NHP SAFETY REFERENCE GUIDE

Similar documents
Session Four Applying functional safety to machine interlock guards

NHP SAFETY REFERENCE GUIDE

More than just a solenoid interlock AZM300

Achieving Required Safety Levels Using a Pneumatic Safety Exhaust Valve

AZM300 More than just a solenoid interlock

P33T Series Redundant Safety Exhaust Valve ENGINEERING YOUR SUCCESS.

P33T Series Redundant Safety Exhaust Valve ENGINEERING YOUR SUCCESS. Bulletin 0700-B13.

F3S-TGR-KHL1/-KHL3/-KHL3R

Application of safety principles for a guidance system in public transport

UNI EN ISO EN

NHP SAFETY REFERENCE GUIDE

Investigation into UK socket-outlets incorporating USB charging points

Mechanical Trainstop Systems

Ch 4 Motor Control Devices

Guideline for Parallel Grid Exit Point Connection 28/10/2010

An important type of protective

EXPERIMENTAL VERIFICATION OF INDUCED VOLTAGE SELF- EXCITATION OF A SWITCHED RELUCTANCE GENERATOR

Focus Area Level Report Including Knowledge and Skills, and Performance Indicators

DESIGN METHODS FOR SAFETY ENHANCEMENT MEASURES ON LONG STEEP DOWNGRADES

POLLUTION PREVENTION AND RESPONSE. Application of more than one engine operational profile ("multi-map") under the NOx Technical Code 2008

Safety Sensor CSS 180 Product Information

KOBOLD VKA FLOWMETER/SWITCH. User Instructions. Manual-VKA_03-04

CETOP POSITION PAPER PP 07

Variable Valve Timing

Electric Vehicle Charging Safety Guidelines Part 2: Selection and Installation Edition DRAFT

MKey9-series Safety Interlock Switch with Guard Locking

Continuing Education Course #206 Introduction to Designing Machine Control Systems Part 2

Using new Magnetically Actuated Vacuum Interrupter technology for safe and reliable medium voltage circuit breaker switching in mines

FUNCTIONAL SAFETY SOLUTIONS in Solenoid Valves

Universal Gate Box with Safety Interlocking TYPE: UGB-KLT FEATURES & APPLICATION:

ELECTRICAL TECHNOLOGY 3 March 2008

Intelligent Grid Management of DC Grids in Production

Servo-pneumatic drive solution for welding guns. Top quality welding!

Hinge Wing Safety Interlock Switches

Valve interlocks HSV

Transponder-coded. with guard locking

ISO Wheelchairs Part 28: Requirements and test methods for stairclimbing

FLUID POWER FLUID POWER EQUIPMENT TUTORIAL PNEUMATIC CIRCUTS. This work covers part of outcome 3 of the Edexcel standard module:

EN 14912:2005 LPG equipment and accessories Inspection and maintenance of LPG cylinders valves at time of periodic inspection of cylinders

MODEL #303 PLUNGING MACHINE

SG-B1 SERIES / SG-A1 SERIES

Maharashtra Electricity Regulatory Commission (Renewable Purchase Obligation, Its. Regulations, 2016 STATEMENT OF REASONS

T E S T R E P O R T N o. E B E

1-3 MANUAL STARTERS EXERCISE OBJECTIVE. Examine and describe the operation of manual motor starters. DISCUSSION

Risk Assessment Form

Transponder-coded. with guard locking

Integrated. Safety Handbook. Automotive. Ulrich Seiffert and Mark Gonter. Warrendale, Pennsylvania, USA INTERNATIONAL.

Method Implementation Document (MID)

Inspection and Assessment of Track Geometry

Plugless Level 2 EV Charging System (3.3kW)

Electric Networks/Ina Lehto Updated Original 12/2011

6-speed manual gearbox 02M

Vehicle Systems and Technology

Heavy Duty Solenoid Controlled Access Lock. User Manual - Original Language Version

Technical Article. ISO26262: ams deploys unique technology to meet every new safety requirement. Roland Einspieler

An Investment in Plant Floor Safety. 802C Safety Cable Pull Switches 802E Hinge Safety Interlock Switches 802F Safety Interlock Switches

AGN Single Phase Loading for Re- Connectable 3-Phase Windings

IDEM MPC Non-Contact Coded Magnetic Safety Switches MPC Series Plastic Housing

English. Fitting Instructions: Thunderbird A and A of 10. Parts Supplied:

English. Fitting Instructions: Thunderbird A and A of 10. Parts Supplied:

Presented to the IAPMO Standards Review Committee on December 9, 2013

Copyright 2003 Advanced Power Technologies, Inc.

