GB/T 19670-2023 Safety of machinery - Prevention of unexpected start-up
1 Scope
This document specifies requirements for designed-in means aimed at preventing unexpected machine start-up (see 3.2) to allow safe human interventions in danger zones (see Annex A).
This document applies to unexpected start-up from all types of energy source, i.e.:
——power supply, e.g. electrical, hydraulic, pneumatic;
——stored energy due to, e.g. gravity, compressed springs;
——external influences, e.g. from wind.
This document does not specify performance levels or safety integrity levels for safety-related parts of control systems. While available means to prevent unexpected start-up are identified, this document does not specify the means for the prevention of unexpected machine start-up for specific machines.
Note: A type-C standard can define the required means for the prevention of harm arising from unexpected start-up. Otherwise, the requirements for a specific machine need to be determined by risk assessment outside the scope of this document.
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 15706-2012 Safety of machinery - General principles for design - Risk assessment and risk reduction (ISO 12100:2010, IDT)
ISO 12100 Safety of machinery - General principles for design - Risk assessment and risk reduction
ISO 13849-1 Safety of machinery - Safety-related parts of control systems - Part 1: General principles for design
Note: GB/T 16855.1-2018, Safety of machinery - Safety-related parts of control systems - Part 1: General principles for design (ISO 13849-1:2015, IDT)
IEC 62061 Safety of machinery - Functional safety of safety-related electrical, electronic and programmable electronic control systems
Note: GB 28526-2012, Electrical safety of machinery - Functional safety of safety-related electrical, electronic and programmable electronic control systems (IEC 62061: 2005, IDT)
3 Terms and definitions
For the purposes of this document, the following terms and definitions given in ISO 12100 apply.
3.1
start-up
machine start-up
change from rest to motion or switch-on of a machine or of one of its parts
Note : An example of function other than motion is switch-on of a laser.
3.2
unexpected start-up
unintended start-up
start-up (3.1) which, because of its unexpected nature, generates a risk to persons
Note 1: This can be caused by, for example:
——a start command which is the result of a failure in or an external influence on the control system;
——a start command generated by inopportune action on a start control or other parts of the machine such as a sensor or a power control element;
——restoration of the power supply after an interruption;
——external/internal influences (gravity, wind, self-ignition in internal combustion engines, etc.) on parts of the machine.
Note 2: Machine start-up during the normal sequence of an automatic cycle is not unintended, but can be considered as being unexpected from the point of view of the operator. Prevention of hazardous events in this case involves the use of safeguarding measures (see 6.3).
3.3
isolation and energy dissipation
procedure which consists of all of the four following actions:
a) isolating (disconnecting, separating) the machine (or defined parts of the machine) from all power supplies;
b) locking (or otherwise securing), if necessary (for instance, when the operator is not able, from every location he may be at, to check that the power supply remains interrupted), all the isolating units in the “isolated” position;
c) dissipating or restraining (containing) any stored energy which may give rise to a hazard.
Note: Energy considered in c) may be stored in e.g. mechanical parts continuing to move through inertia, e.g. backdriving of a ventilation fan, mechanical parts liable to move by gravity, capacitors and accumulators, pressurized fluids and springs.
d) verifying by using a safe working procedure (e.g. by measuring) that the actions taken according to a), b) and c) have produced the desired effect.
4 General measures to prevent unexpected start-up
4.1 General
A risk assessment in accordance with ISO 12100 shall be performed to identify the required measures to prevent unexpected start-up.
Note: Measures to prevent unexpected start-up of specific machinery can be specified in a type-C standard. The machine manufacturer is responsible for the suitability of measures identified by risk assessment.
Contents
Foreword I
Introduction II
1 Scope
2 Normative references
3 Terms and definitions
4 General measures to prevent unexpected start-up
4.1 General
4.2 Manual measures for isolation and energy dissipation
4.3 Other means to prevent unexpected (unintended) start-up
4.4 Signalling and warning (delayed start)
5 Isolation and energy dissipation
5.1 Prevention of unexpected start-up upon restoration of any power supplies
5.2 Devices for isolation from power supplies
5.3 Locking (securing) devices
5.4 Devices for stored-energy dissipation or restraint (containment)
6 Other measures to prevent unexpected start-up
6.1 Design strategy
6.2 Measures to prevent unintended generation of start commands
6.3 Measures to maintain stop commands
6.4 Automatic monitoring of the safe state (stopped condition) during a category 2 stop
7 Design requirements for verification
7.1 General
7.2 Provisions for verifying isolation
7.3 Provisions for verifying energy dissipation or restraint (containment)
Annex A (Informative) Examples of tasks which can require the presence of persons in danger zones
Bibliography
GB/T 19670-2023 Safety of machinery - Prevention of unexpected start-up
1 Scope
This document specifies requirements for designed-in means aimed at preventing unexpected machine start-up (see 3.2) to allow safe human interventions in danger zones (see Annex A).
