1、BRITISH STANDARDBS EN 61800-5-2:2007Adjustable speed electrical power drive systems Part 5-2: Safety requirements FunctionalThe European Standard EN 61800-5-2:2007 has the status of a British StandardICS 13.110; 29.200g49g50g3g38g50g51g60g44g49g42g3g58g44g55g43g50g56g55g3g37g54g44g3g51g40g53g48g44g5
2、4g54g44g50g49g3g40g59g38g40g51g55g3g36g54g3g51g40g53g48g44g55g55g40g39g3g37g60g3g38g50g51g60g53g44g42g43g55g3g47g36g58BS EN 61800-5-2:2007This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 November 2007 BSI 2007ISBN 978 0 580 55410 0National
3、forewordThis British Standard is the UK implementation of EN 61800-5-2:2007. It is identical to IEC 61800-5-2:2007.The UK participation in its preparation was entrusted to Technical Committee PEL/22, Power electronics.A list of organizations represented on this committee can be obtained on request t
4、o its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application.Compliance with a British Standard cannot confer immunity from legal obligations. Amendments issued since publicationAmd. No. Date CommentsEUROPE
5、AN STANDARD EN 61800-5-2 NORME EUROPENNE EUROPISCHE NORM October 2007 CENELEC European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung Central Secretariat: rue de Stassart 35, B - 1050 Brussels 2007 CENEL
6、EC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members. Ref. No. EN 61800-5-2:2007 E ICS 29.200; 13.110 English version Adjustable speed electrical power drive systems - Part 5-2: Safety requirements - Functional (IEC 61800-5-2:2007) Entranements lectriqu
7、es de puissance vitesse variable - Partie 5-2: Exigences de scurit - Fonctionnalit (CEI 61800-5-2:2007) Elektrische Leistungsantriebssysteme mit einstellbarer Drehzahl - Teil 5-2: Anforderungen an die Sicherheit - Funktionale Sicherheit (IEC 61800-5-2:2007) This European Standard was approved by CEN
8、ELEC on 2007-10-01. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standa
9、rds may be obtained on application to the Central Secretariat or to any CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notif
10、ied to the Central Secretariat has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania
11、, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. Foreword The text of document 22G/179/FDIS, future edition 1 of IEC 61800-5-2, prepared by SC 22G, Adjustable speed electric drive systems incorporating sem
12、iconductor power converters, of IEC TC 22, Power electronic systems and equipment, was submitted to the IEC-CENELEC parallel vote and was approved by CENELEC as EN 61800-5-2 on 2007-10-01. The following dates were fixed: latest date by which the EN has to be implemented at national level by publicat
13、ion of an identical national standard or by endorsement (dop) 2008-07-01 latest date by which the national standards conflicting with the EN have to be withdrawn (dow) 2010-10-01 This European Standard has been prepared under a mandate given to CENELEC by the European Commission and the European Fre
14、e Trade Association and covers essential requirements of EC Directives 98/37/EC and 2006/42/EC. See Annex ZZ. Annexes ZA and ZZ have been added by CENELEC. _ Endorsement notice The text of the International Standard IEC 61800-5-2:2007 was approved by CENELEC as a European Standard without any modifi
15、cation. _ EN 61800-5-2:2007 2 CONTENTS INTRODUCTION.6 1 Scope and object7 2 Normative references .8 3 Terms and definitions .9 4 Designated safety functions14 4.1 General .14 4.2 Safety functions 15 4.2.1 Limit values .15 4.2.2 Stopping functions.15 4.2.3 Other safety functions16 5 Management of fun
16、ctional safety 17 5.1 Objective.17 5.2 PDS(SR) development lifecycle.17 5.3 Functional safety planning.18 5.4 Safety requirements specification (SRS) for a PDS(SR) 20 5.4.1 General .20 5.4.2 Safety functionality requirements specification 20 5.4.3 Safety integrity requirements specification.21 6 Req
17、uirements for design and development of a PDS(SR) .21 6.1 General requirements21 6.1.1 Change in operational status .21 6.1.2 Design standards.21 6.1.3 Realisation 22 6.1.4 Safety integrity and fault detection.22 6.1.5 Safety and non-safety functions.22 6.1.6 SIL to be used .22 6.1.7 Software requir
18、ements.22 6.1.8 Review of requirements .22 6.1.9 Design documentation .23 6.2 PDS(SR) design requirements.23 6.2.1 Requirements for probability of dangerous random hardware failures per hour (PFH) 23 6.2.2 Architectural constraints 25 6.2.3 Estimation of safe failure fraction (SFF).27 6.2.4 Requirem
19、ents for systematic safety integrity of a PDS(SR) and PDS(SR) subsystems 27 6.2.5 Electromagnetic (EM) immunity requirement of a PDS(SR)30 6.3 Behaviour on detection of fault 30 6.3.1 Fault detection.30 6.3.2 Fault tolerance greater than zero.31 6.3.3 Fault tolerance zero.31 6.4 Additional requireme
20、nts for data communications31 6.5 PDS(SR) integration and testing requirements 32 6.5.1 Hardware integration .32 EN 61800-5-2:2007 3 6.5.2 Software integration 32 6.5.3 Modifications during integration .32 6.5.4 Applicable integration tests32 6.5.5 Test documentation .33 7 Information for use .33 7.
