EN 50325-5-2010 en Industrial communications subsystem based on ISO 11898 (CAN) for controller-device interfaces - Part 5 Functional safety communication based on EN 50325-4《控制器装置接.pdf

1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationBS EN 50325-5:2010Industrial communicationssubsystem based on ISO 11898(CAN) for controller-deviceinterfacesPart 5: Functional safety communicationbased on EN 50325-4BS EN 50325-

2、5:2010 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of EN 50325-5:2010.The UK participation in its preparation was entrusted to TechnicalCommittee AMT/7, Industrial communications: process measurementand control, including fieldbus.A list of organizations represent

3、ed on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. BSI 2010ISBN 978 0 580 65883 9ICS 25.040.40; 35.240.50; 43.040.15Compliance with a British Standar

4、d cannot confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and Strategy Committee on 30 September 2010.Amendments issued since publicationDate Text affectedBS EN 50325-5:2010EUROPEAN STANDARD EN 50325-5 NORME EUROPENNE EUROPISCHE NOR

5、M July 2010 CENELEC European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung Management Centre: Avenue Marnix 17, B - 1000 Brussels 2010 CENELEC - All rights of exploitation in any form and by any means r

6、eserved worldwide for CENELEC members. Ref. No. EN 50325-5:2010 E ICS 43.040.15 English version Industrial communications subsystem based on ISO 11898 (CAN) for controller-device interfaces - Part 5: Functional safety communication based on EN 50325-4 Sous-systme de communications industriel bas sur

7、 lISO 11898 (CAN) pour les interfaces des dispositifs de commande - Partie 5: Communication de scurit fonctionnelle base sur EN 50325-4 Industrielles Kommunikationssubsystem basierend auf ISO 11898 (CAN) - Teil 5: Funktional sichere Kommunikation basierend auf EN 50325-4 This European Standard was a

8、pproved by CENELEC on 2010-07-01. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such n

9、ational standards may be obtained on application to the Central Secretariat or to any CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CENELEC member into its own lang

10、uage and notified to the Central Secretariat has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, I

11、taly, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. BS EN 50325-5:2010EN 50325-5:2010 - 2 - Foreword This European Standard was prepared by the Technical Committee CENELEC TC 65CX, Fiel

12、dbus. It was submitted to the formal vote and was approved by CENELEC as EN 50535-5 on 2010-07-01. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and CENELEC shall not be held responsible for identifying any or all such paten

13、t rights. The following dates were fixed: latest date by which the EN has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2011-07-01 latest date by which the national standards conflicting with the EN have to be withdrawn (dow) 2013-07-01

14、_ BS EN 50325-5:2010- 3 - EN 50325-5:2010 Contents Introduction 5 1 Scope 82 Normative references 83 Terms, definitions, symbols, abbreviated terms and conventions 93.1 Terms and definitions 93.2 Symbols and abbreviated terms 93.3 Conventions 104 Overview of CANopen Safety . 105 General . 115.1 Exte

15、rnal documents providing specifications for the profile 115.2 Safety functional requirements 115.3 Safety measures . 125.4 Safety communication layer structure . 125.5 Relationships with FAL 136 Safety communication layer services . 136.1 Introduction 136.2 SR data object (SRDO) . 136.3 Global fail-

16、safe command (GFC) 146.4 SR communication objects 157 Safety communication layer protocol . 267.1 SRDO 267.2 GFC . 288 Safety communication layer management . 288.1 Overview . 288.2 SR network initialization and system boot-up . 288.3 SR device and network configuration . 299 System requirements 299

17、.1 Indicators and switches . 299.2 Installation guidelines 299.3 Safety function response time . 299.4 Constraints for the calculation of system characteristics 319.5 Maintenance 319.6 Safety manual . 3110 Assessment . 3111 Conformance . 32Annex A (informative) Example SR communication models . 33A.

18、1 General 33A.2 Model I . 33A.3 Model II 33A.4 Model III . 34A.5 Model IV 34Bibliography . 35BS EN 50325-5:2010EN 50325-5:2010 - 4 - Figures Figure 1 Safety-related definitions in this standard . 5Figure 2 Relationships of EN 503255 with other standards (machinery) . 6Figure 3 Relationships of EN 50

19、3255 with other standards (process) . 7Figure 4 Relationship of SR data objects 11Figure 5 Communication layers 13Figure 6 Example of SRDO transmission . 14Figure 7 Example of SCT timing . 26Figure 8 Example of SRVT timing . 27Figure 9 SRDO write . 27Figure 10 GFC write 28Figure 11 Safety function r

20、esponse time 30Figure A.1 Model I . 33Figure A.2 Model II . 33Figure A.3 Model III . 34Figure A.4 Model IV 34Tables Table 1 Communication errors and safety measures matrix 12Table 2 SRDO write 14Table 3 SRDO communication parameter record . 15Table 4 Object definition . 16Table 5 Entry definition .

21、17Table 6 Value definition 19Table 7 Object definition . 19Table 8 Entry definition . 20Table 9 SR parameter data for SRDO 1 for CRC calculation . 23Table 10 Object definition . 23Table 11 Entry definition . 24Table 12 Object definition . 25Table 13 Entry definition . 25Table 14 Object definition .

22、26Table 15 Entry definition . 26BS EN 50325-5:2010- 5 - EN 50325-5:2010 Introduction The EN 50325-4 fieldbus standard defines a communication protocol that enables distributed control of automated applications. Fieldbus technology is now considered well accepted and well proven. Thus many fieldbus e

23、nhancements are emerging, addressing not yet standardized areas such as real time, safety-related and security-related applications. This European Standard specifies a safety communication layer (profile and corresponding protocols) based on the communication profile and protocol layer of EN 50325-4

24、. The relevant principles for functional safety communication with reference to EN 61508 series are explained in EN 617843. Differently to EN 617843 this standard uses a white channel approach. It does not cover electrical safety and intrinsic safety aspects. Figure 1 shows the safety-related defini

25、tions in this standard. In implementing this standard additional measures to ensure integrity with the requirements of EN 61508 series shall be taken care (marked blue and dashed-blue in Figure 1). Figure 1 Safety-related definitions in this standard BS EN 50325-5:2010EN 50325-5:2010 - 6 - Figure 2

26、shows the relationships between this standard and relevant safety and fieldbus standards in a machinery environment. EN 6100012Methodology EMC otherwise EN 61326-3-1. Figure 3 Relationships of EN 503255 with other standards (process) In other environments than machinery and process control, like for

27、 example medical devices or railway systems, other standards instead may apply. The user of this standard has to take care that all related standards for the corresponding environment are considered. Safety communication layers, which are implemented as part of safety-related systems according to EN

28、 61508 series, provide the necessary confidence in the transportation of messages (information) between two or more participants on a field bus in a safety-related system, or sufficient confidence of safe behaviour in the event of fieldbus errors or failures. The safety communication layer specified

29、 in this standard do this in such a way that a fieldbus can be used for applications requiring functional safety up to the Safety Integrity Level (SIL) specified by its corresponding safety communication profile. The resulting SIL claim of a system depends on the implementation of the functional saf

30、ety communication profile within this system implementation of the functional safety communication profile in a regular device is not sufficient to qualify it as a safety device. BS EN 50325-5:2010EN 50325-5:2010 - 8 - This European Standard covers: individual description of the functional safety pr

31、ofile for the communication profile defined in EN 50325-4; safety layer extensions to the communication object and object dictionary sections in EN 50325-4. 1 Scope This European Standard specifies a safety-related communication layer (services and protocol) based on EN 50325-4. This European Standa

32、rd applies to networks based on EN 50325-4 providing safety-related communication capabilities between devices in a safety-related system in accordance with the requirements of EN 61508 series for functional safety. The services and protocols defined in this standard are intended to extend those def

33、ined in EN 50325-4. These services and protocols may be used in various applications such as manufacturing, machinery, medical, mobile machinery and process control. NOTE 1 This European Standard does not cover the procedures for the safety-related configuration and for the safety-related setup of s

34、afety-related systems. The definition and implementation of such procedures depends on the kind of the safety-related system. For example flexible safety-related systems like operating theatres as found in medical systems require different procedures than for fixed safety-related systems like cranes

