An ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis, operating efficiencies and cost savings, as well as all relevant safety standards, such as those from NFPA, ANSI, RIA, IEC, ISO and OSHA. About J.B. Titus.
Safety Relays vs CAT 4; Comments on Safety, Redundancy, Risk
July 20, 2009
Recently I visited a manufacturing company to discuss their machine guarding strategy for the control system on automated palletizer machines. After some discussion, I asked for a plant floor tour to see these machines being manufactured. During the tour they showed me a CAT 4 application mitigated by applying a CAT 4 rated safety relay. The owner also pointed out that they were able to generate a diagnostic fault on this circuit easily via the safety rated relay. Being immediately curious, I asked if they could describe how they accomplished the CAT 4 circuit including the fault display.
They answered by saying that the CAT 4 rated safety relay has two redundant latched circuits. So, we wired one output to the actuator and the second output to the operator display panel. Bingo, we have a CAT 4 circuit with diagnostics!
What’s wrong with this picture?
Posted by J.B. Titus on July 20, 2009
September 2, 2009
In response to: Safety Relays vs CAT 4Federico Badillo commented:
To achive Cat 4, redundancy has to be applied to the outputs, double contactor (a model with linked contacts ) to stop the dangerous movement and monitoring of the contactors operation by the safety relay, about the inputs, using redundancy and oposite polarity at each channel to detect wiring faults.
September 2, 2009
In response to: Safety Relays vs CAT 4JSmith commented:
That is correct. The redundancy built into the device is what allows the device to be rated as CAT IV. What is truly interesting is when these devices are used in conjunction with a bus system such as profibus. I have built configurations with regular and safety IO sharing the same bus and still maintaining the CAT IV safety rating.
September 2, 2009
In response to: Safety Relays vs CAT 4BKelly commented:
The redundant channels are to ensure that the safety function is achieved on the failure of a single channel. This redundancy must be carried out to the actuators. i.e. if the goal is to shut down a motor then each channel must feed separate contactors and de-energizing either contactor removes power from the motor. The diagnostics should then be handled via auxiliary contacts on the actuators in conjunction with the (usually) normal closed monitoring contacts on the safety relay itself. In the configuration you describe a single failure in the channel connected to the actuator completely defeats the safety function and therefore would not meet category 4 requirements, regardless of the rating on the relay.
For more than 30 years, J.B. Titus has advised a wide range of clients on machine functional safety solutions, including Johnson + Johnson, Siemens, General Motors, Disney, Rockwell Automation, Bridgestone Firestone, and Samsung Heavy Industries. He holds a Bachelor of Business Administration degree from Oklahoma University in industrial management and an MBA from Case Western Reserve University in marketing and finance. He is a professional member of the American Society of Safety Engineers and is OSHA-certified in machine guarding. Titus is also TUV-certified as a Functional Safety Expert and serves on several American National Standards Institute, National Fire Protection Association, and National Electrical Manufacturers Association national safety and health standards committees. Reach him at jb(at)jbtitus.com and via www.jbtitus.com.