United States
Select country
  • Europe
  • North America
  • South America
  • Asia / Pacific
  • Middle East / Africa

Safety speed monitoring

 EN 954-1 e nuove norme
 

Note

It is important to verify the possibility, by means of suitable fastening solutions, to apply the mechanical failure exclusion (loosening or loss of mechanical coupling with the engine).

Safety speed monitoring

The safety speed monitoring using sensors (encoders, proximity switch) for the measurement of speed, must be able to detect possible dangerous failures of the sensors themselves.


Standard EN 61800-5-2 Table D.16 gives the list of dangerous failures for this type of sensors and possible fault
exclusion.

  • The greater the amount of faults detected by the controller, the higher is the diagnostic coverage and therefore the better the safety level reached by the considered function
  • The possibility to apply the fault exclusion removes the need to control and increases the attainable safety
    performance
 
Sensors and certificate speed monitoring combinations

 

Certified Safety Encoder
+
Certificate safety speed
monitoring
(example Mosaic MV)

The certificate safety encoder, in combination with a certificate speed monitoring, complies with all the requirements specified in EN 61800-5-2.

Easy solution for safety speed monitoring function.

Cat. 4 - SIL 3 - PL e
SIL 3 Encoder
Normal Encoder
+
Proximity
+
Certificate safety speed monitoring
(example Mosaic MV)

The system uses two non safety sensors forming a dual channel system. The controller verifies that the two sensors measure the same speed. Failure of one of the two channels (electrical or mechanical), causes a difference in the measured values. This situation is detected by the controller which generates an alarm signal.


Since the two sensors belong to use different technologies, the two channels are not homogeneous. This reduces the possibility of common cause failures by improving the score of the Common Cause Failure (CCF) factor. See Standard ISO EN 13849-1 *.


With regards to the reliability values (MTTFd) of the sensor used it is theoretically possible to achieve a maximum safety level (SIL3 PL e).


Such level should be calculated and verified in accordance with EN 13849-1-2.

Cat. 3 - DCavg 90%
Safety level up to
SIL 3 - PL e
Proximity
+
Proximity
+
Certificate safety speed monitoring
(example Mosaic MV)

The system uses two proximities forming a dual channel system. The controller verifies that the two sensors measure the same speed. Failure of one of the two channels (electrical or mechanical), causes a difference in the measured values. This situation is detected by the controller which generates an alarm signal.


In this case the two sensors use the same technology. The two channels are homogeneous. This may increase the possibility of common cause failures compared to the solution Encoder + Proximity, making it more difficult to achieve the minimum score (65) of the CCF factor. See Standard ISO EN 13849-1 *.


DCavg is 90% only if is possible (by means of suitable fastening solutions) to apply the exclusion of mechanical failure (loosening or loss of mechanical coupling with the engine) on the encoder wheel (toothed wheel).


With regards to the reliability values (MTTFd) of the sensor used, it is theoretically possible to achieve a maximum safety level (SIL3 PL e).


Such level should be calculated and verified in accordance with EN 13849-1-2.

Cat. 3 - DCavg 90%
Safety level up to
SIL 3 - PL e
Normal Encoder
+
Normal Encoder
+
Certificate safety speed monitoring
(example Mosaic MV)

The system uses two non safety encoders forming a dual channel system. The controller verifies that the two sensors measure the same speed. Failure of one of the two channels (electrical or mechanical), causes a difference in the measured values. This situation is detected by the controller which generates an alarm signal.


In this case the two sensors use the same technology. The two channels are homogeneous. This may increase the possibility of common cause failures, making it more difficult to achieve the minimum score (65) of the CCF factor. See Standard ISO EN 13849-1 *.


With regards to the reliability values (MTTFd) of the sensor used is theoretically possible to achieve a maximum safety level (SIL3 PL e).


Such level should be calculated and verified in accordance with EN 13849-1-2.

Cat. 3 - DCavg 90%
Safety level up to
SIL 3 - PL e
Normal Encoder
+
Certificate safety speed monitoring
(example Mosaic MV)

The system uses one non-safety sensor forming a single channel system. The controller cannot make comparisons and verifications. The channel failure (electrical or mechanical) could not be detected.


The solution is Cat.B. This category does not include any diagnostic coverage (DCavg).


The maximum achievable level of safety is PL b. The solution could be to Cat. 1 only if the used encoder is considered a well-tried component for safety applications (Well Tried Component - ref. ISO 13849-1 Table 10).

Cat. B - Safety level
up to PL b
or
Cat. 1 - Safety level
up to SIL 1 - PL c
Proximity
+
Certificate safety speed monitoring
(example Mosaic MV)

The system uses one proximity forming a single channel system. The controller cannot make comparisons and verifications. The channel failure (electrical or mechanical) could not be detected.


The solution is Cat.B. This category does not include any diagnostic coverage (DCavg). The maximum achievable level of safety is PL b.


The solution could be to Cat. 1 only if the used proximity is considered a well-tried component for safety applications (Well Tried Component - ref. ISO 13849-1 Table 10).

Cat. B   Safety level
up to PL b
or
Cat. 1 - Safety level
up to SIL 1 - PL c

 

* Standard ISO EN 13849-1 Table F.1: Scoring process and quantification of measures against CCF. It’s necessary reach minimum score of 65 points Assessment needed for Category 2, 3 and 4

 

Next ... Glossary