Machine Safety: Risk of an actuator wired to general machine control versus safety controller
When deciding to apply a device to achieve a safety function, by default, that safety function should be achieved each time, actuated consistently and within a certain time period. For machine hazard mitigation, review these four points when considering risks and reliability of controllers versus safety controllers, defined by IEC 61508 (Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 1: General requirements).
There are generally several devices on a machine to actuate a safety function. When safety-related devices are wired to general purpose control will they achieve their intended safety function reliably? My initial answer is NO! What’s yours?
This discussion generally comes about when someone looks at the functions of a machine and is trying to identify safety-related functions. This is actually the recommended course of action by many safety experts. And, sometimes this approach is part of a larger safety assessment of a machine. By identifying the safety functions, someone is determining the machine’s hazards and the possible mitigation steps for each hazard.
So, in my opinion, when deciding to apply a device to achieve a safety function, by default, that safety function should be achieved each time, actuated consistently and within a certain time period.
For example, in a packaging machine that uses an elevator lift, an employee could be seriously injured. To prevent this serious injury an e-stop device is added to the machine control system to stop the motion and protect the employee. But does wiring the e-stop device to a general control logic solver achieve the desired safety function? The answer is only "maybe," which is unreliable when trying to measure and lower risk.
4 considerations: general controller versus safety controller
The answer requires deeper knowledge because there are several differences between general control versus safety control.
1. A general controller is designed and programmed to accomplish many functions as it scans the entire program and control system.
2. A safety controller is designed according to IEC 61508 (Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 1: General requirements) and must include redundant processes for all safety-related functions.
3. No redundancy: General purpose controllers are not required to have redundant processes or an interrupt capability to immediately actuate a demanded safety function as do safety controllers.
4. In a queue: An input from an e-stop device connected to a general purpose controller can go into a queue of many things for the controller to do, and at some undetermined point in time (which may or may not reduce risk for the employee) stop the machine.
It’s difficult to measure and mitigate risk to life and limb with a "maybe."
Has this presented you with any new perspectives about general controllers versus safety controllers? Do you have some specific machine safety topic or interest that we could cover in future blog posts? Add your machine safety comments or questions to the comments section below.
Browse Machine Safety Blog posts on related topics.
Contact: www.jbtitus.com for “Solutions for Machine Safety.”