IEC TR 62513:2008

IEC/TR 62513
Edition 1.0 2008-02
TECHNICAL
REPORT
RAPPORT
TECHNIQUE
Safety of machinery – Guidelines for the use of communication systems in
safety-related applications
Sécurité des machines – Lignes directrices pour l’usage de systèmes de
communication dans les applications liées à la sécurité

IEC/TR 62513:2008
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by
any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or
IEC's member National Committee in the country of the requester.
If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,
please contact the address below or your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de la CEI ou du Comité national de la CEI du pays du demandeur.
Si vous avez des questions sur le copyright de la CEI ou si vous désirez obtenir des droits supplémentaires sur cette
publication, utilisez les coordonnées ci-après ou contactez le Comité national de la CEI de votre pays de résidence.

IEC Central Office
3, rue de Varembé
CH-1211 Geneva 20
Switzerland
Email: inmail@iec.ch
Web: www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
ƒ Catalogue of IEC publications: www.iec.ch/searchpub
The IEC on-line Catalogue enables you to search by a variety of criteria (reference number, text, technical committee,…).
It also gives information on projects, withdrawn and replaced publications.
ƒ IEC Just Published: www.iec.ch/online_news/justpub
Stay up to date on all new IEC publications. Just Published details twice a month all new publications released. Available
on-line and also by email.
ƒ Electropedia: www.electropedia.org
The world's leading online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions
in English and French, with equivalent terms in additional languages. Also known as the International Electrotechnical
Vocabulary online.
ƒ Customer Service Centre: www.iec.ch/webstore/custserv
If you wish to give us your feedback on this publication or need further assistance, please visit the Customer Service
Centre FAQ or contact us:
Email: csc@iec.ch
Tel.: +41 22 919 02 11
Fax: +41 22 919 03 00
A propos de la CEI
La Commission Electrotechnique Internationale (CEI) est la première organisation mondiale qui élabore et publie des
normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications CEI
Le contenu technique des publications de la CEI est constamment revu. Veuillez vous assurer que vous possédez
l’édition la plus récente, un corrigendum ou amendement peut avoir été publié.
ƒ Catalogue des publications de la CEI: www.iec.ch/searchpub/cur_fut-f.htm
Le Catalogue en-ligne de la CEI vous permet d’effectuer des recherches en utilisant différents critères (numéro de référence,
texte, comité d’études,…). Il donne aussi des informations sur les projets et les publications retirées ou remplacées.
ƒ Just Published CEI: www.iec.ch/online_news/justpub
Restez informé sur les nouvelles publications de la CEI. Just Published détaille deux fois par mois les nouvelles
publications parues. Disponible en-ligne et aussi par email.
ƒ Electropedia: www.electropedia.org
Le premier dictionnaire en ligne au monde de termes électroniques et électriques. Il contient plus de 20 000 termes et
définitions en anglais et en français, ainsi que les termes équivalents dans les langues additionnelles. Egalement appelé
Vocabulaire Electrotechnique International en ligne.
ƒ Service Clients: www.iec.ch/webstore/custserv/custserv_entry-f.htm
Si vous désirez nous donner des commentaires sur cette publication ou si vous avez des questions, visitez le FAQ du
Service clients ou contactez-nous:
Email: csc@iec.ch
Tél.: +41 22 919 02 11
Fax: +41 22 919 03 00
IEC/TR 62513
Edition 1.0 2008-02
TECHNICAL
REPORT
RAPPORT
TECHNIQUE
Safety of machinery – Guidelines for the use of communication systems in
safety-related applications
Sécurité des machines – Lignes directrices pour l’usage de systèmes de
communication dans les applications liées à la sécurité

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
U
CODE PRIX
ICS 13.110; 29.020; 35.100 ISBN 2-8318-9614-2

