Safety: Tale of Two Applications

When done correctly, safety systems can be fun — or at least can make sure what's amusing doesn't turn tragic. A look at two case histories shows how integrating safety and control systems can cut costs while improving safety and reliability. The two examples are literally and figuratively from opposite ends of the earth.

By Hank Hogan for Control Engineering March 1, 2008

When done correctly, safety systems can be fun — or at least can make sure what’s amusing doesn’t turn tragic. A look at two case histories shows how integrating safety and control systems can cut costs while improving safety and reliability. The two examples are literally and figuratively from opposite ends of the earth. However, they do have something in common: the need for safe yet cost-effective automated operations.

Case 1: Fun, games, NFPA 160

While safety is a serious business, it also is important in the lighter side of things. A case in point is a recent, well received ride unveiled in a large amusement park in Tennessee. Safety programmable logic controllers (PLCs) and the associated human machine interface (HMI) from Pilz help ensure that people experience a thrill with minimal risk.

Achieving that was a challenge and required careful design, says Bob Hartline, vice president of systems engineering for Entech Creative Industries. The Orlando, FL-based company creates and builds brand destinations for the retail, theme park, entertainment and museum industries.

In the case of the new ride, on the surface it seemed simple. “It’s a roller coaster,” says Hart-line. In this case, though, after climbing, the roller coaster cars briefly stop and then there’s a flame burst that seems dangerous but isn’t. The cars travel on, and the flame burst repeats for the next set of riders, as little as 30 seconds later.

During peak season, the ride runs for up to 12 hours, with as many as eight people in each load. Hartline notes that the small group of spectators subjects the ride to NFPA 160, the standard that governs flame effects in front of an audience.

Safety related monitoring and control begins when the natural gas that powers the burners enters the building. Sensors monitor the gas pressure, guarding against low or high pressure. Other sensors check for the same conditions when the gas enters the room with the burners.

Burners are checked to ensure they’re not in a faulted state. Pilot lights for each burner are verified to be on and successful ignition also is verified when the main burner lights. Aside from ensuring the right amount of hydrocarbons ignites, the safety control system also oversees ventilation.

A large exhaust fan quickly removes flame byproducts. The system checks for safe operation in multiple ways. “We monitor the drive that runs the fan, and we also have an air flow sensor that tells us if air is being pushed out the duct,” Hartline says.

For additional safety, sensors also monitor oxygen levels. These help ensure that the other systems are operating and not producing false readings.

Doors that lead to the burners are interlocked so no one can access the system while the burners are active. There are also manual e-stops (emergency stop buttons) at various locations, says Hartline. Bringing up the system every morning requires checking the burners; technicians must engage buttons at various locations as the checklist is completed.

The 100 I/O point design accounts for possible mechanical failures as well as ill-advised actions from riders, operators, and maintenance personnel.

In the past, Hartline would have had to build a system with redundant PLCs, with each checking on the status of the others.

Hartline says that is no longer the case, with third-party certification of the safety PLC, which has built in redundancy. All of this makes Hartline’s job easier, since he only has to prove his design and the “one piece of software that I wrote.”

Case 2: Construct a can safely

On the other side of the world, safety control systems help play a key role in increasing productivity of a can production plant while increasing worker safety. Amcor Ltd., a global packaging company based in Abbotsford, Australia, makes aluminum cans in a facility in the Sydney suburb of Revesby.

The Amcor Beverage Cans site is equipped to produce nearly 2.5 million cans a day in a draw and wall iron process. This involves forming a shallow cup, stretching the cup’s walls to form an open-ended can, and then getting it ready to put on a lid or closure. The process involves a can-shaped ram bodymaker, a trimming machine, and other moving equipment.

In the past, each of the plant’s 11 bodymaker and trimming machine pairs had its own PLC interlocked with a separate hard-wired safety control system. A second PLC at each pair handled related high-speed control applications.

Company management wanted to upgrade the system for safety reasons. According to Chris Hilton, Amcor beverage cans engineering manager, an upgrade offered an opportunity to improve upon the control function. “Our legacy control system had served us well over the years, but we needed a more user-friendly system with advanced diagnostic and troubleshooting capabilities,” he says.

A complicating factor was that any upgrade had to minimize impact to existing production. With the production schedule requirements and resource constraints, neither the design nor installation process could be a prolonged one.

Working with local system integrator IGR Consulting, Amcor is in the process of replacing its old system with GuardLogix controllers from Rockwell Automation. The speed of the new platform eliminates need for a second PLC.

In addition, access to the 11 bodymakers and trimmers in the old system was secured by three hard-wired pneumatic guarding systems, each with a series of relays and pneumatic switches. On occasion, the switches would fail in the open position, creating a false alarm and shutting down the system. For either false or real alarms, a technician had to inspect each machine-guard in the group to locate the breach.

In the new system, this function is handled by safety switches and devices wired back to a local I/O module, which is connected to the controllers via a DeviceNet Safety communications network. This approach allows an immediate pinpointing of a tripped switch. “Troubleshooting false alarms and product jams is much easier,” says Hilton. “Our response time is quicker and downtime is minimized.”

Because the control solution is integrated, there’s no need to duplicate safety and standard inputs. Thus, there’s less wiring and fewer I/O connections. Other savings arise from use of local machine-mounted I/O modules and one communications network. These help minimize wiring and streamline installation. Plans call for this site-wide safety and control upgrade to be complete by mid-2008.

Hilton says the new approach has programming advantages, since standard and safety control system code could be developed concurrently. “That was a real time saver,” he says.