Safety System - Suspension of Safeguards

I was hoping someone could help me answer a question regarding safeguards and a "set-up" mode. My customer is currently requesting a set-up mode be installed on thier machine, allowing them to bypass some of the safeguards while maintaining the machine. As per code (NFPA79, sec. 9.2.4), I have made this a Category 3 rated circuit to match the circuits it is overriding, however the remainder of the requirements are a little ambiguous.

If doing this, the code requires further measures be taken to insure accident prevention. Some of the measures suggested can only be accomplished through software (for example, limiting servo speed & power, or preventing automatic running of the machine). Therefore, can I make other things like a hold-to-run circuit software based, or do I need to add the appropriate safety relays as well?

Thanks,

Jason

First off, I doubt you be able to get much meaningful help to directly answer you question, but I do have some thoughts for you.

In a nutshell, I think it is safe to say that the safety circuit must be designed such that you can guarentee that tripping the circuit will eliminate danger. With that in mind, there are no servos I know of that are considered 100% safe unless they are disconnected from power. And the only way to guarentee the power is disconnected when using the safety circuit is to use the appropriate safety relays.

Also, should you bypass of some of these guards, make sure you still have adequate estop devices in the now-less-protected areas. The one thing you definitely don't want to do is allow someone into a dangerous area where they can no longer readily initiate an estop. This could mean adding additional pull-cords or light curtains, for instance.

In my opinion, it all comes down to responsibility. Since you are doing the design, you will be ultimately responsible for these decisions. If there is an accident and the safety system is found inadequate, you can be sure your customer will be more than willing to have you on the hook with them. If it were me, I would definitely opt for being overly cautious.

This is not an area where I, personally, would want to take any chances.

Steve

Originally posted by Steve Etter:

With that in mind, there are no servos I know of that are considered 100% safe unless they are disconnected from power.

Click to expand...

The Indramat Indradrive has a safety logic input that will get you to Catagory 3, I believe. The AB PowerFlex 700 also has a safe input. I just don't know what category that will get you. As I remember the new Unidrive SP also has a safety rated enable input.

The safe enable thing is becoming more and more popular as time goes on. I think manufacturers are starting to get sick of getting drives back with blown precharge circuits.

Keith

SEW Movidrive B also has a CAT 3 safety input.
Speed limit in software may be OK, but I would wire in a dead man switch, and have only the area actually being setup powered. All else should be dead.
Also like to point out that robot manufacturers such as Fanuc have solved this problem already for setting up their robots. I'm not sure how easy it is to do, or what measures they have taken internally within the control circuits. Looking at what they can do could give you some pointers on how to go about this.

- If your risk assessment process reveals category 3 or 4 requirements, carefully check if software based solutions are acceptable in your field. As stated by somebody else in another thread: document, document, document.
- this sounds like a "muting" thing, that has to be managed in a very specific manner (muting-in and out procedures, dedicated sensors and interlocking systems...).
- an addition of enabling devices can help you to maintain a safe distance between users and machines in case of maintenance, or to safely discard major functions if someone happens to work in a dangerous area. Check this out : http://www.jokabsafetyna.com/products/enablingdevice/positionEnDev.html
- small safety PLCs become very attractive compared to relays when you deal with nested or dependent safety areas.
- although each case is different and involves specific demands, a fact remains: safety-rated tools combined with non-safety rated actuators or sensors result in very tricky and hard to maintain solutions.
- ask your local inspector: customers requirements do not always match with safety management. "No" or "partially Yes" may also be valuable answers.
- generally speaking: "it is necessary to consider all stages in the life cycle of each machine including installation, commissioning, standard maintenance, troubleshooting, correct use operation and decommissioning. In addition, the consequences of foreseeable misuse or malfunction must be considered". This gives you an easy opportunity to increase your business flow with this customer, since he is responsible as well.