Machine safety networks

Networked safety: Learn everything you wanted to know about safety networks and their functions but were afraid to ask. Machine safety network checklist includes one often overlooked point.

By Ian Brough May 1, 2014

Very few safety networks existed 10-plus years ago; what existed were covered by little understood safety standards, and most networks were proprietary. In 2014, all kinds of new safety network capabilities and ideas are certified, standardized, and available off the shelf.

Today, there’s DeviceNet Safety (CIP Safety), Profisafe, AS-Interface Safety at Work (ASi-SaW), EtherCat FSoE, and Powerlink openSafety, just to name a few machine safety networks. How do you choose a network? There are many features and benefits that make selection a daunting task without significant familiarity with machine safety, let alone safety networks.

Let’s take a quick step back and look at where and how safety networks came into play. Safety used to be totally separate from machine control. A stand-alone safety control system performed safety functions, with its own sensors, controllers, and network communications. If a fault occurred, it was the safety system’s job to stop the machine and sound an alarm. Although the control system was perfectly capable of performing the same safety functions, the idea was to provide a redundant system in case the main control system failed.

Having a second control system became expensive and awkward. In most cases, machine controls came from one vendor, while the safety system came from another, which complicated engineering, integration, and aftermarket support. So efforts began to consolidate safety functions into machine control systems.

Now safety functions can now be incorporated into control systems, using safety networks to bring sensor information to the control system. Safety PLCs, for example, can perform both control and safety functions, meeting the safety requirements of ANSI and IEC.

Today, machine safety over a network is achieved with redundant or dual-channel systems that monitor for faults and prevent a restart when a fault occurs. But how does redundancy work in a network with only one pair of wires or a single channel of communications? The answer is surprisingly simple: it was recognized and acknowledged in IEC 61508 and other standards that redundancy within communications protocols was sufficient to meet the same levels of safety as dual-channel, hardwired systems. 

Checklist: Questions about safety networks

To determine which safety network is best for a particular environment, ask the following questions.

1. What do you want to achieve? Is the goal to:

  • Just stop the machine safely and nothing more?
  • Know why the machine stopped or complete diagnostics?
  • Configure new safety devices?
  • Both configure and diagnose field devices?

To answer these questions, information is needed about the project budget, how important the machine is to the process, and how much downtime is acceptable.

2. Just as importantly, what level of system security is required? What is the required speed and reliability of the response times? It is of paramount importance that these parameters are easy to determine and within acceptable limits.

3. Are staff members with sufficient training and understanding of the system available? Consider the complexity of configuring and maintaining the system. From my experience, this is the most underestimated factor. I have seen many systems not configured correctly initially, or altered after they were in operation in a manner detrimental to safety.

Two key standards provide guidance. Introduction of performance levels in ISO13849-1 and -2 and the recently adopted ANSI/RIA15.06 Robot and Robot Systems standard provide requirements to design, implement, validate, and maintain safety networks and other programmable safety systems. 

Safety functions over networks

The technical definition of a safety function per ISO12100 is "a function of the machine whose failure can result in an immediate increase in risk(s)." These functions are carried out by the safety related control part of the system and reduce risk to the user. Most safety functions are simple, such as emergency stops and protective stops.

But what about other safety components, such as light curtains, gate switches, safety mats and area scanners, or functions such as muting, bypass or presence-sensing device initiation (PSDI), etc.? These are easily implemented with a safety controller, but some functions can become difficult to perform reliably with a safety network simply because of response times.

For example, in a high-speed packaging line, if the system requires product to enter or leave through a light curtain or a PSDI, the speed at which the product is leaving can present a challenge for even the quickest networked systems.

If muting of the light curtain is performed over a safety network, the light curtain may not mute quickly enough, resulting in a trip of the light curtain. Usually, the culprit is the network and the safety PLC. Together, they have a response time that can exceed the time the product is in front of the muting sensors, thereby triggering the safeguard before it has a chance to be muted. This is an example of asking the system to do too much.

The solution may be to move this particular function off of the network by hardwiring its inputs and outputs directly to the safety PLC or to a separate safety relay.

Safety on a smaller scale

Advanced safety networks can run the most complex machines, although the cost of implementation, programming, engineering, and hardware in such a system may exceed what is necessary.

The point behind new safety performance levels is to allow a user more flexibility in choosing hardware, thus allowing reduction of cost and increased efficiency.

In many cases, machines are not as big and complex from a safety point of view as one might think, so it’s possible to safeguard these systems on a smaller scale with a dedicated separate safety system.

A separate safety system isn’t managing both machine control and safety simultaneously, but instead returns to the separate safety system and network design of the past. Due to advancements in machine control systems, safety systems, and networks, integration of separate systems is much simpler than before, making this a viable option in many cases.

There are now newer, simpler networks available that allow use on small scale applications. ASi-SaW, for instance, provides simplified safety on a smaller scale without the additional cost or complexity of managing larger amounts of diagnostic or configuration data over safety channels, keeping the system fast and relatively easy to set up.

Another example includes a safety network solution (Figure 1) that allows connection of up to 32 safety sensors via nodes. This type of solution costs less, makes the safety device network independent, and gives enough diagnostic information to minimize downtime. These systems require no addressing or data configuration, greatly simplifying installation and saving cost on engineering and installation time. Another recently introduced type of solution (Figure 2) allows up to 32 safety controllers to be connected and to share networked emergency protective stop information between cells or machines.

These newer systems maintain the highest level of safety rating and keep things simple, important to lower manufacturing costs, increase flexibility, and shorten time to market with a new product. The future promises to hold more solutions and surprises as safety systems become simpler to implement and more affordable.

Machine safety: Back to the future

Older dedicated safety networks and safety control systems were cumbersome, expensive, awkward, and hard to support. Today, safety networks are incorporated into control systems, thus simplifying overall system integration and programming.

But in many cases, safety networks and safety PLCs are overkill, too slow or too expensive for simpler machines and safety functions. The development of simpler safety controllers and safety networks makes it possible to go back to the future-that is, use similar ideas from 10 years ago, but in a more practical and less expensive way.

– Ian Brough is a national product manager for safety interfaces for Sick Inc. Edited by Mark T. Hoske, content manager, CFE Media, Control Engineering,

ONLINE May has more information and links to additional safety resources. See the Control Engineering machine safety blog.

Key concepts

  • Older dedicated safety networks and safety control systems were cumbersome, expensive, awkward, and hard to support.
  • Today, safety networks are incorporated into control systems, thus simplifying overall system integration and programming.
  • Simpler safety controllers and safety networks can lower cost and make installation and operation easier.

Consider this

Right-sizing machine safety networks to the application can save time and labor. 

ONLINE extra

About the author: Ian Brough has been in the industrial controls market for almost 30 years and is currently a national product manager for safety interfaces for Sick Inc. 

– See related articles below.