1、April 2015Translation by DIN-Sprachendienst.English price group 23No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).ICS 3
2、5.240.99; 65.060.01!%Anr“2307579www.din.deDDIN EN 16590-3Tractors and machinery for agriculture and forestry Safety-related parts of control systems Part 3: Series development, hardware and software (ISO 25119-3:2010modified);English version EN 16590-3:2014,English translation of DIN EN 16590-3:2015
3、-04Traktoren und Maschinen fr die Land- und Forstwirtschaft Sicherheitsbezogene Teile von Steuerungen Teil 3: Serienentwicklung, Hardware, Software (ISO 25119-3:2010 modifiziert);Englische Fassung EN 16590-3:2014,Englische bersetzung von DIN EN 16590-3:2015-04Tracteurs et matriels agricoles et fores
4、tiers Parties des systmes de commande relatives la scurit Partie 3: Dveloppement en srie, matriels et logiciels (ISO 25119-3:2010 modifi);Version anglaise EN 16590-3:2014,Traduction anglaise de DIN EN 16590-3:2015-04SupersedesDIN EN 16590-3:2014-11www.beuth.deIn case of doubt, the German-language or
5、iginal shall be considered authoritative.Document comprises 66 pages03.15 DIN EN 16590-3:2015-042 A comma is used as the decimal marker. National forewordThis standard includes safety requirements. This document (EN 16590-3:2014) has been prepared by Technical Committee CEN/TC 144 “Tractors and mach
6、inery for agriculture and forestry” (Secretariat: AFNOR, France). The responsible German body involved in its preparation was the DIN-Normenausschuss Maschinenbau (DINStandards Committee Mechanical Engineering), Working Committee NA 060-16-12 AA Elektronik of SectionLandtechnik. Representatives of m
7、anufacturers and users of agricultural machinery, and of the employers liability insurance associations contributed to this standard. This standard contains specifications meeting the essential requirements set out in Annex I of the “Machinery Directive”, Directive 2006/42/EC, and which apply to mac
8、hines that are either first placed on the market or commissioned within the EEA. This standard serves to facilitate proof of compliance with the essential requirements of that directive. Once this standard is cited in the Official Journal of the European Union, it is deemed a “harmonized” standard a
9、nd thus, a manufacturer applying this standard may assume compliance with the requirements of the Machinery Directive (“presumption of conformity”). The European Standards referred to in Clause 2 and in the Bibliography of the EN have been published as the corresponding DIN EN or DIN EN ISO Standard
10、s with the same number. Where the International Standards referred to are not also DIN ISO Standards with the same number, there are no national standards available. Amendments This standard differs from DIN EN 16590-3:2014-11 as follows: a) Subclause 5.2: Figure 1 has been adapted to the English re
11、ference version; b) Subclause 7.5.4.1: corrections have been made in Table 4, line 3.1, last column, and line 4.4, penultimate column; c) Subclause B.2.24: the NOTE has been deleted. Previous editions DIN EN 16590-3: 2014-11 EN 16590-3 April 2014 ICS 35.240.99; 65.060.01 English Version Tractors and
12、 machinery for agriculture and forestry - Safety-related parts of control systems - Part 3: Series development, hardware and software (ISO 25119-3:2010 modified) Tracteurs et matriels agricoles et forestiers - Parties dessystmes de commande relatives la scurit - Partie 3:Dveloppement en srie, matrie
13、ls et logiciels(ISO 25119-3:2010 modifi)Traktoren und Maschinen fr die Land- und Forstwirtschaft -Sicherheitsbezogene Teile von Steuerungen -Teil 3: Serienentwicklung, Hardware, Software(ISO 25119-3:2010 modifiziert)This European Standard was approved by CEN on 23 February 2014. CEN members are boun
14、d to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CE
15、N-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre h
16、as the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, L
17、uxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN na
18、tional Members. Ref. No. EN 16590-3:2014 EEUROPEAN COMMITTEE FOR STANDARDIZATIONCOMIT EUROPEN DE NORMALISATIONEUROPISCHES KOMITEE FR NORMUNGEUROPEAN STANDARDNORME EUROPENNEEUROPISCHE NORMEN 16590-3:2014 (E) 2 Contents Page Foreword 4 Introduction .5 1 Scope 7 2 Normative references 7 3 Terms and def
19、initions .7 4 Abbreviated terms .7 5 System design 8 5.1 Objectives .8 5.2 General 8 5.3 Prerequisites 9 5.4 Requirements .9 5.4.1 Structuring safety requirements 9 5.4.2 Functional safety concept . 10 5.4.3 Technical safety concept . 11 6 Hardware 13 6.1 Objectives 13 6.2 General . 13 6.3 Prerequis
20、ites . 14 6.4 Requirements 14 6.5 Hardware categories 15 6.6 Work products . 16 7 Software . 16 7.1 Software development planning . 16 7.1.1 Objectives 16 7.1.2 General . 17 7.1.3 Prerequisites . 17 7.1.4 Requirements 17 7.1.5 Work products . 20 7.2 Software safety requirements specification 20 7.2.
