Integrate safety engineering into mechatronic design

The study of mechatronics includes mechanical engineering, electrical engineering, telecommunication engineering, control engineering, and computer engineering. Adding safety engineering to mechatronics design theory could have a large economic impact on manufacturers globally.

By Jeff Winter February 11, 2014

Mechatronics is a nontraditional field of engineering that combines a variety of cross-disciplinary design principles. The end result is to optimize functionality by creating a simpler, less expensive, more reliable, and safer machine. Most approaches to mechatronics include mechanical engineering, electrical engineering, telecommunication engineering, control engineering, and computer engineering. What about adding a less obvious discipline: safety engineering? This addition to mechatronics design theory could arguably have the largest economic impact on manufacturers around the world.

Traditionally there have been two opposing views toward machine safety design: build safety into the design up front or add safety to the machine afterward. Since these arguments were usually financially driven, most machine builders and manufactures alike adopted the notion of “Let’s just add safety to the machine after we design how it works.” Even when fined or when there is an unfortunate accident, most organizations address the problem only by “adding more safeguards” as opposed to instituting a philosophical change by adding safety to the machine/manufacturing design process. It has been a difficult challenge for organizations to justify how adding the cost of safety into an initial machine design created any positive financial impacts on production or even increased overall safety. Why is this?

Safety standards, as recent as a few years ago, have been very rigid in which technologies are “allowed” and how these technologies must be applied. In addition, very few organizations want to take the risk of being innovators in the field of machine safety, knowing the large financial and legal implications potentially incurred by “trying something new.” The old adage “better be safe than sorry” was adopted. It became the norm for engineers to physically separate safety hardware from standard control hardware and separate safety functions from general control functions. Is this wrong? No, but I’m sure you’ll get different answers depending on who you ask: Production? Engineering? Environmental health and safety (EH&S)? The argument of “safety vs. productivity” became an everyday battle.

However, there is light at the end of the tunnel. A few major changes in recent years have tipped the scales in favor of both machine builders and manufacturers adding safety as a core discipline to their holistic, mechatronic design philosophy. Newer European Directives (such as 2006/42/EC), expanded harmonized safety standards (such as ISO 13849-1, IEC 61800-5-2, IEC 61311-3, IEC 61784-3, etc.), and advanced integrated safety technology (such as configurable detection devices, safety PLCs, safe motion technology, etc.) have already changed the landscape for integrating safety into the design of machinery. Compared to conventional safety systems, properly designed and applied safety systems can result in benefits to users, to the design, and to safety.

User improvements 

  • Increased OEE per production line
  • Smaller spare parts inventory
  • Reduced downtime through better diagnostics and fault identification
  • Reduced start-up time through smarter hazardous energy control
  • Increased floor space by replacing physical guards with newer guarding technology
  • Easier maintainability
  • Reduced downtime through properly designed alternatives to lockout/tagout
  • Longer component life through reduced cycling of contactors.

Design improvements

  • Simplified control architecture
  • Reduced wiring through networks
  • Reduced control panel size through integrated safety solutions
  • Lower hardware costs through component reduction
  • Higher level of control over machine during safety functions through separation of “protective stops” and “emergency stops” 

Safety improvements

  • Lower incentive for employees to “defeat” safeguards through applying proper bypassing functions
  • Lower risks of injury through more reliably designed safety systems
  • Lower risk of mistakes through proper verification/validation techniques
  • Better identification of safety functions
  • Controlled access to the machine can be designed to match corporate machine safety policies.

How are these benefits realized? The new “construction” standards give safety product manufacturers (such as Rockwell Automation, Sick, Pilz, and others) a detailed set of criteria for developing newer safety technologies and products to put on the market. More importantly, new application standards give engineers a more flexible approach toward designing safety systems using these new technologies. This is accomplished through providing methods for identifying hazards, analyzing the risk, determining the safety functions, organizing the architecture, design requirements, programming requirements, calculating the probability of failures, verifying the design, and validating the overall effectiveness of the safety system. The door has been opened to provide engineers with the tools and technology they need to make machine safety an integral part of improving their automation and production goals.

