Skip to product information
1 of 5

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 16855.2-2015 English PDF (GBT16855.2-2015)

GB/T 16855.2-2015 English PDF (GBT16855.2-2015)

Regular price $685.00 USD
Regular price Sale price $685.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GB/T 16855.2-2015 to get it for Purchase Approval, Bank TT...

GB/T 16855.2-2015: Safety of machinery -- Safety-related parts of control systems -- Part 2: Validation

GB/T 16855.2-2015
Safety of machinery - Safety-related parts of control systems - Part 2. Validation ICS 13.110
J09
National Standards of People's Republic of China
Replace GB/T 16855.2-2007
Safety related parts of mechanical safety control system
Part 2. Confirmation
Part 2.Validation
(ISO 13849-2.2012, IDT)
Released on December 10,.2015
2016-07-01 implementation
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China China National Standardization Administration issued
Content
Foreword III
Introduction IV
1 range 1
2 Normative references 1
3 Terms and Definitions 1
4 Confirmation process 1
4.1 Confirmation Principle 1
4.2 Confirmation Plan 2
4.3 General Fault List 3
4.4 Special fault list 3
4.5 Confirmation Information 3
4.6 Confirmation record 5
5 Analysis and confirmation 5
5.1 General requirements 5
5.2 Analysis method 5
6 Test Confirmation 5
6.1 General requirements 5
6.2 Measurement accuracy 6
6.3 More stringent requirements 6
6.4 Number of test samples 6
7 Confirmation of safety requirements specification for safety functions 7 8 Confirmation of safety function 7
9 Confirmation of performance levels and categories 7
9.1 Analysis and testing 7
9.2 Confirmation of category specifications 8
9.3 Confirmation of MTTFd, DCavg and CCF 9
9.4 Confirmation of systemic failure prevention measures related to SRP/CS performance levels and categories 10 9.5 Confirmation of safety related software 10
9.6 Confirmation and verification of performance levels 11
9.7 Confirmation of safety related component combinations 11
10 Confirmation of environmental requirements 11
11 Confirmation of maintenance requirements 12
12 Confirmation of technical documents and usage information 12
Appendix A (informative) Confirmation tool for mechanical systems 13
Appendix B (informative) Pneumatic system validation tool 16
Appendix C (informative) Hydraulic system validation tool 23
Appendix D (informative) Confirmation tools for electrical systems 29
Appendix E (informative) Example of fault characteristics confirmation and diagnostic measures 39 References 59
Foreword
GB/T 16855 "Safety related parts of mechanical safety control system" consists of the following two parts. --- Part 1. General rules of design;
--- Part 2. Confirmation.
This part is the second part of GB/T 16855.
This part is drafted in accordance with the rules given in GB/T 1.1-2009. This part replaces GB/T 16855.2-2007 "Safety Parts of Machinery Safety Control System Part 2. Confirmation". versus Compared with GB/T 16855.2-2007, the main technical changes except editorial changes are as follows. --- Added a confirmation to the performance level for the scope (see Chapter 1, Chapter 1 of the.2007 edition); --- Added confirmation of safety requirements for safety functions (see Chapter 7); --- Increased performance levels and related parameters (MTTFd, DCavg, and CCF), and safety-related software validation (see Chapter 9, Chapter 1 of the.2007 edition);
--- Added confirmation of technical documentation and usage information (see Chapter 12); --- Added examples of fault characteristics confirmation and diagnostic measures (see Appendix E). This section uses the translation method equivalent to ISO 13849-2.2012 "Mechanical Safety Control System Safety Related Parts Part 2. Recognition (English version).
This part is proposed and managed by the National Machinery Safety Standardization Technical Committee (SAC/TC208). This section drafted by. Rugao Packaging Food Machinery Co., Ltd., National Machine Tool Quality Supervision and Inspection Center, Nanjing University of Science and Technology, ohm Long Automation (China) Co., Ltd., China Machine Productivity Promotion Center, Institute of Optical and Mechanical Engineering, Nanjing Forestry University, Piel Magnetic Industry Automation Trading (Shanghai) Co., Ltd., ABB (China) Co., Ltd., Siemens (China) Co., Ltd. The main drafters of this section. Shi Chuanming, Curie, Zhao Qinzhi, Zhang Xiaofei, Li Qin, Ning Yan, Ju Ronghua, Li Liyan, Wei Weizhong, Zhang Tianqiang, Luo Guang, Cheng Hongbing, Liu Ying, Chen Nengyu, Huang Zhixuan, Zhang Yarong, Song Xiaoning, Wu Jian, Wang Zheng, Fu Huiqing, Liu Zhiyong, Jiang Tao, Yu Heng. The previous versions of the standards replaced by this section are.
---GB/T 16855.2-2007.
introduction
The structure of safety standards in the mechanical field is as follows. --- Class A standard (basic safety standard), giving basic concepts, design principles and general characteristics applicable to all machines. ---Class B (General Safety Standard), a type of safety device that covers a safety feature of a machine or has a wide range of uses. ● Class B1, specific safety features (such as safety distance, surface temperature, noise) standards; ● Class B2, standard for safety devices (such as two-hand control devices, interlock devices, pressure sensitive devices, and protective devices). ---Class C (Product Safety Standard), a standard that specifies detailed safety requirements for a particular machine or group of machines. According to GB/T 15706, this standard belongs to the B1 standard.
Class C standards may supplement or modify the requirements of this standard. For machines within the scope of the C standard, if it has been designed and manufactured in accordance with this standard, the requirements in this Class C standard are preferred. This section specifies the validation process for the safety functions, categories, and performance levels of safety-related components of the control system. This section recognizes the passage The combination of analysis (see Chapter 5) and testing (see Chapter 6) enables the identification of safety-related components of the control system and specifies the characteristics of the test. Special environmental conditions.
Most of the procedures and conditions specified in this section are based on the assumption that the provisions of 4.5.4 of GB/T 16855.1-2008 are adopted. A simplified procedure for estimating the performance level (PL). This section does not give guidance on the use of other programs (for example. Markov modeling). In this case, certain provisions of this section no longer apply and additional requirements are required. Regardless of the technology (electrical, hydraulic, pneumatic, mechanical, etc.) used in the safety-related components of the control system, the general design rules (see The guidelines of GB/T 15706) are given in GB/T 16855.1. This includes a description of some typical security features, the required performance level. Determination, as well as general requirements for categories and performance levels. Some of the validation requirements given in this section are generic, while other validation requirements are specific to the type of technology being used. Safety related parts of mechanical safety control system
Part 2. Confirmation
1 Scope
This section specifies the procedures and conditions to be followed when analyzing and testing the following parameters. ---Specified safety functions;
--- Category of control system safety related components (SRP/CS) designed in accordance with GB/T 16855.1; ---Performance level achieved by the control system safety related components (SRP/CS) designed in accordance with GB/T 16855.1. Note. Additional requirements for programmable electronic systems (including embedded software) are given in 4.6 and GB/T 20438 of GB/T 16855.1-2008. 2 Normative references
The following documents are indispensable for the application of this document. For dated references, only dated versions apply to this article. Pieces. For undated references, the latest edition (including all amendments) applies to this document. GB/T 15706-2012 Mechanical Safety Design General Risk Assessment and Risk Reduction (ISO 12100.2010, IDT) GB/T 16855.1-2008 Safety of mechanical safety systems - Part 1 . General rules for design (ISO 13849-1. 2006, IDT)
3 Terms and definitions
The terms and definitions defined in GB/T 15706-2012 and GB/T 16855.1-2008 apply to this document. 4 Confirmation process
4.1 Confirmation principle
The purpose of the validation process is to determine if the design of the SRP/CS supports all safety requirements specifications for the machine. Confirmation should demonstrate that each SRP/CS meets the requirements of GB/T 16855.1, in particular. a) The specified safety characteristics of the safety functions provided by the component as proposed by the design principle. b) Requirements for the specified performance level (see 4.5 in GB/T 16855.1-2008). 1) Requirements for the specified categories (see 6.2 of GB/T 16855.1-2008); 2) Measures to control and avoid systemic failures (see Appendix G of GB/T 16855.1-2008); 3) Software requirements when applicable (see 4.6 of GB/T 16855.1-2008); 4) The ability to perform safety functions under expected environmental conditions. c) the ergonomic design of the operator interface, for example, does not induce the operator to adopt dangerous operating methods, such as discarding SRP/CS (see 4.8 of GB/T 16855.1-2008).
