Safety and control devices for gas burners and gas burning appliances - General requirements

This amendment to EN 13611:2007 specifies requirements and methods for the determination of SIL-classifications according to EN 61508 for electronics of safety and control devices for gas burners and gas burning appliances.

Sicherheits-, Regel- und Steuereinrichtungen für Gasbrenner und Gasgeräte - Allgemeine Anforderungen

Equipements auxiliaires pour brûleurs à gaz et appareils à gaz - Exigences générales

Varnostne in nadzorne naprave za plinske gorilnike in plinske aparate - Splošne zahteve - Dopolnilo A1

General Information

Status
Not Published
Current Stage
5060 - Closure of Vote - Formal Approval
Due Date
02-Apr-2012

RELATIONS

Buy Standard

Amendment
EN 13611:2008/oprA1:2010
English language
33 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST EN 13611:2008/oprA1:2010
01-februar-2010
Varnostne in nadzorne naprave za plinske gorilnike in plinske aparate - Splošne
zahteve - Dopolnilo A1
Safety and control devices for gas burners and gas burning appliances - General
requirements
Sicherheits-, Regel- und Steuereinrichtungen für Gasbrenner und Gasgeräte -
Allgemeine Anforderungen

Équipements auxiliaires pour brûleurs à gaz et appareils à gaz - Exigences générales

Ta slovenski standard je istoveten z: EN 13611:2007/prA1
ICS:
23.060.40 7ODþQLUHJXODWRUML Pressure regulators
27.060.20 Plinski gorilniki Gas fuel burners
SIST EN 13611:2008/oprA1:2010 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN 13611:2008/oprA1:2010
---------------------- Page: 2 ----------------------
SIST EN 13611:2008/oprA1:2010
EUROPEAN STANDARD
DRAFT
EN 13611:2007
NORME EUROPÉENNE
EUROPÄISCHE NORM
prA1
October 2009
ICS 23.060.40
English Version
Safety and control devices for gas burners and gas burning
appliances - General requirements

Equipements auxiliaires pour brûleurs à gaz et appareils à Sicherheits-, Regel- und Steuereinrichtungen für

gaz - Exigences générales Gasbrenner und Gasgeräte - Allgemeine Anforderungen

This draft amendment is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee CEN/TC 58.

This draft amendment A1, if approved, will modify the European Standard EN 13611:2007. If this draft becomes an amendment, CEN

members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for inclusion of this amendment

into the relevant national standard without any alteration.

This draft amendment was established by CEN in three official versions (English, French, German). A version in any other language made

by translation under the responsibility of a CEN member into its own language and notified to the CEN Management Centre has the same

status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland,

France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,

Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to

provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without notice and

shall not be referred to as a European Standard.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: Avenue Marnix 17, B-1000 Brussels

© 2009 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 13611:2007/prA1:2009: E

worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST EN 13611:2008/oprA1:2010
EN 13611:2007/prA1:2009 (E)
Contents Page

Foreword ..............................................................................................................................................................4

Annex J (normative) Method for the determination of a Safety integrity level (SIL) ..................................6

J.1 Scope ......................................................................................................................................................6

J.2 Normative References ...........................................................................................................................6

J.3 Terms and definitions ...........................................................................................................................7

J.4 Symbols ..................................................................................................................................................8

J.5 Special requirements to determine a Safety Integrity Level (SIL) ....................................................8

J.5.1 Functional safety ...................................................................................................................................8

J.5.2 Management of functional safety .........................................................................................................9

J.5.2.1 Methods of fault prevention ..................................................................................................................9

J.5.2.2 Functional Safety Management System ..............................................................................................9

J.5.2.3 Specification of safety requirements ................................................................................................ 12

J.5.2.4 Design and development ................................................................................................................... 13

J.5.2.5 Integration ........................................................................................................................................... 13

J.5.2.6 Validation ............................................................................................................................................. 13

