IEC/TR 62685 Test requirements and EMC

IEC/TR 62685:2010 is NOT harmonized. The full title is Industrial communication networks – Profiles – Assessment guideline for safety devices using IEC 61784-3 functional safety communication profiles  (FSCPs).

IEC/TR 62685 was produced from the test requirements of the German BGIA document GS-ET-26 and covers the requirements of safety components within a safety function. It covers the issue of labeling and  EMC as well as mechanical and climatic tests. This closes some of the gaps left by EN ISO 13849-1 and EN 61784-3. Overall the document is more relevant to safety component manufacturers than plant and  machine builders. However, as the document contains a good comparison of EMC requirements, it may also  be of interest to machine builders.

Examples of Safe Motion: Jog Function With Safely Limited Speed (SLS)

These days, jog functions can generally be carried out while guards are open thanks to the safely limited speed (SLS) function. The respective application will determine the type of increment that can be classified as non-hazardous. It may be helpful to consult EN 349 (Minimum gaps to avoid crushing of parts of the human body) and EN 999 (The positioning of protective equipment in respect of approach speeds of parts of the human body).

Structure of the Safety Function

The block diagram shows the logical structure of the safety function,
consisting of the series alignment of the safety-related subcircuits.

Determination of the performance level for the overall circuit
In terms of structure, the jog function with safely limited speed is similar to the safe stop function. The key difference lies in the push buttons used for the jog function and the impact this has on the calculation of the performance level. In EN ISO 13849-1, push buttons (enable switches) are given a B10d of 100 000. The time between two operations (cycles) is the key factor in calculating the MTTFd.

Calculation formula for MTTFd:

The following assumptions are made, based on the application of the component:

• hop is the mean operating time in hours per day
• dop is the mean operating time in days per year
• tcycle is the mean time between the start of two consecutive cycles of the component (e.g. switching a valve) in seconds per cycle

Assumptions:
B10d = 100 000
hop = 16 h/day
dop = 220 d/year

Calculation MTTFd:
tCycle = 5 s ➔ MTTFd = 0.395 years
tCycle = 3 600 s ➔ MTTFd = 284.1 years

As shown in the example with cyclical operation in 5 s intervals, even in the best case it is only possible
to achieve PL c with a B10d value of 100 000. This demonstrates very clearly that the application range for wearing components has a direct influence on the calculation of the performance level and therefore affects the achievable safety level. The design engineer must therefore look very closely at the application range of his components in the respective application. Even if EN ISO 13849-1 states 100 000 cycles for B10d, there may well be special components with a higher B10d value. If an application uses a push button as an E-STOP command device, it will certainly not be operated constantly at 5 second intervals. The situation is completely different if a push button is used as a command device for cyclic initiation of a machine cycle and
has to trigger a safe stop once released. The values stated in the example may cause a problem if a higher performance level is required.

Examples of Safe Motion: Safe Stop Function on Vertical Axes

If you examine the potential risks on servo axes you'll see that a vertical axis is also a good example for increasing awareness of the mechatronic view. Removal of power is not enough to bring an axis to a safe condition. In many cases, the load's own weight is enough for the axis to fall. Mass and friction will determine the speed that occurs in the process. As part of the risk analysis, potential hazards are analyzed in the various machine operating modes and as operators carry out their work. The required measures will then be derived from this analysis. With vertical axes, the measures that need to be taken will essentially depend on whether the full body of the operator can pass below the vertical axis or whether just his arms and hands are positioned below the vertical axis. Another aspect is the frequency and duration of his stay in the danger zone. All these factors are added up to give the “performance level” that the safety functions must achieve.

Building on the “Safe stop function” example, a brake is added to the structure. Holding brakes and service brakes are both common.

Structure of Safety Function

The block diagram shows the logical structure of the safety function,
consisting of the series alignment of the safety-related subcircuits.

Determination of the performance level for the holding brake
Here the user of EN ISO 13849-1 is confronted with one of the positive approaches of this standard. The standard not only enables examination of the electrical part of the safety function, but also of the mechanical, hydraulic and pneumatic section.
However, the holding brake used in this example does not have a performance level, as this is only available for intelligent components. The brake manufacturer can only provide a B10d value, as he does not know how exactly his components will be used in the application and so can only make a statement regarding the number of operations before a component failure. The design engineer constructing the safety-related part of the control system must now calculate the time to a dangerous failure of the component. The B10d value is not the only consideration in this calculation; the mean time between two consecutive cycles is also a key factor which influences the MTTFd value.

The following assumptions are made, based on the application of the component:

• hop is the mean operating time in hours per day 
• dop is the mean operating time in days per year
• tcycle is the mean time between the start of two consecutive cycles of the component (e.g. switching a valve) in seconds per cycle

Assuming that the calculation of the MTTFd for the holding brake results in a value of > 100 years, this gives an MTTFd classification of “HIGH”. EN ISO 13849-1 provides a graph to make it easier to determine the performance level. To decipher the performance level from this graph the diagnostic coverage DC is required. To determine the level of diagnostic coverage it is important to know whether every conceivable error can be detected through tests. Based on this consideration, a high classification will be possible if a safe converter is used to drive the motor and the holding brake is always tested automatically before the danger  zone is accessed. To do this, a torque is established with a factor of 1.3 to the brake's rated holding torque,
before waiting for at least one second. If the axis holds its position during the whole test, it can be assumed that the holding brake is in good working order. On this basis it is possible to define the diagnostic coverage at 99 %.

Graph to determine the PL
in accordance with EN ISO 13849-1.

So we now have the following data:

• Category = 4
• MTTFd = high
• DC = high

If this data is applied to the graphic, PL e can be determined.

Determination of the performance level for the overall circuit
In the illustrated example of the safe stop function on a servo axis with holding brake, all four components involved have performance level e. As a result the lowest performance level of a subcircuit (SRP/CS) is also PL e. Using the standard's terminology, therefore, we have:

4 x SRP/CS each with PL e
The lowest performance level of the
4 subcircuits (SRP/CS) = PL e and is assigned the parameter PLlow
The lowest performance level occurs in 4 subcircuits and so the parameter Nlow = 4

If this information is applied to Table 11 of EN ISO 13849-1 for a simplified calculation, the result for the example is an overall classification of PL d. Unlike the example for the safe stop function (without brake), a reduction factor now applies: In accordance with EN ISO 13849-1, the achieved performance level is reduced by one level if the overall circuit contains more than three subcircuits with PLlow. However, in this case a detailed calculation using the achieved PFHD values can certainly result in PL e. This is where software tools such as the PAScal Safety Calculator come into their own.

Safety functions: Stop functions and their standard reference

Stop functions are found on almost all machines. EN 60204-1 defines 3 categories of stop function for the various functional requirements:

• Stop category 0
• Stop category 1
• Stop category 2

A category 0 stop leads to an immediate removal of power to the machine actuators. Activation of the mains isolating device automatically triggers a category 0 stop, as power is no longer available to generate the movement.

With a category 1 stop, power to the actuators is maintained to enable a controlled stop.

Stop category 2 is used if power is required even in a stop condition, as power is maintained after the controlled stop.

These stop categories should not be confused with the categories in accordance with EN ISO 13849-1 or EN 954-1, which categorize structures with a specific behavior in the event of an error. For speed-controlled drive systems, EN 61800-5-2 assigns stop functions to the stop categories listed in EN 60204-1.