– 2 – TR 62513 © IEC:2008
CONTENTS
FOREWORD.4
INTRODUCTION.6

1 Scope.7
2 Normative references .7
3 Terms and definitions .7
4 Management of functional safety .11
4.1 Requirements of IEC 62061.11
5 Realisation of a safety-related electrical control system (SRECS) using a safety-
related communication system.12
6 Planning of the safety-related communication system.13
6.1 System design.13
6.1.1 Safety integrity level (SIL) assigned to the SRCF(s) and the safety-
related communication system.13
6.1.2 Configuration and parameterisation of the safety-related
communication system .13
6.1.3 Response time and protective measures .13
6.1.4 Fault monitoring and alarm indication .14
6.1.5 Assuring functional safety in case of SRECS failure .14
6.2 Selection criteria of the safety-related communication system .15
6.2.1 Architecture and application fields .15
6.2.2 Maximum response time .15
6.2.3 Transmission distance, transmission speed and the number of nodes .16
6.2.4 Environmental conditions.16
6.2.5 Setting and configuration tools .16
7 System installation and setup (configuration).16
7.1 System installation .16
7.1.1 System confirmation .16
7.1.2 Safety-related communication system wiring .16
7.1.3 Selection of power supply.17
7.1.4 Environmental conditions.18
7.2 Setting .18
7.2.1 System configuration .18
7.2.2 Setting for operation .18
7.2.3 Setting and modification of configuration data .19
8 Validation .19
8.1 Checks before applying the power.19
8.2 Validation after applying the power.19
8.3 Functional tests.19
8.4 Baseline .20
9 Documentation .20
10 Operation, maintenance and repair.21
10.1 Appointment of responsible person.21
10.2 Developing a maintenance plan.21
10.3 Implementing periodic maintenance .21
10.4 Items of maintenance work.21

TR 62513 © IEC:2008 – 3 –
10.5 Record of maintenance results .21
11 Education and training.22
11.1 General .22
11.2 Scope.22
11.3 Performing continual education and training .22
11.4 Contents of education and training .22
11.5 Planning of educational activities and storage of education records.22

Annex A (informative) Design of a SRECS using a safety-related communication
system – Function blocks concept.23

Bibliography.28

Figure 1 – SRECS design and development flow .12
Figure 2 – System Response Time Components .13
Figure A.1 – Components of a SRECS.23
Figure A.2 – SRECS using a safety-related communication system .24
Figure A.3 – Different views of the safety-related communication system.25
Figure A.4 – Examples of typical architectures of safety-related communication
systems .26

– 4 – TR 62513 © IEC:2008
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
SAFETY OF MACHINERY –
GUIDELINES FOR THE USE OF COMMUNICATION SYSTEMS
IN SAFETY-RELATED APPLICATIONS

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
The main task of IEC technical committees is to prepare International Standards. However, a
technical committee may propose the publication of a technical report when it has collected
data of a different kind from that which is normally published as an International Standard, for
example "state of the art".
IEC 62513, which is a technical report, has been prepared by IEC technical committee 44:
Safety of machinery – Electrotechnical aspects.
This Technical Report is to be used in conjunction with IEC 62061.

TR 62513 © IEC:2008 – 5 –
The text of this technical report is based on the following documents:
Enquiry draft Report on voting
44/551/DTR 44/555/RVC
Full information on the voting for the approval of this technical report can be found in the
report on voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
– 6 – TR 62513 © IEC:2008
INTRODUCTION
International standards exist that can be used to determine the integrity of communication
systems. This Technical Report was developed to give guidance on the design and operation
of control systems using suitable communication systems that contribute to safety-related
control functions of machines.

TR 62513 © IEC:2008 – 7 –
SAFETY OF MACHINERY –
GUIDELINES FOR THE USE OF COMMUNICATION SYSTEMS
IN SAFETY-RELATED APPLICATIONS