Co-location Informal Guidance Note. March 2018 Version 1.1

Unified requirements for systems with voltages above 1 kv up to 15 kv

Increased requirements on external DC-breakers for transformerless PV inverters in Australia

WHITE PAPER. SVM4001 Series standstill monitor. Stop everything! Standstill monitors add sensorless safety features to motor-driven machinery

Car Company Quality: A Vehicle Test Fit Study of 1,907 Car Company Service Parts

THE TRANSRAPID MAGLEV MAINTENANCE PROCESS

HARDWIRE VS. WIRELESS FAILSAFE CONTROL SYSTEM. The answer is No.

pg. 2 Using Sensing Edges in Safety Applications How sensing edges work Understanding the fail-safe concept

Electric Vehicle Charging Safety Guidelines Part 2: Selection and Installation

Technical support to the correlation of CO 2 emissions measured under NEDC and WLTP Ref: CLIMA.C.2/FRA/2012/0006

PVP Field Calibration and Accuracy of Torque Wrenches. Proceedings of ASME PVP ASME Pressure Vessel and Piping Conference PVP2011-

Vacuum Circuit Breaker (Vehicle)

Switchgear and Distribution Systems for Engineers and Technicians

Management of Local Interlock Functions

SHORT-STOP. Electronic Motor Brake Type G. Instructions and Setup Manual

Q&A ON EMISSIONS TESTING

Safety Control HR1S-AC. Safety Relay HR1S-AC

Selecting & Integrating Safety Exhaust Valves White Paper

QUASAR FAQ What is the difference between Quasar and the Impulse system?

Modern Industrial Pneumatics. Design and Troubleshooting Industrial Pneumatics PN111 PN121

Workshop Solenoid Interlocks

AGN Unbalanced Loads

Reducing Train Weight and Simplifying Train Design by Using Active Redundancy of Static Inverters for the Onboard Supply of Rolling Stock

National Certificate in Motor Industry (Entry Skills) (Level 2) with strands in Automotive Electrical and Mechanical, and Collision Repair

Notification of a Proposal to issue a Certification Memorandum

CER/EIM Position Paper Ballast Pick-up due to Aerodynamic Effects. October Version 1.0

-SQA-SCOTTISH QUALIFICATIONS AUTHORITY HIGHER NATIONAL UNIT SPECIFICATION GENERAL INFORMATION

Universal Gate Box with Safety Interlocking TYPE: UGB-KLT FEATURES & APPLICATION:

Variable Valve Drive From the Concept to Series Approval

Compatibility Between Electric Trains and Electrification Systems

Certification Memorandum. Approved Model List Changes

ABB Motors and Generators Training. Sharing knowledge and creating value

MEASURING INSTRUMENTS. Basic Electrical Engineering (REE-101) 1

NATIONAL GRID ELECTRICITY TRANSMISSION plc THE CONNECTION & USE OF SYSTEM CODE TABLE OF CONTENTS

Hinge Wing Safety Interlock Switches

Basic Automotive Collision Repair

IP69K Stainless Steel Safety Interlock Switches

Festo Modular Production System (MPS)

Transcription:

NHP SAFETY REFERENCE GUIDE WHITEPAPERS Interlock classifications

Since the 2006 version of AS 4024.1602 there has been significant advances in the technology of interlock devices, there has also been a transition in the types of devices used in industry. In recent years there has been development of interlock devices that provide higher levels of tamper resistance and diagnostic capabilities. The 2014 version of AS 4024.1602 has new classifications that better represent these interlock technologies. These classifications are then used in the standard to demonstrate aspects such as how to avoid defeat of the interlock systems, determine CCF tolerance and quantify the DC of the interlock system. The new classifications are separated depending on the following criteria: Actuation principle This determines if the switch is a mechanical or non-contact device. Coding The device is either coded or uncoded. The higher the degree of coding the more tamper resistant the device is. Coding is classified into 3 sub classes: - Low level coding 1 to 9 variations in coding - Medium level coding 10 to 1000 variations in coding - High level coding Over 1000 variations in coding Table 1 shows the classifications for interlock devices. Actuation Principle Actuator Example Type Coding Level Uncoded Limit switch, Hinge switch 1 None Mechanical Tongue interlock Low level Coded Trapped key interlock 2 Medium to High level Uncoded Magnetic, inductive 3 None Non-contact Coded magnetic Low level Coded Coded RFID 4 Medium to High level Table 1: - Classifications of interlock devices Designing the interlock system to avoid CCF is a major design consideration for achieving PL according to AS 4024.1503; it is also integral to achieving SIL according to AS 62061. The method to avoid CCF is explained in Annex F of AS 4024.1503. In this method the designer is presented with different measures that can be used in their system design, each measure is worth a certain score. As the designer achieves the requirements of each measure the cumulative score increases, once the designer achieves a score of 65 they have achieved the CCF avoidance requirements. Table 2 shows a summary of the measures and their associated score. NHP Safety Reference Guide > Safety Whitepapers 5-35