J.5.2.7 Operation and maintenance .............................................................................................................. 14

J.5.2.8 Information to the appliance manufacturer ..................................................................................... 14

J.5.3 Software requirements ....................................................................................................................... 14

J.5.4 Hardware requirements ...................................................................................................................... 15

J.5.4.1 General ................................................................................................................................................. 15

J.5.4.2 Procedural approach .......................................................................................................................... 20

J.5.4.3 Diagnostic measures and their maximum coverage....................................................................... 21

J.5.4.4 Failure rates and failure modes ......................................................................................................... 22

J.5.4.5 Determination of common cause factors for complex systems .................................................... 27

J.5.4.6 Calculation of PFH ............................................................................................................................ 28

Bibliography ..................................................................................................................................................... 33

---------------------- Page: 4 ----------------------
SIST EN 13611:2008/oprA1:2010
EN 13611:2007/prA1:2009 (E)
Figures

Figure J.1 — Subsystem with basic architecture A – logical representation ..................................................... 15

Figure J.2 — Subsystem with basic architecture C - logical representation ...................................................... 16

Figure J.3 — Subsystem with basic architecture B - logical representation ...................................................... 17

Figure J.4 — Subsystem with basic architecture D - logical representation ...................................................... 17

Figure J.5 — Example of complex architecture: Burner control system (symbolized schematic) ..................... 18

Figure J.6 — Example of a complex architecture: Reliability block diagram of a burner control system based

on segregation into function blocks ............................................................................................................. 19

Tables

Table J.1 —Diagnostic techniques ..................................................................................................................... 21

Table J.2 — Diagnostic measures...................................................................................................................... 22

Table J.3 — Failure rates and failure modes ..................................................................................................... 23

Table J.4 — Scoring Electronics or sensors/actuators ...................................................................................... 27

Table J.5 — Calculation of β .............................................................................................................................. 28

Table J.6 — Requirements to the safe failure fraction of subsystems ............................................................... 31

Table J.7 — Determination of the overall Safety Integrity Level (SIL) ............................................................... 31

---------------------- Page: 5 ----------------------
SIST EN 13611:2008/oprA1:2010
EN 13611:2007/prA1:2009 (E)
Foreword

This document (EN 13611:2007/prA1:2009) has been prepared by Technical Committee CEN/TC 58 “Safety

and control devices for burners and appliances burning gaseous or liquid fuels”, the secretariat of which is

held by BSI.
This document is currently submitted to the CEN Enquiry.

This document has been prepared under a mandate given to CEN by the European Commission and the

European Free Trade Association, and supports essential requirements of EC Directive(s).

For relationship with EC Directive(s), see informative Annexes ZA and ZB, which are integral parts of this

document.
---------------------- Page: 6 ----------------------
SIST EN 13611:2008/oprA1:2010
EN 13611:2007/prA1:2009 (E)
Introduce the following modification to EN 13611:2007:
Foreword
Add the following wording after 11 paragraph of EN 13611:2007, Foreword:

Primarily in industrial applications it is common practice to rate the safety of a plant based on values describing

the likelihood of a dangerous failure. These values are being used to determine Safety Integrity Levels or

Performance Levels when the system is being assessed in its entirety.

CEN/TC58 standards for safety relevant controls do go beyond this approach, because for a certain life span

for which the product is specified, designed and tested a dangerous failure is not allowed at all. Failure modes

are described and assessed in greater detail. Measures to prevent from dangerous situations are defined.

Field experience over many decades is reflected in the CEN/TC 58 standards. Requirements of these

standards can be considered as proven in practice.

It can not be presumed that any Safety Integrity Level or Performance Level assessment alone would imply

that requirements of a CEN/TC 58 standard have been met.

To be able to provide parameters to allow for any formal Safety Integrity Level or Performance Level system

assessment the Annex J of this document defines a methodology to derive the relevant parameters from the

requirements of this standard.
Annex J:

Add the following informative Annex J "Special requirements to determine a Performance Level (PL) or a

Safety integrity level (SIL)" after the last Annex I and before the Annex ZA of EN 13611:2007.

