1 Scope
This Standard specifies requirements and makes recommendations for the design, integration and validation of safety-related electrical, electronic and programmable electronic control systems (SRECS) for machines (see Notes 1 and 2). It is applicable to control systems used, either singly or in combination, to carry out safety-related control functions on machines that are not portable by hand while working, including a group of machines working together in a co-ordinated manner.
Note 1: In this standard, the term “electrical control systems” is used to stand for “Electrical, Electronic and Programmable Electronic (E/E/PE) control systems” and “SRECS” is used to stand for “safety-related electrical, electronic and programmable electronic control systems”.
Note 2: In this standard, it is presumed that the design of complex programmable electronic subsystems or subsystem elements conforms to the relevant requirements of IEC 61508. This standard provides a methodology for the use, rather than development, of such subsystems and subsystem elements as part of a SRECS.
This Standard is an application standard and is not intended to limit or inhibit technological advancement. It does not cover all the requirements (e.g. guarding, non-electrical interlocking or non-electrical control) that are needed or required by other standards or regulations in order to safeguard persons from hazards. Each type of machine has unique requirements to be satisfied to provide adequate safety.
This Standard:
— is concerned only with functional safety requirements intended to reduce the risk of injury or damage to the health of persons in the immediate vicinity of the machine and those directly involved in the use of the machine;
— is restricted to risks arising directly from the hazards of the machine itself or from a group of machines working together in a co-ordinated manner;
Note 3: Requirements to mitigate risks arising from other hazards are provided in relevant sector standards. For example, where a machine(s) is part of a process activity, the machine electrical control system functional safety requirements should, in addition, satisfy other requirements (e.g. GB/T 21109) insofar as safety of the process is concerned.
— does not specify requirements for the performance of non-electrical (e.g. hydraulic, pneumatic) control elements for machines;
Note 4: Although the requirements of this standard are specific to electrical control systems, the framework and methodology specified can be applicable to safety-related parts of control systems employing other technologies.
— does not cover electrical hazards arising from the electrical control equipment itself (e.g. electric shock, see GB 5226.1).
The objectives of specific Clauses in this Standard are as given in Table 2.
... ...
... ...
2 Normative References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB 5226.1-2008 Electrical safety of machinery — Electrical equipment of machines — Part 1: General requirements (IEC 60204-1:2005, IDT)
GB/T 15706.1-2007 Safety of machinery — Basic concepts, general principles for design — Part 1: Basic terminology, methodology (ISO 12100-1:2003, IDT)
GB/T 15706.2-2007 Safety of machinery — Basic concepts, general principles for design — Part 2: Technical principles (ISO 12100-2:2003, IDT)
GB/T 16855.1-2008 Safety of machinery — Safety related parts of control systems — Part 1: General principles for design (ISO 13849-1:2006, IDT)
GB/T 16855.2-2007 Safety of machinery — Safety-related parts of control systems — Part 2: Validation (ISO 13849-2:2003, IDT)
GB/T 16856.1-2008 Safety of machinery — Principles of risk assessment (ISO 14121-1:2007, IDT)
GB/T 16856.2-2008 Safety of machinery — Safety-related parts of control systems — Part 2: Validation (ISO/TR 14121-2:2007, IDT)
GB/T 17799.2-2003 Electromagnetic compatibility — Generic standards — Immunity for industrial environments (IEC 61000-6-2:1999, IDT)
GB 18209.1-2010 Electrical safety of machinery — Indication, marking and actuation — Part 1: Requirements for visual, acoustic and tactile signals (IEC 61310-1:2007, IDT)
GB 18209.2-2010 Electrical safety of machinery — Indication marking and actuation — Part 2: Requirements for marking (IEC 61310-2:2007, IDT)
GB 18209.3-2010 Electrical safety of machinery — Indication, marking and actuation — Part 3: Requirements for the location and operation of actuators (IEC 61310-3:2007, IDT)
GB/T 20438.2-2006 Functional safety of electrical/electronic/programmable electronic safety-related systems ― Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems (IEC 61508-2:2000, IDT)
GB/T 20438.4-2006 Functional safety of electrical/electronic/programmable electronic safety-related systems ― Part 4: Definitions and abbreviations (IEC 61508-4:1998, IDT)