Measure against CCF Separation/Segregation 15 Diversity 20 Design/Application/Experience 20 Assessment/Analysis 5 Competence/Training 5 Environment 35 Score Table 2: - Summary of CCF measure and associated scores, AS 4024.1503 As can be seen in Table 2, Diversity is a significant measure when the designer is attempting to reach a score of 65. The general requirements in AS 4024.1503 are vague on different approaches to achieve diversity; this led to confusion of how diversity could be achieved for common safety functions such as interlock systems. AS 4024.1602 now includes some guidance on how to achieve diversity in common interlock arrangements. Diversity with Type 1 interlocking devices One technique to achieve diversity when using Type 1 (Uncoded, mechanical device) interlocking devices is explained in clause 8.3.2 of AS 4024.1602. Here the combination of direct and non-direct mechanical action is used. In Figure 2, an example of direct and non-direct mechanical action is demonstrated. In this example a sliding guard is shown in its closed state; the guard will slide to the left to open. In this example limit switches are used because they are Type 1 interlocking devices. Switch S1 is direct mechanical action mounted because the guard will directly actuate the switch when it is opened, by rolling on top the device. Switch S2 is non-direct mechanical action mounted because the guard will roll off the switch when opened. Figure 2 Diversity with Type 1 devices 5-36 NHP Safety Reference Guide > Safety Whitepapers

principles, diversity has been created with this combination of Type 1 interlocking devices. This is not a new concept and has been part of the standards for many years, however AS 4024.1602 now defines that the above arrangement will achieve the complete 20 points for Diversity as part of the CCF method in AS 4024.1503. This is clarity that was required as designers come to grips with the new requirements of AS 4024.1503. Power medium diversity Some machines have two or more energy sources required for hazardous movement, for example hydraulic and electrical energy. In this case diversity can be achieved by having two independent interlocking devices, each of which interrupts the supply from a different energy source. AS 4024.1602 states that 20 points of Diversity can be claimed for the CCF method according to AS 4024.1503. rolling on top the device. Switch S2 is non-direct mechanical action mounted because the guard will roll off the switch when opened. Quantify the DC of series connected interlock functions (*Coming soon) In order to achieve a PL or calculate a SIL, the DC of the system must be determined. In industry it is common to observe multiple interlock guards wired in series, this can reduce the amount of safety inputs needed in the safety relay system or safety PLC. The method to determine DC is explained in Annex E of AS 4024.1503, however there is no guidance given on how to evaluate series connected interlock guards. The DC achieved by series wired interlock guards can be complex to evaluate. The potential of masked faults in the system can be influenced by the following application characteristics: How many guards are wired in series? How many are guards are used frequently? How many individual devices are used on each guard? What wiring configuration is used? What type of evaluation is used to detect faults? What type of cable is used? As you can imagine this has caused significant confusion on how to determine the DC achieved by series connected interlock guards. Clause 8.6 of AS 4024.1602 will shortly provide a solution for this problem. The clause references a technical report, ISO/TR 24119, which will provide a simple method to evaluate the maximum DC achieved by series connected interlock guards. This technical report is currently in draft stage, but hopefully will be released later this year and provide much needed clarity of this issue. Design to minimise defeat possibilities The previous sections of this paper explain various ways that AS 4024.1602:2014 can assist with transitioning to design methods such as PL or SIL. However the most significant improvement with this new standard is the defined process to avoid defeat of interlock guards. Many of the aspects and measures are not new, but this standard now provides a structured process to follow. This should result in improved compatibility between machine function and interlock guards. Figure 3 shows the flow diagram that designers can use to ensure motivation to defeat is minimised and resistance to defeat is present where needed. NHP Safety Reference Guide > Safety Whitepapers 5-37