---------------------- Page: 7 ----------------------
SIST EN 13611:2008/oprA1:2010
EN 13611:2007/prA1:2009 (E)
Annex J
(normative)
Method for the determination of a Safety integrity level (SIL)
J.1 Scope

This Annex is only applicable to controls for which the manufacturer specifies a SIL Level.

This Annex specifies a a set of additional requirements to EN 13611:2007 to determine the safety integrity

level (SIL) according to EN 61508 for electrical/electronic/programmable electronic control systems in

industrial and thermo processing applications classified as class B or class C according to EN 13611. The

highest safety integrity level according to the method used in this annex is SIL 3 maximum, independent of the

hardware architecture.

The current status of this document does only include requirements for controls operated in high demand or

continuous mode according to EN 61508-4:2001, 3.5.12.
J.2 Normative References

EN 61508-1:2001, Functional safety of electrical/electronic/programmable electronic safety-related systems -

Part 1: General requirements (IEC 61508-1:1998 + Corrigendum 1999)

EN 61508-2:2001, Functional safety of electrical/electronic/programmable electronic safety-related systems —

Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems (IEC 61508-

2:2000)

EN 61508-3:2001, Functional safety of electrical/electronic/programmable electronic safety-related systems —

Part 3: Software requirements (IEC 61508-3:1998 + Corrigendum 1999)

EN 61508-4:2001, Functional safety of electrical/electronic/programmable electronic safety-related systems —

Part 4: Definitions and abbreviations (IEC 61508-4:1998 + Corrigendum 1999)

EN 61508-6:2001, Functional safety of electrical/electronic/programmable electronic safety-related systems —

Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3 (IEC 61508-6:2000)

EN 61508-7:2001, Functional safety of electrical/electronic/programmable electronic safety-related systems —

Part 7: Overview of techniques and measures (IEC 61508-7:2000)

EN 62061:2005, Safety of machinery — Functional safety of safety-related electrical, electronic and

programmable electronic control systems (IEC 62061:2005)

EN ISO 9000:2005, Quality management systems - Fundamentals and vocabulary (ISO 9000:2005)

EN ISO 13849-1:2008, Safety of machinery - Safety-related parts of control systems — Part 1: General

principles for design (ISO 13849-1:2006)

IEC 61508-6:2000, Functional safety of electrical/electronic/programmable electronic safety-related systems -

Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3 (IEC 61508-6:2000)

IEC 72/766/CDV:2008, IEC 60730-1, Ed. 4: Automatic electrical controls for household and similar use —

Part 1: General requirements (IEC 60730-1:1999, modified + A1:2003, modified)
---------------------- Page: 8 ----------------------
SIST EN 13611:2008/oprA1:2010
EN 13611:2007/prA1:2009 (E)
SN 29500-1:2004-01, Expected values, General
SN 29500-1 H1:2008-02, Note 1 on Part 1: Expected values, General, Date of issue
SN 29500-2:2004-12, Part 2: Expected values for integrated circuits
SN 29500-3:2004-12, Part 3: Expected values for discrete semiconductors
SN 29500-4:2004-03, Part 4: Expected values for passive components

SN 29500-5:2004-06, Part 5: Expected values for electrical connections, electrical connectors and sockets

SN 29500-7:2005-11, Part 7: Expected values for relays
SN 29500-9:2005-11, Part 9: Expected values for switches and buttons
SN 29500-10 :2005-12, Part 10: Expected values for signal and pilot lamps
SN 29500-11:2007-07, Part 11: Expected values for contactors
SN 29500-12 :2008-02, Part 12: Expected values for optical components