GB/T 21109.1-2007 Functional safety — Safety instrumented systems for the process industry sector — Part 1: Framework definitions system hardware and software requirements (IEC 61511-1:2003, IDT)
IEC 61508-3 Functional safety of electrical/electronic/programmable electronic safety-related systems — Part 3: Software requirements
Foreword IV
Introduction V
1 Scope
2 Normative References
3 Terms, Definitions and Abbreviations
3.1 Alphabetical list of definitions
3.2 Terms and definitions
3.3 Abbreviations
4 Management of Functional Safety
4.1 Objective
4.2 Requirements
5 Requirements for the Specification of Safety-Related Control Functions (SRCF)
5.1 Objective
5.2 Specification of requirements for SRCF
6 Design and Integration of the Safety-related Electrical Control System (SRECS)
6.1 Objective
6.2 General requirements
6.3 Requirements for behaviour (of the SRECS) on detection of a fault in the SRECS
6.4 Requirements for systematic safety integrity of the SRECS
6.5 Selection of safety-related electrical control system
6.6 Safety-related electrical control system (SRECS) design and development
6.7 Realization of subsystems
6.8 Realization of diagnostic functions
6.9 Hardware implementation of the SRECS
6.10 Software safety requirements specification
6.11 Software design and development
6.12 Safety-related electrical control system integration and testing
6.13 SRECS installation
7 Information for Use of the SRECS
7.1 Objective
7.2 Documentation for installation, use and maintenance
8 Validation of the Safety-related Electrical Control System
8.1 Objective
8.2 General requirements
8.3 Validation of SRECS systematic safety integrity
9 Modification
9.1 Objective
9.2 Modification procedure
9.3 Configuration management procedures
10 Documentation
Appendix A (Informative) SIL Assignment
Appendix B (Informative) Example of Safety-related Electrical Control System (SRECS) Design Using Concepts and Requirements of Clauses 5 and
Appendix C (Informative) Guide to Embedded Software Design and Development
Appendix D (Informative) Failure Modes of Electrical/Electronic Components
Appendix E (Informative) Electromagnetic (EM) Phenomenon and Increased Immunity Levels for SRECS Intended for Use in an Industrial Environment According to GB/T 17799.2-
Appendix F (Informative) Methodology for the Estimation of Susceptibility to Common Cause Failures (CCF)
Figure 1 Relationship of IEC 62061 to other relevant standards VI
Figure 2 Workflow of the SRECS design and development process
Figure 3 Allocation of safety requirements of the function blocks to subsystems (see 6.6.2.1.1)
Figure 4 Workflow for subsystem design and development (see box 6B of Figure 2)
Figure 5 Decomposition of a function block into redundant function block elements and their associated subsystem elements
Figure 6 Subsystem A logical representation
Figure 7 Subsystem B logical representation
Figure 8 Subsystem C logical representation
Figure 9 Subsystem D logical representation
Figure A.1 Workflow of SIL assignment process
Figure A.2 Parameters used in risk estimation
Figure A.3 Example proforma for SIL assignment process
Figure B.1 Terminology used in functional decomposition
Figure B.2 Example machine
Figure B.3 Specification of requirements for an SRCF
Figure B.4 Decomposition to a structure of function blocks
Figure B.5 Initial concept of an architecture for a SRECS
Figure B.6 SRECS architecture with diagnostic functions embedded within each subsystem (SS1 to SS4)
Figure B.7 SRECS architecture with diagnostic functions embedded within subsystem SS
Figure B.8 Estimation of PFHD for a SRECS
Table 1 Recommended application of IEC 62061 and ISO 13849-1 (under revision) VII
Table 2 Overview and objectives of this Standard
Table 3 Safety integrity levels: target failure values for SRCF
Table 4 Characteristics of subsystems 1 and 2 used in this example (see Note of 6.6.3.3)
Table 5 Architectural constraints on subsystems: maximum SIL that can be claimed for a SRCF using this subsystem
Table 6 Architectural constraints: SILCL relating to categories
Table 7 Probability of dangerous failure
Table 8 Information and documentation of a SRECS
Table A.1 Severity (Se) classification
Table A.2 Frequency and duration of exposure (Fr) classification
Table A.3 Probability (Pr) classification
Table A.4 Probability of avoiding or limiting harm (Av) classification
Table A.5 Parameters used to determine class of probability of harm (Cl)
Table A.6 SIL assignment matrix
Table D.1 Examples of the failure mode ratios for electrical/electronic components
Table E.1 EM phenomenon and increased immunity levels for SRECS
Table E.2 Selected frequencies for RF field tests
Table E.3 Selected frequencies for conducted RF tests
Table F.1 Criteria for estimation of CCF
Table F.2 Estimation of CCF factor (β)