This document applies to unexpected start-up from all types of energy source, i.e.:
——power supply, e.g. electrical, hydraulic, pneumatic;
——stored energy due to, e.g. gravity, compressed springs;
——external influences, e.g. from wind.
This document does not specify performance levels or safety integrity levels for safety-related parts of control systems. While available means to prevent unexpected start-up are identified, this document does not specify the means for the prevention of unexpected machine start-up for specific machines.
Note: A type-C standard can define the required means for the prevention of harm arising from unexpected start-up. Otherwise, the requirements for a specific machine need to be determined by risk assessment outside the scope of this document.
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 15706-2012 Safety of machinery - General principles for design - Risk assessment and risk reduction (ISO 12100:2010, IDT)
ISO 12100 Safety of machinery - General principles for design - Risk assessment and risk reduction
ISO 13849-1 Safety of machinery - Safety-related parts of control systems - Part 1: General principles for design
Note: GB/T 16855.1-2018, Safety of machinery - Safety-related parts of control systems - Part 1: General principles for design (ISO 13849-1:2015, IDT)
IEC 62061 Safety of machinery - Functional safety of safety-related electrical, electronic and programmable electronic control systems
Note: GB 28526-2012, Electrical safety of machinery - Functional safety of safety-related electrical, electronic and programmable electronic control systems (IEC 62061: 2005, IDT)
3 Terms and definitions
For the purposes of this document, the following terms and definitions given in ISO 12100 apply.
3.1
start-up
machine start-up
change from rest to motion or switch-on of a machine or of one of its parts
Note : An example of function other than motion is switch-on of a laser.
3.2
unexpected start-up
unintended start-up
start-up (3.1) which, because of its unexpected nature, generates a risk to persons
Note 1: This can be caused by, for example:
——a start command which is the result of a failure in or an external influence on the control system;
——a start command generated by inopportune action on a start control or other parts of the machine such as a sensor or a power control element;
——restoration of the power supply after an interruption;
——external/internal influences (gravity, wind, self-ignition in internal combustion engines, etc.) on parts of the machine.
Note 2: Machine start-up during the normal sequence of an automatic cycle is not unintended, but can be considered as being unexpected from the point of view of the operator. Prevention of hazardous events in this case involves the use of safeguarding measures (see 6.3).
3.3
isolation and energy dissipation
procedure which consists of all of the four following actions:
a) isolating (disconnecting, separating) the machine (or defined parts of the machine) from all power supplies;
b) locking (or otherwise securing), if necessary (for instance, when the operator is not able, from every location he may be at, to check that the power supply remains interrupted), all the isolating units in the “isolated” position;
c) dissipating or restraining (containing) any stored energy which may give rise to a hazard.
Note: Energy considered in c) may be stored in e.g. mechanical parts continuing to move through inertia, e.g. backdriving of a ventilation fan, mechanical parts liable to move by gravity, capacitors and accumulators, pressurized fluids and springs.
d) verifying by using a safe working procedure (e.g. by measuring) that the actions taken according to a), b) and c) have produced the desired effect.
4 General measures to prevent unexpected start-up
4.1 General
A risk assessment in accordance with ISO 12100 shall be performed to identify the required measures to prevent unexpected start-up.
Note: Measures to prevent unexpected start-up of specific machinery can be specified in a type-C standard. The machine manufacturer is responsible for the suitability of measures identified by risk assessment.
Contents of GB/T 19670-2023
Contents
Foreword I
Introduction II
1 Scope
2 Normative references
3 Terms and definitions
4 General measures to prevent unexpected start-up
4.1 General
4.2 Manual measures for isolation and energy dissipation
4.3 Other means to prevent unexpected (unintended) start-up
4.4 Signalling and warning (delayed start)
5 Isolation and energy dissipation
5.1 Prevention of unexpected start-up upon restoration of any power supplies
5.2 Devices for isolation from power supplies
5.3 Locking (securing) devices
5.4 Devices for stored-energy dissipation or restraint (containment)
6 Other measures to prevent unexpected start-up
6.1 Design strategy
6.2 Measures to prevent unintended generation of start commands
6.3 Measures to maintain stop commands
6.4 Automatic monitoring of the safe state (stopped condition) during a category 2 stop
7 Design requirements for verification
7.1 General
7.2 Provisions for verifying isolation
7.3 Provisions for verifying energy dissipation or restraint (containment)
Annex A (Informative) Examples of tasks which can require the presence of persons in danger zones
Bibliography