1 Scope
This Technical Report addresses the application of closed serial digital communications
systems (often termed fieldbuses) used for transmission of safety-related data in the
realisation of safety functions at machinery. It offers guidance on the issues that need to be
considered during the specification, system design, installation, commissioning, modification
and maintenance of such applications.
NOTE A closed serial digital communications system is considered to have a fixed number or fixed maximum
number of participants linked by a transmission system with well-known and fixed properties, and where the risk of
unauthorized access is considered negligible.
This Technical Report assumes that the SRECS safety requirements specification (SRS) has
been developed and the design of the SRECS (Safety-Related Electrical Control Systems) is
intended to include a safety-related communication system. This Technical Report is intended
to be used in conjunction with IEC 62061.
This Technical Report does not address the design of the safety-related communication
system itself.
2 Normative references
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition cited applies. For undated references, the latest edition
of the referenced document (including any amendments) applies.
IEC 60204-1, Safety of machinery – Electrical equipment of machines – Part 1: General
requirements
IEC 61508 (all parts), Functional safety of electrical/electronic/programmable electronic
safety-related systems
IEC 62061, Safety of machinery – Functional safety of safety-related electrical, electronic and
programmable electronic control systems
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
category
classification of the safety-related part of a control system in respect of its resistance to faults
and its subsequent behaviour in the fault condition, and which is achieved by the structural
arrangement of the parts and/or by their reliability
[ISO 13849-1, 3.1.2]
– 8 – TR 62513 © IEC:2008
3.2
communication system
arrangement of hardware, software and propagation media for the transfer of messages
between devices, such as sensors, actuators and the controlling devices of machinery
3.3
configuration (parameter setting)
setting and/or modification of any data required for system operation
3.4
electromagnetic interference
EMI
disturbance causing performance degradation, malfunction or failure of electrical and
electronic devices, apparatuses and/or systems
NOTE A typical example of such disturbances is radio frequency interference.
3.5
fault tolerance
ability of a SRECS, a subsystem, or subsystem element to continue to perform a required
function in the presence of faults or failures
[IEC 62061, 3.2.31]
3.6
node
point of a communication system where one or more functional units interconnect data
channels or data circuits
3.7
operation mode
method or way of operation
3.8
protected extra-low-voltage
PELV
earthed circuits which are insulated from hazardous voltage by double insulation or any better
insulation, and in which the voltage cannot exceed ELV specified in IEC 61201: 1992, under
normal conditions and single fault conditions
[IEC 61140]
3.9
proof test
test that can detect faults and degradation in a SRECS and its subsystems so that, if
necessary, the SRECS and its subsystems can be restored to an “as new” condition or as
close as practical to this condition
[IEC 62061, 3.2.37]
NOTE A proof test is intended to confirm that the SRECS is in a condition that assures the specified safety
integrity.
3.10
protective measure
measure intended to achieve risk reduction, implemented
– by the designer (intrinsic design, safeguarding and complementary measures, information
for use) and
TR 62513 © IEC:2008 – 9 –
– by the user (organization, safe working procedures, supervision, permit to work, system,
additional safeguards, personal protective equipment, training)
[ISO 13849-1, 3.1.27]
3.11
reasonably foreseeable misuse
use of a machine in a way not intended by the designer, but which may result from readily
predictable human behaviour
[ISO 13849-1, 3.1.19]
3.12
safety function
function of a machine whose failure can result in an immediate increase of the risk(s)

[IEC 62061, 3.2.15, and ISO 12100-1:2003, 3.28]
NOTE This definition differs from the definitions in IEC 61508-4 and ISO 13849-1.
3.13
safety functions requirements specification
specification containing the requirements of the safety functions that have to be performed by
safety-related systems
[IEC 61508-4, 3.5.9]
3.14
safety integrity
probability of a SRECS or its subsystem satisfactorily performing the required safety-related
control functions under all stated conditions
[IEC 62061, 3.2.19]
NOTE 1 The higher the level of safety integrity of the item, the lower the probability that the item will fail to carry
out the required safety-related control function.
NOTE 2 Safety integrity comprises hardware safety integrity (see IEC 62061, 3.2.20) and systematic safety
integrity (see IEC 62061, 3.2.22).
3.15
safety integrity level
SIL
discrete level (one out of a possible three) for specifying the safety integrity requirements of
the safety-related control functions to be allocated to the SRECS, where safety integrity level
three has the highest level of safety integrity and safety integrity level one has the lowest
[IEC 62061, 3.2.23]
NOTE SIL 4 is not considered in this standard, as it is not relevant to the risk reduction requirements normally
associated with machinery. For requirements applicable to SIL 4, see IEC 61508-1 and IEC 61508-2.
3.16
safety-related control function
SRCF
control function with a specified integrity level to be implemented by a SRECS that is intended
to maintain the safe condition of the machine or prevent an immediate increase of the risk(s)
[IEC 62061, 3.2.16]
– 10 – TR 62513 © IEC:2008
3.17
safety-related electrical control system
SRECS
electrical, electronic or programmable electronic part of a machine control system whose
failure can result in an immediate increase of the risk(s)
[IEC 62061, 3.2.4 modified]
3.18
safety requirements specification
specification containing all the requirements of the safety functions that have to be performed
by safety-related systems
NOTE The specification is divided into the safety functions requirements specification and the safety integrity
requirements specification.
[IEC 61508-4, 3.5.8]
3.19
safety extra-low-voltage
SELV
unearthed circuits which are insulated from hazardous voltage by double insulation or any
better insulation, and in which the voltage cannot exceed ELV specified in IEC 61201: 1992,
under normal conditions and single fault conditions
[IEC 61140]
3.20
safe failure fraction
SFF
fraction of the overall failure rate of a subsystem that does not result in a dangerous failure
[IEC 62061, 3.2.42]
3.21
SIL claim limit (for a subsystem)
SILCL
maximum SIL that can be claimed for a SRECS subsystem in relation to architectural
constraints and systematic safety integrity
[IEC 62061, 3.2.24]
3.22
subsystem
entity of the top-level architectural design of the SRECS where a failure of any subsystem will
result in a failure of a safety-related control function
NOTE 1 A complete subsystem can be made up from a number of identifiable and separate subsystem elements,
which when put together implement the function blocks allocated to the subsystem.
NOTE 2 This definition is a limitation of the general definition of IEC 61508-4: `set of elements which interact
according to a design, where an element of a system can be another system, called a subsystem, which may
include hardware, software and human interaction.
NOTE 3 This differs from common language where “subsystem” may mean any sub-divided part of an entity, the
term “subsystem” is used in this standard within a strongly defined hierarchy of terminology: “subsystem” is the first
level subdivision of a system. The parts resulting from further subdivision of a subsystem are called “subsystem
elements”.
[IEC 62061, 3.2.5]
TR 62513 © IEC:2008 – 11 –
3.23
validation
confirmation by examination (e.g. tests, analysis) that the functional safety requirements of
the specific application are met
[IEC 62061, 3.2.52 modified]
4 Management of functional safety
4.1 Requirements of IEC 62061
IEC 62061 requires that a functional safety plan be drawn up and documented for each
SRECS design project, and is updated as necessary. The plan includes procedures for control
of the activities specified in Clauses 5 to 9 of IEC 62061.
This Technical Report assumes that the management of functional safety requirements
specified in IEC 62061 have been implemented, and draws attention to those issues that are
particularly applicable to safety-related communication systems.
The relevant activities particularly applicable to safety-related communication systems include:
a) selection management
– see 6.2;
b) installation management
– see 7.1;
c) configuration and parametrisation management
– see 7.2;
d) validation management
– see Clause 8;
e) operation, maintenance and periodic inspection management
– see Clause 10;
f) modification management
– see IEC 62061, Clause 9.
– 12 – TR 62513 © IEC:2008
5 Realisation of a safety-related electrical control system (SRECS) using a
safety-related communication system
Figure 1 shows the process of selection or design and manufacturing of SRECS satisfying the
safety functions and safety integrity required by the safety requirements specification.
NOTE For the detail of safety requirements specification (SRS), refer to IEC 62061, 5.2.
Hazard analysis and risk
Clause 11 Education and
assessment at machine
training
- hazard identification,
- hazard analysis and
- identification of degree
and
Clause 9 Documentation
frequency of harm
Safety requirements
Design of protection
specification including the
description of safety functions,
- setting of target SIL
target SIL, maintenance
- preparation of safety
requirements, response time,
requirements
etc.
specification
Selection of communication
Safety functions and
system and its architecture
architecture: Preliminary
selection of communication
system
Analysis of
Safety
- individual components,
evaluation/analysis
- architecture used for
components configuration
Can the SRS
be fulfilled?
No
Yes
Performance specifications
(including configuration and
Configuration of the
parameterisation data),
communication system
installation requirements,
within the SRECS
commissioning requirements,
etc.
Installation
Validate the compliance of all
documents with the
requirements relevant to the
hazards, design, installation,
Design validation
test, maintenance procedures,
design change control and
emergency plan.
Operation,
maintenance and
periodic inspection
See IEC 62061,
Yes
Modification
Clause 9.
?
No IEC  189/08
NOTE References to clauses refer to this document unless stated otherwise
Figure 1 – SRECS design and development flow
IEC62061
Clause 7
Clause 10 Clause Clause 6
System setup and
Maintenance 8 Requirements for planning
installation
Validation
These guidelines in relation to
to communication
systems only
TR 62513 © IEC:2008 – 13 –
6 Planning of the safety-related communication system
6.1 System design
6.1.1 Safety integrity level (SIL) assigned to the SRCF(s) and the safety-related
communication system
This Technical Report assumes that the SRECS safety requirements specification has been
developed in accordance with IEC 62061 and the required SIL has been determined for each
safety function that utilises the safety-related communication system.
The SIL claim limit (SILCL) of a candidate safety-related communication system should be
sufficient to achieve the required SIL for any safety-related control function(s) (SRCFs).
NOTE Annex A provides an outline of the design of a SRECS using a safety-related communication system based
on the function blocks concept.
6.1.2 Configuration and parameterisation of the safety-related communication
system
Under consideration.
6.1.3 Response time and protective measures
The worst-case response time (see also 6.2.2) from input to output of the SRECS including
the safety-related communication system, should be sufficiently short that all safety functions
of the specific application can be performed within the time specified in the SRS. Where the
worst-case response time is not sufficiently short to allow adequate performance of the safety
functions (e.g. due to the constraints of the machinery), then other measures (e.g. additional
protective measure(s), selection of an alternative form of safety-related communication
system that has improved response time) should be taken to fulfil the relevant requirements of
the SRS.
The following diagram outlines the various system response time components that should be
considered with regard to the communication of data from a remote safety-related input to a
controller to a remote safety-related output.

