SAFETY OF MACHINERY – GUIDELINES FOR THE USE OF COMMUNICATION SYSTEMS IN SAFETY-RELATED APPLICATIONS 1 Scope This Technical Report addresses the application of closed serial digital co
Requirements of IEC 62061
IEC 62061 requires that a functional safety plan be drawn up and documented for each
SRECS design project, and is updated as necessary The plan includes procedures for control of the activities specified in Clauses 5 to 9 of IEC 62061
This Technical Report focuses on the management of functional safety requirements outlined in IEC 62061, highlighting key issues relevant to safety-related communication systems.
The relevant activities particularly applicable to safety-related communication systems include: a) selection management
– see 7.1; c) configuration and parametrisation management
– see Clause 8; e) operation, maintenance and periodic inspection management
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
5 Realisation of a safety-related electrical control system (SRECS) using a safety-related communication system
Figure 1 shows the process of selection or design and manufacturing of SRECS satisfying the safety functions and safety integrity required by the safety requirements specification
NOTE For the detail of safety requirements specification (SRS), refer to IEC 62061, 5.2
NOTE References to clauses refer to this document unless stated otherwise
Figure 1 – SRECS design and development flow
Thes e g ui d el in es i n r el at ion t o to co mmu n ica tio n sy ste m s o nl y
Hazard analysis and risk assessment at machine
- identification of degree and frequency of harm
- preparation of safety requirements specification
Safety requirements specification including the description of safety functions, target SIL, maintenance requirements, response time, etc.
Safety functions and architecture: Preliminary selection of communication system
Can the SRS be fulfilled?
Configuration of the communication system within the SRECS
IE C620 61 Cl aus e 6 Req ui rem e nt s f or pl anni ng
Cl aus e 7 S ys tem s et up and in st a lla ti o n
Cl aus e 10 M ai nt e nanc e
Operation, maintenance and periodic inspection
Selection of communication system and its architecture
- architecture used for components configuration
Performance specifications (including configuration and parameterisation data), installation requirements, commissioning requirements, etc
Validate the compliance of all documents with the requirements relevant to the hazards, design, installation, test, maintenance procedures, design change control and emergency plan.
Cl aus e 8 V al idat ion
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
6 Planning of the safety-related communication system
System design
Safety integrity level (SIL) assigned to the SRCF(s) and the safety-
This Technical Report is based on the assumption that the SRECS safety requirements specification has been created following IEC 62061 standards, and that the necessary Safety Integrity Level (SIL) has been established for each safety function utilizing the safety-related communication system.
The SIL claim limit (SILCL) of a candidate safety-related communication system should be sufficient to achieve the required SIL for any safety-related control function(s) (SRCFs)
NOTE Annex A provides an outline of the design of a SRECS using a safety-related communication system based on the function blocks concept.
Configuration and parameterisation of the safety-related
Response time and protective measures
The worst-case response time of the Safety-Related Electronic Control System (SRECS), including the safety-related communication system, must be brief enough to ensure that all safety functions are executed within the timeframe outlined in the Safety Requirements Specification (SRS) If the response time is inadequate for effective safety function performance, alternative measures, such as implementing additional protective measures or selecting a different safety-related communication system with enhanced response times, should be considered to meet the SRS requirements.
The diagram illustrates the key components of system response time that must be considered when communicating data from a remote safety-related input to a controller and subsequently to a remote safety-related output.
Input processing Data transmission Logic solver Signal output Power output SRCF
Figure 2 – System response time components
The response time of the safety related communication system is defined by
Communication system response time = T bus1 + T bus2
T bus1 and T bus2 are influenced not only by the duration of a single bus cycle or message but also by factors such as repetition, error handling, and synchronization delays For comprehensive information, refer to the safety-related communication system specification.
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
NOTE Other delays can occur due for example to unsynchronized processes within the SRCF, and should be taken into account in calculating the worst-case response time
T bus1 and T bus2 do not have a direct correlation, as their values may vary based on factors such as upstream and downstream devices and communication settings that influence response times.
Meeting the required response time is crucial and must be verified The design should incorporate an adequate margin to accommodate any expected fluctuations in the specified response time, including those arising from anticipated changes.
