1、BSI Standards Publication Safety of machinery Evaluation of fault masking serial connection of interlocking devices associated with guards with potential free contacts PD ISO/TR 24119:2015National foreword This Published Document is the UK implementation of ISO/TR 24119:2015. The UK participation in
2、 its preparation was entrusted to Technical Committee MCE/3, Safeguarding of machinery. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible fo
3、r its correct application. The British Standards Institution 2015. Published by BSI Standards Limited 2015 ISBN 978 0 580 86043 0 ICS 13.110 Compliance with a British Standard cannot confer immunity from legal obligations. This Published Document was published under the authority of the Standards Po
4、licy and Strategy Committee on 30 November 2015. Amendments/corrigenda issued since publication Date Text affected PUBLISHED DOCUMENT PD ISO/TR 24119:2015 ISO 2015 Safety of machinery Evaluation of fault masking serial connection of interlocking devices associated with guards with potential free con
5、tacts Scurit des machines valuation du masquage de fautes dans les connexions en srie des dispositifs dinterverrouillage associs aux contacts sans potentiel TECHNICAL REPORT ISO/TR 24119 Reference number ISO/TR 24119:2015(E) First edition 2015-11-15 PD ISO/TR 24119:2015 ISO/TR 24119:2015(E)ii ISO 20
6、15 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO 2015, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the
7、 internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749
8、09 47 copyrightiso.org www.iso.org PD ISO/TR 24119:2015 ISO/TR 24119:2015(E)Foreword iv 1 Scope . 1 2 Normative references 1 3 T erms and definitions . 1 4 Fault masking . 5 4.1 General . 5 4.2 Direct fault masking . 6 4.3 Unintended reset of the fault 6 4.4 Cable fault with unintended reset 7 5 Met
9、hodology for evaluation of DC for series connected interlocking devices .8 6 Limitation of DC by effects of series connected devices 9 6.1 General . 9 6.2 Simplified method for the determination of the maximum achievable DC 9 6.3 Regular method for the determination of the maximum achievable DC 9 6.
10、3.1 Estimation of the fault masking probability 9 6.3.2 Determination of the maximum achievable DC .10 6.4 Interlocking devices with potential free contacts and other potential free contacts of devices with different functionality connected in series 12 7 Avoiding fault masking .13 Annex A (informat
11、ive) Examples of the application of the evaluation methods described in 6.2 and 6.3 14 Bibliography .20 ISO 2015 All rights reserved iii Contents Page PD ISO/TR 24119:2015 ISO/TR 24119:2015(E) Foreword ISO (the International Organization for Standardization) is a worldwide federation of national sta
12、ndards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International or
13、ganizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. The procedures used to develop this document and those intended for i
14、ts further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/d
15、irectives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in
16、 the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions r
17、elated to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information The committee responsible for this document is ISO/TC 199, Safety of machinery.iv ISO 2015 All right
18、s reserved PD ISO/TR 24119:2015 TECHNICAL REPORT ISO/TR 24119:2015(E) Safety of machinery Evaluation of fault masking serial connection of interlocking devices associated with guards with potential free contacts 1 Scope This Technical Report illustrates and explains principles of fault masking in ap
19、plications where multiple interlocking devices with potential free contacts (B1 to Bn) are connected in series to one logic unit (K) which does the diagnostics (see Figures 1 to 7). It further provides a guide how to estimate the probability of fault masking and the maximum DC for the involved inter
20、locking devices. This Technical Report only covers interlocking devices in which both channels are physical serial connections. This Technical Report does not replace the use of any standards for the safety of machinery. The goals of this Technical Report are the following: guidance for users for es