SRCF
Data
Input Data Logic Signal Power
transmission
processing
transmission solver output output
T T
T T T T T
out T stop
sense in bus1 log bus2 pwr
IEC  190/08
Figure 2 – System response time components
The response time of the safety related communication system is defined by
Communication system response time = T + T

bus1 bus2
It is important to note that T and T are not only dependent on the time for one bus

bus1 bus2
cycle or one message, but can also contain repetition, error handling, synchronization delays,
etc. For details, see the safety-related communication system specification.

– 14 – TR 62513 © IEC:2008
NOTE Other delays can occur due for example to unsynchronized processes within the SRCF, and should be
taken into account in calculating the worst-case response time.
It is also important to note that T does not correlate directly to T . The values for these

bus1 bus2
two parameters can be equal or different, depending for example on the upstream and
downstream devices and communication settings that can affect response times.
Conforming to the response time requirement is essential. It should be checked. A sufficient
margin should be considered in the design to allow for any foreseeable variations in the
specified response time, including variations caused by foreseeable modifications.
6.1.4 Fault monitoring and alarm indication
Information about faults and their location within a SRECS can be transmitted via the
communication system. It is recommended to centralize fault monitoring to enable
troubleshooting in a shorter time.
For centralized fault monitoring, it is recommended that:
• any information available related to fault conditions be sent to the master station;
• the master station surveys such information;
• fault conditions are displayed in a manner that the fault is easily located and analyzed.
Other forms of fault monitoring (e.g. distributed) can also be possible.
Alarm indication should have priority over other indications and be emphasized taking
ergonomic principles into account. Alarm indication should not impact the ability to perform
any safety function.
6.1.5 Assuring functional safety in case of SRECS failure
Consideration should be given to failures that can occur in the SRECS including the safety-
related communication system. Countermeasures against the effects of such failures should
be included at the design stage.
The safety-related communication system should be selected and integrated within a SRECS
considering the following:
• intended use including foreseeable misuse;
• malfunctions (failures), and
• foreseeable human errors while the machine is operated as intended.
Examples of malfunctions (failures) are as follows:
• error of data input from various switches and sensing devices;
• error of data processing due to the malfunction of node;
• actuator operation in case of erroneous output from the network;
• node input and output in case of network failure;
• input and output in case of master failure, etc.
The behaviour of the SRECS in relation to the SRS in case of these communication failures
should be assessed at an early stage and the system should be so designed that
countermeasures (e.g. fault reaction functions) against such failures are incorporated.

TR 62513 © IEC:2008 – 15 –
6.2 Selection criteria of the safety-related communication system
6.2.1 Architecture and application fields
An adequate safety-related communication system for the application should be selected
since different safety-related communication systems have different data transmission
capabilities.
When selecting the safety-related communication system, at least the following items should
be considered:
• maximum response time;
• number of nodes required to perform the safety-related control functions, and
• application fields;
• transmission speed;
• transmission distance;
• spare nodes for future use.
NOTE These items are not listed in order of priority.
6.2.2 Maximum response time
The required response time for the SRCF should not be exceeded under any circumstances
(e.g. including transmission errors and any adverse effects of EMI on the safety-related
communication system). The maximum response time of the safety-related communication
system can vary depending on a number of characteristics associated with both its design and
application.
NOTE The maximum response time of the safety-related communication system is equivalent to the fieldbus
safety response time given in IEC 61784-3.
The items that affect the maximum response time include, but are not limited to, the following:
• delay time of the safety input device (include input delay timer);
• delay time of safety communication;
• processing time of safety controller;
• delay time of the safety output device;
• behaviour of the communication system in case of failure.
In addition, the following need to be considered:
• the number of nodes connected to the network;
• processing time of logic in host controller;
• processing time in the slave controller (turn on time/turn off time, etc.);
• network settings such as number of retries;
• repeater delay if applicable;
• asynchronous/synchronous communication;
• response time of devices.
In order to select a safety-related communication system that satisfies the maximum response
time required by the SRS, the maximum response time should be calculated before
installation in accordance with the instruction manual of the safety-related communication
system.
– 16 – TR 62513 © IEC:2008
Any modification of the system (including network or nodes) should be assessed for any
impact on the response time of the system.
6.2.3 Transmission distance, transmission speed and the number of nodes
The settings for transmission distance and transmission speed should be in accordance with
the supplier’s specification for the type and length of the cable to be used. Check the
particular safety-related communication system for the variability of the maximum response
time depending on the number of nodes to be incorporated. If it varies, the network needs to
be developed with the number of nodes required to fulfil the safety-related control function
while providing an adequate response time.
For safety-related communication systems in which multiple transmission speeds are provided,
the maximum transmission distance depends on the transmission speed selected. It should be
noted that a higher speed corresponds to a shorter maximum transmission distance.
6.2.4 Environmental conditions
The safety-related communication system should be selected considering the environmental
conditions such as ambient temperature, vibration, shock, and electromagnetic interference.
In order to avoid malfunctions, such as fading of output signals, the general rules on wiring for
immunity to external disturbances, for example separation of the communication cables and
the power cables should be observed (see IEC 60204-1).
For environmental requirements, the specifications provided by the manufacturer need to be
considered.
NOTE 1 See also IEC 60204-1, IEC 62061, and IEC 61131-2.
NOTE 2 Consideration of manufacturer’s specifications and environmental conditions by the system designer is
very important to ensure an adequate safety performance level, due to the diversity of safety buses and their
associated performance.
6.2.5 Setting and configuration tools
The tools used for settings of the safety-related communication system should be checked for
the provision of security means such as passwords for multiple control levels. The
management method for these security means should also be defined clearly.
The setting tools used should be as recommended by the manufacturer for use with the
safety-related communication system.
7 System installation and setup (configuration)
7.1 System installation
7.1.1 System confirmation
Prior to system installation, it should be confirmed that the subsystems and subsystem
elements are suitable for use with the safety-related communication system.
NOTE See IEC 62061, 6.12.
7.1.2 Safety-related communication system wiring
7.1.2.1 Communication cable specification
The following points should be followed when selecting cables:
• only cables designated or recommended by the manufacturer should be used;

