1、BI I .TR4: 2004 ANSI Technical Report for Machine Tools - Selection of Programmable Electronic Systems (PESIPLC) for Machine Tools Registered: June 20,2004 by the American National Standards Institute, Inc. Secretariat and Standards Developing Organization: AMT- The Association For Manufacturing Tec
2、hnology Technology Department 7901 Westpark Drive McLean, VA 22102 Copyright; All rights reserved No part of this document may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of the publisher. Printed in the United States of America AMERICA
3、N NATIONAL STANDARDS / TECHNICAL REPORTS By registering this ANSI Technical Report, the ANSI Board of Standards Review confirms that the requirements for due process, consensus, balance and openness have been met by AMT - The Association For Manufacturing Technology (the ANSI-accredited standards de
4、veloping organization). American National Standards and Technical Reports are developed through a consensus process. Consensus is established when substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but n
5、ot necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made toward resolution. This process brings together volunteers andlor seeks out the views of persons who have an interest in the topic covered by this publication. While AMT admi
6、nisters the process and establishes procedures to promote fairness in the development of consensus, it does not write the document and it does not independently test, evaluate or verify the accuracy or completeness of any information or the soundness of any judgments contained in its standards or gu
7、idelines. American National Standards and Technical Reports are promulgated through ANSI for voluntary use; their existence does not in any respect preclude anyone, whether they have approved the standardsltechnical reports or not, from manufacturing, marketing, purchasing, or using products, proces
8、ses, or procedures not conforming to the these documents. However, users, distributors, regulatory bodies, certification agencies and others concerned may apply American National Standards or Technical Reports as mandatory requirements in commerce and industry. The American National Standards Instit
9、ute does not develop standards or technical reports and will in no circumstances give an interpretation of an American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National Standards I
10、nstitute. Requests for interpretations should be addressed to the Secretariat (AMT). AMT MAKES NO WARRANTY, EITHER EXPRESSED OR IMPLIED AS TO THE FITNESS OF MERCHANTABILITY OR ACCURACY OF THE INFORMATION CONTAINED WITHIN THIS TECHNICAL REPORT, AND DISCLAIMS AND MAKES NO WARRANTY THAT THE INFORMATION
11、 IN THIS DOCUMENT WILL FULFILL ANY OF YOUR PARTICULAR PURPOSES OR NEEDS. AMT disclaims liability for any personal injury, property or other damages of any nature whatsoever, whether special, indirect, consequential or compensatory, directly or indirectly resulting from the publication, use of, appli
12、cation or reliance on this document. AMT does not undertake to guarantee the performance of any individual manufacturer or sellers products or services by virtue of this technical report, nor does it take any position with respect to the validity of any patent rights asserted in connection with the
13、items which are mentioned in or are the subject of this document, and AMT disclaims liability for the infringement of any patent resulting from the use of or reliance on this document. Users of this document are expressly advised that determination of the validity of any such patent rights, and the
14、risk of infringement of such rights, is entirely their own responsibility. In publishing or making this document available, AMT is not undertaking to render professional or other services for or on behalf of any person or entity, nor is AMT undertaking to perform any duty owed by any person or entit
15、y to someone else. Anyone using this document should rely on his or her own independent judgment, or as appropriate, seek the advice of a competent professional in determining the exercise of reasonable care in any given ci rcumstances. AMT has no power, nor does it undertake to police or enforce co
16、nformance to the requirements of this document. AMT does not certify, test or inspect products, designs, or installations for safety or health purposes. Any certification or other statement of conformance to any health or safety-related information in this document shall not be attributable to AMT a
17、nd is solely the responsibility of the certifier or maker of the statement. NOTICE: This ANSI Technical Report may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be taken periodically to reaffirm, revise, or withdraw this technica