Fault monitoring and alarm indication
Information about faults and their location within a SRECS can be transmitted via the communication system It is recommended to centralize fault monitoring to enable troubleshooting in a shorter time
For centralized fault monitoring, it is recommended that:
• any information available related to fault conditions be sent to the master station;
• the master station surveys such information;
• fault conditions are displayed in a manner that the fault is easily located and analyzed
Other forms of fault monitoring (e.g distributed) can also be possible
Alarm indication should have priority over other indications and be emphasized taking ergonomic principles into account Alarm indication should not impact the ability to perform any safety function.
Assuring functional safety in case of SRECS failure
When designing the Safety-Related Communication System (SRECS), it is crucial to account for potential failures Implementing countermeasures during the design phase can effectively mitigate the impacts of these failures.
The safety-related communication system should be selected and integrated within a SRECS considering the following:
• intended use including foreseeable misuse;
• foreseeable human errors while the machine is operated as intended
Examples of malfunctions (failures) are as follows:
• error of data input from various switches and sensing devices;
• error of data processing due to the malfunction of node;
• actuator operation in case of erroneous output from the network;
• node input and output in case of network failure;
• input and output in case of master failure, etc
Early assessment of the SRECS behavior concerning the SRS during communication failures is crucial The system design must integrate countermeasures, such as fault reaction functions, to effectively address these failures.
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
Selection criteria of the safety-related communication system
Architecture and application fields
An adequate safety-related communication system for the application should be selected since different safety-related communication systems have different data transmission capabilities
When selecting the safety-related communication system, at least the following items should be considered:
• number of nodes required to perform the safety-related control functions, and
• spare nodes for future use
NOTE These items are not listed in order of priority.
Maximum response time
The required response time for the SRCF should not be exceeded under any circumstances
The maximum response time of a safety-related communication system is influenced by various design and application characteristics, including transmission errors and the impact of electromagnetic interference (EMI) on system performance.
NOTE The maximum response time of the safety-related communication system is equivalent to the fieldbus safety response time given in IEC 61784-3
The items that affect the maximum response time include, but are not limited to, the following:
• delay time of the safety input device (include input delay timer);
• delay time of safety communication;
• processing time of safety controller;
• delay time of the safety output device;
• behaviour of the communication system in case of failure
In addition, the following need to be considered:
• the number of nodes connected to the network;
• processing time of logic in host controller;
• processing time in the slave controller (turn on time/turn off time, etc.);
• network settings such as number of retries;
To choose a safety-related communication system that meets the required maximum response time of the Safety Requirements Specification (SRS), it is essential to calculate this maximum response time prior to installation, following the guidelines provided in the system's instruction manual.
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
Any modification of the system (including network or nodes) should be assessed for any impact on the response time of the system.
Transmission distance, transmission speed and the number of nodes
When configuring transmission distance and speed, it is essential to adhere to the supplier's specifications for the specific cable type and length Additionally, assess the safety-related communication system for variations in maximum response time based on the number of nodes If such variability exists, the network must be designed to accommodate the necessary number of nodes to ensure the safety-related control function is met while maintaining an adequate response time.
In safety-related communication systems with varying transmission speeds, the maximum transmission distance is influenced by the chosen speed; specifically, higher transmission speeds result in shorter maximum distances.
Environmental conditions
The safety-related communication system should be selected considering the environmental conditions such as ambient temperature, vibration, shock, and electromagnetic interference
To prevent malfunctions like signal fading, it is essential to follow general wiring guidelines for immunity against external disturbances, including the separation of communication and power cables, as outlined in IEC 60204-1.
For environmental requirements, the specifications provided by the manufacturer need to be considered
NOTE 1 See also IEC 60204-1, IEC 62061, and IEC 61131-2
NOTE 2 Consideration of manufacturer’s specifications and environmental conditions by the system designer is very important to ensure an adequate safety performance level, due to the diversity of safety buses and their associated performance.
Setting and configuration tools
It is essential to verify that the tools utilized for configuring safety-related communication systems incorporate security features, including multi-level password protection Additionally, a clear management strategy for these security measures must be established.
The setting tools used should be as recommended by the manufacturer for use with the safety-related communication system
7 System installation and setup (configuration)
System installation
System confirmation
Prior to system installation, it should be confirmed that the subsystems and subsystem elements are suitable for use with the safety-related communication system
Safety-related communication system wiring
The following points should be followed when selecting cables:
• only cables designated or recommended by the manufacturer should be used;
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
• if the communication system includes both safety-related and non-safety-related devices, use the cable required by the safety-related devices;
• the type of cable is compatible with the transmission speed The safety-related communication system can require different types of cable depending on the transmission speed;
The compatibility of cable types is crucial for effective transmission distances in safety-related communication systems Different cables may be necessary based on the maximum transmission distance and the spacing between nodes.
