1. Risk analysis : This would involve all stakeholders and often includes operators, maintenance staff, engineering staff, and health and safety groups. This group would identify all possible risks and then identify means to eliminate or mitigate the hazards. This process is the first and most important step in safety design, as the results will dictate the level of redundancy required for the process, which often limits the suitable hardware solutions. For processes that require higher safety integrity or redundancy, a PSS is often the best choice.
2. Safety system category level : To meet CAT 4, devices connected to the inputs of the safety systems must be certified for use in CAT 4 systems. This is typically a device with positively guided parallel redundant contacts. The outputs of the safety system must be connected to interrupting devices that are also CAT 4 rated and monitored by the safety system. This often means parallel redundant contactors (or relays) with positively guided auxiliary contacts for monitoring purposes. In a retrofit situation, this often means that existing input devices need to be replaced and that some additional hardware is required between the safety system and the loads to ensure that the overall safety solution is control reliable. If these are not upgraded, the safety level of the overall safety system is reduced to lowest CAT level of any sub-section or safety device within the system.
3. Safety hardware certification : The most stringent method is for the manufacturer to have an independent testing body review and test the hardware to international standards and issue a written certification. Other options for technical inspection are certification to lesser standards; more local standards; or simply designed in accordance with certain specific standards.
4. Safety hardware response time : Given the software flexibility of PSSs, programmability can result in longer response times than hardwired safety relay (SR) units. The response time is the time from safety input activation through to verified opening of the loads. Response times of tens or hundreds of milliseconds are typical. Response times should be evaluated when operator access is involved and programs are larger, to ensure that the required stop times and distances are met. In some cases, distances of light curtains and other devices may need to be increased to adequately protect operators.
5. Compatibility : Many PSSs use a phase-shifted pulse signal on the input and output channels to detect device failures or short/open circuits between input channels. Some devices, such as light curtains, often employ a similar feature to monitor correct operation. In certain cases, these types of self-checking devices cannot be connected to the safety hardware unless one of the checking mechanisms is disabled. The flexibility of the PSS often can accommodate the required configuration without limiting the system functionality or the CAT rating.
6. Retrofit versus new designs : Retrofits often involve added challenges over new designs because the safety system must be compatible with the existing hardware and production downtime must be kept to a minimum. Safety device networks can often reduce wiring time and required downtime by connecting devices to a common cable instead of individual wires to each device. It is also imperative that any required communications for process or safety signals be developed and fully tested off-line before committing to equipment changes. The safety hardware should be reviewed to ensure that suitable I/O cards or modules exist to handle the voltage levels of the existing system.
Questions to ask: What impact will result in the existing process when the safety system is removed from the existing system and ported to the new safety solution? Will some new safety signals need to be redirected back to the remaining process side and, if so, will they be hardwired or network based? How much reprogramming of the existing process controller will be required? What is the cost of any new or replacement devices?
7. Safety system application focus : Some safety systems leverage similar software environments for application development of their process and safety hardware, while other systems require a separate programming package with new functionality that must be learned. This will impact the cost of the project and the learning curve of the developers as well as training of operators, engineering, and maintenance staff. Some platforms allow safety for cell safeguarding, robots, and presses to be handled in one unified controller, while others require multiple platforms to address a machine with this range of equipment.
8. Installation : A safeguarding hardware supplier, safety design firm, and installation trades, among others, are involved to implement a PSS solution. An overall project manager should exist to ensure the owner's interests are being met and the overall safety strategy is correctly implemented. Testing of the PSS is critical prior to installation to ensure minimum interruption to production and confirm safety and process functionality. Time should be budgeted into the schedule to allow for testing and verification offsite, as well as for the testing of all networks, safety devices/wiring and hardware power-up tests as soon as power is available on site. If the software has been tested and simulated off-site and the wiring/hardware tested on-site, then the number of challenges experienced during commissioning will be minimized. All activities that can be done prior to the commissioning window, such as mounting hardware, running wire/conduit, labeling items, and testing will also minimize production loss, especially for retrofits. A commissioning plan, including tests to be performed for all safety devices and functions, is also required. These tests must be performed, passed, and documented so that all stakeholders are confident that the planned safety functionality has been met and due diligence was achieved. Until this step is completed, the safety upgrade is not deemed finished and the equipment should not be used by operators.
9. Maintenance of the installed PSS : The installed system may require a pre-start health and safety review (PSHSR). If the hardware used provides an internal cyclic redundancy check (CRC) code to identify the exact program running, this must be recorded in the PSHSR, otherwise a detailed printout should be maintained. If the designers of the safety system will be a distinctly separate party from the PSHSR reviewer, then the owner of the equipment should ensure that both parties are clear on the safety approach so that the PSHSR party will certify the final design. A new PSHSR will be required for any software changes that are made (new CRC code) as the software performs a critical component of the safety solution. As such, an internal process should be defined and controlled to ensure changes are only made by knowledgeable staff, passwords are controlled, PSHSRs are performed, documentation updates are maintained, and safety procedures/notifications issued and updated as required. Procedures for maintenance, engineering, and operators must be issued and include how to interface with the new PSS. Training on the hardware, software, the application portion and the overall safety system will be required for all three parties to ensure successful implementation and ongoing support.