PAPERmaking! FROM THE PUBLISHERS OF PAPER TECHNOLOGY Volume 3, Number 2, 2017
In section 4.5.4 the assumption made for Category 2 that the demand rate must be less than 1/100 of the test rate has been changed to “the demand rate is less than or equal to 1/100 test rate; or testing occurs immediately upon demand of the safety function and the overall time to detect the fault and to bring the machine to a non-hazardous condition (usually to stop the machine) is shorter than the time to reach the hazard (see also ISO 13855)”. The added possibility to test “on demand” allows a dual channel category 2 design with one active channel and one monitoring channel, the latter recognising and appropriately responding to demand placed on the former but only actively getting involved in the case that the first channel fails. This could be useful for retrofit applications (second channel as an add-on to the existing first channel), if timing constraints are met to ensure that for safety distances are maintained with respect to stopping times (see also EN ISO 13855). Up until the change, Table 5 in section 4 was used to select the optimum category / DC / MTTF D combination to achieve a desired PL. This is now supplemented by another table in 4.5.5 Description of the outputs part of the SRP/CS by category, which refers to actuators (such as power drives) or mechanical, hydraulic or pneumatic components (or components comprising a mixture of technologies) where no application-specific reliability data is available. The machine builder has scope to evaluate the PL without any reference to MTTF D calculation, and use only Category, Diagnostic Coverage and steps against Common Cause Failure (CCF). Table 8 shows recommended and optional categories which can be used to achieve the desired PL in a subsystem comprising such components, providing that they are “proven in use” or “well tried” (regardless of Category) which means in practise usability will be limited. However, it may be used where calculation of the PL of the final actuator subsystem in a safety function is not possible. Section 4.6 covers software and a new statement is made about non-failsafe PLCs whose manufacturer-developed embedded firmware does not meet the requirements of SRESW (safety related embedded software needs to be developed in accordance with IEC 61508- 3 which is a very detailed task only ever conducted by safety PLC / controller
Page 3 of 5
Article 10 – Pilz on Safety Controls
Made with FlippingBook - Online catalogs