Jorgen Bergs Ten
-
Upload
imosaba322 -
Category
Documents
-
view
223 -
download
0
Transcript of Jorgen Bergs Ten
-
7/27/2019 Jorgen Bergs Ten
1/26
ISO 15998:2008Earth-moving machinery Machine control systems (MCS) using
electronic components Performance criteria and tests forfunctional safety
Jrgen Bergsten
http://jb.ppt/http://jb.ppt/ -
7/27/2019 Jorgen Bergs Ten
2/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
2
Volvo Construction Equipment
2009-08-24
http://violin.volvo.net/volvogroup/corporate/en/policies_and_strategies/our_values/corporate_values/policies_strat_values_corpval_safety/policies_values_safety.htm -
7/27/2019 Jorgen Bergs Ten
3/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
3
Volvo Construction Equipment
2009-08-24
Volvo CE are manufacturing
Machinery Not Vehicle
2007
/46/EC
2003/
37/EC
2006
/42/EC
2002
/24/EC
From legal point of view,
same legislation as an.
upright drilling machine
-
7/27/2019 Jorgen Bergs Ten
4/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
4
Volvo Construction Equipment
2009-08-24
Europe (CE marking) NA and rest of the world No Directives in NA or other parts of
the world as I know. In NA applicableparts of OSHA, MSHA and SAE shouldbe fulfilled. ISO standards are valid inNA as well as most of the world.
ISO 20474-1 are more or less similarto EN 474-1 and could be used outsideEurope. (rollers are included as part 13)Will be national std. In China 2011-01-01
No Standard are Law. Standards arereflecting what we call State of the Art
Deviation from a Standard are permitted,IF there is verified that the Requirement isnot applicable OR the safety level arereached in another way
Machinery Directive
2006/42/EC
Harmonized standard
EN 474-1:2006+A1:2009
EN 500-1:2006
Normative references, such as
ISO 15998:2008
M C S
http://ec.europa.eu/enterprise/newapproach/standardization/harmstds/reflist.htmlhttp://ec.europa.eu/enterprise/newapproach/standardization/harmstds/reflist.htmlhttp://ec.europa.eu/enterprise/newapproach/standardization/harmstds/reflist.htmlhttp://ec.europa.eu/enterprise/newapproach/standardization/harmstds/reflist.htmlhttp://ec.europa.eu/enterprise/newapproach/standardization/harmstds/reflist.htmlhttp://ec.europa.eu/enterprise/newapproach/standardization/harmstds/reflist.html -
7/27/2019 Jorgen Bergs Ten
5/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
5
Volvo Construction Equipment
2009-08-24
Machinery
Directive
2006/42/EC
EN 474EN 500
ISO 15998
Machine ControlSystems
EN ISO 13849-1 ISO 62061
ISO 13766
E M C
ISO 5010
Steering
ISO/CD 3450
Brakes
Some connections to / from other standards vs.
ISO 15998:2008
Alternative standards
Harmonized Std.
Normative Ref.
IEC 61508Part 2 and 3
-
7/27/2019 Jorgen Bergs Ten
6/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
6
Volvo Construction Equipment
2009-08-24
ANNEX I
ESSENTIAL HEALTH AND SAFETY REQUIREMENTS RELATINGTO THE DESIGN AND CONSTRUCTION OF MACHINERY
GENERAL PRINCIPLES1. The manufacturer of machinery or his authorized representative
must ensure that a risk assessment is carried out in order todetermine the health and safety requirements which apply to the
machinery. The machinery must then be designed and constructedtaking into account the results of the risk assessment.
By the iterative process of risk assessment and risk reduction referredto above, the manufacturer or his authorized representative shall:
determine the limits of the machinery, which include the intendeduse and any reasonably foreseeable misuse thereof.
According to the Machinery directive 2006/42/EC
-
7/27/2019 Jorgen Bergs Ten
7/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
7
Volvo Construction Equipment
2009-08-24
Reference from EN 474-1:2006+A1:2009
5.16 Electro-magnetic compatibility (EMC)
Earth-moving machines shall comply with the requirements of
electromagnetic compatibility as specified in EN 13309:2000 1).
5.17 Electrical and electronic systems
5.17.1 General
Safety related electrical function shall comply with ISO 15998:2008.
1)
ISO 15998 refer to ISO 13766
-
7/27/2019 Jorgen Bergs Ten
8/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
8
Volvo Construction Equipment
2009-08-24
ISO 15998:2008
Earth-moving machinery Machine control systems (MCS)using electronic components Performance criteria and
tests for functional safety
1 Scope
This International Standard specifies performance criteria and tests for
functional safety of safety-related machine-control systems (MCS) using
electronic components in earth-moving machinery and its equipment, as
defined in ISO 6165. The procedures of ECE R79, Annex 6, ISO 13849-1 or IEC
62061 can be used as an alternative, provided verification and testing is carried
out by the manufacturer using Clause 7 of this International Standard.