21、1 Objectives 20 7.2.2 General . 20 7.2.3 Prerequisites . 20 7.2.4 Requirements 21 7.2.5 Work products . 24 7.3 Software architecture and design . 24 7.3.1 Objectives 24 7.3.2 General . 24 7.3.3 Prerequisites . 24 7.3.4 Requirements 24 7.3.5 Work products . 27 7.4 Software module design and implement
22、ation . 27 7.4.1 Objectives 27 7.4.2 General . 27 7.4.3 Prerequisites . 27 7.4.4 Requirements 27 7.4.5 Work products . 36 7.5 Software module testing 36 DIN EN 16590-3:2015-04EN 16590-3:2014 (E) 3 7.5.1 Objectives 36 7.5.2 General . 36 7.5.3 Prerequisites 36 7.5.4 Requirements . 36 7.5.5 Work produc
23、ts . 44 7.6 Software integration and testing . 44 7.6.1 Objectives 44 7.6.2 General . 44 7.6.3 Prerequisites 45 7.6.4 Requirements . 45 7.6.5 Work products . 46 7.7 Software safety validation 47 7.7.1 Objectives 47 7.7.2 General . 47 7.7.3 Prerequisites 47 7.7.4 Requirements . 47 7.7.5 Work products
24、 . 49 7.8 Software-based parameterisation 49 7.8.1 Objective. 49 7.8.2 General . 49 7.8.3 Prerequisites 49 7.8.4 Requirements . 50 7.8.5 Work products . 50 Annex A (informative) Example of agenda for assessment of functional safety at AgPL = e . 52 A.1 Functions of system 52 A.2 Hardware 52 A.3 Safe
25、ty concept . 52 A.4 Safety analysis and safety data . 52 A.5 Safety design process for phases of life cycle 52 A.6 Software development 53 A.7 Verification and testing . 53 A.8 Documentation and safety documentation. 53 A.9 Summary and assessment . 53 Annex B (informative) Independence by software p
26、artitioning 54 B.1 General . 54 B.2 Terms, definitions and abbreviated terms 54 B.3 Objectives 56 B.4 General . 57 B.5 Requirements . 57 B.5.1 General requirements . 57 B.5.2 Several partitions within a single microcontroller . 57 B.5.3 Several partitions within the scope of a micro-controller netwo
27、rk 60 Annex ZA (informative) Relationship between this European Standard and the Essential Requirements of EU Machinery Directive 2006/42/EC . 63 Bibliography 64 DIN EN 16590-3:2015-04EN 16590-3:2014 (E) 4 Foreword This document (EN 16590-3:2014) has been prepared by Technical Committee CEN/TC 144 “
28、Tractors and machinery for agriculture and forestry”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by October 2014, and conflicting national standards sh
29、all be withdrawn at the latest by October 2014. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This document has been prepared under
30、a mandate given to CEN by the European Commission and the European Free Trade Association, and supports essential requirements of EU Directive(s). For relationship with EU Directive(s), see informative Annex ZA, which is an integral part of this document. EN 16590 Tractors and machinery for agricult
31、ure and forestry Safety-related parts of control systems consists of the following parts: Part 1: General principles for design and development Part 2: Concept phase Part 3: Series development, hardware and software Part 4: Production, operation, modification and supporting processes The modificatio
32、ns to ISO 25119-3:2010 are indicated by a vertical line in the margin. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmar
33、k, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. DIN EN 16590-3:2
34、015-04EN 16590-3:2014 (E) 5 Introduction EN 16590 sets out an approach to the design and assessment, for all safety life cycle activities, of safety-relevant systems comprising electrical and/or electronic and/or programmable electronic systems (E/E/PES) on tractors used in agriculture and forestry,
35、 and on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture. It is also applicable to municipal equipment. It covers the possible hazards caused by the functional behaviour of E/E/PES safety-related systems, as distinct from hazards arising from the E/E
36、/PES equipment itself (electric shock, fire, nominal performance level of E/E/PES dedicated to active and passive safety, etc.). The control system parts of the machines concerned are frequently assigned to provide the critical functions of the safety-related parts of control systems (SRP/CS). These