It should be confirmed by a person who is independent of the SRP/CS design. Note. “Independent staff” does not imply a need for third party testing. The validation includes an analytical confirmation (see Chapter 5) and a functional test performed under foreseeable conditions in accordance with the validation plan (see Chapter 6). Figure 1 shows the confirmation process. The balance between analysis and testing depends on the technology used and the level of performance required for the safety-related components. For Class 2, Class 3 and Class 4, the confirmation of safety functions should also include tests under fault conditions. It is advisable to start the analysis as early as possible and at the same time as the design process so that it can be solved as soon as the problem is relatively easy to solve. Between the two steps of “design and technical realization of safety functions” and “evaluation performance level PL” (Figure 3 in GB/T 16855.1-2008) Between the fourth and fifth boxes). Part of the analysis work needs to be postponed until the design is completed. Due to the size, complexity or integration of the control system into the (machine's) control system, if necessary, it should be as follows Special arrangements.
--- Confirm SRP/CS separately before integration, including simulating the corresponding input and output signals; --- Confirm the integration of safety-related components with the rest of the control system. Figure 1 Confirmation process
The "modified design" in Figure 1 refers to the design process. If the confirmation cannot be completed successfully, it is necessary to change the design. Then, it is also appropriate to repair The changed safety related components are reconfirmed. This process should be repeated until the safety-related components of all safety functions have been successfully completed. confirm.
4.2 Confirmation plan
The validation plan should identify and describe the requirements for the validation process for the specified safety functions and their categories and performance levels. The validation plan should also identify methods for identifying the specified safety features, categories, and performance levels. Where appropriate, the following should be specified. a) identify technical specification documents;
b) operational and environmental conditions during the test;
c) the analysis and testing that needs to be carried out;
d) applicable test standards;
e) Identify the person or unit at each step of the process.
Safety-related parts that have been previously confirmed by the same technical specification need only reference the previous confirmation. 4.3 General fault list
The validation process includes consideration of the performance of the SRP/CS under all considered fault conditions. The basis for fault consideration is Appendix A~Appendix D A list of faults given in tabular form based on experience. These forms include. ---Components/components such as wires/cables (see Appendix D);
--- Fault, such as short circuit between conductors;
--- Allowable troubleshooting, taking into account environmental, operational and application factors; ---Remarks column, giving reasons for troubleshooting.
The fault list only considers permanent faults.
4.4 Special fault list
If necessary, create a special list of product-related faults as a reference for the safety-related component validation process. This list It can be based on the corresponding general fault list in the appendix. For a list of special product-related faults based on the general fault list, the following should be specified. a) the fault listed in the general fault list;
b) other related faults not listed in the general fault list (for example, common cause failure); c) the criteria listed in the general fault list and in the list of general faults (see GB/T 16855.1-2008) 7.3) The faults that may be excluded under the premise;
In special cases, it should also include.
d) The general fault list is not allowed to be excluded, but the reason and principle of exclusion (see 7.3 of GB/T 16855.1-2008) are given. He is malfunctioning.
