axis to fall. Mass and friction will determine the speed that occurs in the process. As part of the risk analysis, potential hazards are analyzed in the various machine operating modes and as operators carry out their work. The required measures will then be derived from this analysis. With vertical axes, the measures that need to be taken will essentially depend on whether the full body of the operator can pass below the vertical axis or whether just his arms and hands are positioned below the vertical axis. Another aspect is the frequency and duration of his stay in the danger zone. All these factors are added up to give the “performance level” that the safety functions must achieve.
Building on the “Safe stop function” example, a brake is added to the structure. Holding brakes and service brakes are both common.
Determination of the performance level for the holding brake
Here the user of EN ISO 13849-1 is confronted with one of the positive approaches of this standard. The standard not only enables examination of the electrical part of the safety function, but also of the mechanical, hydraulic and pneumatic section.
However, the holding brake used in this example does not have a performance level, as this is only available for intelligent components. The brake manufacturer can only provide a B10d value, as he does not know how exactly his components will be used in the application and so can only make a statement regarding the number of operations before a component failure. The design engineer constructing the safety-related part of the control system must now calculate the time to a dangerous failure of the component. The B10d value is not the only consideration in this calculation; the mean time between two consecutive cycles is also a key factor which influences the MTTFd value.
The following assumptions are made, based on the application of the component:
Assuming that the calculation of the MTTFd for the holding brake results in a value of > 100 years, this gives an MTTFd classification of “HIGH”. EN ISO 13849-1 provides a graph to make it easier to determine the performance level. To decipher the performance level from this graph the diagnostic coverage DC is required. To determine the level of diagnostic coverage it is important to know whether every conceivable error can be detected through tests. Based on this consideration, a high classification will be possible if a safe converter is used to drive the motor and the holding brake is always tested automatically before the danger zone is accessed. To do this, a torque is established with a factor of 1.3 to the brake's rated holding torque,Building on the “Safe stop function” example, a brake is added to the structure. Holding brakes and service brakes are both common.
 |
| Structure of Safety Function |
 |
| The block diagram shows the logical structure of the safety function, consisting of the series alignment of the safety-related subcircuits. |
Here the user of EN ISO 13849-1 is confronted with one of the positive approaches of this standard. The standard not only enables examination of the electrical part of the safety function, but also of the mechanical, hydraulic and pneumatic section.
However, the holding brake used in this example does not have a performance level, as this is only available for intelligent components. The brake manufacturer can only provide a B10d value, as he does not know how exactly his components will be used in the application and so can only make a statement regarding the number of operations before a component failure. The design engineer constructing the safety-related part of the control system must now calculate the time to a dangerous failure of the component. The B10d value is not the only consideration in this calculation; the mean time between two consecutive cycles is also a key factor which influences the MTTFd value.
The following assumptions are made, based on the application of the component:
- hop is the mean operating time in hours per day
- dop is the mean operating time in days per year
- tcycle is the mean time between the start of two consecutive cycles of the component (e.g. switching a valve) in seconds per cycle
before waiting for at least one second. If the axis holds its position during the whole test, it can be assumed that the holding brake is in good working order. On this basis it is possible to define the diagnostic coverage at 99 %.
 |
| Graph to determine the PL in accordance with EN ISO 13849-1. |
- Category = 4
- MTTFd = high
- DC = high
Determination of the performance level for the overall circuit
In the illustrated example of the safe stop function on a servo axis with holding brake, all four components involved have performance level e. As a result the lowest performance level of a subcircuit (SRP/CS) is also PL e. Using the standard's terminology, therefore, we have:
4 x SRP/CS each with PL e
The lowest performance level of the
4 subcircuits (SRP/CS) = PL e and is assigned the parameter PLlow
The lowest performance level occurs in 4 subcircuits and so the parameter Nlow = 4
If this information is applied to Table 11 of EN ISO 13849-1 for a simplified calculation, the result for the example is an overall classification of PL d. Unlike the example for the safe stop function (without brake), a reduction factor now applies: In accordance with EN ISO 13849-1, the achieved performance level is reduced by one level if the overall circuit contains more than three subcircuits with PLlow. However, in this case a detailed calculation using the achieved PFHD values can certainly result in PL e. This is where software tools such as the PAScal Safety Calculator come into their own.
Great post! Thanks for this example showing one of the great reasons to choose 13849 over IEC 62061. Expanding on the last paragraph by providing more detail on this part of the analysis might help some readers.
ReplyDeleteThanks for the comment Doug. Is there specific information you're looking for with regard to the last paragraph?
ReplyDelete