Safety questions

rpoet

Member
R
Join Date
Jun 2008
Location
New York, NY
Posts
536
I have a safety-related question for the group:
I work in the special effects industry, and mostly build equipment designed to fly people. We put performers in harnesses, attach them to a lifting cable, and a winch designed for the purpose then winds cable on or off to raise or lower them - a fairly straightforward concept.

Some of the safety features included are:
-Redundant brakes; one on the motor, and one on the output shaft that is shared with the drum.
-Direct drive from the gearbox to the drum - no chain drives at all.
-The use of two contacts on E-Stop switches and relays, to mitigate the chances of a welded contact situation.
-Depending on the situation, the use of two main contactors in series to mitigate a welded contact situation.
-Limit switches that OPEN to trip; thus, if a wire breaks, the circuit will fault to a safe, non-running condition.
-A run-enable / deadman button, that must be held down for the duration of the move; it prevents movement in the event of a bumped joystick.
-While a PLC may be involved with info feedback for the operator, the E-Stop circuit is a simple hardwired relay setup; makes it easy to troubleshoot, and reliable.

Most of the designs are simple joystick control, without the need for positioning. In special efects, we tend to like "carbon-based" position and speed control, as the performer on the other end of the line may not always be in exactly the same place each time. We have a saying: "A motor has no soul, and can't tell if it will hurt someone."

What other recommendations do the members of the group have that might improve the safety and reliability of the system? Questions and critiques are welcome.

Thanks all!

rpoet
 
Have worked in safety and have worked high 500' on cooling tower is max and have ridden in crane baskets so I appreciate the concerns. Also have done a bit of rigging including logging.

Are you only moving them up and down or in two directions ie "fly" them across the stage?

Electrically I think you have it all under control.

Is the drum brake set electrically or manually or do you have both? IF it were me on the end of that wire I would want the drum brake set gradually.

How do you prevent two blocking?
What provisions do you have if you foul a block or cross wrap a drum?

What are you using for motor speed control?

I wrote you on a private message - did you get it??

Dan Bentler
 
Last edited:
Dan,
Thanks for the quick reply. Here are the answers to your questions:

Are you only moving them up and down or in two directions ie "fly" them across the stage?
Click to expand...

Many times, we only need one axis of motion e.g. a silk artist, though there are times when a travel (horizontal) motion is needed, in addition to lift - think Peter Pan.

Is the drum brake set electrically or manually or do you have both? IF it were me on the end of that wire I would want the drum brake set gradually.
Click to expand...

We use the Roba-Stop Z brakes from Myer for the secondary brake. They don't exactly stop gradually, but it beats bouncing off the stage at the speed of gravity :eek:. Obviously, I never want to be is a situation where the E-Stop is needed, but it has to be there. In normal operation, the drive controls the operation of the (primary) brake on the motor; the Myer brake is held open by the supply from the E-Stop contactor. This is done because the Myer brakes don't always open quite quickly enough, and can "chirp." The winches need to be responsive, so we rely on the quicker acting motor brake in normal operation.

How do you prevent two blocking?
Click to expand...

We have two independant sets of mechanical limits. The first set is Decel. It puts the drive into "jog" mode, which is typically set MUCH slower than normal max speed. This allows the operator to get the most travel out of the system, and still limits speeds on the ends of the travel.

Ultimate limits are also in place to stop the drive from running any farther in a particular direction. Once hit, you can drive in the other direction only. We do have a password protected screen on the HMI that allows limits to be bypassed at low speed for setup and reaving cable. Obviously, not too many people get that password. The winches always get someone alone with them for install and setup. This is almost always rental gear, so it's not like going to the hardware store to buy a lawnmower, and then having to figure out how to use it. :)

What provisions do you have if you foul a block or cross wrap a drum?
Click to expand...

We actually don't have to worry about fouling cable in a block too much, owing to the blocks we use. They are machined such that the sheave is set into the sideplates, and there's no physical way for the cable to hop out of the sheave's tread.

We have pinch rollers that capture the cable on the drum; you can actually pay out cable with the system completely slack, and the winch will "spit" cable off the drum. We also sometimes use an electronic cross-groove detection scheme, where a cross-wrapped cable piles high enough on the drum to make electrical contact with a bar that completes a circuit, stopping the winch unitl cleared.

What are you using for motor speed control?
Click to expand...
Mitsi E-series with analog and DI inputs mostly. I've heard rummor that the E-series is going the way of the Dodo though. Looking at the A-series as a replacement.

I wrote you on a private message - did you get it??
Click to expand...

Nothing showed up in email. Is that what you mean?
Click to expand...
Just figured out the private message thing.

Thanks,
rpoet
 
Last edited:
rpoet,

From your description it sounds like you have done a lot to mitigate your hazards based upon the possible risks of your systems. A couple of thoughts I will give based upon my experience.

