IEC 61131-6:2012 specifies requirements for programmable controllers (PLCs) and their associated peripherals, as defined in Part 1, which are intended to be used as the logic subsystem of an electrical\/electronic\/programmable electronic (E\/E\/PE) safety-related system. A programmable controller and its associated peripherals complying with the requirements of this part is considered suitable for use in an E\/E\/PE safety-related system and is identified as a functional safety programmable logic controller (FS-PLC). An FS-PLC is generally a hardware (HW) \/ software (SW) subsystem. An FS-PLC may also include software elements, for example predefined function blocks.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 8<\/td>\n | English CONTENTS <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | Figures Figure 1 \u2013 FS-PLC in the overall E\/E\/PE safety-related system safety lifecycle phases <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | 1 Scope <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 2 Normative references <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 3 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | Figure 2 \u2013 Failure model <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 4 Conformance to this standard 5 FS-PLC safety lifecycle 5.1 General <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | Figure 3 \u2013 FS-PLC safety lifecycle (in realization phase) <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 5.2 FS-PLC functional safety SIL capability requirements 5.2.1 General <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 5.2.2 Data security 5.3 Quality management system <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 5.4 Management of FS-PLC safety lifecycle 5.4.1 Objectives 5.4.2 Requirements and procedures <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 5.4.3 Execution and monitoring 5.4.4 Management of functional safety 6 FS-PLC design requirements specification 6.1 General <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | 6.2 Design requirements specification contents <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | 6.3 Target failure rate Figure 4 \u2013 Relevant parts of a safety function Tables Table 1 \u2013 Safety integrity levels for low demand mode of operation <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | 7 FS-PLC design, development and validation plan 7.1 General 7.2 Segmenting requirements Table 2 \u2013 Safety integrity levels for high demand or continuous mode of operation <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | 8 FS-PLC architecture 8.1 General Figure 5 \u2013 FS-PLC to engineering tools relationship <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | 8.2 Architectures and subsystems 8.3 Data communication 9 HW design, development and validation planning 9.1 HW general requirements 9.2 HW functional safety requirements specification 9.3 HW safety validation planning <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | 9.4 HW design and development 9.4.1 General 9.4.2 Requirements for FS-PLC behaviour on detection of a fault <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | 9.4.3 HW safety integrity Table 3 \u2013 Faults to be detected and notified (alarmed) to the application program <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | Table 4 \u2013 Hardware safety integrity \u2013 low complexity (type A) subsystem Table 5 \u2013 Hardware safety integrity \u2013 high complexity (type B) subsystem <\/td>\n<\/tr>\n | ||||||
| 47<\/td>\n | Figure 6 \u2013 HW subsystem decomposition <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | Figure 7 \u2013 Example: determination of the maximum SIL for specified architecture <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | Figure 8 \u2013 Example of limitation on hardware safety integrityfor a multiple-channel safety function <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | 9.4.4 Random HW failures <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | Table 6 \u2013 Faults or failures to be assumed when quantifying the effect of random hardware failures or to be taken into account in the derivation of safe failure fraction <\/td>\n<\/tr>\n | ||||||
| 57<\/td>\n | 9.4.5 HW requirements for the avoidance of systematic failures 9.4.6 HW requirements for the control of systematic faults <\/td>\n<\/tr>\n | ||||||
| 58<\/td>\n | 9.4.7 HW classification of faults Figure 9 \u2013 Fault classification and FS-PLC behaviour <\/td>\n<\/tr>\n | ||||||
| 59<\/td>\n | 9.4.8 HW implementation <\/td>\n<\/tr>\n | ||||||