SN 29500-15:2008-02, Part 15: Expected values for electromechanical protection devices in low voltage

networks
J.3 Terms and definitions
Shall be according to Clause 3 with the following addition:
J.2.1
common cause factor
fraction of undetected failures that have a common cause (common cause factor)
[IEC 61508-6:2000, B.1]
J.2.2
failure modes and effects analysis
FMEA

analytical technique in which the failure modes of each hardware component are identified and examined for

their effects on the safety-related functions of the control
[IEC 72/766/CDV:2008, H.2.20.2]
J.2.3
failure modes, effects and diagnosis analysis
FMEDA

FMEA (refer to J.3.2) taking into account any automatic diagnostics to detect failures

1) Published by: Siemens AG, Corporate Technology, CT IRC LIS, Otto-Hahn-Ring 6, 81739 München,

Germany, phone: +49 (89) 636-40682, fax: +49 (89) 636-40688.
---------------------- Page: 9 ----------------------
SIST EN 13611:2008/oprA1:2010
EN 13611:2007/prA1:2009 (E)
J.2.4
common cause failure

failure, which is the result of one or more events, causing coincident failures of two or more separate

subsystems resulting in a failure of the control (function)
J.2.5
proof test interval
Interval between two proof tests
NOTE For further information refer to EN 61508-4:2001, 3.8.5.
J.2.6 diagnostic test interval

Interval between two automatic diagnostic tests which have a specified diagnostic coverage

NOTE For further information refer to EN 61508-4:2001, 3.8.7.
J.4 Symbols
fit Failure in time (failure rate of components):
9 -9

Number of components which fail within 10 hours of operation (1 fit = 10 1/h).

PFH Probability of dangerous failures per hour for continuous or high demand mode

λ Rate of dangerous failures per hour
λ Rate of undetected dangerous failures per hour
λ Rate of detected dangerous failures per hour
SFF Safe failure fraction
DC Diagnostic coverage

B Mean number of cycles until 10 % of electromechanical components fail dangerously

10d
[EN ISO 13849-1]
J.5 Special requirements to determine a Safety Integrity Level (SIL)
J.5.1 Functional safety

This annex deals with the requirements resulting from EN 61508 and which apply in addition to the

requirements of EN 13611.
The hardware requirements of clause J.5.4 are based on EN 61508-2.

For software the requirements of IEC 72/766/CDV:2008, Annex H, which are based on EN 61508-3, apply.

The requirements are only applicable to controls performing safety-related control functions (class B or class

C). If the circuit of a device includes components which are not relevant for safety-related control functions,

only the absence of interaction with the safety-relevant components has to be considered.

---------------------- Page: 10 ----------------------
SIST EN 13611:2008/oprA1:2010
EN 13611:2007/prA1:2009 (E)
J.5.2 Management of functional safety
J.5.2.1 Methods of fault prevention
Methods of fault prevention shall be applied in all of the following phases:
 Specification of safety requirements
 Design and construction
 Implementation
 Integration of hardware and software

 Definition of operation and maintenance activities with respect to functional safety

The methods to avoid faults shall be based on a formal system, called Functional Safety Management

System.
J.5.2.2 Functional Safety Management System
J.5.2.2.1 General
The manufacturer of a control shall draw up and specify

 management and technical activities which are necessary to achieve the required functional safety of the

control;

 responsibilities applicable to persons, departments and organizations responsible for activities relating to

the development of a control.

The management activities shall include definitions of actions and responsibilities; scheduling and resource

allocation; training of relevant personnel; consistency checks after modifications.

NOTE For detailed examples refer to EN 61508-7:2001, B.1.1.

The management activities shall include procedures for periodic review and maintenance of the Functional

Safety Management System.
J.5.2.2.2 Documentation

The functional safety management system shall include requirements for the documentation of each activity or

procedure.
The documentation management shall consider the following aspects:
 Information to be documented
 Availability of documentation
 Accurate documentation
 Standardised documentation
 Company documentation structure
 Document revision index
---------------------- Page: 11 ----------------------
SIST EN 13611:2008/oprA1:2010
EN 13611:2007/prA1:2009 (E)
 Structured documentation
 Review of documentation

Documentation shall be structured. It shall use natural language and graphical descriptions, such as block

diagrams and flow diagrams. The use of contents check-lists is highly recommended.

