Table des Matières
Publicité
Les langues disponibles
Les langues disponibles
• Valve driver board, 4x (10) MTTF = 630 years
• Valves AV03 5/3 spring return (6) MTTF = 382.7 years
MTTF
=
ges
1
1
+
854 [a]
1094 [a]
The MTTF values of the AES modules were calculated using the failure rates from
a database.
According to DIN EN 13849-1, Annex C, not every failure is a dangerous failure. In
this case, MTTF
= 2 x MTTF
can be set for the calculation of the entire system.
D
ges
MTTF
= 2x MTTF
= 2 x 127 [a] = 254 [a]
D
ges
3.4.4 Diagnosis
The pneumatic supply plate monitors the actuator voltage UA and sends the di-
agnostic bit UAoff when UA falls below the switch-off voltage.
The electrical supply plate monitors the actuator voltage UA and sends the diag-
nostic bit UAon when UA falls below the switch-on voltage.
The diagnostic bit (UAoff) must be monitored. This requires a change of the sig-
nal. This can be done, for example, during switching on the machine or with spe-
cial test cycles.
Direct function query of the position at the main valve 99 %.
Indirect function query of the working valve 90 %.
DC = 94.4 % MTTF
= high (100 J) CCF = 95
D
CCF in our example
Countermeasure for CCF
Fluid technology
Separation of signal paths
Separation of tubing
Diversity
E.g. different valves
Protection against overvoltage,
Setup acc. to EN ISO 4413 to EN
overpressure ...
ISO 4414 (pressure relief valve)
Use of well-tried components
FMEA in development
Competence/training
Protection against contamination and EMC
Fluid quality
Other effects (e.g. temperature, shock)
Compliance with EN ISO 4413 and
EN ISO 4414 and product spec
Total CCF
Total points(65 ≤ CCF ≤ 100):
Fig. 10: Example: CCF – Common cause failure
Performance level = PL
/ category = 3
e
Replacement of main air valve 0V1 (IS12-PD) not required.
Replacement of valve nV1 (AV03) not required.
Replacement of valve nV1 (AV05) after 14.3 years – not required for cycle time
≥ 14 sec., or operational life 20 years.
3.4.5 Verification of the diagnostic bit
A detailed description of the monitoring can be found in chapter
tion of UAoff / UAon
monitoring.
When the voltage UA is switched off, both the diagnostic message UAon and
UAoff must be sent.
Table 3: Verification of the diagnostic bit
UA = 0, switched off
UAon switch-on diagnosis
valid
1
not valid
1
not valid
0
If the above conditions are taken into account, the following standards can be
used to estimate the monitoring of the switched-off valve voltage with a DC =
90 % to < 99 % (medium):
• DIN EN ISO 13849-1 Annex E: "Estimates of diagnostic coverage (DC) for func-
tions and modules"
• DIN EN 61508-2: "Table A.14 – Actuators"
• DIN EN 61508-2: "Table A.7 – I/O units and interfaces (external communica-
tion)"
3.5 Example 2 with PLr = c
Example 2, based on 66416:2016-01, number 1.1.2.1 and 2.1.2.3
AVENTICS™ AV | R412018148-BAL-001-AB | English
1
= 127 [a]
1
1
1
+
+
+
382,7 [a]
630 [a]
630 [a]
Electronics
Air and creepage distance on activated circuits
E.g. different processors
Overvoltage protection
(e.g. contactors, power pack)
User
FMEA during initial system conception
EMC test
Observe ambient conditions as described
in product spec
g 3.11 Descrip-
UAoff switch-off diagnosis
1
0
1
Preliminary note
Description of the framework conditions:
• Operating mode BA2 Setup or service mode
• Hazard due to unexpected start-up, remaining kinetic energy
• PL
= c
r
Control measures (safety functions) (see comment):
• Safe torque off (STO)
• Safe disconnection of the energy supply (SEC)
• Prevention of unexpected start-up (PUS)
Input
Triggering event:
• Operating mode switch, enabling device
Logic
Evaluation of the safety function:
• Switching off the energy supplies
Output
Safety-directed response:
• 1-channel confinement of fluid medium. The following implementations are
possible:
– Directional valve in locked position
– Control of blocking valve(s)
– S1 possible because residual energy causes only reversible injuries
• Disconnection of electrical power supply: PL
Comment
Points
15
The topic of residual energy is described in more detail in the following docu-
20
ments:
15
• Draft VDMA 66416: Chapter 5.1.3 Setup operation / service operation (BA2)
↯
5
"Reduced speeds are to be provided as follows ..."
5
5
• Draft VDMA 66416: Table A2 – Key for identification of the parameter esti-
25
mates of the risk graph in table A7
10
95
I
1
Fig. 11: Safety-related block diagram, example 2
1
Enabling device
2
Safety module (e.g. PILZ PNOZ)
3
PLC (programmable logic controller)
4
electrical part of the AV valve system, UA supply via electrical supply plate
5
Directional valves of the AV valve system
6
Main air valve with position detection (e.g. IS12-PD, ...)
not active for this safety function
7
Diagnosis "Query of the position of the main air valve"
not active for this safety function
8
Diagnosis "Valve voltage UA is lower than switch-off voltage (UA < UAoff)"
3.6 Example 3 with PLr = d
Example 3, based on VDMA 66416, number 2.1.1.1 and 2.2.1.1
This example is similar to Example 1, but the required PL
Preliminary note
Description of the framework conditions:
• Automatic operating mode (BA1)
• Hazard due to unexpected start-up
• PL
= d
r
≥ d => 2-channel recommended
r
L
O
4
2
6
7
3
8
is d.
r
5
19
Publicité
Table des Matières
