IEC TR 62685:2010

IEC/TR 62685


®

Edition 1.0 2010-12



TECHNICAL



REPORT




colour
inside
Industrial communication networks – Profiles –
Assessment guideline for safety devices using IEC 61784-3 functional safety
communication profiles (FSCPs)



IEC/TR 62685:2010(E)

---------------------- Page: 1 ----------------------
THIS PUBLICATION IS COPYRIGHT PROTECTED


Copyright © 2010 IEC, Geneva, Switzerland


All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by

any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or

IEC's member National Committee in the country of the requester.
If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,

please contact the address below or your local IEC member National Committee for further information.



Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie

et les microfilms, sans l'accord écrit de la CEI ou du Comité national de la CEI du pays du demandeur.

Si vous avez des questions sur le copyright de la CEI ou si vous désirez obtenir des droits supplémentaires sur cette

publication, utilisez les coordonnées ci-après ou contactez le Comité national de la CEI de votre pays de résidence.

IEC Central Office
3, rue de Varembé
CH-1211 Geneva 20
Switzerland
Email: inmail@iec.ch
Web: www.iec.ch

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
§ Catalogue of IEC publications: www.iec.ch/searchpub
The IEC on-line Catalogue enables you to search by a variety of criteria (reference number, text, technical committee,…).
It also gives information on projects, withdrawn and replaced publications.
§ IEC Just Published: www.iec.ch/online_news/justpub
Stay up to date on all new IEC publications. Just Published details twice a month all new publications released. Available
on-line and also by email.
§ Electropedia: www.electropedia.org
The world's leading online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions
in English and French, with equivalent terms in additional languages. Also known as the International Electrotechnical
Vocabulary online.
§ Customer Service Centre: www.iec.ch/webstore/custserv
If you wish to give us your feedback on this publication or need further assistance, please visit the Customer Service
Centre FAQ or contact us:
Email: csc@iec.ch
Tel.: +41 22 919 02 11
Fax: +41 22 919 03 00

---------------------- Page: 2 ----------------------
IEC/TR 62685


®

Edition 1.0 2010-12



TECHNICAL



REPORT




colour
inside
Industrial communication networks – Profiles –
Assessment guideline for safety devices using IEC 61784-3 functional safety
communication profiles (FSCPs)




INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
PRICE CODE
U
ICS 13.160; 35.100.05 ISBN 978-2-88912-250-9
® Registered trademark of the International Electrotechnical Commission

---------------------- Page: 3 ----------------------
– 2 – TR 62685 Ó IEC:2010(E)



CONTENTS

FOREW ORD . 4


INTRODUCTION . 6

1 Sc o pe . 7

2 Normative references . 7


3 Terms, definitions, symbols and abbreviations . 9

3.1 Terms and definitions . 9

3.2 Symbols and abbreviations . 11

4 General . 12
5 Test bed and operations . 13
6 General test conditions . 14
7 Climatic tests . 15
8 Mechanical tests. 15
9 Markings and identification . 16
10 User manual . 16
11 Electromagnetic immunity . 17
11.1 Test bed for EMC testing . 17
11.2 Existing EMC standards for functional safety . 17
11.3 Phase I testing (normal immunity) . 17
11.4 Phase II testing (increased immunity) . 19
11.5 Rules . 20
12 Electrical safety . 20
12.1 General . 20
12.2 Ingress protection (IP) . 21
12.3 Insulation rating . 21
12.4 Electrical shock. 21
12.5 Clearance and creepage distances . 21
12.6 Flame-retardancy . 21
13 Suitability of components. 21
14 Simple circumvention . 22
15 Explosive atmosphere . 22
16 Field verification (process automation devices) . 22

Annex A (informative) Comparison of immunity levels in several IEC standards . 24
Annex B (informative) Product, sector and application specific requirements . 27
Bibliography . 28

Table 1 – Overview of the environmental tests for safety devices . 13
Table 2 – General test conditions . 14
Table A.1 – Comparison of immunity levels . 24