| 60<\/td>\n | 9.4.9 De-rating of components 9.4.10 ASIC design and development 9.4.11 Techniques and measures to prevent the introduction of faults in ASICs 9.5 HW and embedded SW and FS-PLC integration Figure 10 \u2013 ASIC development lifecycle (V-Model) <\/td>\n<\/tr>\n | ||||||
| 61<\/td>\n | 9.6 HW operation and maintenance procedures 9.6.1 Objective 9.6.2 Requirements <\/td>\n<\/tr>\n | ||||||
| 62<\/td>\n | 9.7 HW safety validation 9.7.1 General 9.7.2 Requirements <\/td>\n<\/tr>\n | ||||||
| 63<\/td>\n | 9.8 HW verification 9.8.1 Objective 9.8.2 Requirements <\/td>\n<\/tr>\n | ||||||
| 64<\/td>\n | 10 FS-PLC SW design and development 10.1 General Figure 11 \u2013 Model of FS-PLC and engineering tools layers <\/td>\n<\/tr>\n | ||||||
| 65<\/td>\n | 10.2 Requirements 10.3 Classification of engineering tools Table 7 \u2013 Examples of tool classification <\/td>\n<\/tr>\n | ||||||
| 66<\/td>\n | 10.4 SW safety validation planning 11 FS-PLC safety validation 12 FS-PLC type tests 12.1 General 12.2 Type test requirements <\/td>\n<\/tr>\n | ||||||
| 68<\/td>\n | Table 8 \u2013 Performance criteria <\/td>\n<\/tr>\n | ||||||
| 69<\/td>\n | 12.3 Climatic test requirements 12.4 Mechanical test requirements 12.5 EMC test requirements 12.5.1 General 12.5.2 General EMC environment <\/td>\n<\/tr>\n | ||||||
| 70<\/td>\n | Table 9 \u2013 Immunity test levels for enclosure port tests in general EMC environment <\/td>\n<\/tr>\n | ||||||
| 71<\/td>\n | 12.5.3 Specified EMC environment Table 10 \u2013 Immunity test levels in general EMC environment <\/td>\n<\/tr>\n | ||||||
| 72<\/td>\n | Table 11 \u2013 Immunity test levels for enclosure port tests in specified EMC environment <\/td>\n<\/tr>\n | ||||||
| 73<\/td>\n | 13 FS-PLC verification 13.1 Verification plan Table 12 \u2013 Immunity test levels in specified EMC environment <\/td>\n<\/tr>\n | ||||||
| 74<\/td>\n | 13.2 Fault insertion test requirements <\/td>\n<\/tr>\n | ||||||
| 75<\/td>\n | 13.3 As qualified versus as shipped 14 Functional safety assessment 14.1 Objective Table 13 \u2013 Fault tolerance test, required effectiveness <\/td>\n<\/tr>\n | ||||||
| 76<\/td>\n | 14.2 Assessment requirements 14.2.1 Assessment evidence and documentation 14.2.2 Assessment method <\/td>\n<\/tr>\n | ||||||
| 78<\/td>\n | 14.3 FS-PLC assessment information 14.4 Independence Table 14 \u2013 Functional safety assessment Information <\/td>\n<\/tr>\n | ||||||
| 79<\/td>\n | 15 FS-PLC operation, maintenance and modification procedures 15.1 Objective 15.2 FS-PLC modification Table 15 \u2013 Minimum levels of independence ofthose carrying out functional safety assessment <\/td>\n<\/tr>\n | ||||||
| 80<\/td>\n | 16 Information to be provided by the FS-PLC manufacturer for the user 16.1 General 16.2 Information on conformance to this standard 16.3 Information on type and content of documentation 16.4 Information on catalogues and\/or datasheets 16.5 Safety manual 16.5.1 General 16.5.2 Safety manual contents <\/td>\n<\/tr>\n | ||||||
| 83<\/td>\n | Annex A (informative) Reliability calculations <\/td>\n<\/tr>\n | ||||||
| 84<\/td>\n | Annex B (informative) Typical FS-PLC Architectures <\/td>\n<\/tr>\n | ||||||
| 85<\/td>\n | Figure B.1 \u2013 Single FS-PLC with single I\/O and external watchdog (1oo1D) Figure B.2 \u2013 Dual PE with single I\/O and external watchdogs (1oo1D) <\/td>\n<\/tr>\n | ||||||
| 86<\/td>\n | Figure B.3 \u2013 Dual PE with dual I\/O, no inter-processor communication,and 1oo2 shutdown logic <\/td>\n<\/tr>\n | ||||||
| 87<\/td>\n | Figure B.4 \u2013 Dual PE with dual I\/O, inter-processor communication,and 1oo2D shutdown logic Figure B.5 \u2013 Dual PE with dual I\/O, no inter-processor communication,external watchdogs, and 2oo2 shutdown logic <\/td>\n<\/tr>\n | ||||||
| 88<\/td>\n | Figure B.6 \u2013 Dual PE with dual I\/O, inter-processor communication,external watchdogs, and 2oo2D shutdown logic <\/td>\n<\/tr>\n | ||||||
| 89<\/td>\n | Figure B.7 \u2013 Triple PE with triple I\/O, inter-processor communication,and 2oo3D shutdown logic <\/td>\n<\/tr>\n | ||||||
| 90<\/td>\n | Annex C (informative) Energise to trip applications of FS-PLC <\/td>\n<\/tr>\n | ||||||
| 92<\/td>\n | Annex D (informative) Available failure rate databases <\/td>\n<\/tr>\n | ||||||
| 94<\/td>\n | Annex E (informative) Methodology for the estimation of common cause failure rates in a multiple channel FS-PLC Table E.1 \u2013 Criteria for estimation of common cause failure <\/td>\n<\/tr>\n | ||||||
| 95<\/td>\n | Table\u00a0E.2 \u2013 Estimation of common cause failure factor <\/td>\n<\/tr>\n | ||||||
| 96<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Programmable controllers – Functional safety<\/b><\/p>\n |