-
7/27/2019 Jorgen Bergs Ten
9/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
9
Volvo Construction Equipment
2009-08-24
Structure of ISO 15998
Foreword
Introduction
1 Scope
2 Normative references
3 Terms, definitions and
abbreviated terms
4 General safety requirements5 Additional requirements for
safety-related machine-control
systems
6 Documentation
7 Tests for safety-related MCS
Annex A (informative)
Guidance for risk assessment
Annex B (informative)
Example of schematic breakdownof systems specification
Annex C (informative)
List of well-tried componentsAnnex D (informative)
Recommendations for bus-
systems for transmission of
safety-related messagesBibliography
-
7/27/2019 Jorgen Bergs Ten
10/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
10
Volvo Construction Equipment
2009-08-24
References from ISO 15998 into specific parts of
IEC 61508
Risk analysis and assessment
This may be made in accordance with risk assessment methodologies
such as ISO 14121-1 orIEC 61508-5:1998, Annex D. An example is
given in Annex A of this International Standard.
Performance criteria for the safety concept
The safety concept includes all measures which provide for safe
operation beyond the standard operation (for guidance, seeIEC 61508-2:2000, 7.2.3.1).
-
7/27/2019 Jorgen Bergs Ten
11/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
11
Volvo Construction Equipment
2009-08-24
To be able to Verify that you have fulfilled the15998 requirements, you need a structure in
your project
Test Reports
FunctionalSpecifications
Documentation etc.
Risk analysis and assessment
VerificationSpecifications
System Safety Program Plan
Environmental Specification
ISO 15998 Compliance ReportSimplifie
dove
rview
Also
describing
safe state
as well as
safety
concept
-
7/27/2019 Jorgen Bergs Ten
12/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
12
Volvo Construction Equipment
2009-08-24
1
23 4
System Safety Program Plan
15998 verificationTo be able to manageall safety issues in a
project, you need to
have a Safety Plan
Not mandatory, but
requested when you
need to use a third
party for examination
-
7/27/2019 Jorgen Bergs Ten
13/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
13
Volvo Construction Equipment
2009-08-24
The system description shall also include requirements for the
environmental conditions during the intended operation of the
machine:
climatic conditions (temperature, humidity);
mechanical conditions (vibration, shock);
corrosion conditions (salt spray, gas pollution);
electrical conditions (over- and under-voltage);
electromagnetic conditions;
power-source-voltage fluctuation
Environmental conditions
If You dont
know about
Environmental
threats, you
Cant designA safe machine
-
7/27/2019 Jorgen Bergs Ten
14/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
14
Volvo Construction Equipment
2009-08-24
Electromagnetic compatibility (EMC)
The machine-control system shall fulfill the requirements of
ISO 13766.
Earth-moving machinery immunity, for movement controls:
The immunity requirements are fulfilled by a field strength of100 V/m
-
7/27/2019 Jorgen Bergs Ten
15/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
15
Volvo Construction Equipment
2009-08-24
Example of typical safety-related machine-control systems
using electronic components, in Earth-moving machinery.
Steering (Steering Wheel and
additional steering controls)
Bakes (service, secondary
and parking brakes)
Attachment controls
Engine speed control (-s)
Gearbox control (-s)
Differential lock
Etc..
-
7/27/2019 Jorgen Bergs Ten
16/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
16
Volvo Construction Equipment
2009-08-24
Risk Assessment
Its required to perform
Risk Assessment,
examples of methods
are ISO 14121-1 or
IEC 61508-5 Annex D.
Example is given in ISO
15998 Annex A
-
7/27/2019 Jorgen Bergs Ten
17/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
17
Volvo Construction Equipment
2009-08-24
When comparing risk graphs in IEC 61508
annex D with ISO 13849-1, its not giving you thesame result!
Therefore the Working Group of ISO 15998-2 (guideline for ISO
15998) propose (doc. ISO/TC 127SC 3/WG 8 N22).
Abstract from ISO 13849-1
Based on
Volvo proposal
http://10-02-01%20sc3%20wg8%20%20n22%20iso%2015998-2%20meeting%20announ.ppt/http://10-02-01%20sc3%20wg8%20%20n22%20iso%2015998-2%20meeting%20announ.ppt/http://sil%20vs%20pl.ppt/http://10-02-01%20sc3%20wg8%20%20n22%20iso%2015998-2%20meeting%20announ.ppt/ -
7/27/2019 Jorgen Bergs Ten
18/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
18
Volvo Construction Equipment
2009-08-24
Abstract from ISO/WD 15998-2
Worki
ngDr
aft,Stil
lund
erdiscu
ssion
-
7/27/2019 Jorgen Bergs Ten
19/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
19
Volvo Construction Equipment
2009-08-24
Fault avoidance and fault control
IEC 61508-2:2000, Annexes A and B, orother comparable methods,shall be used as a guide to measures and the techniques for theavoidance and control of faults.