Figure 1 – Environmental view on safety functions . 6
Figure 2 – Example of a mixed module remote I/O . 12
Figure 3 – Example test bed for EMC and other testing . 14
Figure 4 – Example application areas within an automation application . 17
Figure 5 – Generic procedural model for safety EMC testing (part 1). 18

---------------------- Page: 4 ----------------------
TR 62685 Ó IEC:2010(E) – 3 –


Figure 6 – Generic procedural model for safety EMC testing (part 2). 19

Figure 7 – EMC mitigation using a cabinet . 20


Figure 8 – Justification for field verification with process automation devices . 22

---------------------- Page: 5 ----------------------
– 4 – TR 62685 Ó IEC:2010(E)


INTERNATIONAL ELECTROTECHNICAL COMMISSION

____________



INDUSTRIAL COMMUNICATION NETWORKS –

PROFILES –



Assessment guideline for safety devices using IEC 61784-3

functional safety communication profiles (FSCPs)





FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of

patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
The main task of IEC technical committees is to prepare International Standards. However, a
technical committee may propose the publication of a technical report when it has collected
data of a different kind from that which is normally published as an International Standard, for
example "state of the art".
IEC 62685, which is a technical report, has been prepared by subcommittee 65C: Industrial
networks, of IEC technical committee 65: Industrial-process measurement, control and
automation.

---------------------- Page: 6 ----------------------
TR 62685 Ó IEC:2010(E) – 5 –


The text of this technical report is based on the following documents:


Enquiry draft Report on voting

65C/610/DTR 65C/626/RVC




Full information on the voting for the approval of this technical report can be found in the

report on voting indicated in the above table.


This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC web site under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
 reconfirmed,
 withdrawn,
 replaced by a revised edition, or
 amended.
A bilingual version of this document may be issued at a later date.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct understanding
of its contents. Users should therefore print this document using a colour printer.

---------------------- Page: 7 ----------------------
– 6 – TR 62685 Ó IEC:2010(E)


INTRODUCTION


During the development of IEC 61784-3:2010, the need was recognized for a separate

document covering environmental tests, proofs and information checks, which were currently

1
specified in the German document GS-ET-26 [37] . This document has been one of the

starting points for IEC 61784-3 and most of its contents have been already taken into account

in IEC 61784-3. The material related to environmental tests, proofs and information checks

has been transformed, updated and supplemented into this new document.


NOTE IEC 61784-3 explains the relevant principles for functional safety communications with reference to

IEC 61508 series and specifies several safety communication layers (profiles and corresponding protocols) based
on the communication profiles and protocol layers of IEC 61784-1, IEC 61784-2 and the IEC 61158 series.

2
The combination of the IEC 61508 series , with its new view on complete safety functions,
and of the FSCPs in the IEC 61784-3 series, eases the implementation of safety functions.
Further benefits can be achieved, if the environmental conditions can be defined and
harmonized for FSCP devices.
The objective of this document is to specify the requirements for FSCP devices on how to
fulfill environmental and deployment conditions. It addresses the needs of designers,
manufacturers, assessment bodies, and test laboratories.
Figure 1 provides a basic overview on safety functions, FSCP devices and the impact of the
environment. It demonstrates the necessity of harmonized environmental requirements.
EMEMC fC foor r FSFS
EEMC MC ffor or FFSS
EEMC MC ffoor r FFSS
EEMC MC ffor or FFSS EEMMC fC foor FSr FS
PPA A ddeveviceice
LiLinknk
e.ge.g. E. Ex ix i
LogiLogicc
SensSensoror AcActuatuatortor
VVololtatagege cchhananggeses VVoollttagagee cchahanngegess VVololttageage cchhananggeses VoVolltatagege cchhananggeses
PPoowwer er ssuppuppllyy ((e.e.g. g. 24 V24 VDC)DC)

IEC  2535/10
Figure 1 – Environmental view on safety functions



___________
1
 Numbers in square brackets refer to the Bibliography.
2
 In this Technical Report, “IEC 61508” is used for “IEC 61508 series”.