21、timation of the maximum DC values; design guidance for SRP/CS. NOTE 1 Interlocking devices with integrated self-monitoring are not included in the scope of this Technical Report. NOTE 2 Limitation is also given by the diagnostic means implemented in the logic unit. NOTE 3 This Technical Report is no
22、t restricted to mechanical actuated position sensors. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest e
23、dition of the referenced document (including any amendments) applies. ISO 12100, Safety of machinery General principles for design Risk assessment and risk reduction ISO 13849-1:2006, Safety of machinery Safety-related parts of control systems Part 1: General principles for design ISO 14119:2013, Sa
24、fety of machinery Interlocking devices associated with guards Principles for design and selection 3 T erms a nd definiti ons For the purposes of this document, the terms and definitions given in ISO 12100, ISO 13849-1, ISO 14119 and the following apply. 3.1 fault masking unintended resetting of faul
25、ts or preventing the detection of faults in the SRP/CS by operation of parts of the SRP/CS which do not have faults 3.2 series connected devices devices with potential free contacts (B1 to Bn) are connected in series to one logic unit (K) which does the diagnostics ISO 2015 All rights reserved 1 PD
26、ISO/TR 24119:2015 ISO/TR 24119:2015(E) 3.3 signal evaluation of redundant channels with same polarity technique where the logic unit of the safety function evaluates redundant signals which have the same supply voltage 3.4 signal evaluation of redundant channels with inverse polarity technique where
27、 the logic unit of the safety function evaluates redundant signals in which the second channel has the ground polarity Note 1 to entry: See IEC 60204-1:2005, 9.4.3.1, method a). 3.5 signal evaluation of redundant channels with dynamic signals technique where the logic unit of the safety function eva
28、luates redundant dynamic signals Note 1 to entry: Dynamic signals can be generated with test pulses, frequency modulation, etc. 3.6 star cabling cabling structure where every interlocking device is wired with a single cable to the electric cabinet or enclosure Note 1 to entry: Figure 1 shows a star
29、cabling. Key A electrical cabinet B1.1, B1.2, B2.1, B2.2, B3.1, B3.2 interlocking devices with potential free contacts K logic unit S manual reset function reset device Figure 1 Star cabling2 ISO 2015 All rights reserved PD ISO/TR 24119:2015 ISO/TR 24119:2015(E) 3.7 branch cabling trunk cabling cabl
30、ing structure where a single cable from the electric cabinet is wired to the first interlocking device and from this interlocking device to the next, and so on, until the last interlocking devices and the resulting signals are wired the same way back to the electric cabinet Note 1 to entry: Figure 2
31、 shows a branch (trunk) cabling. Key A electrical cabinet B1.1, B1.2, B2.1, B2.2, B3.1, B3.2 interlocking devices with potential free contacts K logic unit S manual reset function reset device Figure 2 Branch (trunk) cabling 3.8 loop cabling cabling structure where a single cable from the electric c
32、abinet is wired to the first interlocking device and from this interlocking devices to the next, and so on, until the last interlocking device while the signals return to the electric cabinet in a separate cable Note 1 to entry: Figure 3 shows a loop cabling. ISO 2015 All rights reserved 3 PD ISO/TR
33、 24119:2015 ISO/TR 24119:2015(E) Key A electrical cabinet B1.1, B1.2, B2.1, B2.2, B3.1, B3.2 interlocking devices with potential free contacts K logic unit S manual reset function reset device Figure 3 Loop cabling 3.9 single arrangement application of two different contacts of a single interlocking
34、 device in the redundant channels of an interlocking circuit for a single guard interlocking Note 1 to entry: Figure 4 shows a single arrangement.4 ISO 2015 All rights reserved PD ISO/TR 24119:2015 ISO/TR 24119:2015(E) Key A electrical cabinet B1, B2, B3 interlocking devices with potential free cont
35、acts K logic unit S manual reset function reset device Figure 4 Single arrangement 3.10 redundant arrangement application of single contacts of two (redundant) interlocking devices in the redundant channels of an interlocking circuit for a single guard interlocking Note 1 to entry: Figures 1 to 3 sh
