1 Scope
This part of GB/T 12668 specifies requirements and makes recommendations for the design and development, integration and validation of PDS(SR)s in terms of their functional safety considerations.
This part is applicable to adjustable speed electric drive systems covered by the other parts of Adjustable Speed Electrical Power Drive Systems.
Note 1: The term “integration” refers to the PDS(SR) itself, not to its incorporation into the safety-related application.
This International Standard is only applicable where functional safety of a PDS(SR) is claimed and the PDS(SR) is operating in the high demand or continuous mode (see 3.10). For low demand applications, see IEC 61508.
This part of IEC 61800, which is a product standard, sets out safety-related considerations of PDS(SR)s in terms of the framework of IEC 61508, and introduces requirements for PDS(SR)s as subsystems of a safety-related system. It is intended to facilitate the realisation of the electrical/electronic/ programmable electronic (E/E/PE) elements of a PDS(SR) in relation to the safety performance of safety function(s) of a PDS.
Manufacturers and suppliers of PDS(SR)s by using the normative requirements of this part of IEC 61800 will indicate to users (control system integrators, machinery and plant designers, etc.) the safety performance for their equipment. This will facilitate the incorporation of a PDS(SR) into a safety-related control system using the principles of IEC 61508, and possibly its specific sector implementations (for example IEC 61511, IEC 61513, IEC 62061) or ISO 13849.
Conformity with this part of IEC 61800 fulfils all the requirements of IEC 61508 that are necessary for a PDS(SR).
This part of IEC 61800 does not specify requirements for:
— the hazard and risk analysis of a particular application;
— the identification of safety functions for that application;
— the initial allocation of SILs to those safety functions;
— the driven equipment except for interface arrangements;
— secondary hazards (for example from failure in a production or manufacturing process);
— the electrical, thermal and energy safety considerations, which are covered in IEC 61800-5-1;
— the PDS(SR) manufacturing process;
— the validity of signals and commands to the PDS(SR).
Note 2: The functional safety requirements of a PDS(SR) are dependent on the application, and must be considered as a part of the overall risk assessment of the installation. Where the supplier of the PDS(SR) is not also responsible for the driven equipment, the installation designer is responsible for the risk assessment, and for specifying the functional and safety integrity requirements of the PDS(SR).
Note 3: Even though malevolent actions can influence the functional safety of PDS(SR), security aspects are not considered in this standard.
This part only applies to PDS(SR)s implementing safety functions with a SIL not greater than SIL 3.
Figure 1 shows the functional elements of a PDS(SR) that are considered in this part of IEC 61800.
Foreword II
1 Scope
2 Normative references
3 Terms and Definitions
4 Designated Safety Functions
4.1 General
5 Management of Functional Safety
5.1 Objective
5.2 PDS(SR) Development Lifecycle
5.3 Functional Safety Planning
5.4 Safety Requirements Specification (SRS) for a PDS(SR)
6 Requirements for Design and Development of a PDS(SR)
6.1 General Requirements
6.2 PDS(SR) Design Requirements
6.3 Behaviour on Detection of Fault
6.4 Additional Requirements for Data Communications
6.5 PDS(SR) Integration and Testing Requirements
7 Information for Use
7.1 Information and Instructions for Safe Application of a PDS(SR)
8 Verification and Validation
8.1 General
8.2 Verification
8.3 Validation
8.4 Documentation
9 Test Requirements
9.1 Planning of Tests
9.2 Test Documentation
10 Modification
10.1 Objective
10.2 Requirements
Annex A (Informative) Sequential Task Table
Annex B (Informative) Example for Determination of PFH
Annex C (Informative) Available Failure Rate Databases
Annex D (Informative) Fault Lists and Fault Exclusions
Bibliography
1 Scope
This part of GB/T 12668 specifies requirements and makes recommendations for the design and development, integration and validation of PDS(SR)s in terms of their functional safety considerations.
This part is applicable to adjustable speed electric drive systems covered by the other parts of Adjustable Speed Electrical Power Drive Systems.
Note 1: The term “integration” refers to the PDS(SR) itself, not to its incorporation into the safety-related application.
This International Standard is only applicable where functional safety of a PDS(SR) is claimed and the PDS(SR) is operating in the high demand or continuous mode (see 3.10). For low demand applications, see IEC 61508.
This part of IEC 61800, which is a product standard, sets out safety-related considerations of PDS(SR)s in terms of the framework of IEC 61508, and introduces requirements for PDS(SR)s as subsystems of a safety-related system. It is intended to facilitate the realisation of the electrical/electronic/ programmable electronic (E/E/PE) elements of a PDS(SR) in relation to the safety performance of safety function(s) of a PDS.
Manufacturers and suppliers of PDS(SR)s by using the normative requirements of this part of IEC 61800 will indicate to users (control system integrators, machinery and plant designers, etc.) the safety performance for their equipment. This will facilitate the incorporation of a PDS(SR) into a safety-related control system using the principles of IEC 61508, and possibly its specific sector implementations (for example IEC 61511, IEC 61513, IEC 62061) or ISO 13849.
Conformity with this part of IEC 61800 fulfils all the requirements of IEC 61508 that are necessary for a PDS(SR).
This part of IEC 61800 does not specify requirements for:
— the hazard and risk analysis of a particular application;
— the identification of safety functions for that application;
— the initial allocation of SILs to those safety functions;
— the driven equipment except for interface arrangements;
— secondary hazards (for example from failure in a production or manufacturing process);
— the electrical, thermal and energy safety considerations, which are covered in IEC 61800-5-1;
— the PDS(SR) manufacturing process;
— the validity of signals and commands to the PDS(SR).
Note 2: The functional safety requirements of a PDS(SR) are dependent on the application, and must be considered as a part of the overall risk assessment of the installation. Where the supplier of the PDS(SR) is not also responsible for the driven equipment, the installation designer is responsible for the risk assessment, and for specifying the functional and safety integrity requirements of the PDS(SR).
Note 3: Even though malevolent actions can influence the functional safety of PDS(SR), security aspects are not considered in this standard.
This part only applies to PDS(SR)s implementing safety functions with a SIL not greater than SIL 3.
Figure 1 shows the functional elements of a PDS(SR) that are considered in this part of IEC 61800.
Contents of GB/T 12668.502-2013
Foreword II
1 Scope
2 Normative references
3 Terms and Definitions
4 Designated Safety Functions
4.1 General
5 Management of Functional Safety
5.1 Objective
5.2 PDS(SR) Development Lifecycle
5.3 Functional Safety Planning
5.4 Safety Requirements Specification (SRS) for a PDS(SR)
6 Requirements for Design and Development of a PDS(SR)
6.1 General Requirements
6.2 PDS(SR) Design Requirements
6.3 Behaviour on Detection of Fault
6.4 Additional Requirements for Data Communications
6.5 PDS(SR) Integration and Testing Requirements
7 Information for Use
7.1 Information and Instructions for Safe Application of a PDS(SR)
8 Verification and Validation
8.1 General
8.2 Verification
8.3 Validation
8.4 Documentation
9 Test Requirements
9.1 Planning of Tests
9.2 Test Documentation
10 Modification
10.1 Objective
10.2 Requirements
Annex A (Informative) Sequential Task Table
Annex B (Informative) Example for Determination of PFH
Annex C (Informative) Available Failure Rate Databases
Annex D (Informative) Fault Lists and Fault Exclusions
Bibliography