It sounds like your company makes systems for resell, which means that if something went wrong and someone was hurt your company would be the first brought into litigation. Workers comp, the customer, and/or the individual would all have opportunity to take your company to court, not to mention possible OSHA fines. Most likely you will have to pay something, but if found negligent the punitive damages the court will reward can sometimes close the doors of smaller companies, and tarnish the reputation of any company. The best defense to punitive damages, and excessive fines is to pay special attention to the documentation of your systems. A detailed risk assessment that reports hazards and what you did to mitigate is very important. Training materials, procedures and other documentation showing proper operation is also important. Since you are aways liable for the system, even 10 years and three owners later, you should photo the finish system in detail with all warning labels and safety devices in place, that way you can show that your system had the correct markings, safety devices in place when the system was blue and shipped from your company and now it's white with no markings, and disabled safety devices. If you have no safety documentation, you're taking great a great risk.

From your description and using EN954-1 hazard assessment, I would put your system at a Catagory 4 level, which requires safety devices listed for Catagory 4 to be used. Cat 4 does require dual channels with self evaluation. You mention dual channels, but didn't mention if they are safety rated or not. Check the safety rating of your devices, and rely upon your risk assessment to determine safety catagory.

Finally, you mentioned drives are being used in your system. As an FYI, the NFPA 79 2007 now allows safety rated drives to be used in safety applications, giving more flexiblity in controlling the motor when a safety function is enabled. For your application you might want to investigate your drives for built in safety. I'm not a drives guy, but I know most vendors are starting to include safety into their standard VFDs.
 
Have you considered loss of power (As in total mains failure) Would brakes operate quick enough if you were at the end of travel, at full speed but not actually on the decel limits. Reason I ask is we had a similar problem with a system (not with people on it) some years ago. Found it when power went during a thunderstorm, fortunatley no one was hurt and damage was cosmetic.
 
Gents,
To answer your questions:

mday,
The vast majority of our winches actually go into rental stock, as most theaters / films don't want to spend the money to buy one for one production. In the event that one IS sold as a package deal, we do a complete docs package complete with pictures for just the reasons you describe.

Cat. 4 is what I read as well. From a philosophical standpoint, our systems are designed to absolutely shut down if there's anything like a power failure, gooned control cable, etc... During an E-Stop, the only thing left with power is the PLC, which simply reports status info. The drive, brakes, etc all loose all power; I'm sure I'm not the first to think this is a good idea :)

We're looking into drives with "Safe-Off" type controls, but since we cut all power to the brakes anyway, it also seems just as easy to drop power to the drive as well.

Mike,
As far as a power outage goes, it's essentially the same as an E-Stop. Everything stops. If that happens with a performer in the air, it may "tickle" :eek: a little, but they'd be OK. The brakes just come on quick.

We typically use 1/8" cable, which has a breaking strength of 2000 lbs. So with a 10:1 design factor, you can still put a 200 lb performer in the air - and that's a really big performer. Most of the people we fly are typically half that weight, and if they're more, the cable gets bigger.

It's an interesting fact that cable actually has a fairly document-able stretch factor to it under load. Certainly not near enough to act as force-limitation in a fall arrest scenario, but it does serve to limit forces slightly in an unplanned stop situation. The use of aramid fiber lines, made from Kevlar-type materials are actually worse in this regard. Some of them have less than half the stretch of steel cable, so their correct use depends on many things.

And now, an observation:
It's funny that people get so freaked out over flying performers. Obviously, safety is PARAMOUNT, but think of it this way:
Things over people is normal. People over things is "dangerous."
Next time you go to a rock concert, look up at the rigging holding up the speaker stacks and lighting truss. That has the potential to take out a LOT more people than one performer on a wire.

That's why I love the work I do. I have to be absolutely sure every time I do anything. It's a zero-tolerance endeavor, and HAS to be right. The mantra is, "I will always be sure; always." Hubris has no place - you talk it out with someone if there's ANY question.

I suppose that applies to other industries as well. I'd hope the guy programming the PLC at the nuclear plant is always sure - talk about a larger order of magnitude of risk! That would scare the **** outta me!

Thanks,
rpoet
 

Similar Topics

N
Fanuc Robot DCS CIP Safety Questions
Hi Everyone, I am new to Fanuc robot, I have a question about the CIP Safety singal setup, please hlep! The plc is ab l36erms, robot...
Replies
1
Views
2,339
alive15
A
Y
AB Safety PLC questions
Hello, I have a tiny bit of experience developing with Codesys on Eaton plc's. I'm being asked to look into a project that is NOT well...
Replies
6
Views
3,775
plvlce
P
C
Guardmaster Configurable Safety Relay 440C-CR30- Few Questions ?
Good Afternoon , I'm having my first experience with a Guardmaster Configurable Safety Relay 440C-CR30. So far , I really like the...
Replies
1
Views
1,626
dmargineau
D
R
Safety design - diffrent questions
Hi, I'm reading up on safety in control systems and have a few questions. This is according to 13849-1. I have never been involved with designing...
2
Replies
17
Views
5,039
Iner
I
S
Safety PLC Questions
I have a project coming up that will need zoning and additional functionality added in the future. I wanted to get into distributed safety where a...
Replies
8
Views
3,736
seth350
S
Back
Top Bottom