• possible difference in the transmission error rates for different types of cable should be checked
The following points should be followed for wiring:
• there should be sufficient margin in cable length to avoid intolerable stress at the connection terminals and/or connectors;
It is crucial to determine whether the wiring shield needs to be terminated, as proper shield termination is often necessary to minimize external disturbances Always adhere to the guidelines provided in the instruction manual.
• wiring should not be bent beyond the allowable range specified by the cable manufacturer
Especially for optical fibres, special care should be taken since communication can totally be disabled if a cable is bent beyond the allowable range;
• the termination of optical fibres should be done in accordance with the instructions given by the cable manufacturer and using the designated tool;
To minimize external noise interference, it is crucial to install communication cables, power cables, and AC I/O cables in separate ducts, following the recommended separation distance provided by the safety-related communication system supplier.
• each apparatus should be checked for its compatibility to the two types of wiring, branching and multi-dropped connection;
• if the safety-related communication system requires termination, termination should be in accordance with the supplier’s specification
The following points should be verified:
• the cable length between nodes and/or the total length of the cable in accordance with the safety-related communication system supplier’s specification;
Ensuring that the distance between each pair of nodes falls within the permissible limits does not automatically confirm that the overall cable length is acceptable It is essential to verify the actual cable length following the completion of the wiring process.
• the check for the cable length should be done referring to the appropriate specification that corresponds to the type of cable used.
Selection of power supply
When selecting a power supply unit for a safety-related communication system, it is crucial to adhere to the specifications provided by the supplier Additionally, it is important to take into account the impact of voltage fluctuations on the performance of the system.
• it should be checked during the preparation of the specification whether the power supply for I/O needs to be separated from that for safety-related communication;
When selecting power supplies for diagnostic and monitoring equipment, it is advisable to choose those that comply with SELV or PELV standards, whether they are used permanently or temporarily.
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
Environmental conditions
Check that the environmental conditions of the installation are within specified values If any exceeds the specification, an appropriate countermeasure should be taken before operating the system
The following items should be checked:
• if operating temperature/humidity exceeds the specified limit value, add heaters or fans and so on to regulate it within the specified values;
• if vibration and impact exceeds the value specified for the network components, use vibration or shock absorbers to regulate them within the specified value;
• if the equipment is installed in a dusty area, a protective measure such as enclosing the control panel should be taken;
NOTE If heaters, fans, shock absorbers, dustproof enclosures, etc are necessary to achieve the target SIL then they become part of the SRCF and require suitable integrity.
• if appropriate, carry out an EMI measurement and check that the electromagnetic environment is within the limits specified by the safety-related communication system supplier.
Setting
System configuration
Setting and modification of system configuration data should be done by suitably competent persons who are sufficiently trained and experienced and have responsibility for that safety system
System configuration can be achieved through both hardware and software, and it is crucial to adhere to the manufacturer's instructions for safety-related communication systems Most configurations are carried out using specialized tools, emphasizing the importance of managing configuration data carefully To safeguard against unauthorized changes, it is essential to protect system configuration modifications with a password.
The responsible person should control at least the following:
The dedicated tool records essential data, including pre-set parameters and safety-related information such as the operator's identity, the date of parameter settings, and other relevant details It is crucial for the responsible person to manage this data as master data.
Setting for operation
Before applying the power to the machine, the following should be set for safety-related communication
– check the specification of modes and the method of modifying modes referring to the manufacturer’s instructions
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
There are two methods for configuration: utilizing the built-in switches of the device that supports safety-related communication or employing a specialized setting tool It is essential to adhere to the manufacturer's instructions for both methods.
Setting and modification of configuration data
Attention should be paid to the following subjects when the configuration data is changed
The system configuration involves two key methods: hardware settings and software settings It is crucial to review the manufacturer's instructions beforehand to fully comprehend the functions related to the configuration.
