OT - machine safety

Hi guys... I'm taking a greater interest in machine safety at the minute... an interest that really should be at the forefront when Novice Programmers Go Bad!

In a recent project I produced the attached schematic. I've never done a course on Safety Contols just picked up on differing machines over time.

KE1 and KE2 are two contactors feeding through the 3 phase 400v supply for the machine motors. Each guardswitch has a n/o contact for indication input to S7-314 plc.

http://www.schmersalusa.com/installation-details-pdfs/SRB301LC.pdf with Schmersal AZ 16-12ZVK guardswitches.

Is the wiring plan truly correct? Safety category 3 or 4?

What "rules of thumb" do you expert programmers use to incorporate the Safety Relay into the plc program?

What determines how many SRs you would use?



Many thanks in advance
s.f

I would power KE2 via contact 33-34 of the safety relay.

I had picked up on this as the attached schematic shows. It's done this way in the Pilz PNOZ X3 layout but as previous in the Schmersal layout.

I use mostly A-B, Pilz, & Telemecanique so I'm not sure if this applies to Schmersal but its always important to check the SR specification:

Look for this note in the data sheets: "To prevent contact welding, a fuse should be connected before the output contacts." (example is Pilz PNOZ X7P). So in your example I would fuse inputs 13 & 23 that drive KE1 & KE2.

Some of the safety relays can only handle a safety string of a limited number of contacts. I can't give you an exact example but look in the specification for a possible limit. Pay heed to the max. cable run resistance in the input circuit.


In your example, I would probably not use a safety output for a PLC input to say the safety relay is active, I would probably use series contacts through KE1 & KE2 to indicate that the entire circuit got activated but its a matter of choice for the designer. Some of my customers require me to do monitor all 3 and report if one of the relays failed.
Hope this helps.

The drawing you posted would be maximum cat 3.
If you want to learn how to evalute and design safety functions for a piece of equipment you should seek training on the Machinery directive.(if you are working on machines) There are many steps of assessment and evaluation before decided control components.
Also the catagory of a safety function which is based on EN954-1 is changing at the end of the year to use BS EN ISO 13849-1 which takes into account Performance levels (mean time between dangerous failure).
As this standard will be an ISO i wonder if anyone from the US will be using it?

Thanks so far, guys.

Thanks Henry... I'll look into BS EN ISO 13849-1.

henry5674 said:

The drawing you posted would be maximum cat 3...

Click to expand...

Please explain how this circuit could achieve Cat 4.

From AB.com: Category 4 (see Notes 2 & 3)
The requirements of category B and the use of well tried safety principles apply.
The system shall be designed so that a single fault in any of its parts does not lead to the loss of safety function.
The single fault is detected at or before the next demand on the safety function. If this detection is not possible then an accumulation of faults shall not lead to a loss of safety function.

Where should I be looking with this circuit?

Many thanks
s.f

Basically Cat 4 must detect faults before the next demand on the safety function
Cat 3 must detect faults whenever reasonable practical.Some but not all faults will be detected.

example would be,
1.Guard switch developes a single channel fault.
2.operator normally presses the e-stop before opening the guard
3.guard opens and the circuit cannot detect the single channel fault because the circuit has both channels broken.
4. system resets having found no faults
5. the guard switch fails completely! and the operator opens the guard without pressing the e-stop

The only true Cat 4 in this circuit would have 1 device per relay. but thats not practical all the time, this is why you should risk assess the equipment and determine what parts of the equipment require which catagorys. in my example maybe you could have the guard switches together in a cat 3 circuit and the e-stop on its own safety relay cat 4.But again that would based on a risk assesment of the equipment.

Don't spend too much time on EN954-1 catagorys as they will be void at the end of the year.

As Henry states a Cat4 would basically need a safety relay for each guard switch / estop which can get very expensive.

Have you looked at Siemens ASiSafe products or Sicks Flexi Soft?

With the ASi you can achieve Cat 4 with a single AsiSafe Module with multiple Estops/Guard Switches and you only need run one 2 core ASi cable out. The Sick also achieves Cat4 with One controller with each switch being wired back seperately to the controller.

And like Henry states rules are changing and we will be governed by EN ISO 13849-1 using performance levels in January see here.

Although there was talk of a 3 year extension to BS EN954-1, anyone know if this is happening or not ?

A Free Software Tool for the Easy Application of the Control Standard EN ISO 13849-1

Basically as i can make out there will be no extention, but its not been clarified yet. from what i've heard there will be a meeting with the EN council in december to finalise the situation. We're going over to 13849 anyway. The main difference for us is alot more paperwork

Dave, i've come across the ASI safe system before (IFM version) must say i was impressed. Very cost effective on simply safety cicuits and the dianostics are very good.

504bloke said:

...
Although there was talk of a 3 year extension to BS EN954-1, anyone know if this is happening or not ?
...

Click to expand...

They decided not to give extension.

TurpoUrpo said:

They decided not to give extension.

Click to expand...

I thought the meeting for this was in December ?

Cheers guys... loads of info for me to follow up on.

The risk assessment is cat 3 at most, but I'll verify that to be "sure-to-be-sure". It's a small rotary botlle-capper that previously had Cat B safety - no safety relay - and the safety circuit had failed due to water ingress into a safety switch.

Many thanks for your time and effort. I'll read-up into what's been highlighted here.

Regards
s.f