Understanding the SISTEMA software tool

Like any software tool, SISTEMA (Safety Integrity Software Tool for the Evaluation of Machine Applications) is only as useful as the information entered into it.

That said using the tool can be a significant time-saver as opposed to doing the required calculations by hand.

The process of obtaining the appropriate Performance Level calculations is non-trivial and even with the SISTEMA tool a strong understanding of the process is required.

To download the SISTEMA tool go to: http://www.dguv.de/ifa/en/pra/softwa/sistema/index.jsp

and click on the Download link.

Enter you e-mail address and confirm it. Click the button marked "Submit".

Accept the defaults and click OK. SISTEMA will launch.

Navigating the SISTEMA interface

Again it is important to understand the underlying concepts that drive the tool. By entering the relevant parameters:

1. Category
2. the average component quality (MTTFd)
3. the average test quality (DCavg) of components and blocks, and
4. common-cause failures (CCFs)

SISTEMA recognizes seven different types of objects. These can be regarded as the building blocks from which a project is created.

Each object in the project can be selected in the Navigation pane and then configured in the workspace. Objects can in turn serve as containers for other objects. A single safety function for example can contain several subsystems.

Project: the project file itself is treated as an object in SISTEMA. It generally refers to a machine or dangerous point which is analyzed. A project may contain any desired number of safety functions.

Safety function: any function of the machine under analysis the failure of which may lead to a direct increase in the risk is described as a safety function. A safety function is implemented by one or more subsystem(s).

Subsystem: a part of a control system which processes and generates safety-related signals.

• Several subsystems can be connected in a series arrangement for implementation of a safety function.
• A subsystem generally implements a designated architecture. In this case, the essential structure is determined by the number of channels and possibly by an item of test equipment (only in category 2).

Channel: in SISTEMA, a subsystem may comprise one or two channels. A channel object represents a container for blocks, i.e. its purpose is solely that of structuring, and it permits the modeling of multi-channel architectures. The number of channels is determined by the selection of a Category for the higher-level subsystem and the associated designated architecture.

Note: In Category 2 architectures, a test channel or item of test equipment has the function of repeated testing of whether the function of the functional channel is being executed properly. Like the channel, the test channel forms part of a subsystem. A subsystem may possess no more than one test channel.

Block: Êconstitutes a function block in the context of a logical block diagram. It divides a channel into logical functional units (e.g. sensor, logic, main contactor). A channel should always contain at least one block. In SISTEMA, it may be possible for a block to be modeled in even greater detail by the listing of its component elements.

Element: constitutes the lowest hierarchical level of the objects types.Ê Elements are electronic, electromechanical, hydraulic, mechanical or pneumatic components from which a function block is composed.

The diagram below shows the relationship of the various SISTEMA objects.

SISTEMA Screen

SISTEMA has performance data installed in a library based on the generic values defined in the ISO 13849-1 standard. Many manufacturers, including OMRON, have created SISTEMA libraries with their specific product performance data. Links to all the available libraries can be found at http://www.dguv.de/ifa/en/pra/softwa/sistema/bibliotheken/index.jsp

To load a library into SISTEMA you must first download the library and save it. Omron has multiple libraries. The OMRON libraries can be found at: http://www.sti.com/sistemadata/sistemalib.htm

After saving the library, simply click on the library button at the top of the SISTEMA tool. Click the Add local library button as per the screen below.

Select the location of the desired library and click OK.Ê The library will be added to the SISTEMA tool. Repeat for each desired library.

Click Close to return to the main screen.

Before using the SISTEMA tool, the safety functions must be clearly defined. It is highly recommended that the system designer create a block diagram of the system elements before starting the SISTEMA evaluation.

To use the SISTEMA tool:

1. Create a project (PR) and define one or more safety functions (SF)
2. Determine the required PLr by the risk graph (or direct input)
3. Define one/several sub-systems (SB) and select their category
4. For each sub-system:
   • Input of the vendors reliability values (PL, PFH, Category),Ê paste data from supplied libraries or
   • Define blocks (BL) and subordinate elements (EL), input of all relating reliability data (MTTFd, DC, B10d, CCF, and so on)
5. Comparison of the achieved PL with the required PLr
6. Save project with check sum, printout/PDF by report function

If an adequate risk assessment has already determined the appropriate PLr, enter that value in step 2.Ê It is highly recommended that the Risk Assessment be based on the manufacturer's accepted practice. In general the risk assessment tool included in SISTEMA is only a guide, and is not comprehensive.