21、1 Information and instructions for safe application of a PDS(SR)33 8 Verification and validation 34 8.1 General .34 8.2 Verification 35 8.3 Validation 35 8.4 Documentation 35 9 Test requirements 35 9.1 Planning of tests .35 9.2 Test documentation.35 10 Modification36 10.1 Objective.36 10.2 Requireme
22、nts36 10.2.1 Modification request 36 10.2.2 Impact analysis36 10.2.3 Authorization .36 10.2.4 Documentation 36 Annex A (informative) Sequential task table.37 Annex B (informative) Example for determination of PFH.40 Annex C (informative) Available failure rate databases 51 Annex D (informative) Faul
23、t lists and fault exclusions 53 Bibliography63 Figure 1 Functional elements of a PDS(SR) .8 Figure 2 PDS(SR) development lifecycle18 Figure 3 Architectures for data communication ( a) White channel; b) Black channel) 32 Figure B.1 Example PDS(SR) 40 Figure B.2 Subsystems of the PDS(SR) .41 Figure B.
24、3 Function blocks of subsystem A/B.42 Figure B.4 Reliability model (Markov) of subsystem A/B.45 Figure B.5 Function blocks of subsystem PS/VM47 Figure B.6 Reliability model (Markov) of subsystem PS/VM .49 EN 61800-5-2:2007 4 Annex ZA (normative) Normative references to international publications wit
25、h their corresponding European publications.65Annex ZZ (informative) Coverage of Essential Requirements of EC Directives 67 Annex ZZA (informative) Coverage of Essential Requirements of Directive 98/37/EC 67 Annex ZZB (informative) Coverage of Essential Requirements of Directive 2006/42/EC 67 Table
26、B.1 Determination of DC factor of subsystem A/B.44 Table B.2 PFH value calculation results for subsystem A/B46 Table B.3 Determination of DC factor of subsystem A/B.47 Table B.4 PFH value calculation results for subsystem PS/VM.50 Table D.1 Conductors/cables .54 Table D.2 Printed wiring boards/assem
27、blies.54 Table D.3 Terminal block .55 Table D.4 Multi-pin connector 55 Table D.5 Electromechanical devices (for example relay, contactor relays)56 Table D.6 Transformers .56 Table D.7 Inductances .57 Table D.8 Resistors .57 Table D.9 Resistor networks 57 Table D.10 Potentiometers.58 Table D.11 Capac
28、itors .58 Table D.12 Discrete semiconductors (for example diodes, Zener diodes, transistors, triacs, GTO thyristors, IGBTs, voltage regulators, quartz crystal, phototransistors, light-emitting diodes LEDs).58 Table D.13 Optocouplers .59 Table D.14 Non-programmable integrated circuits59 Table D.15 Pr
29、ogrammable and/or complex integrated circuits 60 Table D.16 Motion and position feedback sensors .61 Table 3 Hardware safety integrity: architectural constraints on type A safety-related subsystems.26 Table 4 Hardware safety integrity: architectural constraints on type B safety-related subsystems.27
30、 Table 1 Alphabetical list of definitions 10 Table 2 Safety integrity levels: target failure measures for a PDS(SR) safety function .23 EN 61800-5-2:2007 5 INTRODUCTION As a result of automation, demand for increased production and reduced operator physical effort, control systems of machinery and p
31、lant items play an increasing role in the achievement of overall safety. These control systems increasingly employ complex electrical/ electronic/programmable electronic devices and systems. Prominent amongst these devices and systems are adjustable speed electrical power drive systems (PDS) that ar
32、e suitable for use in safety-related applications (PDS(SR). Examples of industrial applications are: machine tools, robots, production test equipment, test benches; papermaking machines, textile production machines, calendars in the rubber industry; process lines in plastics, chemicals or metal prod
33、uction, rolling-mills; cement crushing machines, cement kilns, mixers, centrifuges, extrusion machines; drilling machines; conveyors, materials handling machines, hoisting equipment (cranes, gantries, etc); pumps, fans, etc. This standard can also be used as a reference for developers using PDS(SR)
34、for other applications. Users of this standard should be aware that some type C standards for machinery currently refer to ISO 13849-1 for safety-related control systems. In this case, PDS(SR) manufacturers may be requested to provide further information (e.g. category and/or performance level) to f
35、acilitate the integration of a PDS(SR) into the safety-related control systems of such machinery. NOTE ”Type C standards” are defined in ISO 12100-1 as machine safety standards dealing with detailed safety requirements for a particular machine or group of machines. Previously, in the absence of stan