Start Implement basic measures Is there a motivation to defeat? Yes No Is it possible to eliminate or minimise motivation to defeat? No Yes Use additional measures to minimise defeat possibility Implement design measures or add alternative modes End Figure 3 Flow diagram to minimize chance of defeat As seen in Figure 3, the first step is to implement basic measures, an example of these basic measures includes: Correct fastening of switches - Loosening of position switches, actuators and cams must require a tool - Type 1 position switches may require permanent fixing, such as pins or dowels - Self-loosening should be avoided Switch should be mounted appropriately - Access should be provided for maintenance - Switch should be mounted to protect against foreseeable damage - Switch should not be used as a mechanical stop - Type 1 or 2 switches should be direct mechanical action mounted, with direct opening action contact elements Once the above basic measures are ticked off, the designer can use the method explained in Annex H of AS 4024.1602 to determine if a motivation to defeat the interlock system exists. This is a new method introduced with this version of the standard and provides guidance that has never been available before. Table 3 is an example of how the method in Annex H of AS 4024.1602 is documented. The process includes 4 steps: 1. All modes of operation of the machine are identified, eg Mode 1 = Automatic and Mode 2 = Maintenance (Listed as headings in Col 2 and 3) 2. All tasks should be listed as the rows of the table. An x is to be used to indicate what mode of operation the task needs to be performed in. (Listed in Col 1) 3. The next column (Col 4) indicates whether it s possible to perform the task in that mode without defeating the interlock guard a. If the answer is no then improvement of the machine design or implementing new modes of operation is mandatory 4. The following columns (Col 5 and above) identify if other benefits of defeating the interlock exist when completing that task a. These benefits will need to be addressed as per the flow diagram depicted in Figure 3 5-38 NHP Safety Reference Guide > Safety Whitepapers

Col 1 Col 2 Col 3 Col 4 Col 5 Col 6 Col 7 etc Task Automatic Maintenance Task possible Faster to Better. Mode Mode without defeating complete task visibility Start-up x Yes 0 0 0 Machine operation x Yes 0 ++ 0 Material feeding x No ++ ++ 0 etc Benefit of defeat: 0 = None, + = Minor, ++ = Substantial Table 3 - Example of documenting motivation to defeat process In Table 3, there are 2 modes of operation and 3 tasks. For machine start-up, the task needs to be performed in Automatic mode and it is possible to complete the task without defeating the interlock guard. The following columns also indicate that no other benefits are achieved by performing this task with the interlock defeated. For material feeding it can be seen that this task needs to be performed in Automatic Mode, however the task is not possible in this mode without defeating the interlock guard. The material feeding task requires the ability to jog the machine with the interlock guard open, but the automatic mode won t allow operation with the interlock guard open. This result will require a new mode of operation to be added to allow the material feeding task to be performed in a safe way. For machine operation it can be seen that this task needs to be performed in Automatic mode and it is possible to complete the task without defeating the interlock guard. The following columns indicate that there is a substantial benefit of improved visibility when defeating the interlock guard. The designer should consider what design measures could address this benefit, eg: Using a guard that provides the required visibility. If there are no design measures available then the designer would need to implement additional measures to minimise defeat possibility. Additional measures to minimise defeat possibility are used to address residual motivation to defeat once all possible design measures and alternative modes of operation have been exhausted. The measures are reliant on the level of coding incorporated by the interlock devices. The lower the level of coding; the more measures are required to avoid defeat, examples of measures used are: Mounting out of reach Mounting the interlock device in a position that is out of the reach limits of the operator Physical Obstruction/Shielding Mounting the interlock device behind physical obstructions, so the operator can t easily access the device Mounting the interlock device in a hidden position Status monitoring or cyclic testing - These two techniques are systems that ensure the interlock device s function is tested, thus the test will detect if the device has been defeated Non-detachable fixings These fixings prevent the switch, actuator or both being removed from their intended position in order to defeat the safety function Additional device Utilising two independent devices for the interlock function, thus if one device is defeated the safety function will still operate Table 4 indicates what measures are implemented for the different classifications of interlock devices. NHP Safety Reference Guide > Safety Whitepapers 5-39

Measures Type 1 or 3, except hinge switch Hinge Switch Type 2 or 4 with low or medium coding level Type 2 or 4 with high coding level Trapped key system with medium or high level coding Mount device out of reach Shield device Mount device in X hidden position X Status monitoring/ cyclic testing Non-detachable fixing for switch and actuator Non-detachable fixing for switch M M Non-detachable fixing for actuator M M M M Additional device R R X = measure should be considered, M = measure is mandatory, R = measure is recommended Table 4 - Additional measures to minimise defeat possibility Conclusion In conclusion the new version of AS 4204.1602 provides assistance for designers to achieve the requirements of AS 4024.1503:2014. The standard provides guidance on how to design interlock systems to avoid CCF and will provide a method to evaluate the DC of interlock functions that are series connected. The other significant improvement of this standard is the process to minimise the probability of defeat. This method ensures that interlock guards will be designed with the operation of the machine in mind. This will reduce the motivation for operators to defeat the interlocking systems. The process also provides a method to select the appropriate interlocking devices to address any residual motivation to defeat the interlock system. References AS 4024.1503:2014 AS 4024.1602:2014 5-40 NHP Safety Reference Guide > Safety Whitepapers

2024 © autodocbox.com Privacy Policy | Terms of Service | Feedback