• The setting data stored in the apparatus need to be verified by comparing them with the setting data following the verification procedure provided in the manufacturer’s instructions
• After changing configuration, a functional test should be carried out
These are the responsibility of the safety system administrator
Changing of the settings during, for example, modification must not lead to a hazardous situation
Checks before applying the power
The following are the points to be checked before applying the power:
• the safety-related communication system should be checked for wiring errors such as incorrect polarity, short-circuits or earth faults by using appropriate test equipment;
• check that earthing is secure including that of other equipment;
• check that the load (e.g machine actuators) is isolated from the power source before applying power to the safety-related communication system
Validation after applying the power
The following are the initial points to be checked after applying the power:
• if possible, signal waveforms in the safety-related communication system should be monitored to verify that the noise level is sufficiently low;
• all power supply voltages should be measured to check whether they are in the allowable range;
• when there is a power supply for communication separate from the power supply for control, the check mentioned above should be carried out on both supplies;
Ensure that each device powers on correctly by monitoring the indicators as outlined in the instruction manual At this point, no additional checks are performed since the parameters have not yet been fully configured.
Functional tests
During the system commissioning phase and whenever a modification is applied, functional tests should be made on each safety function to validate its conformance with the safety requirements specification
The behaviour of the communication system should be checked in accordance with the safety requirements specification under the following circumstances:
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
• power supply interruption and restoration;
Baseline
After validation, it is essential to document the configuration data, which encompasses parameter settings, the identity of the individual who made these settings, the date of the adjustments, test results, version information, and other pertinent details as a baseline This baseline must be revised whenever modifications are made to the safety-related communication system, and it is advisable to keep an archive of previous configurations.
• be easy to understand by those persons having to make use of it;
• suit the purpose for which it is intended;
To validate a safety-related communication system within a Safety-Related Electronic Control System (SRECS), essential documents include: a safety requirements specification, system specification detailing configuration and applicable standards, a system management plan, hardware and software specifications, wiring diagrams, estimations of hardware failure probability (PFH) and dangerous hardware failure probability (PFHD), a test plan and report, an installation and operation manual, and a baseline.
For any safety-related device, function block, or software tool utilized in a safety communication system, it is essential to include the certification of its compliance with IEC 61508 in the documentation This requirement also extends to the application software.
Information on the configuration tool should also be included in the documentation
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
Appointment of responsible person
A designated individual must oversee all maintenance activities related to the safety communication system, ensuring its operation, maintenance, and repair are effectively managed.
Developing a maintenance plan
The safety-related communication system must be maintained in accordance with a comprehensive maintenance plan This plan should outline routine activities, including periodic inspections and start tests, essential for ensuring the functional safety of these systems Additionally, all maintenance procedures should be thoroughly documented.
The safety of the test program that is used for maintenance work and/or failure analysis should be verified
It should be noted that the system modification plan has to be independent of the maintenance plan since the purpose of these plans is clearly different.
Implementing periodic maintenance
Regular maintenance is essential for the safety-related communication system throughout its operational life To ensure compliance with the safety integrity level outlined in the safety requirements specification, ongoing maintenance must be conducted until the system is decommissioned This section details the necessary components for effective maintenance.
Periodic maintenance must be conducted at intervals that do not exceed the proof test duration outlined in the safety requirements specification and detailed in the manufacturer's maintenance plan or manual.
Items of maintenance work
All proof tests outlined in the safety requirements or manufacturer's specifications must be conducted Due to the difficulty in restoring safety-related communication systems to an "as-new" state without replacing devices, it is advisable to utilize devices in the communication system that have a lifespan or proof test interval exceeding twenty years whenever feasible.
The Probability of Failure on Demand (PFHD) is significantly influenced by proof testing, which aims to identify faults that diagnostic functions may overlook Therefore, it is essential to establish a proof test interval that is both realistic and practical, considering the anticipated usage of the safety-related communication system.
Proof test intervals shorter than 10 years may be inadequate for many machinery applications, with a 20-year interval often being recommended It is important to recognize that certain subsystems or elements, such as electromechanical components with high duty cycles, may need replacement before the end of the proof test interval.
Record of maintenance results
The results of maintenance procedures should be recorded and stored The storage period should be defined in the maintenance plan Any changes to the baseline should be recorded
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
General
To ensure the safe operation of safety-related communication systems, it is essential for the responsible individual to implement and enforce comprehensive safety education and training programs The necessary components for this training are detailed in the subsequent subclauses.
Scope
Safety education and training must be mandatory for all individuals involved in the operation of safety-related communication systems, including operators, maintenance personnel, program installers, supervisors, and administrators.
Performing continual education and training
Periodic education and training should be carried out for all persons involved in the operation of safety-related communication systems
Appropriate education and training should also be provided:
• when a safety-related communication system is modified, and
• before the system is restarted after an accident or near-miss.
