Safety controllers: a primer

Clearly, interest in providing safer workplaces is growing among machinery manufacturers and end-users. This interest has been stimulated by new and emerging safety standards and guidelines, and by increased awareness of the benefits of a safer work environment. This article is an expanded version of the September 2002 Control Engineering's ''Back to Basics.''

By Control Engineering Staff September 12, 2002

This article is an expanded version of the September 2002 Control Engineering`s Back to Basics department .

Machine safety standards Typical ‘safety-approved’ machine guarding components

Clearly, interest in providing safer workplaces is growing among machinery manufacturers and end-users. This interest has been stimulated by new and emerging safety standards and guidelines (such as the European Machinery Directive, ANSI B11.19, ANSI B11.20, ANSI/RIA 15.06, OSHA National Emphasis Programs), and by increased awareness of the benefits of a safer work environment.

The level of interest is marked by a growing use of ”safety-approved” machine guarding components (see section on typical machine guarding components), and by a greater awareness of the importance of risk assessment by the equipment designer and end-user.

Those involved in workplace protection and machinery guarding have been influenced by a growing body of standards and regulations (see accompanying list of standards sources). In particular, decision-tree models (such as EN 954), and more recently publication of ANSI’s risk assessment guidelines (ANSI Technical Report B11.TR3), have prompted OEMs and end-users to recognize the importance of ensuring reliable operation of safety circuits through fault monitoring and detection by using ‘safety controllers’ (see photo).

Safety controllers defined

Microprocessor- and electromechanically-based safety controllers are used in a variety of machine-guarding applications to help protect workers from injuries. Source: Schmersal

Safety controllers are electromechanical or microprocessor-based monitoring devices installed between machine guarding input devices and the machine’s primary stop controls, such as motor contactors or control relays. These controllers typically contain redundant, self-checking safety system monitoring circuits and positive-guided output relays, commonly called ‘safety relays’ (see illustration).

Each controller is designed to detect faults in the safety circuit’s components and interconnection wiring, as well as in its own internal monitoring circuits and output relays. In addition, it senses the actuation of a machine guard interlock/E-stop switch.

If the controller detects a fault or open machine guard, it disables the output signals, stops the machine, and/or keeps the machine from restarting until the fault has been corrected. Units are available for use with machine guard interlocks, coded-magnet sensors, safety edges, safety limit switches, two-hand controls, light curtains, E-stops, emergency cable-pull switches, safety mats, and laser scanners to satisfy a broad range of Stop Category 0/1 application requirements.

This basic safety control system simply and inexpensively provides fault detection plus cross-monitoring and self-checking using a safety controller (‘black box’). The safety controller achieves the same function as a hard-wired circuit consisting of three positive-guided relays and more thatn 40 wiring points. Source: Schmersal

Detect fault in safety circuit

Depending on their design, safety controllers are capable of detecting various types of faults that may compromise the performance of the safety circuit. These include:

  • Welded or stuck interlock/E-stop switch contacts;

  • Misaligned guards;

  • Open circuit in interconnection wiring;

  • Short circuit in interconnection wiring;

  • Short-to-ground faults in intercon-nection wiring;

  • Fault in the controller’s monitoring circuits;

  • Welded or stuck contacts in the controller’s safety relays;

  • Insufficient operating voltage to the controller;

  • Capacitive/inductive interference on the controller’s inputs; and

  • Welded or stuck contacts in the controlled primary machine stop element (such as a positive-guided motor contactor or control relay).

Most microprocessor-based safety controllers feature flashing LED display patterns to identify and/or locate faults and minimize equipment downtime. A few typical indicators (for a specific safety controller) and their meaning are shown here
Green ‘on’ No faults detected and relay contacts closed
Yellow Pulse @ 0.5 Hz Guard open
Yellow Pulse @ 2 Hz Guard misaligned (or) Welded/stuck switch contact (or) No start signal (or) Start-up test required
Red (1 pulse) Guard switch circuit
Red (4 pulses) Capacitive/inductive interference on inputs
Red (5 pulses) Drop in supply voltage (or) Internal relay malfunction
Red (6 pulses) Welded/stuck internal relay contact
Red (7 pulses) Fault in safety controller monitoring circuit
Source: Schmersal

Some microprocessor-based safety controllers also feature integrated system diagnostics with LED displays, which indicate fault type and location, speeding trouble-shooting and minimizing machine downtime (see fault locator table).

Ensuring that a safety system will perform requires ability to detect safety circuit/component faults, then shut down the machine until the fault has been corrected. Safety controllers heighten safety system reliability and reduce the possibility of worker injury.

Recommended uses

Numerous applications exist in which the use of safety controllers is encouraged or recommended. These include, but are not limited to applications where:

  • Assessed risk of injury is relatively high. For example, applications assessed as Safety Category 3 or 4 using EN954, or medium or high assessed risk levels using ANSI B11.TR3 guidelines;

  • Safety system inputs are from coded-magnet (reed switch-based) sensors;

  • The designer wishes to satisfy ANSI ‘control reliability’ requirements; and

  • Relatively low level of assessed risk exists (e.g. EN 954 Safety Category 1 or 2) for which the designer/user wishes to heighten the overall reliability of the safety system.

Maurizio Lauria is an application engineer with Schmersal Inc., Elmsford, NY.

Comments? E-mail

Machine safety standards

For more information on standards or for copies of individual standards or regulations, contact the sponsoring organization:

EN and IEC Standards:
Global Engineering Documents
15 Inverness Way East
Englewood, CO 80112

EN, IEC, NFPA, and ANSI Standards:
American National Standards Institute
11 West 42ndSt.
New York, NY 10036

OSHA Regulations:
Superintendent of Documents
Government Printing Office
Washington, DC 20402-9371

EN (European Norm) –
OSHA (Occupational Safety and Health Administration) –
ANSI (American National Standards Institute)
RIA (Robotics Industries Association) –
ISA (The Instrumentation, Systems, and Automation Society) –
NFPA (National Fire Protection Association) –
UL (Underwriters Laboratories, Inc.) –

Typical ‘safety-approved’ machine guarding components

The following devices are considered appropriate for protecting operators from injury:

  • Keyed interlock switches with positive-break contacts

  • Emergency cable-pull switches with ‘push’/pull operation

  • Hinged interlock switches with positive-break contacts

  • Positive-break E-Stop pushbuttons

  • Safety limit switches

  • Coded-magnet sensors

  • Safety edges

  • Light curtains

  • Safety light beams

  • Laser scanners

  • Safety mats