35、 in the mobile machinery. This European Standard does not cover electrical safety, intrinsic safety and security aspects. Electrical safety relates to hazards such as electrical shock. Intrinsic safety relates to hazards associated with potentially explosive atmospheres. Security relates to enforcin

36、g policies to prevent changes in the safety-related system by unauthorized personnel. NOTE 2 The resulting safety integrity level claim of a system depends on the implementation of the services and protocols within the devices and the system. The implementation of the services and protocols defined

37、in this European Standard in a device is not sufficient to qualify the device as a safety-related device. 2 Normative references EN 50325-4, Industrial communications subsystem based on ISO 11898 (CAN) for controller-device interfaces - Part 4: CANopen EN 6100062, Electromagnetic compatibility (EMC)

38、 Part 6-2: Generic standards Immunity for industrial environments (IEC 61000-6-2) EN 6132631, Electrical equipment for measurement, control and laboratory use EMC requirements Part 3-1: Immunity requirements for safety-related systems and for equipment intended to perform safety-related functions (f

39、unctional safety) General industrial applications (IEC 61326-3-1) EN 6132632, Electrical equipment for measurement, control and laboratory use EMC requirements Part 3-2: Immunity requirements for safety-related systems and for equipment intended to perform safety-related functions (functional safety

40、) Industrial applications with specified electromagnetic environment (IEC 61326-3-2) EN 61508 (series), Functional safety of electrical/electronic/programmable electronic safety-related systems (IEC 61508 series) EN 617843:2008, Industrial communication networks - Profiles Part 3: Functional safety

41、fieldbuses - General rules and profile definitions (IEC 61784-3:2007) EN 61918, Industrial communication networks - Installation of communication networks in industrial premises (IEC 61918) EN ISO 13849-1, Safety of machinery Safety-related parts of control systems Part 1: General principles for des

42、ign BS EN 50325-5:2010- 9 - EN 50325-5:2010 ISO 11898-1, Road vehicles - Controller area network (CAN) Part 1: Data link layer and physical signalling 3 Terms, definitions, symbols, abbreviated terms and conventions For the purposes of this document, the following terms and definitions apply. 3.1 Te

43、rms and definitions For the purposes of this document, the terms and definitions given in EN 617843, EN 50325-4 and the following apply. 3.1.1 logical device representation of a program in terms of its objects from one device profile segment (see EN 50325-4) and behaviour as viewed through a network

44、 3.1.2 SR application object application object in accordance with EN 50325-4 that includes all necessary measures to ensure its integrity with the requirements of EN 61508 series 3.1.3 SR communication profile and protocols communication profile and protocols that include all the necessary measures

45、 to ensure safe transmission of data and the necessary measures to ensure safe configuration with the requirements of EN 61508 series 3.1.4 SR device composition of regular communication profile and protocols as defined in EN 50325-4, SR communication profile and protocols, regular logical devices a

46、nd SR logical devices 3.1.5 SR logical device logical device that includes all necessary measures to ensure safe operation with the requirements of EN 61508 series 3.2 Symbols and abbreviated terms For the purposes of this document, the following abbreviations apply. 3.2.1 Common symbols CAN Control

47、ler Area Network ISO 11898-1 CAN-ID CAN Identifier ISO 11898-1 COB Communication Object EN 50325-4 COB-ID COB Identifier EN 50325-4 CRC Cyclic Redundancy Check DLL Data Link Layer ISO/IEC 7498-1 E/E/PE Electrical/Electronic/Programmable Electronic EN 61508-4 EMC Electromagnetic Compatibility EUC Equ

48、ipment Under Control EN 61508-4 FAL Fieldbus Application Layer EN 617843 FCS Frame Check Sequence FSCP Functional Safety Communication Profile EN 617843 BS EN 50325-5:2010EN 50325-5:2010 - 10 - NMT Network Management EN 50325-4 NSR Non-safety-related PDU Protocol Data Unit ISO/IEC 7498-1 PES Programmable electronic system EN 61508 series PFD Average probability of failure on demand EN 61508-6 PFH Probability of failure per hour EN 61508-6 PhL Physical Layer ISO/IEC 7498-1 RTR Remote Transmission Request