Your machine is going to need a safety system to protect the operator and equipment. How safe does it need to be; what safety sensors are needed; and what do the safety sensors connect to? In the distant past, it was just a start-stop circuit with a master control relay, which isn't very safe. Fortunately, both safety standards and safety hardware have advanced over the years.
Automation safety basics are not so basic today. Emergency stops, guard switches and light curtains are common safety sensors that connect to safety relays, safety controllers or safety PLCs. Many control designers are familiar with safety-sensor use but are not aware of, or do not understand, global safety standards.
A common disclaimer of any safety discussion is that you, the designer, are responsible for safety. You must comply with performance and safety requirements. There are many standards, codes and laws to follow, so, to be safe, get trained first. You will better understand a risk assessment and the design, hardware, software and testing requirements for a safety system.
Safety standards are learned and followed. Get with your automation manufacturers and vendors and get trained on safety standards. For example, according to ISO 13850, IEC 60204-1, IEC 60947-5-5 and probably NFPA 79, buttons used as actuators of an emergency-stop device shall be colored red. No big deal, but, a typical emergency-stop circuit must comply with many standards. The emergency-stop button must comply with these previous standards, the emergency stop control may need to conform to Stop Category 0 of IEC 60204-1, the safety relay may need to provide Cat. 3 PLd per IS013849-1, SIL CL2 per IEC 62061, or SIL 2 per IEC 61508 (they are all basically the same), and it must use force guided relays that conform to EN50205 and IEC 60947-5-1. It's a lot to sort out.
In addition to a need for training, the emergency-stop circuit example should make it clear that every safety sensor must be carefully designed into an overall safety system. Each sensor and circuit has its own safety requirements and safety rating. So, get trained, read some of the standards noted above and look up how to perform a risk assessment (ANSI B11.0, ANSI B11.19 and others) to determine the safety level required before continuing here. Manufacturers, vendors and standards organizations have it well-documented online.
Hardware at the heart of a safety circuit includes safety relays, safety controllers and safety PLCs. Which device used depends on an application because it is not one size fits all. On small, simple machines, safety relays are often a more cost-effective solution. A machine with a few emergency stops, a few guard door switches and a light curtain may work with a couple single-function safety relays. One safety relay would handle a power-off function, for the whole machine, based on the state of the emergency stops and the guard switches. The other safety relay would handle the light curtain zone stop function for when an operator reaches into a machine to load and unload a part, for example.
ALSO READ: The popularity of integrated control and safety continues to improve
Again, the safety relay should be used for a single function, and, with the new safety standards, connecting multiple sensors in series, daisy-chaining them, can reduce the safety level. With multiple sensors, consider using modular safety relays or configurable safety relays. They can increase the safety level and will work in this example and where multiple safety circuits and zones are required.
On larger machines with many safety sensors and where complex logic using distributed safety I/O, interlocks to other controllers and multiple zones are needed, a safety controller should be used. These software-programmable safety controllers are a cost-effective choice to add safety logic, making them flexible and scalable. A suitable application would be for a packaging line with many guard-door sensors and multiple zones including manual load, material change, heat seal, slitter and final pack out areas. The safety controller may also work well retrofitted onto an existing piece of equipment where additional functions and safety are needed.
A safety PLC works on many applications. However, it works best on large complex systems. Advanced multi-station assembly, process and conversion lines are a good fit due to their flexibility and connectivity. Regardless of what safety platform is chosen, it has little effect on the safety field devices. Whether safety relay, controller or PLC, the risk assessment, safety functions, testing and evaluation remains the same.
On the other side of a safety platform chosen, opposite safety sensors are power contactors. These contactors are needed when the contacts in the safety device cannot handle the load being controlled. Use of force-guided contactors, per EN50205, is common if the load is inductive or in excess of 6 A, but be sure to check the safety device's rating. Also, be aware that, in some cases, energizing the contactor may exceed the inrush current limits of the safety device. For example, a contactor capable of operating three-phase, 230 Vac, 15-hp motor or larger may weld the safety contacts closed.
Considering the Industrial Internet of Things and improving status and diagnostics capabilities, it is good practice to monitor the safety device’s status. This can be done with discrete inputs to a controller, but the use of an Ethernet fieldbus is becoming common. Depending on hardware used, standard devices and safety devices can be mixed on the same network cable. Safety protocols can provide fail-safe network communication up to Safety Integrity Level (SIL) 3 based on IEC 61508 standards. Safety PLCs, light curtains, safety interlock switches and I/O blocks can safely shut down a machine through an Ethernet cable.