ISO TR 23849:2010 pdf free download – Guidance on the application of ISO 13849-1 and IEC 62061 in the design of safety-related control systems for machinery.
5 Safety requirements specification
5.1 A first stage in the respective methodologies of both ISO 13849-1 and IEC 62061 requires that the safety function(s) to be implemented by the safety-related control system are specified.
5.2 An assessment should have been performed relevant to each safety function that is to be implemented by a control circuit by, for example, using ISO 13849-1, Annex A, or IEC 62061, Annex A. This should have determined what risk reduction needs to be provided by each particular safety function at a machine and, in turn, what level of confidence is required for the control circuit that performs this safety function.
5.3 The level of confidence specified as a PL and/or a SIL is relevant to a specific safety function.
5.4 The following shows the information that should be provided in relation to safety functions by a product
(type-C) standard.
Safety function(s) to be implemented by a control circuit:
Name of safety function
Description of the function.
— Adequate measures against common-cause failure in the subsystems B1/B2 and Q1/Q2 (70 points):
separation (15), well-tried components (5), protection against overvoltage, etc. (15) and environmental conditions (25 + 10).
— Mission time: for the simplified approach of ISO 13849-1 a mission time of 20 years is assumed.
— The subsystem B1IB2IQ1/Q2 corresponds to Category 4 with a high MTTFd (100 years) and high DCav
(99 %). This results in an average probability of dangerous failure of 2,47 x 10-8 per hour (see Table K.
of ISO 13849-1). Following addition of the subsystem Ki, the average probability of dangerous failure is
2,70 x 108 per hour. This corresponds to PL e.
8.2.7 Calculation of the probability of failure in accordance with IEC 62061
8.2.7.1 In accordance with 6.6.2 of IEC 62061, the circuit arrangement can be divided into three subsystems: B1/B2, K and Q1/Q2 as shown in the safety-related block diagram.
8.2.7.2 For subsystem K, the probability of failure of 2,31 x i0- per hour and a SIL claim limit of 3 for the safety module KI is declared by the manufacturer.
8.2.7.3 For the remaining subsystems, the probability of failure can be estimated as follows.
— Subsystem B1/B2: the Blod value of 1 000 000 cycles [manufacturer’s value] is stated for the mechanical part of Bi. For the position switch B2, the Blod value is 500 000 cycles [manufacturer’s value]. At 365 working days per year, 24 working hours per day and a cycle time of 15 mm, C is 4 cycles per hour for these components. The failure rate is calculated as 0,1 x CIB1Od = 4, 00 x 10-7/h. For B2 this gives a failure rate of 8,00 x 107/h.
NOTE The number of operating cycles, C, of the application according to lEG 62061 corresponds to the mean number of annual operations, ,,, according to ISO 13849-1. Since c is stated in cycles per hour and in cycles per year, the following relation applies:
— The logical architecture of this subsystem equates to diagram D from 6.7.8.2.5 of IEC 62061 as shown in Figure 4.