---------------------- Page: 8 ----------------------
TR 62685 Ó IEC:2010(E) – 7 –


INDUSTRIAL COMMUNICATION NETWORKS –

PROFILES –



Assessment guideline for safety devices using IEC 61784-3

functional safety communication profiles (FSCPs)








1 Scope

This Technical Report provides information about the assessment aspects of safe
communication such as test beds, proof of increased interference immunity (EMC for
functional safety), electrical safety, and other environmental requirements.
This document is only applicable to safety devices for functional safety communication which
are developed according to IEC 61508 and IEC 61784-3.
NOTE This document does not cover the more complex aspects of preserving existing devices and applications in
the field and migration from safety rules before IEC 61508.
The scope covers general industrial environments such as defined in IEC 61131-2 or
IEC 61000-6-2 and process automation environments such as those covered in the IEC 61326
series.
Reference is made to the ERS (Equipment Requirements Specification) and/or SRS (Safety
Requirements Specification) of a particular safety application to verify the necessary immunity
of devices and systems according to IEC 61508.
2 Normative references
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition cited applies. For undated references, the latest edition
of the referenced document (including any amendments) applies.
3
IEC 60068-2 (all parts) , Environmental testing – Part 2-x: Tests
3
IEC 60079 (all parts) , Explosive atmospheres
IEC 60300-3-2, Dependability management – Part 3-2: Application guide – Collection of

dependability data from the field
3
IEC 60721-3 (all parts) , Classification of environmental conditions – Part 3 Classification of
groups of environmental parameters and their severities
IEC 60721-3-1, Classification of environmental conditions – Part 3 Classification of groups of
environmental parameters and their severities – Section 1: Storage
IEC 60721-3-2, Classification of environmental conditions – Part 3: Classification of groups of
environmental parameters and their severities – Section 2: Transportation
___________
3
Relevant parts of the series depend on the context – see detailed requirements in the following clauses.

---------------------- Page: 9 ----------------------
– 8 – TR 62685 Ó IEC:2010(E)


IEC 60721-3-3, Classification of environmental conditions – Part 3-3: Classification of groups

of environmental parameters and their severities – Stationary use at weatherprotected

locations


IEC/TS 61000-1-2, Electromagnetic compatibility (EMC) – Part 1-2: General – Methodology

for the achievement of functional safety of electrical and electronic systems including

equipment with regard to electromagnetic phenomena


IEC 61000-4-3, Electromagnetic compatibility (EMC) – Part 4-3: Testing and measurement

techniques – Radiated radio-frequency electromagnetic field immunity test


IEC 61000-4-6, Electromagnetic compatibility (EMC) – Part 4-6: Testing and measurement
techniques – Immunity to conducted disturbances, induced by radio-frequency fields
IEC 61000-6-2, Electromagnetic compatibility (EMC) – Part 6-2: Generic standards –
Immunity for industrial environments
4
IEC 61010 (all parts) , Safety requirements for electrical equipment for measurement, control,
and laboratory use
IEC 61131-2:2007, Programmable controllers – Part 2: Equipment requirements and tests
4
IEC 61241 (all parts) , Electrical apparatus for use in the presence of combustible dust
4
IEC 61326 (all parts) , Electrical equipment for measurement, control and laboratory use –
EMC requirements
IEC 61326-1, Electrical equipment for measurement, control and laboratory use – EMC
requirements – Part 1: General requirements
IEC 61326-3-1, Electrical equipment for measurement, control and laboratory use – EMC
requirements – Part 3-1: Immunity requirements for safety-related systems and for equipment
intended to perform safety-related functions (functional safety) – General industrial
applications
IEC 61326-3-2, Electrical equipment for measurement, control and laboratory use – EMC
requirements – Part 3-2: Immunity requirements for safety-related systems and for equipment
intended to perform safety-related functions (functional safety) – Industrial applications with
specified electromagnetic environment

IEC 61496-1, Safety of machinery – Electro-sensitive protective equipment – Part 1: General
requirements and tests
IEC 61496-1, Amendment 1 (2007)
IEC 61508 (all parts), Functional safety of electrical/electronic/programmable electronic
safety-related systems
IEC 61508-2:2010, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 2: Requirements for electrical/electronic/programmable electronic
safety-related systems
IEC 61508-3:2010, Functional safety of electrical/electronic/programmable electronic safety-
related systems – Part 3: Software requirements
___________
4
Relevant parts of the series depend on the context – see detailed requirements in the following clauses.