TR 62513 © IEC:2008 – 17 –
• if the communication system includes both safety-related and non-safety-related devices,
use the cable required by the safety-related devices;
• the type of cable is compatible with the transmission speed. The safety-related
communication system can require different types of cable depending on the transmission
speed;
• the type of cable is compatible with the transmission distance. The safety-related
communication system can require different types of cable depending on the maximum
transmission distance and/or distances between the nodes;
• possible difference in the transmission error rates for different types of cable should be
checked.
7.1.2.2 Wiring
The following points should be followed for wiring:
• there should be sufficient margin in cable length to avoid intolerable stress at the
connection terminals and/or connectors;
• it should be checked whether the shield of wiring is to be terminated or not. In many cases,
shield termination is essential to reduce the effects from external disturbances. The
instruction manual must be followed;
• wiring should not be bent beyond the allowable range specified by the cable manufacturer.
Especially for optical fibres, special care should be taken since communication can totally
be disabled if a cable is bent beyond the allowable range;
• the termination of optical fibres should be done in accordance with the instructions given
by the cable manufacturer and using the designated tool;
• the communication cables and the power cables, and the cables for AC I/O if applicable,
should be laid in separate ducts. The separation distance should be in accordance with
the safety-related communication system supplier’s recommendation. These are essential
to reduce the effect of external noise;
• each apparatus should be checked for its compatibility to the two types of wiring,
branching and multi-dropped connection;
• if the safety-related communication system requires termination, termination should be in
accordance with the supplier’s specification.
7.1.2.3 Wiring distance
The following points should be verified:
• the cable length between nodes and/or the total length of the cable in accordance with the
safety-related communication system supplier’s specification;
• the fact that the distance between every pair of nodes is within the allowable range does
not guarantee that the total length of the cable is within the allowable range. The actual
cable length should be checked after wiring work;
• the check for the cable length should be done referring to the appropriate specification
that corresponds to the type of cable used.
7.1.3 Selection of power supply
Power supply units should be as specified by the safety-related communication system
supplier. The effect of voltage fluctuation should be considered when selecting a power
supply unit for the safety-related communication system:
• it should be checked during the preparation of the specification whether the power supply
for I/O needs to be separated from that for safety-related communication;
• it is recommended that power supplies complying with SELV or PELV be selected when
applicable, including power supplies used for diagnostic and monitoring equipment which
is connected permanently or temporarily.

– 18 – TR 62513 © IEC:2008
7.1.4 Environmental conditions
Check that the environmental conditions of the installation are within specified values. If any
exceeds the specification, an appropriate countermeasure should be taken before operating
the system.
The following items should be checked:
• if operating temperature/humidity exceeds the specified limit value, add heaters or fans
and so on to regulate it within the specified values;
• if vibration and impact exceeds the value specified for the network components, use
vibration or shock absorbers to regulate them within the specified value;
• if the equipment is installed in a dusty area, a protective measure such as enclosing the
control panel should be taken;
NOTE If heaters, fans, shock absorbers, dustproof enclosures, etc. are necessary to achieve the target SIL then
they become part of the SRCF and require suitable integrity.
• if appropriate, carry out an EMI measurement and check that the electromagnetic
environment is within the limits specified by the safety-related communication system
supplier.
7.2 Setting
7.2.1 System configuration
Setting and modification of system configuration data should be done by suitably competent
persons who are sufficiently trained and experienced and have responsibility for that safety
system.
The system configuration can be performed using hardware and/or software. It is essential to
foll
...