NOTE For detailed examples refer to EN 61508-7:2001, B.1.2.
J.5.2.2.3 Functional safety plan
J.5.2.2.3.1 General

The functional safety management system shall include requirements to set up a functional safety plan for

each project. If certain requirements for the functional safety plan apply generally to any project, the relevant

measures and procedures may be part of the functional safety management system to be referred to by the

functional safety plan.

A functional safety plan shall be drawn up, documented and maintained to control the activities specified for

each control design project.

The activities resulting from J.5.2.2.3.2 shall be implemented and progress monitored.

The requirements developed as a result of J.5.2.2.3.2 shall be formally reviewed by the organizations

(EN ISO 9000:2005, 3.3.1) concerned, and agreement reached. The functional safety plan shall be updated

as necessary.
J.5.2.2.3.2 Requirements

The functional safety plan shall be implemented to ensure prompt follow-up and satisfactory resolution of

issues relevant to a control arising from:
 specification activities;
 design and development activities;
 integration activities;
 verification activities;
 validation activities;
 operation and maintenance activities.

If not already covered by the general requirements J.5.2.2.1, the functional safety plan shall in particular

include the following activities:

a) Selection of appropriate measures and techniques used to meet the requirements of this annex.

This includes references to guidelines and standards which have to be observed.
b) Identification of the relevant activities specified in J.5.2.3.

c) Identification of the policy and strategy to achieve specified functional safety requirements.

d) Identification of the strategy to achieve functional safety for the software procurement, development,

integration, verification, validation and modification.
---------------------- Page: 12 ----------------------
SIST EN 13611:2008/oprA1:2010
EN 13611:2007/prA1:2009 (E)

e) Identification of persons, departments or other units, and organizations (including, where relevant,

licensing authorities or safety regulatory bodies) that are responsible for carrying out and reviewing each

of the activities specified in J.5.2.3. All those persons specified as responsible for management of

functional safety activities shall be informed of the responsibilities assigned to them. Procedures shall be

defined to ensure that applicable parties involved in any activities are competent to carry out the activities

for which they are accountable, e.g. by training.

f) Definition of the way in which information is to be structured and the extent of the information to be

documented.

g) Identification and establishment of procedures to record and maintain information relevant to the

functional safety of a control. The procedures shall be based on the information which is related to the

activities described in J.5.2.3. The compilation of the information shall result in

 a functional requirements specification for the control;
 a safety requirements specification for the control.
h) Description of the procedures for functional safety assessment activities.
The plan for the functional safety assessment shall specify:
 those to undertake the functional safety assessment;
 the outputs from each functional safety assessment;
 the scope of the functional safety assessment;

NOTE In establishing the scope of the functional safety assessment, it will be necessary to specify the documents,

and their status, which are to be used as inputs for each assessment activity.
 the safety bodies involved;
 the resources required;

 the level of independence of those undertaking the functional safety assessment;

 the competence of those undertaking the functional safety assessment.

i) Establishment of a verification plan for all activities described in J.5.2.3. It shall include:

 details of when the verification shall take place;

 details of the persons, departments or units who shall carry out the verification;

 the selection of verification strategies and techniques;

 the selection and utilization of test equipment (including environment, tools, programs);

 the selection of verification activities;
 acceptance criteria; and
 the means to be used for the evaluation of verification results.
j) Establishment of a validation plan comprising:
 details of when the validation shall take place;
---------------------- Page: 13 ----------------------
SIST EN 13611:2008/oprA1:2010
EN 13611:2007/prA1:2009 (E)
 requirements against which the control is to be validated;

 the technical strategy for validation, for example analytical methods or statistical tests;

 the test environment, tools, configuration and programs;
 acceptance criteria; and
 action to be taken in the event of failure to meet the acceptance criteria.