Requirements for programmable electronic systems (PES)
The software shall be developed and validated according toappropriate measures (see, for example, IEC 61508-3:1998,
Annex A orISO 13849-1:2006).
Additional functional tests for safety-related machine-controlsystems
A simple functional test, e.g. in accordance with IEC 61508-7:2000,B.5.1 and an expanded functional test, e.g. in accordance with IEC61508-7:2000, B.6.8, shall be made
-
7/27/2019 Jorgen Bergs Ten
20/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
20
Volvo Construction Equipment
2009-08-24
Safety could be increased, even when
using the same componentsEx. Differential lock (or equal functions)
SIL 2 ECU+
SwitchPerformance
Level = c
SIL 1 ECU
On-line monitoring
On-line monitoring
-
7/27/2019 Jorgen Bergs Ten
21/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
21
Volvo Construction Equipment
2009-08-24
Its always possible to use other comparablestandards, when something is missingAccording to EN ISO 13849-1
it is possible (within certain limits) for a single channel of safety-related parts ofhigh reliability in one technology to provide the
same or higher PL as a fault-tolerant structure of lower reliability
in another technology
1oo1D
1oo2D
Compare
with steeringpivot pin
-
7/27/2019 Jorgen Bergs Ten
22/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
22
Volvo Construction Equipment
2009-08-24
Even If you are using EN ISO 13849-1 or otherstandards you still need to verify compliance withclause 7.2 Tests of machine-control systems
7.2.1 Test content
The tests are as follows:
a) test of basic functions (see function and system description in
accordance with 4.2 and description of the basic function in
accordance with 4.3);
b) entering of safe-state test (see 5.4);
c) functional test at operating temperature and humidity in accordance
with 4.6.2 and 7.2.2;
d) EMC test in accordance with 4.6.4;
e) shock and vibration tests in accordance with 4.6.5, 7.2.3 and 7.2.4.
-
7/27/2019 Jorgen Bergs Ten
23/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
23
Volvo Construction Equipment
2009-08-24
Additional functional tests for safety-related
machine-control systems
All safety-related machine-control systems shall be tested in
accordance with Clause 5 with the following addition.
A simple functional test, e.g. in accordance with IEC 61508-7:2000,B.5.1 and an expanded functional test, e.g. in accordance with
IEC 61508-7:2000, B.6.8, shall be made.
NOTE Alternative means for verification are also permitted
besides those of the IEC 61508 standards cited in this
International Standard.
Clause 5, only for SIL1
-
7/27/2019 Jorgen Bergs Ten
24/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
24
Volvo Construction Equipment
2009-08-24
Documentation
The manufacturer shall retain, according to the manufacturer's record retentionpolicy, all relevant documents for the general safety requirements of themachine-control system in accordance with Clause 4. The documentationshall include at least the following:
a description of the machine-control system in accordance with 4.2;
a description of the basic function in accordance with 4.3;
risk analysis and assessment in accordance with 4.4;
requirements for the safety concept in accordance with 4.5 (including block
diagram with functional description of each block, circuit diagram for externalconnection, description of external signals);
the test case and test results, in order to prove the complete fault-coveragetest.
The documentation showing how the validation of the systems logic has beenmade during the development stage (see 4.5) shall include
a block diagram with a functional description of each block, and
a circuit diagram for external connection, and description of external signals.
-
7/27/2019 Jorgen Bergs Ten
25/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
25
Volvo Construction Equipment
2009-08-24
Documentations
A verification of the safety concept for safety-related machine-controlsystems in accordance with Clause 5 is based on a detailed
documentation of the safety-related part of the system. This may be in
the form of
circuit diagrams for internal electronic circuits with a description of the
individual blocks and components,
a functional description of the circuit diagrams,
parts lists, including parts identification and names of the individual
positions, rating values and tolerances,
a description of the relevant loads, type nomination and manufacturer
of the components, data sheets for special and critical components,and
a failure mode and effects analysis of the fault conditions.
Clause 5, only for SIL1
-
7/27/2019 Jorgen Bergs Ten
26/26
Laws & Regulations, Jrgen Bergsten, ISO 15998:2008
26
Volvo Construction Equipment
2009-08-24
If you do not know about the hazards involved
you cant make a safe machine-control function
Thanks for Your attention