Buyer beware

However, before rushing out and adopting these new standards and technologies, ensure your organization is prepared. Fully integrated safety solutions with intelligent safety devices can be easy to implement, but difficult to understand. Without an in-depth understanding of engineering and safety, it is now much easier than in the past to buy and install a bunch of safety-rated devices and end up making a very dangerous machine. Back when the only safeguarding options available were physical guards or simple detection devices, such as safety interlocks, it was easy for both engineers and safety leaders to understand how the guards protected employees and how to identify an ineffective guard. In an overly simplified view, physical guards prevent access, and simple safety devices detect access and immediately shut down power to the machine. Easy to understand, right? Now imagine throwing in new configurable 2D or 3D detection devices, an endless amount of programmable control combinations, and a few dozen new output choices, and it can be very difficult to understand how the safety functions actually protect employees or, more importantly, identify when these safety function are ultimately ineffective.

Figure 1 is a representation of the architecture in a generic safety function as described in ISO 13849-1. Each safety function typically is comprised of three components: input, logic, and output. The “input” represents the device initiating the safety function. The “logic” represents the processing and monitoring required to execute the safety function, and the “output” represents the control of actuators by the safety logic.

The “conventional” safety function in Figure 1 matches how an overwhelming majority of engineers design a safety system. A light curtain or interlock (input) is wired into a safety monitoring relay (logic device—single function), which typically controls a pair of safety contactors or force-guided relays (output device) to remove all hazardous energy. Because typically each of these devices can be used in only one way, it’s actually difficult to “screw things up” from an electrical standpoint. An appropriately selected safety monitoring relay (logic device) will catch wiring and electrical mistakes and prevent the machine from operating until the problem is fixed.

Fast forward to 2014, and all of a sudden these “simple checks” can no longer be taken for granted. More advanced Input devices can now be configured or programmed to detect unwanted access in a variety of ways. For example, there are laser scanners on the market capable of storing 70 or more programs, each containing multiple warning and safety detection zones. Safety monitoring relays are being replaced with programmable safety logic controllers. This means single safety functions are now replaced with software, giving engineers a blank slate with endless possibilities as to “how, when, and why” a safety function works. In addition, engineers now have over a dozen new options of controlling hazardous energy and motion (output) instead of just removing power. For example, using built-in safety technology on servo drives such as safe limited speed and safe direction.

To help avoid this potential high-risk situation and bridge the big gap created between the regulatory knowledge required, documentation required in demonstrating compliance, and engineering principles needed to optimize functionally, a new breed of engineer is required: a safety engineer. Figure 2 illustrates the knowledge requirements for fully implementing an effective safety solution.

Since OSHA’s creation in 1970, the regulatory requirements for machine guarding have not changed. Very few technologies other than physical guards existed at the time, leading to a low level of safety standards or engineering knowledge required to safeguard a machine. Over time as both standards and technology increased, a greater emphasis was placed on the “application of safety technology” rather than the regulations. However, the most recent wave of safety standards and their accompanying technology have dramatically increased the requirements of sound engineering principles. In fact, to effectively design and implement today’s safety technology, engineering is arguably the most needed skill set.

To assist in this process, TUV (one of several third-party safety certification organizations) has created programs to train and certify engineers in the skills required to properly design, install, validate, and test machine safety systems using these new standards and technology.

Even if an organization does not choose to immediately embrace the new advancements in the world of machine safety, it is imperative to be aware of them and include provisions (either for or against) in the machine safeguarding policy and engineering specifications. The last thing anyone wants is a machine that provides only the illusion of safety.

– Jeff Winter is safety business manager, North America, for Grantek Systems Integration Corp. Edited by Mark T. Hoske, content manager, CFE Media, Control Engineering and Plant Engineering,


Grantek Systems Integration Corp. is a CSIA member as of 3/5/2015

See more on mechatronics and safety in other articles linked at the bottom of this posting.

Key concepts

  • Machine safety design traditionally has had two opposing views: Build safety into the design up front or add safety to the machine afterward
  • Integrating machine safety into mechatronics design offers advantages. 

Consider this

You have any high-risk areas that give the illusion of safety?

Author Bio: Jeff Winter, senior director industry strategy, manufacturing, Hitachi Solutions.