Safety Concept Overview

Tämä manuaali koskee Epec SS52 Safety Control Unit HW revision C00, with firmware version 1.000.

D.2.1 The safety manual shall specify the functions of the compliant item. These may be used to support a safety function of a safety-related system or functions in a subsystem or element. The specification should clearly describe both the functions and the input and output interfaces.

For every compliant item, the safety manual shall contain:

a) a functional specification of the functions capable of being performed;

b) identification of the hardware and/or software configuration of the compliant item to enable configuration management of the E/E/PE safety-related system in accordance with 6.2.1 of IEC 61508-1.

c) constraints on the use of the compliant item and/or assumptions on which analysis of the behaviour or failure rates of the item are based.

(ID 5111)

--> Tarkoittaa että:

• b) pitää olla kerrottuna hw- & softaversiot mitä tämä safety manual koskee
• c) mahdolliset rajoitteet (failure ratet esim. kuten alla listattu)
• a) toiminnallinen määrittely suoritettavista toiminnoista (?? viittauksia softamanuaaliin?? ArtoO?) --> tuotteen oma turvatoiminto, eli lähdöt katkaistaan vikatilanteessa

D.2.2 For every function, the safety manual shall contain:

a) the failure modes of the compliant item (in terms of the behaviour of its outputs), due to

random hardware failures, that result in a failure of the function and that are not detected

by diagnostics internal to the compliant item;

b) for every failure mode in a), an estimated failure rate;

c) the failure modes of the compliant item (in terms of the behaviour of its outputs), due to

random hardware failures, that result in a failure of the function and that are detected by

diagnostics internal to the compliant item;

d) the failure modes of the diagnostics, internal to the compliant item (in terms of the

behaviour of its outputs), due to random hardware failures, that result in a failure of the

diagnostics to detect failures of the function;

e) for every failure mode in c) and d), the estimated failure rate;

f) for every failure mode in c) that is detected by diagnostics internal to the compliant item,

the diagnostic test interval;

g) for every failure mode in c) the outputs of the compliant item initiated by the internal

diagnostics;

h) any periodic proof test and/or maintenance requirements;

i) for those failure modes, in respect of a specified function, that are capable of being

detected by external diagnostics, sufficient information shall be provided to facilitate the

development of an external diagnostics capability. The information shall include details of

failure modes and for those failure modes the failure rates;

j) the hardware fault tolerance;

k) the classification as type A or type B of that part of the compliant item that provides the

function (see 7.4.4.1.2 and 7.4.4.1.3);

ID 5112

--> Nämä kaikki listattuna jo alla

D.2.3 For every function of the compliant item that is liable to systematic failure, the manual

shall contain:

a) the systematic capability of the compliant item or that part of the element that provides the

function;

b) any instructions or constraints relating to the application of the compliant item, relevant to

the function, that should be observed in order to prevent systematic failures of the

compliant item (ID 5113)

--> Eli kaikille systemaattisiin vikoihin (sanastoon systemaattinen vika) liittyvät ohjeet ja rajoitteet

--> esim pitää noudattaa käyttölämpötilarajoja ja käyttöjännitealueita,kaapelipituudet (EMC-testivaatimusten mukaisesti) --> nämä jo teknisen manuaalin puolella

D.2.4 For additional requirements relating to software compliant items see 7.4.2.12 and

Annex D of IEC 61508-3. (ID 5114)

--> jos käytetään olemassaolevia softaelementtejä, niin 3 eri reittiä

• suunnitellaan IEC 61508 standardin mukaisesti
• proven in use - Provide evidence that the element is proven in use. See

• 7.4.10 of IEC 61508-2;

• assesment of non-complient developement Compliance with 61508-3:2010 section 7.4.2.13.

Maximum allowed cable lengths that can be used in end-applications shall be documented to the customer documentation.

• Aton: inputtien kaapelien pituudet + viittaus kaapelointiosioon missä on mainittu can standardin mukaiset kaapelipituudet --> on jo teknisessä manuaalissa

(Some EMC tests are excluded based on certain assumptions.) (ID 7876)

--> löytyy jo kaapelointiohjeesta (kaapelipituudet), katsotaan laitetaanko viite johonkin safetymanualin puolelle (esim kytkentäohjeiden yhteyteen)

CODESYS (Application) Programming Guidelines (-H2) shall be delivered as is to Epec's end-customers.

(The requirement is derived from the 3S FSM audit) (ID 7948) MAN000613

--> pitää noudattaa 3S:n ohjetta ja pitää olla saatavilla --> lisätäänkö ko manuaali tähän yhteyteen tai erikseen jakoon?

Laitetaan yläotsikko tyyliin 'noudatettava muu ohjeistus' tjsp minkä alle listataan muut dokkarit mitä täytyy noudattaa

Alalukuja tarvittava määrä, aiheita:

• safety function
• definition of the safe state
• safety-critical system components
• Tarvitaanko?vaatimuksissa ei ollut tästä
• jos tulee niin listataan että mitkä on safety-kriittisiä, esim prossu, pwm-lähdöt, lämpötila-anturit tai koko monitorointi
• A safety-critical system component is a component that may cause hazardous conditions in case of a failure

• or malfunction.

• If, for a given application, the value read from an analog or digital input is used for determining the set value

• of a safety-critical output, then this input shall also be defined as safety-critical.

• The system integrator shall perform an FMEA for the system components and derive the list of safetycritical I/Os for the application.

• failure reaction in case of errors
• fatal error
• ?other error types?
• failure reaction time
• core
• I/O
• PWM
• AI
• PI
• calculation examples
• Probabilistic failure rates
• for IEC61508
• PFH  ?? FIT
• SFF ?? %
• for ISO 13849
• Overall failure rate: ??? FIT

• Dangerous undetected failures: ?? FIT

• Dangerous detected failures: ?? FIT

• MTTFd: ?? years

• DCavg: ??%

• --> näitä tulee TÛViltä, jee

• etc
• mission profile (missä lämpötiloissa montako % eliniästä -taulukko Artolla) --> Arto lähettää tämän Tiinalle
•