For instructional purposes only, the following example demonstrates how to use the SISTEMA tool for a simple safety system.

Before turning to the SISTEMA tool, let us assume we have completed a risk assessment and determined we need a PLr of d. We also need to understand the functional block diagram of our proposed design.

Note the Yellow warning box. SISTEMA will provide you with instructions as you proceed.
Enter a name for the project and provide any additional information.

Next Define the safety function by selecting the safety function tab and clicking New.

Next select theÊ PLr tab, Since we already have competed our risk assessment and know our PLr, we select the Enter PLr value directly radio button and select the value from the Drop down box.

Click on the subsystems tab. The first subsystem we defined was the F3SJ Light curtain.

After naming this subsystem click the PL tab. Since we are able to determine the PL for this device from the OMRON documentation select the enter PL/PFH directly... radio button and enter the data. *the F3SJ data sheet states the Pl for this device is e.

Select the G9SX-BC by clicking on it and then select the Load (Load and close in this case since this is the only item we are taking from the library.)

This loads all the required information for this subsystem into the tool.
Now we must add the last subsystem. Open the safety function subsystem tab, click New,
and provide a name.

This subsystem is the output block. The data for the contactors must be calculated so we need to select the Determine PL/PFH from Category, MTTFd and DCavg button.

Select the Blocks tab. Double click on the <unknown block> to open the block. Provide a name and select the MTTFd tab and select Determine MTTFd from the elements.

Select the Blocks tab and similarly provide a name, and open the MTTFd tab and select determine the MTTFd from the B10d value. Since we don't know the exact B10d values for these contactors we must use the generic data available from the standard. SISTEMA makes this easy by clicking the typical components value button.

Since we have properly sized our contactors we can select the small load option and click OK which will load the value into SISTEMA.

Next we need to provide the cycle and life parameters of the machine. Click on the Calculate nop button to add the required data.

d_op = number of days per year the machine is expected to operate.
h_op = number of hours per day
t_cycle = cycle time of the machine

The Machine Life is preselected for 20 years, modify this value if necessary. Click OK

The calculate MTTFd for this element is Medium.

Select the appropriate description from the Library, in this case, direct monitoring.... and click the Load Selection button.

Since Channel two in this case is identical to channel one, complete the information for channel two in the same manner.

Finally return to the Contactor subsystem and select the CCF tab. Experienced designers may enter the CCF values directly, otherwise select the Select applied measure to evaluate CCF, and click the Library button.

Note: the determination of CCF requires an in-depth understanding of the design parameters and must be by an experienced design engineer.

Review and select each of the CCF elements that are appropriate for the system. The CCF value must be greater than 65 for the design to be valid. Each selection must be loaded until the final value is reached and the system indicates this parameter has been fulfilled.

For this example, we have defined only a single safety function. If multiple safety functions are required, they would be added and the subsystems, elements, etc. would be defined in a similar manner.

The use of the SISTEMA tool is not a substitute for safety system design. It enables the designer to model the structure of the safety-related control components based upon the designated architectures. A practical advantage for the user is that any parameter change is reflected immediately on the user interface with its impact upon the entire system. This enables one to "play" with parameter values and thus to assess the global effect of modifications with a minimum of effort. The final results can be printed out in a report.

Disclaimer:
Use of the software is at the user's own risk. To the extent permissible by law, no liability will be accepted for the software on any legal basis. In particular, no liability will be accepted for material defects or defects in title, whether in the software or in the associated documentation and information, particularly with regard to their correctness, freedom from errors, freedom from property rights and copyright of third parties, up-to-dateness, completeness and/or fitness for purpose, except in cases of malicious or wrongful intent.

Omron STI provides this data for demonstration purposes only and does not warrant the validity of the data or assumptions presented.