Contents of education and training
The following items should be included in the curriculum:
• regulations and standards relevant to the safety of workers;
• principles of the protective measures;
• safety-related devices and their functions;
• operating procedures of each device;
• safe work procedures (for normal operation);
• operation procedures in case of emergency.
Planning of educational activities and storage of education records
Educational activities should be carried out according to the education plan, and records should be kept for a defined period
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
Annex A (informative) Design of a SRECS using a safety-related communication system –
As mentioned above, a safety-related communication system is only a subsystem within a
SRECS, as defined by IEC 61508 and IEC 62061, typically includes the components illustrated in Figure A.1 It employs a safety-related communication system in place of traditional wiring The Safety Integrity Level Communication Level (SILCL) is generally detailed in the supplier's information for use document for the safety-related communication system.
A safety communication system is essential for executing specific safety functions within a safety-critical electrical control system It typically requires additional components such as sensors, like guard door switches, actuators, such as contactors, and often includes application software to ensure comprehensive safety measures.
The primary role of a safety-related communication system is to reliably transmit safety-critical data between inputs and outputs within defined timeframes and integrity levels For simplicity, the logic solver is integrated into the safety-related communication system, which may exist as an independent unit or as part of the safety input or output devices, depending on the system's architecture.
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
Safety-related communication system with integrated logic solver
Figure A.2 – SRECS using a safety-related communication system
Implementing a function block necessitates a comprehensive safety requirement specification, along with a safety requirements specification for the subsystems executing the function blocks These specifications are provided by the supplier of the safety-related communication system and fall outside the scope of these guidelines Typically, the supplier determines the maximum Safety Integrity Level Capability (SILCL) achievable through proper parameterization of the safety-related communication system and its associated devices.
The safe transmission function block ensures the safe transmission of safety relevant data from a source to a sink (e.g transmitter to receiver): it can be divided into two additional function blocks:
– safe transmission master function block;
– safe transmission slave function block
According to IEC 62061, a function block is executed exclusively by a single subsystem, such as a device Each function block is designated to a specific subsystem within the safety function architecture, and multiple function blocks can be allocated to one subsystem It is important to note that a function block is solely performed by one subsystem.
Communication systems typically involve master and slave devices, which can also be referred to as producer and consumer in certain contexts In multi-master communication systems, a unit is responsible for sending safety-related messages, while one or more units are designated to receive these messages.
In these guidelines, it is assumed that a master device (producer) and slave devices
Under this pre-condition, a safety-related communication system is based on the following two main subsystems (devices):
– safety relevant slave (input, output, input and output);
– safety relevant master (e.g with safety relevant controller)
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
Safety function of the safety com munication Read safety data, safe transm ission, logic solving, and write safety data
- safe transm ission slave Safety slave
Safe transm ission Safe transm ission
SCLS: Safe Com m unication Layer Slave SCLM: Safe Com m unication Layer Master
Figure A.3 – Different views of the safety-related communication system
Each of the subsystems (devices) performs one or more function blocks As shown in
Figure A.3 illustrates that the safety-related peripheral and the SCLS operate on a safety-related slave, with both subsystems capable of functioning as independent devices, such as a chip set providing SCLS services and a safety input device.
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
A.2 Architecture of the safety-related communication system
In safety-related communication systems, sensors and actuators are connected to corresponding input and output devices, which can be linked locally or remotely to the logic solving unit Common architectures of these systems include various configurations that ensure effective communication and safety.
Local input - rem ote output
Rem ote input - local output
Rem ote input - remote output
Local input - local output (for comparison – not a comm unication system )
Local input - rem ote output
Rem ote input - local output
Rem ote input - remote output
Figure A.4 – Examples of typical architectures of safety-related communication systems
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
A.3 Calculation of the PFH D of the SRECS
To calculate the PFH D of the Safety-Related Communication System (SRECS), it is essential to obtain specific values typically provided by the supplier for each safety-related device Generally, the PFH D of the SRECS is determined by summing the PFH D of each device within a safety loop, which includes the sensor, the safety-related communication system, the logic solver, and the actuator.
The PFH D of the sensor component is influenced by the device's parameterization and architecture, which may include one or multiple sensors and the presence of test pulses This information should be detailed in the user documentation provided by the supplier of the safety-related devices or communication systems.
Connecting sensors and actuators to a safety-related device within a safety-related communication system is crucial for achieving the necessary Safety Integrity Level (SIL) of the Safety-Related Control Function (SRCF) It is essential to consider the supplier's information for use document.