18、l report. You may contact the Secretariat for current status information on this, or other BI 1 documents. Individuals interested in obtaining up-to-date information on standards can access this information at http:www.nssn.org (or by contacting ANSI). NSSN - A National Resource for Global Standards
19、, provides a central point to search for standards information from worldwide sources and can connect those who seek standards to those who supply them. Published by: AMT - The Association For Manufacturing Technology 7901 Westpark Drive, McLean, VA 22102-4206, USA Copyright O 2004 by AMT- The Assoc
20、iation For Manufacturing Technology All rights reserved. Printed in the United States of America No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without the prior written permission of the publisher. ii CONTENTS PAGE FOREWORD . IV INTRODUCTI
21、ON . VI 1 SCOPE AND PURPOSE 1 1.1 SCOPE 1 1.2 PURPOSE 1 2 REFERENCES 1 3 DEFINITIONS 2 4 GENERAL CONSIDERATIONS 3 4.1 SAFETY PROGRAMMABLE ELECTRONIC SYSTEM (SPES) . 6 5 DESIGN CONSIDERATIONS FOR A SPES 9 5.2 SELECTION OF CONGRATION . 9 5.3 FAILURE MODES . 9 6 SAFETY PROGRAMMABLE ELECTRONIC DEVICE 9
22、6.2 APPLICATION SOFTWARE 11 6.3 SECURITY METHODS . 11 6.4 DOCUMENTATION . 11 7 VALIDATION OF THE PES . 12 5.1 SPES PERFORMANCE LEVEL 9 6.1 SELECT ORDESIGN THE SPED FORTHE GIVEN SAFETYRELATED FUNCTION(S) . 10 ANNEX A - PERFORMANCE OF THE SAFETY-RELATED FUNCTION(S) . 13 ANNEX B - IDENTIFICATION AND AN
23、ALYSIS OF FAILURES 14 ANNEX C - SAFETY RELATED PERFORMANCE LEVELS . 16 iii Foreword Recognizing the need for a guidance document on the subject matter, the ANSI-BI1 Accredited Standards Committee for Machine Tool Safety formed a subcommittee consisting of professionals that are involved in manufactu
24、ring, safety, design and controls to develop a technical report giving guidelines for the selection of programmable electronic systems when applied to machine tools covered by the ANSI BI1 series of safety standards. This Subcommittee began work on this Technical Report in October 1997. After a hiat
25、us beginning August 2000, the Subcommittee resumed its work in June 2003, taking a very different direction and finally producing the work you are reading in early 2004. There are annexes at the end of this technical report dealing specifically with the performance of safety related functions (contr
26、ol reliability), identification and analysis of failures, and safety related performance levels. Publication of this Technical Report has been approved by the Accredited Standards Developer - AMT- The Association For Manufacturing Technology. This document is registered as a Technical Report accordi
27、ng to the Procedures for the Registration of Technical Reports with ANSI. This document is not an American National Standard and the material contained herein is not normative in nature. While standards generally use the term shall to denote a requirement and the word should to denote a recommendati
28、on, this document is written using those terms consistent with how they are used in a standard (normative requirement vs. an informative recommendation). Nonetheless, the preceding paragraph remains true; nothing in this document is normative. Suggestions for improvement or comments on the technical
29、 content of this technical report are welcomed. They should be sent to: AMT- The Association For Manufacturing Technology, 7901 Westpark Dr., McLean, VA 221 02-4206, Attention: BI 1 Secretariat. ANSI BI 1 Accredited Standards Committee: John W. Russell, PE, CSP Chairman Gary D. Kopps, Vice-chairman
30、David A. Felinski, Secretary Organizations Represented Aerospace Industries Association of America Alliance of American Insurers American Institute for Steel Construction American Society of Safety Engineers AMT- The Association For Manufacturing Technology Automotive Industry Action Group Boeing Ca
31、n Manufacturers Institute General Motors Corporation John Deere Metal Building Manufacturers Association Metal Powder Industries Federation Natl. Inst. for Occupational Safety 0 designed for safety-related functions; 0 0 not necessarily designed for a specific application; listed for use in safety-r
32、elated applications. “Off the shelf“ controllers that, properly applied, could be used for safety-related functions but are not initially designed with that intention. * These types do not imply any specific safety performance level (SIL / Category); the letters assigned are for reference purposes o
33、nly. No hierarchy based on order presented is implied. The following figures (Figures 1- 4) show some configurations where a Safety Control System is integrated into the Machine Control System. There are many different possible configurations with the combinations between: 0 A hardwired control syst
34、em; 0 A programmable control system; 0 A programmable electronic device; 0 A hardwired safety control system; 0 A programmable safety control system. 3 ANSI Technical Report BI 1 .TR4 - 2004 Figure 1 The machine control system depicted in Figure 1 above contains: 0 0 Hardwired Electromechanical devi
