Converging safety, non-safety systems increases scalability, flexibility
Integrating safety systems into a machine’s standard control platform simplifies operations, increases diagnostic capabilities and creates safer work environments for engineers and end users.
The convergence of previously disparate technologies continues to be an important topic because of the benefits to engineers, original equipment manufacturers (OEMs) and end users. Integrating safety with non-safety technology may not seem obvious, but the topic deserves serious consideration. Like information technology (IT) and operations technology (OT), the combination of safety and non-safety into one system enables increased flexibility and scalability, better data acquisition across systems and more customization opportunities. Most importantly, it creates a safer work environment for operators and plant personnel by accommodating more safety technology in more places.
Programmable safety devices in an input/output (I/O) form factor that are also integrated into the main machine control architecture make this convergence possible. These I/O terminals feature integrated safety logic and communicate with the PC-based machine controller, whether they connect through a shared backplane or Ethernet cable. EtherCAT industrial Ethernet technology creates other opportunities for technology convergence in safety systems, such as built-in diagnostics and support for multiple fieldbuses. This approach is a departure from previous architectures, in which safety and non-safety systems remained in separate silos. The converging technologies enable machines to maintain safety integrity level (SIL) standards while offering further customization benefits.
To understand how this convergence works and why it is advantageous, it is important to consider three levels of safety technology and their roles on the manufacturing floor.
1. Basic safety devices
The traditional basic safety approach keeps safety systems separate from the machine control platform. These safety devices include relays and switches that cut power to machines or modules if triggered. Although they require no programming effort, they must be directly hardwired to each module and every other safety device to ensure the entire machine or line stops operation when one device is tripped. Installation and wiring of safety relays is time- and labor-intensive, especially on larger machines.
Safety relays and other basic devices are usually not configurable because they possess no network connectivity. They cannot communicate back to the programmable logic controller (PLC) or provide performance data or diagnostics beyond what their LED lights show. For many years, this was the only industrial safety option, and it met the minimum requirements for protecting operators and equipment. However, in the age of the smart factory and Industrie 4.0, basic safety requirements have not kept pace with industry advances. Implementation is inefficient because it requires greater commissioning efforts and ultimately provides low-tech safeguards for workers.
2. Stand-alone safety controllers
Stand-alone safety controllers are expandable and offer some programmable logic, but as a result, these systems require additional engineering efforts. This method supports the ability to network safety devices and provides greater diagnostics for troubleshooting, but it does not enable the convergence of safety and non-safety systems.
Like basic safety technology, safety controllers remain physically separate from the machine controller. Although both contain logic, the safety controller and PLC only support asynchronous communication, which means crucial data from the safety system is not available for analysis. The safety device also uses different software than the machine control logic; the training required and maintenance for multiple software packages also slows commissioning and troubleshooting.
3. Integrated safety, programmable I/Os
Greater technology convergence is happening through integrated safety systems with programmable safety I/O terminals. The safety terminals are differentiated on the outside by their solid yellow exteriors. On the inside, they possess redundant circuits and microcontrollers to maximize reliability and meet IEC 61508 and DIN EN ISO 13849-1 safety standards. These devices are installed into a standard I/O segment alongside non-safe terminals and can communicate over industrial Ethernet systems like EtherCAT. Integrated safety can extend beyond I/O terminals to implement safety logic in components in the field, such as servo drives and servomotors with built-in safe torque off (STO) and safe stop 1 (SS1) functionality. This method uses the same engineering environment as the machine control and provides flexibility for distributed safety networks.
Programmable I/O modules also can support single-channel safety. With the necessary firmware for safe communication protocols, these modules allow engineers, particularly in process industries, to set acceptable condition parameters for different applications such as temperature monitoring, level sensing, speed testing and pressure monitoring.
These safety terminals possess a yellow stripe on their exteriors to differentiate the single-channel analog technology from standard digital safety terminals in an I/O segment. The specialized single-channel terminals also enable the use of I/O for safety tasks.
Integrated safety is essential in today’s manufacturing environments with greater use of robotics, complex motion control equipment and autonomous vehicles. Modern plants require simple safety devices, such as e-stop buttons, and more sophisticated light curtains, safety switching mats and two-handed controllers, among others.
PC-based automation software with standard safety function blocks allows engineers to create the necessary programs to protect workers and equipment in these work environments. During operation, the PC-based machine controller and safety controllers can monitor each other.
Increased performance data and diagnostics capabilities are available as a result of this convergence. The information can be displayed on the human-machine interface (HMI) because the safety system is connected to the PLC. While more programming is necessary than with basic safety systems, the integrated systems simplify commissioning. They also eliminate the complications caused by multiple programming environments, additional networks and the necessity to hardwire each device to all others. For EtherCAT-based devices, communication takes place using the TÜV-certified FailSafe over EtherCAT (FSoE) protocol.
Secure communication of safety data
FSoE is designed to transmit safety data over a plant’s existing network via a “black channel.” This secure channel within the network increments a cyclic redundancy check (CRC) for every two bytes of safety data to ensure they are secure and error-free. The functional principles of EtherCAT enable the transmission of safety and non-safety data without limitations on transfer speed and cycle time. Designed for high-speed communications, EtherCAT checks the safety devices in real time and halts operations when tripped. Built-in diagnostics also help engineers troubleshoot physical issues, such as faults with cables, connectors or I/O terminals.
FSoE is fieldbus-neutral and works over 100 Mbit/s EtherCAT, but it can also integrate with many other industrial Ethernet networks or fieldbuses. If plants use DeviceNet, Profibus, CANopen, EtherNet/IP and Profinet networks, implementing integrated safety systems with FSoE requires the addition of appropriate EtherCAT I/Os and gateway devices.
FSoE is certified by TÜV and also meets all requirements for IEC 61508 and DIN EN ISO 13849-1. These safety designations remain unchanged whether communication occurs via legacy fieldbus, industrial Ethernet or wireless networks. In addition, FSoE and integrated safety I/O unlock possibilities for increased customization.
Converging technologies enable customization
A key benefit of integrated safety is the ability to customize and test how safety systems function through software. If a customer has a modular machine, the OEM or integrator can disable a certain module in the software rather than the traditional route of redesigning and reprogramming the machine’s safety system. The previous method involved changing I/O, re-engineering components or creating crude workarounds, such as “jogging” wires to bypass unnecessary parts of the safety system. With PC-based automation software, adding or removing modules or groups can make these adjustments quickly.
However, some companies have been slow to adopt integrated safety technology due to concerns about combining safety and non-safety on one platform. However, integrated safety is reliable and preferable to basic safety devices and stand-alone safety controllers. If the safety PLC and machine controller is in the same environment, then they know what the other is doing and can communicate more effectively.
With greater flexibility and faster installation, it is possible to design machines and plants to have more safety technology than ever before. Implementing integrated safety with programmable I/O modules, as a result, is the safest choice.
Keywords: machine safety, safety integration
Basic safety requirements have not kept with other technology advances.
Integrating safety and non-safety systems allows users to access more information and improve overall worker safety.
Integration also allows users to test how safety systems function through software.
What applications in your plant would benefit most from integrating safety and non-safety systems?