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
IEC 61131-2:2007, Programmable controllers – Part 2: Equipment requirements and tests
IEC 61784-3, Industrial communication networks – Profiles – Part 3: Functional safety fieldbuses – General rules and profile
IEC 61918, Industrial communication networks – Installation of communication networks in industrial premises
IEC 62280-1: 2002, Railway applications – Communication, signalling and processing systems – Part 1: Safety-related communication in closed transmission systems
ISO 12100-1:2003, Safety of machinery – Basifc concepts, general principles for design –
ISO 12100-2:2003, Safety of machinery – Basic concepts, general principles for design – Part
ISO 13849-1: 2006, Safety of machinery – Safety-related parts of control systems – Part 1:
ISO 14121-1:2007, Safety of machinery – Risk assessment – Part 1: Principles
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
4 Gestion de la sécurité fonctionnelle 39
5 Réalisation d’un système de commande électrique relatif à la sécurité (SRECS) à l’aide d’un système de communication relatif à la sécurité 39
6 Planification du système de communication relatif à la sécurité 41
The assigned Safety Integrity Level (SIL) for the Safety-Related Control Functions (SRCFs) and the associated safety communication system is crucial for ensuring operational reliability Proper configuration and parameterization of the safety communication system are essential to maintain its effectiveness Additionally, response times and protective measures play a significant role in enhancing the overall safety performance of the system.
6.1.4 Surveillance des défauts et indication d’alarme 42
6.1.5 Garantie d’une sécurité fonctionnelle en cas de défaillance du
SRECS 42 6.2 Critères de sélection du système de communication relatif à la sécurité 43
6.2.3 Distance de transmission, vitesse de transmission et nombre de nœuds 44 6.2.4 Conditions environnementales 44
6.2.5 Outils de réglage et de configuration 44
7 Installation et montage du système (configuration) 45
7.1.2 Câblage du système de communication relatif à la sécurité 45
7.2.3 Réglage et modification des données de configuration 47
8.1 Vérifications avant l’application de la puissance 47
8.2 Validation après l’application de la puissance 48
10.2 Elaboration d’un plan de maintenance 49
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
10.3 Mise en œuvre d’une maintenance périodique 50
10.4 Eléments des travaux de maintenance 50
10.5 Enregistrement des résultats de maintenance 50
11.3 Mise en œuvre d’un enseignement et d’une formation continus 50
11.4 Contenu de l’enseignement et de la formation 51
11.5 Planification des activités de formation et conservation des données de formation 51
Annexe A (informative) Conception d’un SRECS utilisant un système de communication relatif à la sécurité – Concept des blocs fonctionnels 52
Figure 1 – Diagramme de conception et de développement d’un SRECS 40
Figure 2 – Composants du temps de réponse du système 41
Figure A.2 – SRECS utilisant un système de communication relatif à la sécurité 53
Figure A.3 – Vues différentes du système de communication relatif à la sécurité 54
Figure A.4 – Exemples d’architectures types des systèmes de communication relatifs à la sécurité 55
LICENSED TO MECON Limited - RANCHI/BANGALORE FOR INTERNAL USE AT THIS LOCATION ONLY, SUPPLIED BY BOOK SUPPLY BUREAU.
SÉCURITÉ DES MACHINES – LIGNES DIRECTRICES POUR L’USAGE DE SYSTÈMES DE
COMMUNICATION DANS LES APPLICATIONS LIÉES A LA SÉCURITÉ
The International Electrotechnical Commission (IEC) is a global standards organization comprising national electrotechnical committees Its primary goal is to promote international cooperation on standardization in the fields of electricity and electronics To achieve this, the IEC publishes international standards, technical specifications, technical reports, publicly accessible specifications (PAS), and guides, collectively referred to as "IEC Publications." The development of these publications is entrusted to study committees, which allow participation from any interested national committee Additionally, international, governmental, and non-governmental organizations collaborate with the IEC in its work The IEC also works closely with the International Organization for Standardization (ISO) under conditions established by an agreement between the two organizations.
Official decisions or agreements of the IEC on technical matters aim to establish an international consensus on the topics under consideration, as the relevant national committees of the IEC are represented in each study committee.
The IEC publications are issued as international recommendations and are approved by the national committees of the IEC The IEC makes every reasonable effort to ensure the technical accuracy of its publications; however, it cannot be held responsible for any misuse or misinterpretation by end users.