Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
IEC TR 62513 – Safety Communication Systems for Machinery: Fieldbus Guidelines for Functional Safety
In modern industrial environments, machinery increasingly relies on digital communication networks to transmit safety-critical data between sensors, actuators, and controllers. IEC TR 62513, published as a Technical Report in 2008, provides comprehensive guidance on specifying, designing, installing, and maintaining closed serial digital communication systems — commonly known as fieldbuses — used for safety-related control functions in machinery applications.
Key Scope: IEC TR 62513 addresses closed serial digital communication systems for transmitting safety-related data in safety functions at machinery. It covers the entire lifecycle from specification through maintenance.
System Design and Safety Integrity Level (SIL) Assignment
The foundation of any safety-related communication system lies in correctly assigning the Safety Integrity Level (SIL) to the Safety-Related Control Functions (SRCFs). IEC TR 62513 builds upon the framework established by IEC 62061, which defines the requirements for Safety-Related Electrical Control Systems (SRECS). The communication system must achieve a SIL rating equal to or greater than the SRCF it supports.
Key design considerations include:
- Configuration and parameterisation — ensuring all communication parameters are correctly set and protected against unauthorized modification
- Response time — the total response time from sensor input to actuator output must meet the safety function requirements, accounting for transmission delays
- Fault monitoring and alarm indication — continuous monitoring of the communication path with immediate fault detection and alarm generation
- Failure modes — defining how the system behaves when the communication system itself fails (fail-safe state)
| Design Parameter | Description | Impact on SIL |
|---|---|---|
| Maximum Response Time | Total time from sensor to actuator via communication bus | Critical for SIL 2 and SIL 3 |
| Transmission Distance | Physical length of the communication medium | Affects signal integrity and latency |
| Number of Nodes | Devices connected to the safety bus segment | More nodes increase complexity and risk |
| EMC Environment | Electromagnetic compatibility conditions on site | Industrial environments require higher immunity |
| Redundancy Level | Single or dual channel communication paths | Dual channel required for SIL 3 |
| Error Detection Mechanism | CRC, watchdog timers, sequence counters | Higher coverage needed for higher SIL |
Engineering Insight: When specifying the communication system for SIL 2 or SIL 3 applications, engineers must consider not only the bus protocol itself but also the complete signal chain including input/output devices, couplers, gateways, and the physical medium. A chain is only as strong as its weakest link.
Commissioning, Modification, and Maintenance Best Practices
IEC TR 62513 extends beyond initial system design to cover the entire operational lifecycle. Commissioning procedures must verify that the installed communication system meets the safety requirements specified during the design phase. This includes validating transmission integrity, response times under load, and fault reaction behavior.
Modifications to the communication system require a formal change management process. Any change — whether adding a node, changing a cable route, or updating firmware — must be evaluated for its impact on the overall safety integrity. The standard recommends maintaining a configuration baseline document that records all system parameters, node addresses, and cable routing.
Best Practice: Implement periodic proof tests of the safety communication system at intervals determined by the SIL level. Document all maintenance results in a formal record that becomes part of the machine’s safety file. IEC TR 62513 specifically requires education and training programs for personnel involved in operating and maintaining these systems.
Environmental and EMI Considerations
Industrial environments present significant challenges for digital communication systems. Electromagnetic interference (EMI) from motors, welding equipment, and power electronics can corrupt safety messages. IEC TR 62513 emphasizes the need for proper EMC design including shielded cabling, proper grounding, and separation from power cables. Environmental factors such as temperature extremes, humidity, vibration, and chemical exposure must also be addressed in the system specification.
Frequently Asked Questions
Q: What is the difference between IEC TR 62513 and IEC 61508?
A: IEC 61508 is the overarching standard for functional safety of electrical/electronic/programmable electronic safety-related systems. IEC TR 62513 is a technical report that specifically addresses the use of communication systems (fieldbuses) within the machinery sector, providing practical guidance for implementing IEC 62061 requirements for safety-related communication.
A: IEC 61508 is the overarching standard for functional safety of electrical/electronic/programmable electronic safety-related systems. IEC TR 62513 is a technical report that specifically addresses the use of communication systems (fieldbuses) within the machinery sector, providing practical guidance for implementing IEC 62061 requirements for safety-related communication.
Q: Can standard (non-safety) fieldbuses be used for safety applications under IEC TR 62513?
A: The standard addresses closed serial digital communication systems. Standard fieldbuses can be used for safety applications only if they incorporate additional safety layers (such as “black channel” concepts) that provide the necessary error detection and response mechanisms to achieve the required SIL. The safety layer must detect transmission errors with sufficient probability.
A: The standard addresses closed serial digital communication systems. Standard fieldbuses can be used for safety applications only if they incorporate additional safety layers (such as “black channel” concepts) that provide the necessary error detection and response mechanisms to achieve the required SIL. The safety layer must detect transmission errors with sufficient probability.
Q: How does IEC TR 62513 relate to PROFISAFE, CIP Safety, and SafetyNET p?
A: These are specific implementations of safety communication protocols built on top of standard fieldbuses (PROFINET, EtherNet/IP, and Ethernet respectively). IEC TR 62513 provides the generic guidance framework, while these profiles implement the specific safety communication mechanisms. Each profile must meet the requirements outlined in IEC TR 62513 and IEC 62061.
A: These are specific implementations of safety communication protocols built on top of standard fieldbuses (PROFINET, EtherNet/IP, and Ethernet respectively). IEC TR 62513 provides the generic guidance framework, while these profiles implement the specific safety communication mechanisms. Each profile must meet the requirements outlined in IEC TR 62513 and IEC 62061.
Q: What documentation is required by IEC TR 62513?
A: The standard requires comprehensive documentation including: system design specification, SIL allocation records, validation test reports, commissioning records, modification log, maintenance records, and training documentation. All documentation should be maintained throughout the machine lifecycle.
A: The standard requires comprehensive documentation including: system design specification, SIL allocation records, validation test reports, commissioning records, modification log, maintenance records, and training documentation. All documentation should be maintained throughout the machine lifecycle.