37、 can consist of hardware or software, can be separate or integrated parts of a control system, and can either perform solely critical functions or form part of an operational function. In general, the designer (and to some extent, the user) will combine the design and validation of these SRP/CS as p
38、art of the risk assessment. The objective is to reduce the risk associated with a given hazard (or hazardous situation) under all conditions of use of the machine. This can be achieved by applying various protective measures (both SRP/CS and non-SRP/CS) with the end result of achieving a safe condit
39、ion. EN 16590 allocates the ability of safety-related parts to perform a critical function under foreseeable conditions into five performance levels. The performance level of a controlled channel depends on several factors, including system structure (category), the extent of fault detection mechani
40、sms (diagnostic coverage), the reliability of components (mean time to dangerous failure, common-cause failure), design processes, operating stress, environmental conditions and operation procedures. Three types of failures are considered: systematic, common-cause and random. In order to guide the d
41、esigner during design, and to facilitate the assessment of the achieved performance level, EN 16590 defines an approach based on a classification of structures with different design features and specific behaviour in case of a fault. The performance levels and categories can be applied to the contro
42、l systems of all kinds of mobile machines: from simple systems (e.g. auxiliary valves) to complex systems (e.g. steer by wire), as well as to the control systems of protective equipment (e.g. interlocking devices, pressure sensitive devices). EN 16590 adopts a risk-based approach for the determinati
43、on of the risks, while providing a means of specifying the required performance level for the safety-related functions to be implemented by E/E/PES safety-related channels. It gives requirements for the whole safety life cycle of E/E/PES (design, validation, production, operation, maintenance, decom
44、missioning), necessary for achieving the required functional safety for E/E/PES that are linked to the performance levels. The structure of safety standards in the field of machinery is as follows. a) Type-A standards (basic safety standards) give basic concepts, principles for design and general as
45、pects that can be applied to machinery. b) Type-B standards (generic safety standards) deal with one or more safety aspect(s), or one or more type(s) of safeguards that can be used across a wide range of machinery: type-B1 standards on particular safety aspects (e.g. safety distances, surface temper
46、ature, noise); type-B2 standards on safeguards (e.g. two-hands controls, interlocking devices, pressure sensitive devices, guards). c) Type-C standards (machinery safety standards) deal with detailed safety requirements for a particular machine or group of machines. DIN EN 16590-3:2015-04EN 16590-3:
47、2014 (E) 6 This part of EN 16590 is a type-B1 standard as stated in EN ISO 12100. For machines which are covered by the scope of a machine specific type-C standard and which have been designed and built according to the provisions of that standard, the provisions of that type-C standard take precede
48、nce over the provisions of this type-B standard. DIN EN 16590-3:2015-04EN 16590-3:2014 (E) 7 1 Scope This part of EN 16590 provides general principles for the series development, hardware and software of safety-related parts of control systems (SRP/CS) on tractors used in agriculture and forestry, a
49、nd on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture. It can also be applied to municipal equipment (e.g. street-sweeping machines). It specifies the characteristics and categories required of SRP/CS for carrying out their safety functions. This part of EN 16590 is applicable to the safety-related parts of electrical/electronic/programmable electronic systems (E/E/PES), as these relate to mechatronic syste