The validation plan shall include all activities and methods during development, implementation and

integration, which are necessary to prove the control against its functional requirements specification and

its safety integrity requirements specification.

k) Description of the procedures for configuration management taking into account relevant technical and

organisational issues, such as authorized persons and internal structures of the organisation.

l) Description of the procedures for modifications on controls and the required approval procedures and

authorities for modifications. For software configuration management IEC 72/766/CDV:2008,

H.11.12.3.4.3 applies.
J.5.2.3 Specification of safety requirements

J.5.2.3.1 The specification shall be structured with a hierarchical separation into sub requirements; refined

down to functional level.

J.5.2.3.2 The safety requirements specification shall include a description of all safety-related control

functions.
For each safety-related control function the description shall

 provide comprehensive detailed requirements sufficient for the design and development of the control;

 include the manner in which the control is intended to achieve or maintain a safe state for the appliance;

 specify the relevant modes of operation (e.g. permanent / non-permanent operation of the appliance), and

other time related aspects to achieve or maintain a safe state of the application;

 specify whether the control operates the safety-related control function in high demand/continuous mode;

 define the safety integrity level (SIL) for each safety-related control function, if necessary.

J.5.2.3.3 The safety requirements specification for the control shall include appropriate requirements to

consider

 the boundary of the application and possible hazards (from process, environment, etc.);

 operation, functions, interfaces, special safety regulations and environment of the appliance;

 all hazards or hazardous events of the appliance, and all potential hazards for the application arising from

the control itself;

 safety requirements, safety-related control functions requirements and safety integrity requirements for

the control.
---------------------- Page: 14 ----------------------
SIST EN 13611:2008/oprA1:2010
EN 13611:2007/prA1:2009 (E)

J.5.2.3.4 The interfaces between safety-related control functions and non-safety-related control functions

shall be well-defined.

Safety-related control functions and non-safety-related control functions as well as safety-related control

functions with different safety integrity levels shall be implemented sufficiently independent, otherwise they

shall be implemented with the highest safety integrity level associated to a function.

During design, the method of achieving independence and the justification of the method shall be documented

to show independence between functions as required above.

J.5.2.3.5 For software safety requirements specification IEC 72/766/CDV:2008, H.11.12.3.2 applies.

J.5.2.3.6 The safety requirements specification shall be inspected by an independent person using a formal

procedure with correction of all faults found.
NOTE For detailed examples refer to EN 61508-7:2001, B.2.6.
J.5.2.4 Design and development

J.5.2.4.1 Hardware and, if applicable, software shall be split into easy comprehensible modules of limited

size, with each module functionally isolated.
NOTE For detailed examples refer to EN 61508-7:2001, B.3.2.

J.5.2.4.2 Design shall be based on semi-formal methods. The use of computer aided design tools is

recommended.
NOTE For detailed examples refer to EN 61508-7:2001, B.2.3 and B.3.5.

J.5.2.4.3 Common cause failures shall be considered during design and the related reviews.

J.5.2.4.4 For software design and development IEC 72/766/CDV:2008, H.11.12.3.2.3 applies.

J.5.2.5 Integration

J.5.2.5.1 During integration all functions shall be tested based on predefined test cases. These tests shall be

performed as a black-box tests under consideration of boundary values combined with critical cases.

These tests shall also cover diagnostic methods realized as software to detect hardware faults.

NOTE For detailed examples refer to EN 61508-7:2001, B.5.2.
J.5.2.5.2 For software integration IEC 72/766/CDV:2008, H.11.12.3.2.1 applies.
J.5.2.6 Validation
J.5.2.6.1 Validation activities shall be independent from design activities.

J.5.2.6.2 Validation shall make use of static analysis and dynamic analysis by using detailed diagrams

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.