Risk Reduction; Residual Risk - Siemens SINUMERIK 840D sl Function Manual

Regulations and Standards
1.2 Safety of machinery in Europe
Risks must be reduced by suitably designing and implementing the machine. For
instance a control system or protective measures suitable for the safety–related
functions.
If the protective measures involve interlocking or control functions, then these must
be designed and implemented acc. to EN ISO 13849–1. For electrical and elec-
tronic controls, EN 62061 can be used as an alternative to EN ISO 13849–1. Elec-
tronic controls and bus systems must also comply with EN 61508.
1.2.8

Risk reduction

Risk reduction for a machine can also be implemented using structural measure-
ments and also safety–related control functions. To implement these control func-
tions, special requirements must be taken into consideration – graduated according
to the magnitude of the risk. These are described in EN 954–1 or EN ISO 13849–1
(previously EN 954–1) and, for electrical controls, especially with programmable
electronics in EN 61508 or EN 62061.
The requirements placed on safety–related parts of controls are graduated and
classified according to the magnitude of the risk and the necessity to reduce risk.
EN 954–1 defines "Categories" for this purpose. In its Annex B, it also describes a
technique to select a suitable Category to design and implement the safety–related
part of a control system.
EN ISO 13849–1 defines a risk flow chart that instead of categories results in hier-
archically graduated Performance Levels (PL).
EN 62061 uses "Safety Integrity Level" (SIL) to make this type of classification.
This is a quantified measure for the safety–related performance of a control.
The necessary SIL is also determined using the principle of risk assessment ac-
cording to ISO 14121 (EN 1050). A technique to determine the required Safety In-
tegrity Level (SIL) is described in Annex A of the Standard.
It is always important, independent of which Standard is applied, that all parts of
the machine control that are involved in executing safety–related functions fulfills
these requirements.
1.2.9

Residual risk

In our technological world, safety is a relative term. In practice, safety cannot be
implemented that guarantees a "zero risk" situation. The residual risk is defined as
the risk that remains after implementing protective measures corresponding to
state–of–the–art know–how and technology.
Residual risks must be clearly referred to in the machine/plant documentation (user
information according to EN ISO 12100–2).
1-28
SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) – 05.2008 Edition
© Siemens AG 2008 All Rights Reserved
05.08