36、dards, there has been a reluctance to accept electronic, and in particular programmable electronic, devices and systems in safety-related functions because of uncertainty regarding the safety performance of such technology. There are many situations where control systems that incorporate a PDS(SR) a
37、re employed, for example as part of safety measures that have been provided to achieve risk reduction. A typical case is guard interlocking in order to exclude personnel from hazards where access to the danger zone is only possible when rotating parts have attained a safe condition. This part of IEC
38、 61800 gives a methodology to identify the contribution made by a PDS(SR) to identified safety functions and to enable the appropriate design of the PDS(SR) and verification that it meets the required performance. Measures are given to co-ordinate the safety performance of the PDS(SR) with the inten
39、ded risk reduction taking into account the probabilities and consequences of its random and systematic faults. EN 61800-5-2:2007 6 ADJUSTABLE SPEED ELECTRICAL POWER DRIVE SYSTEMS Part 5-2: Safety requirements Functional 1 Scope and object This part of IEC 61800 specifies requirements and makes recom
40、mendations for the design and development, integration and validation of PDS(SR)s in terms of their functional safety considerations. It applies to adjustable speed electric drive systems covered by the other parts of the IEC 61800 series of standards. NOTE 1 The term “integration” refers to the PDS
41、(SR) itself, not to its incorporation into the safety-related application. This International Standard is only applicable where functional safety of a PDS(SR) is claimed and the PDS(SR) is operating in the high demand or continuous mode (see 3.10). For low demand applications, see IEC 61508. This pa
42、rt of IEC 61800, which is a product standard, sets out safety-related considerations of PDS(SR)s in terms of the framework of IEC 61508, and introduces requirements for PDS(SR)s as subsystems of a safety-related system. It is intended to facilitate the realisation of the electrical/electronic/ progr
43、ammable electronic (E/E/PE) elements of a PDS(SR) in relation to the safety performance of safety function(s) of a PDS. Manufacturers and suppliers of PDS(SR)s by using the normative requirements of this part of IEC 61800 will indicate to users (control system integrators, machinery and plant design
44、ers, etc.) the safety performance for their equipment. This will facilitate the incorporation of a PDS(SR) into a safety-related control system using the principles of IEC 61508, and possibly its specific sector implementations (for example IEC 61511, IEC 61513, IEC 62061) or ISO 13849. Conformity w
45、ith this part of IEC 61800 fulfils all the requirements of IEC 61508 that are necessary for a PDS(SR). This part of IEC 61800 does not specify requirements for: the hazard and risk analysis of a particular application; the identification of safety functions for that application; the initial allocati
46、on of SILs to those safety functions; the driven equipment except for interface arrangements; secondary hazards (for example from failure in a production or manufacturing process); the electrical, thermal and energy safety considerations, which are covered in IEC 61800-5-1; the PDS(SR) manufacturing
47、 process; the validity of signals and commands to the PDS(SR). NOTE 2 The functional safety requirements of a PDS(SR) are dependent on the application, and must be considered as a part of the overall risk assessment of the installation. Where the supplier of the PDS(SR) is not also responsible for t
48、he driven equipment, the installation designer is responsible for the risk assessment, and for specifying the functional and safety integrity requirements of the PDS(SR). EN 61800-5-2:2007 7 NOTE 3 Even though malevolent actions can influence the functional safety of PDS(SR), security aspects are no
49、t considered in this standard. This part of IEC 61800 only applies to PDS(SR)s implementing safety functions with a SIL not greater than SIL 3. Figure 1 shows the functional elements of a PDS(SR) that are considered in this part of IEC 61800. PDS(SR) Power External signals and control Diagnostic functionsCommunications and I/OTorque/speed/position control Modulation and protection Power section MotorSensorsControl sectionIEC 1224/07Figure