For fault lists that are not based on a general fault list, the designer should give the principle of troubleshooting. 4.5 Confirmation Information
With the technology employed, the categories and performance levels to be verified, the system design principles, and the role of SRP/CS in reducing risk Changes, the information needed to confirm will also change. A document containing sufficient information to confirm the safety phase should be included in the validation process. The critical components perform the specified safety functions to achieve the required performance levels and categories. a) the technical specifications of the features required for each safety function, and the required category and performance level; b) drawings and technical documents such as mechanical, hydraulic and pneumatic components, printed wiring boards, mounting panels, internal wiring, enclosures, materials and Installed drawings and technical documents;
c) a block diagram with a function description box;
d) circuit diagrams, including interfaces/connections;
e) a functional description of the circuit diagram;
f) timing diagram of the switching elements, safety related signals;
g) a description of the relevant characteristics of the identified component; h) For safety-related components not listed in g), name, rating, tolerance, associated operating force, model specification, loss a list of components for efficiency data, component manufacturers, and other safety-related data; i) analysis of all relevant faults (see also 4.3 and 4.4), eg the faults listed in the tables in Appendix A~Appendix D, including There are reasons for troubleshooting;
j) analysis of the influence of the material being processed;
k) Use information such as installation and operating manuals/instructions. If the software is related to security features, the software's documentation should include. --- Unambiguous technical specifications, and specify the security performance that the software needs to achieve; --- Evidence that the software is designed to achieve the required performance level (see 9.5); --- The details of the test (especially the test report) used to demonstrate that the required performance level has been achieved. Note. The requirements of the software can be found in 4.6.2 and 4.6.3 of GB/T 16855.1-2008. Information should be provided on how to determine the performance level and the average probability of dangerous failures per hour. The documentation of quantifiable factors should include. --- Safety related module diagram (see Appendix B of GB/T 16855.1-2008) or specified structure (see GB/T 16855.1- 6.2) in.2008;
--- Determination of MTTFd, DCavg and CCF;
--- Determination of the category (see Table 1).
Documentation information on the SRP/CS system should be provided.
Information should be provided on how to combine several SRP/CSs to achieve the required level of performance. Table 1 File requirements for categories related to performance levels
Documentation requirements
Category of file required
B 1 2 3 4
Basic safety principles × × × × ×
Expected operating force × × × × ×
Influence of processed materials × × × × ×
Performance when affected by other related externalities × × × × ×
Proven components - × - - -
Proven safety principles - × × × ×
Mean risk of failure (MTTFd) for each channel × × × × ×
Security function check program - - × - -
Diagnostic measures performed, including fault response - - × × ×
Check interval, if specified - - × × ×
Diagnostic Coverage (DCavg) - - × × ×
Predictable single failures and detection methods adopted during design - - × × × Recognized Common Cause Failure (CCF) and Prevention Methods - - × × ×
Foreseeable Single Troubleshooting - - - × ×
Fault to be detected - - × × ×
How to maintain safety functions under each fault condition - - - × ×
How to maintain safety functions under each combined fault condition - - - - × Measures to prevent systemic failure × × × × ×
Measures to prevent software failure × - × × ×
× ---Requires documents;
- --- No files required.
Note. Category refers to the category given in GB/T 16855.1-2008.
4.6 Confirmation record
Confirmation by analysis and testing should be recorded. The record should reflect the confirmation process for each safety requirement. If the previous confirmation record Valid, can also be quoted.
For safety-related parts that have not been confirmed during the validation process, the confirmation record should describe which components did not pass the analysis/test confirmation. It should be ensured that all safety related parts have been reconfirmed after the modification. 5 Analysis and confirmation
5.1 General requirements
The SRP/CS should be confirmed by analysis. The inputs to the analysis include. --- Risk analysis identified safety functions and their characteristics, as well as the required performance level (see Figure 1 of GB/T 16855.1-2008) And Figure 3);
--- quantifiable indicators (MTTFd, DCavg and CCF);
--- System structure (such as the specified structure) (see Chapter 6 of GB/T 16855.1-2008); --- Non-quantitative qualitative indicators that affect system performance (including software when applicable); --- Deterministic arguments.
Relative to testing, the identification of safety functions requires the formation of deterministic arguments. Note 1. Deterministic arguments are based on the arguments of qualitative indicators such as manufacturing quality and experience. This method depends on the specific application and is subject to various factors. influences.
Note 2. The difference between deterministic and other evidence is that they indicate that the required system characteristics are derived logically from the system model. Such theory It can be based on the concept of easy to understand.
5.2 Analytical methods
The choice of analytical method depends on the specific target. There are currently two basic methods. a) top-down (deductive) method, suitable for determining the initial event that can lead to the top event, and calculating the probability by the initial event The probability of an event. This method ca...

View full details