---------------------- Page: 10 ----------------------
TR 62685 Ó IEC:2010(E) – 9 –


IEC 61511 (all parts), Functional safety – Safety instrumented systems for the process

industry sector


IECEx 61779-x (all parts), IECEx Test Report for IEC 61779-x (1998) ed 1.0 – Electrical

apparatus for the detection and measurement of flammable gases


5
IEC 61784-3 (all parts) , Industrial communication networks – Profiles – Functional safety

fieldbuses


IEC 61784-3:2010, Industrial communication networks – Profiles – Part 3: Functional safety

fieldbuses – General rules and profile definitions

5
IEC 62013 (all parts) , Caplights for use in mines susceptible to firedamp
IEC 62061, Safety of machinery – Functional safety of safety-related electrical, electronic and
programmable electronic control systems
IECEx 62086-1, IECEx Test Report for IEC 62086-1 (2001) ed 1.0 – Electrical apparatus for
explosive gas atmospheres – Electrical resistance trace heating – Part 1: General and testing
requirements
ISO 13849-1, Safety of machinery – Safety-related parts of control systems – Part 1: General
principles for design
3 Terms, definitions, symbols and abbreviations
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1.1
communication system
arrangement of hardware, software and propagation media to allow the transfer of messages
(ISO/IEC 7498 application layer) from one application to another
3.1.2
error
discrepancy between a computed, observed or measured value or condition and the true,
specified or theoretically correct value or condition

[IEC 61508-4:2010], [IEC 61158]
NOTE 1 Errors may be due to design mistakes within hardware/software and/or corrupted information due to
electromagnetic interference and/or other effects.
NOTE 2 Errors do not necessarily result in a failure or a fault.
3.1.3
failure
termination of the ability of a functional unit to perform a required function or operation of a
functional unit in any way other than as required
NOTE 1 The definition in IEC 61508-4 is the same, with additional notes.
[IEC 61508-4:2010, modified], [ISO/IEC 2382-14.01.11, modified]
___________
5
Relevant parts of the series depend on the context – see detailed requirements in the following clauses.

---------------------- Page: 11 ----------------------
– 10 – TR 62685 Ó IEC:2010(E)


NOTE 2 Failure may be due to an error (for example, problem with hardware/software design or message

disruption).

3.1.4

fault

abnormal condition that may cause a reduction in, or loss of, the capability of a functional unit

to perform a required function


NOTE IEV 191-05-01 defines “fault” as a state characterized by the inability to perform a required function,

excluding the inability during preventive maintenance or other planned actions, or due to lack of external
resources.

[IEC 61508-4:2010, modified], [ISO/IEC 2382-14.01.10, modified]

3.1.5
fieldbus
communication system based on serial data transfer and used in industrial automation or
process control applications
3.1.6
hazard
state or set of conditions of a system that, together with other related conditions will inevitably
lead to harm to persons, property or environment
3.1.7
message
ordered series of octets intended to convey information
[ISO/IEC 2382-16.02.01, modified]
3.1.8
performance level (PL)
discrete level used to specify the ability of safety-related parts of control systems to perform a
safety function under foreseeable conditions
[ISO 13849-1]
3.1.9
risk
combination of the probability of occurrence of harm and the severity of that harm
NOTE For more discussion on this concept see Annex A of IEC 61508-5:2010.
[IEC 61508-4:2010], [ISO/IEC Guide 51:1999, definition 3.2]

