Preparing for Networked Safety
You’ve heard plenty of talk about machine-safety networks. Now, what do you do about them?
C.G. Masi, Control Engineering -- Control Engineering, 7/1/2007
|
Gone are the days when they used to think about a hardwired system as being the only method, says David Arens, safety expert at Bosch Rexroth and member of the the American Society of Safety Engineers.
“A safe system is simply defined as one that if it fails, it fails in a way that is going to protect the people and the machinery and the plant,” explains Brian Oulton, marketing manager for networks at Rockwell Automation.
“The networked safety approach,” says Helmut Kirnstoetter, responsible for product development and sales at B&R Industrial Automation, “is to have input, output, and drives running on the same infrastructure, the same network, and handling the same logic on a machine. The nice thing about it is, we can tie all of the motion components together over the local network. If you press an e-stop, you send a signal to the drive through the software, the drive can move all the machine axes to a safe position, then tell you 'I’m in a safe spot,’ and allow the user to, for example, open the cabinet door.”
|
| One of the motivations for running safety signals over the machine-control network is to reduce the number of cable runs. |
Kelly Schachenman, manager of marketing for safety systems for Rockwell Automation adds: “All safety systems have three elements: 1) safety inputs or the safety sensors that detect a person’s intrusion into a potentially hazardous area; 2) safety actuators that control the flow of energy to potentially hazardous elements of the equipment in the hazardous area; and 3) safety logic, comprised of safety relays or safety PLCs, that determines how the safety system should intervene to make certain that the pre-determined safe conditions are satisfied.”
Networked safety is here, and here to stay. As Control Engineering pointed out in the March issue (“Safe-Motion Choices,” p. 52), the arguments for switching from point-to-point wiring to safety-related messages passing over the machine-control network are compelling. To achieve machine safety at any level, however, requires setting the system up correctly.
That leads immediately to the question of how engineers schooled in deploying hardwired safety systems can make the transition to networked safety. Is networked safety simply a product that you can buy? Can you just unpack a box marked “safe network,” and deploy it like a new television set?
The answer, not surprisingly, is “No.”
“Just using a bunch of components without an understanding of how to put them together does not make a safe system,” Oulton points out. “So it’s very important for an engineer to have proper training.”
Minimizing safety risks
“Unfortunately,” says Arens, “pretty much everyone will tell you it’s impossible to eliminate all risks You can limit risk, but it’s not going to be completely eliminated.”
“The law says you have to create a safe and secure working environment for your employees,” points out Robert Dorr, consulting application engineer with Siemens Energy and Automation. “Unfortunately it doesn’t say how. Now you have to go consult reference standards.”
Observers agree that the most relevant standard for machine safety is IEC 61508, which covers functional safety of electrical, electronic and programmable-electronic safety-related systems, such as automated machinery.
The standard issues from the International Electrotechnical Commission, a body made up of national committees, such as the U.S. American National Standards Institute (ANSI). IEC 61508 provides two important resources: It defines requirements for acceptable safety levels for the various types of equipment covered, and it defines a safety integrity level (SIL) system that provides a means of quantifying safety as applied to equipment and machines covered.
Calculation of SIL levels involves assessment of the probability that those functional safety items will do their jobs. Just because a feature is there, however, doesn’t mean it will be available when needed. An interlock, for example, which makes it impossible to perform proper setup or maintenance will have a high probability for being defeated by technicians charged with performing those operations. This increases the probability that the interlock will not be able to do its safety job when called upon, which has an impact on the system’s SIL.
“The first thing,” says Arens, “is you have to identify all the machines within the workplace that you’re going to do a risk assessment on.”
|
| Mitigating risk is an iterative process. |
The significant hazards for equipment and any associated control system in its intended environment have to be identified by the machine specifier or developer through a hazard analysis. “The person you have to look at first is the operator,” Siemens’ Dorr advises. “What could he be exposed to? Then you have to look at who else would be exposed. Obviously the maintenance guys could be—even somebody just walking by. So, the risk assessment looks at all possible risks. Then you devise measures to reduce those risks to an acceptable level.”
“You would then write a safety requirement specification,” says Schachenman, “to define how you would mitigate the hazards native to the machinery and the hazards of an operator working in the machinery performing various tasks. Next, design your system to mitigate those hazards as defined in the safety requirements specification. Finally, test the machinery to validate that the safety control system successfully mitigated the risks as defined in the Safety Requirements Specification.”
“This is a looping process, and it should take place whenever there’s a change,” Arens says. “Even beyond that, there is a periodic review to see that those safeguards are still operating according to the risk assessment that was performed.” The resulting documentation becomes the safety handbook on that machine.
Training
“It requires thorough knowledge of the regulations,” says Oulton, “as well as a thorough understanding of how to do a correct risk assessment, and proper application of the products that you’re using to make sure that the overall system … will fail in a safe and predictable manner.”
“There are actually three levels of training,” says Arens. “There’s the overall safety training, which you can get by going to an OSHA Training Camp. Then there’s a group called The Safety Equipment Distributors Association (SEDA) that offers a qualified safety sales professional training course.” That would be appropriate for system integrators building safety-rated machines for sale. The table lists additional training sources Arens recommends.
The third level is equipment specific. “The machine manufacturer will know the machine best,” Arens points out.
Vendors of machine components, such as PLCs, motor drives, and machine networking products provide training in how to use their products safely. Arens’ company, Bosch Rexroth, for example, provides one-day, two-day and four-day training courses in applying its safety systems to machinery. “One thing you do want to look for,” Arens cautions, “is a certified training provider. The International Association for Continuing Education and Training certifies training providers.”
Siemens’ safety core team members “can provide custom training on site to an OEM using our products,” Dorr says. “We also have a training department that offers off site training and a training CD for users of our equipment.”
“Honestly, network safety is a pretty transparent part of the system,” says Schachenman. “It behaves exactly like the standard network. It’s just a vehicle to pass safety data in a way that has high integrity. The more difficult part is identifying what the hazards are and how you’re going to mitigate them, then writing good application code.”
“In the end,” Schachenman summarizes, “as with any hardwired or programmable safety system, you always have to do field testing to validate that indeed [you have made] the machinery safe.”
| Vendor | Location | Website URL | Description |
| Industrial Safety Integration | Ontario, Canada | www.industrialsafetyintegration.com | Onsite and offsite safety training |
| Rockford Systems | Rockford, IL | www.rockfordsystems.com | Monthly machine safeguarding seminar |
| Euchner USA | East Syracuse, NY | www.euchner-usa.com | Risk assessment software |
Safety Improves Robot Efficiency
09/30/2007Safety Sensors Rise to New Heights
04/30/2008Safety: A Tale of 2 Applications
02/03/2008Safety: Tale of Two Applications
02/29/2008I/O Implementations
08/31/2006
View All Control Engineering Webcasts from CTL