36、ow redundant arrangements. 3.11 protected cabling cabling which is permanently connected (fixed) and protected against external damage, e.g. by cable ducting, armoring, or within an electrical enclosure according to IEC 60204-1 4 Fault masking 4.1 General A common approach in the design of safety re
37、lated circuits is to series connect devices with potential free contacts, e.g. multiple interlocking devices connected to a single safety logic controller which performs the diagnostics for the overall safety function. Although in such applications a single fault will, in most cases, not lead to the
38、 loss of the safety function and will be detected, in practice, problems sometimes occur. It is foreseeable that more than one movable guard will be open at the same time or in a sequence, e.g. due to subsequent fault finding procedure or as part of the regular operation of the machine. Due to the s
39、erial connection of the contacts, faults in the wiring or contacts detected by the logic unit may be masked by the operation of one of the other (non-faulty) in series connected devices. As a result, the operation of the machine is possible while a single fault is present in the SRP/CS. This can, in
40、 consequence, allow the accumulation of faults leading to an unsafe system. ISO 2015 All rights reserved 5 PD ISO/TR 24119:2015 ISO/TR 24119:2015(E) Figures 5 to 7 show examples for fault masking in situations with movable guards with series connected interlocking devices. 4.2 Direct fault masking F
41、igure 5 s h o ws a si tua ti o n w h e re tw o m o va b l e guards a ctua ted in a sp ecifi c s eq u e n c e can l ea d to fault masking. Key B1, B2, B3 interlocking devices with potential free contacts K logic unit S manual reset function reset device x1 initial fault contact fails to open x2 secon
42、d fault broken switch lever Figure 5 Direct fault masking 4.3 Unintended reset of the fault Figure 6 shows a situation where a fault in one interlocking device is initially detected but then is reset unintentionally by operation of one of the other interlocking devices.6 ISO 2015 All rights reserved
43、 PD ISO/TR 24119:2015 ISO/TR 24119:2015(E) Key B1, B2, B3 interlocking devices with potential free contacts K logic unit S manual reset function reset device x1 initial fault contact fails to open x2 second fault broken switch lever Figure 6 Unintended reset of the fault 4.4 Cable fault with uninten
44、ded reset Figure 7 shows a situation where a fault in the cabling is initially detected but then is reset unintentionally by operation of one of the other interlocking devices. ISO 2015 All rights reserved 7 PD ISO/TR 24119:2015 ISO/TR 24119:2015(E) Key B1, B2, B3 interlocking devices with potential
45、 free contacts K logic unit S manual reset function reset device x1 initial fault short circuit to Un x2 second fault broken switch lever Un nominal voltage of the channel Figure 7 Cable fault with unintended reset 5 Methodology for evaluation of DC for series connected interlocking devices Step 1:
46、Determine DC (see ISO 13849-1:2006, Annex E) of every single position switch which is a part of the safety function(s). Step 2: Improve the resistance to fault masking if required by enhancing the design or changing the diagnostic method (refer to Clauses 6 and 7 and ISO 13849-2:2012, Annex D). Impr
47、ove diagnostic coverage using a different diagnostic measure (see ISO 13849-1:2006, Annex E). Improve cabling in order to reduce fault possibilities or to allow fault exclusion. Select other type of interlocking device in order to allow fault exclusion.8 ISO 2015 All rights reserved PD ISO/TR 24119:
48、2015 ISO/TR 24119:2015(E) Step 3: Limit the DC of the position switch to the maximum achievable DC by applying one of the methods given in Clause 6. Step 4: Improve DC if required according to Clause 7. 6 Limitation of DC by effects of series connected devices 6.1 General According to ISO 14119:2013
49、, 8.6, with respect to serial wiring of contacts (without additional diagnostics), the effect of possible fault masking should be carefully taken into consideration. Possible fault masking may lead to a fault accumulation, therefore, the maximum achievable DC should be estimated using one of the methods described in 6.2 and 6.3. The maximum achievable PL is limited to PL d and the maximum DC is limited to medium. NOTE The probability of occurrence of faults due to random and sy