3.1.10
safety communication layer (SCL)
communication layer that includes all the necessary measures to ensure safe transmission of
data in accordance with the requirements of IEC 61508
3.1.11
safety data
data transmitted across a safety network using a safety protocol
NOTE The safety communication layer does not ensure safety of the data itself, only that the data is transmitted
safely.
3.1.12
safety device
device designed in accordance with IEC 61508 and which implements the functional safety
communication profile

---------------------- Page: 12 ----------------------
TR 62685 Ó IEC:2010(E) – 11 –


3.1.13

safety function

function to be implemented by an E/E/PE safety-related system or other risk reduction

measures, that is intended to achieve or maintain a safe state for the EUC, in respect of a

specific hazardous event


NOTE The definition in IEC 61508-4 is the same, with an additional example and reference.

[IEC 61508-4:2010, modified]


3.1.14

safety function response time

worst case elapsed time following an actuation of a safety sensor connected to a fieldbus,
before the corresponding safe state of its safety actuator(s) is achieved in the presence of
errors or failures in the safety function channel
NOTE This concept is introduced in IEC 61784-3:2010, 5.2.4 and addressed by the functional safety
communication profiles defined in the other parts of the IEC 61784-3 series.
3.1.15
safety integrity level (SIL)
discrete level (one out of a possible four), corresponding to a range of safety integrity values,
where safety integrity level 4 has the highest level of safety integrity and safety integrity level
1 has the lowest
NOTE 1 The target failure measures (see IEC 61508-4:2010, 3.5.17) for the four safety integrity levels are
specified in Tables 2 and 3 of IEC 61508-1:2010.
NOTE 2 Safety integrity levels are used for specifying the safety integrity requirements of the safety functions to
be allocated to the E/E/PE safety-related systems.
NOTE 3 A safety integrity level (SIL) is not a property of a system, subsystem, element or component. The correct
interpretation of the phrase “SILn safety-related system” (where n is 1, 2, 3 or 4) is that the system is potentially
capable of supporting safety functions with a safety integrity level up to n.
[IEC 61508-4:2010]
3.1.16
safety measure
measure to control possible communication errors that is designed and
implemented in compliance with the requirements of IEC 61508
NOTE 1 In practice, several safety measures are combined to achieve the required safety integrity level.
NOTE 2 Communication errors and related safety measures are detailed in IEC 61784-3:2010, 5.3 and 5.4.
3.1.17
safety-related application
programs designed in accordance with IEC 61508 to meet the SIL requirements of the
application
3.1.18
safety-related system
system performing safety functions according to IEC 61508
3.2 Symbols and abbreviations
EMC Electromagnetic Compatibility
EMF Electromagnetic Field
ESD Electrostatic Discharge
EUC Equipment Under Control [IEC 61508-4:2010]

---------------------- Page: 13 ----------------------
– 12 – TR 62685 Ó IEC:2010(E)


EUT Equipment Under Test


E/E/PE Electrical/Electronic/Programmable [IEC 61508-4:2010]

Electronic

FS Functional Safety

FSCP Functional Safety Communication Profile


IP Ingress Protection

PC Performance Criterium

PDS Power Drive System

PL Performance Level [ISO 13849-1]
RF Radio Frequency
SIL Safety Integrity Level [IEC 61508-4:2010]
SR Safety Relevant

4 General
As a general rule, the environmental and electrical safety requirements should be the same
as for non-safety devices, except EMC, where more stringent requirements apply (see
Clause 11). Thus, designers and users are not forced to consider many different standards.
IEC 61131-2 is such a standard that is considered to provide minimum requirements for non-
safety and for safety fieldbus devices, as well as for devices combining non-safety and safety
modules (see Figure 2). More specific or stringent requirements may be defined by sector,
application specific, or product standards.
Fieldbus with FSCP
0 0 0 0
7 7 7 7

Head Non safety- Safety-
station related I/O related I/O
modules modules
IEC 61131-2 / IEC 61131-2 /
IEC 61010 IEC 61010 +
IEC 6xxxx/WDC

IEC  2536/10
NOTE The relativ
...