Machine Safety: Risk of an actuator wired to general machine control versus safety controller

When deciding to apply a device to achieve a safety function, by default, that safety function should be achieved each time, actuated consistently and within a certain time period. For machine hazard mitigation, review these four points when considering risks and reliability of controllers versus safety controllers, defined by IEC 61508 (Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 1: General requirements).
By JB Titus December 18, 2014

Functional safety life cycle: 1) Perform risk assessment 2) Examine functional requirements 3) Design and verify mitigation 4) Install and validate 5) Manage, change, and improve. Courtesy: Control Engineering Machine Safety Blog, JB Titus & AssociatesThere are generally several devices on a machine to actuate a safety function. When safety-related devices are wired to general purpose control will they achieve their intended safety function reliably? My initial answer is NO! What’s yours?

This discussion generally comes about when someone looks at the functions of a machine and is trying to identify safety-related functions. This is actually the recommended course of action by many safety experts. And, sometimes this approach is part of a larger safety assessment of a machine. By identifying the safety functions, someone is determining the machine’s hazards and the possible mitigation steps for each hazard.

So, in my opinion, when deciding to apply a device to achieve a safety function, by default,  that safety function should be achieved each time, actuated consistently and within a certain time period.

For example, in a packaging machine that uses an elevator lift, an employee could be seriously injured. To prevent this serious injury an e-stop device is added to the machine control system to stop the motion and protect the employee. But does wiring the e-stop device to a general control logic solver achieve the desired safety function? The answer is only "maybe," which is unreliable when trying to measure and lower risk.

4 considerations: general controller versus safety controller

The answer requires deeper knowledge because there are several differences between general control versus safety control.

1. A general controller is designed and programmed to accomplish many functions as it scans the entire program and control system.

2. A safety controller is designed according to IEC 61508 (Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 1: General requirements) and must include redundant processes for all safety-related functions.

3. No redundancy: General purpose controllers are not required to have redundant processes or an interrupt capability to immediately actuate a demanded safety function as do safety controllers.

4. In a queue: An input from an e-stop device connected to a general purpose controller can go into a queue of many things for the controller to do, and at some undetermined point in time (which may or may not reduce risk for the employee) stop the machine.

It’s difficult to measure and mitigate risk to life and limb with a "maybe."

J.B. Titus, CFSEHas this presented you with any new perspectives about general controllers versus safety controllers? Do you have some specific machine safety topic or interest that we could cover in future blog posts? Add your machine safety comments or questions to the comments section below.

Related articles:

Machine Safety and safety maturity: Are you safe without injuries?

Safety is good business

Browse Machine Safety Blog posts on related topics.

Contact: www.jbtitus.com for “Solutions for Machine Safety.”