beautypg.com

Overview, Safety circuit integrity levels, Fault exclusion – Banner Universal Input Safety Modules User Manual

Page 2: Monitoring of safety devices

background image

Overview

The UM-FA-xA Universal Safety Module (or "Safety Module" or "Module" in this document) is used to increase the safety circuit integrity
(for example, Control Reliability) of a circuit.
As shown in the hookup configurations in

Safety Input Device Hookup Options

on page 5, the Safety Module is designed to monitor a

1-channel or 2-channel safety switch(es); for example, an E-stop or safety interlock switch, or a 1-channel or 2-channel PNP output from
devices such as a sensor or a safety laser scanner.

Safety Circuit Integrity and ISO 13849-1 Safety Circuit Principles

Safety circuits involve the safety-related functions of a machine that minimize the level of risk of harm. These safety-related functions can
prevent initiation, or they can stop or remove a hazard. The failure of a safety-related function or its associated safety circuit usually
results in an increased risk of harm.
The integrity of a safety circuit depends on several factors, including fault tolerance, risk reduction, reliable and well-tried components,
well-tried safety principles, and other design considerations.
Depending on the level of risk associated with the machine or its operation, an appropriate level of safety circuit integrity (performance)
must be incorporated into its design. Standards that detail safety performance levels include ANSI B11.19 Performance Criteria for Safe-
guarding and ISO 13849-1 Safety-Related Parts of a Control System.

Safety Circuit Integrity Levels

Safety circuits in International and European standards have been segmented into Categories and Performance Levels, depending on
their ability to maintain their integrity in the event of a failure and the statistical likelihood of that failure. ISO 13849-1 details safety circuit
integrity by describing circuit architecture/structure (Categories) and the required performance (PL) of safety functions under foreseeable
conditions.
In the United States, the typical level of safety circuit integrity has been called "Control Reliability." Control Reliability typically incorpo-
rates redundant control and self-checking circuitry and has been loosely equated to ISO 13849-1 Category 3 or 4 and/or Performance
Level “d” or “e” (see ANSI B11.19).
Perform a risk assessment to ensure appropriate application, interfacing/hookup, and risk reduction (see ANSI B11.0 or ISO 12100). The
risk assessment must be performed to determine the appropriate safety circuit integrity in order to ensure that the expected risk reduction
is achieved. This risk assessment must take into account all local regulations and relevant standards, such as U.S. Control Reliability or
European "C" level standards.

Fault Exclusion

An important concept within the requirements of ISO 13849-1 is the probability of the occurrence of a failure, which can be reduced using
a technique termed "fault exclusion." The rationale assumes that the possibility of certain well-defined failure(s) can be reduced via de-
sign, installation, or technical improbability to a point where the resulting fault(s) can be, for the most part, disregarded—that is, "exclu-
ded" in the evaluation.
Fault exclusion is a tool a designer can use during the development of the safety-related part of the control system and the risk assess-
ment process. Fault exclusion allows the designer to design out the possibility of various failures and justify it through the risk assess-
ment process to meet the requirements of ISO 13849-1/-2.

Monitoring of Safety Devices

Requirements vary widely for the level of safety circuit integrity in safety applications (that is, Control Reliability or Category/Performance
Level) per ISO 13849-1. While Banner Engineering always recommends the highest level of safety in any application, it is the responsibil-
ity of the user to safely install, operate and maintain each safety system and comply with all relevant laws and regulations.
Although only three applications are listed (see

Input Device Requirements

on page 3), the Module can monitor a variety of devices as

long as the input requirements are complied with (see Electrical Installation and Specifications). The Safety Module does not have 500
ms simultaneity between inputs and thus cannot be used for monitoring a two-hand control. In all cases, the safety performance
(integrity) must reduce the risk from identified hazards as determined by the machine's risk assessment.

WARNING: Risk Assesment
The level of safety circuit integrity can be greatly affected by the design and installation of the safety devi-
ces and the means of interfacing of those devices. A risk assessment must be performed to determine
the appropriate level of safety circuit integrity to ensure the expected risk reduction is achieved
and all relevant regulations and standards are complied with.

UM-FA-xA Universal Input Safety Modules

2

www.bannerengineering.com - tel: 763-544-3164

P/N 141249_web

Rev. E

See also other documents in the category Banner Special machinery: