SIEMENS
9/31
Siemens IK PI · 2015
Appendix
Safety of electronic devices
9
■
Overview
The information listed here is mainly of a fundamental nature and
applies regardless of the type and vendor of the electronic con-
trol system.
Reliability
The reliability of devices and components is being driven as
high as possible by employing extensive and cost-effective
measures in development and production.
This includes
•
Selection of high-quality components;
•
Worst-case design calculation of all circuits;
•
Systematic and computer-controlled testing of all subcontrac-
ted components;
•
Burn-in of all large-scale integrated circuits (e.g. processors,
memories etc.);
•
Measures to prevent static charging when working at or with
MOS circuits;
•
Visual checks at various stages of production;
•
In-circuit testing of all modules, i.e. computer-aided testing of
all components and their interaction in the circuit;
•
Hot endurance run at high ambient temperature over several
days;
•
Meticulous computer-controlled final testing;
•
Statistical evaluation of all returns for immediate introduction
of remedial actions.
These measures are regarded a basic measures in safety engi-
neering. They prevent or keep control of the majority of potential
faults.
Risks
Wherever faults are liable to cause injury to persons or damage
to property it is necessary to introduce measures aimed in parti-
cular at the safety of the plant and, therefore, of the control sys-
tem. Special, plan-specific directives exist for these applications
and need to be taken into account when configuring the control
system.
In the case of safety-relevant electronic control systems the
measures needing to be taken to prevent or keep control of
faults are aimed at the risk presented by the plant. In such a
case the basic measures listed above are no longer sufficient
above a certain level of hazard potential. Additional measures
have to be implemented and certified (e.g.dual-channel arran-
gements, tests, checksums etc.) for the control system.
■
Division into a safe and a non-safe zone
In practically all plants there are parts which perform safety-re-
lated functions (e.g. emergency stop pushbuttons, mesh gu-
ards, two-hand controls). In order not to have to consider the
complete control system in terms of safety engineering it is cus-
tomary to divide the control system into a
safe
and a
non-safe
zone. No special requirements are imposed on the safety of the
control system in the non-safe zone because there would be no
impact on the safety of the plant if the electronics failed in this
case. In the safe zone, on the other hand, you are only allowed
to use control systems and/or circuits which satisfy the directives
in question.
The following zonal divisions are customary in practice:
•
Control systems with little safety engineering,
e.g. machine control systems.
•
Control systems with balanced zones,
e.g. chemical plants, aerial ropeways.
•
Control systems with mainly safety engineering,
e.g. incineration plants.
Important
Even if a maximum of design-based safety is achieved in the
configuration of an electronic control systems – e.g. through
multi-edge configuration – it is still essential to closely follow the
instructions in the operating manuals as otherwise wrong actions
may suspend precautions for preventing potential faults or may
create additional sources of danger.
© Siemens AG 2014