35、ces including non-safety rated inputs and actuators; A Programmable Electronic System (PES) including non-safety rated inputs and actuators which contains a Programmable Electronic Device (PED) and a Safety Programmable Electronic System (SPES) which contains: O The Safety Programmable Electronic Sy
36、stem (SPES), which contains a Safety Programmable Electronic Device (SPED), and safety rated inputs and outputs. MACHINE CONTROL SYSTEM I PES I . I i PED i I I I L 4 . I I I I I I I I SPES I I pq I I I I L-I Figure 2 The machine control system depicted in Figure 2 above contains: 0 0 0 Hardwired Ele
37、ctromechanical devices including non-safety rated inputs and actuators; A Programmable Electronic System (PES) including non-safety rated inputs and actuators which contains a Programmable Electronic Device (PED); A Safety Programmable Electronic System (SPES), which contains a Safety Programmable E
38、lectronic Device (SPED), and safety rated inputs and outputs. 4 ANSI Technical Report BI 1 .TR4 - 2004 Figure 3 The machine control system depicted in Figure 3 above contains: 0 0 Hardwired Electromechanical devices including non-safety rated inputs and actuators; Two Programmable Electronic Systems
39、 (PES) including non-safety rated inputs and actuators each containing a Programmable Electronic Device (PED) and a Safety Programmable Electronic System (SPES) that contains: O Each Safety Programmable Electronic System (SPES) contains a Safety Programmable Electronic Device (SPED), and safety rate
40、d inputs and outputs. Figure 4 The machine control system depicted in Figure 4 above contains: 0 0 Hardwired Electromechanical devices including non-safety rated inputs and actuators; Two Programmable Electronic Systems (PES) including non-safety rated inputs and actuators each containing a Programm
41、able Electronic Device (PED) and a Safety Programmable Electronic System (SPES) O One of the Safety Programmable Electronic Systems (SPES) contains a Safety Programmable Electronic Device (SPED) O The other Safety Programmable Electronic System (SPES) contains two Safety Programmable Electronic Devi
42、ces (SPED), and safety rated inputs and outputs. 5 ANSI Technical Report BI 1 .TR4 - 2004 4.1 Safety Programmable Electronic System (SPES) The machine, from input of raw materials to output of finished product, should be reviewed and detailed to determine the hazards and safety-related functions tha
43、t exist. The input control devices, interfaces with other systems, the machine actuators that present hazardous motion, the safeguarding used to control these hazards and the tasks to be performed by the machine production system must be known. Use clause 5 of the base BI 1 machine safety standard t
44、o identify the taskdhazards and the hazard control/risk reduction strategy. Refer to 8.1.2 in ANSI BI 1 .TR3 for further information on levels of risk reduction. Safeguarding Device i Manual Input Devices Other Machine Components, Systems Interface and Subsystems Communication System Interface Compo
45、nents, Systems and Figure 5: Example of a Safety Programmable Electronic System (SPES) 0 Where: Interface = Connections between the input or output elements and the PED. The interface can include subsystems that enhance the reliability of the connection, and can check the operation of the input or o
46、utput element. This “interface” is sometimes referred to as the “system isolation equipment.” Communication system = Serial, parallel or bus connections that control or monitor the machine from a remote location or from another machine or machine group or from other components and devices within the
47、 machine system. Machine sensors, manual input devices or other machine components, systems and subsystems = Components of the machine system required to function as intended. These may include initiation controls, position and speed measuring devices, signals from other machine components, systems
48、or subsystems, stop controls, etc. Safeguarding device = A means that detects or prevents access to a hazard. Machine actuator = A power mechanism used to affect motion of the machine. Other machine components, systems and subsystems = Auxiliary equipment and other machines associated with the opera
49、tion of the system. 0 0 0 0 0 NOTE: Per ANSI / NFPA 79, control systems incorporating software and firmware based controllers performing safety-related functions shall conform to all of the following: A) In the event of any single failure perform as follows: a) b) c) Lead to the shutdown of the system in a safe state; Prevent subsequent operation until the component failure has been corrected; Prevent unintended startup of equipment upon correction of the failure. B) Provide protection equivalent to that of control systems incorporating hardwired/hardware compon
