PLC's and E-stops

dginbuffalo · Oct 21, 2013

Most of the panels we build use a E-stop master relay that allows common power to the PLC output modules. If you hit the E-stop, all output power is removed (and the logic disables outputs anyways). Is this required, or who else used this kind of interlocking. I don't always see it in other panels and sometimes, it is difficult to do this with processors and I/O in one brick module. Any thoughts on this?

dmargineau · Oct 21, 2013

The E-Stop functionality and circuitry implementation has become a standard for all modern automation systems.
It is up to the end user to determine its own safety requirements.
If dealing with old "brick" type all-in-one controllers it is a matter of isolating the supply power (either Line or Load side)for the Output points via dedicated relays, relays controlled by the Master Safety Relay, MSR monitoring the state of all field Safety Input devices.

Fredlaroche · Oct 21, 2013

That's how I do it too and I think this is the best way to do it. What I usually do is I cut the power supply to every output that activate something that may have potential energy. If you are not familiar with the term, potential energy is what is LIKELY to happen when the output is activated (in normal condition as well as in abnormal). For instance, suppose you have a pneumatic valve connected to an output, the potential energy is the pneumatic pressure at the valve. You can imagine the consequences.

In the event of an E-Stop, I will cut the power off to those output but I will keep the outputs with no potential energy such as signaling devices.

I hope this helps!

MikeW · Oct 21, 2013

Try a little Risk Analysis...

While this is usually OK, be aware of any issues this may cause, e.g. shutting off a VFD run signal to a compressor that then ramps down in speed for 30 seconds due to mechanical requirements and a discharge isolation valve on the compressor that goes to a fail safe normally closed position within 3 second, you could be exercising the systems's relief valve and scaring the bejezus out of the guy that hit the Estop when it vents and relieves pressure.

Donnchadh · Oct 21, 2013

Hi

Your catgeory rating will also cause you the wire the panel a certain way.
Do you know what level of safety you require as if you have drives or servos it will also change your wiring

Donnchadh

James Mcquade · Oct 21, 2013

the requirement is in nfpa 79 - standard handbook for electrical machinery if my memory is correct. I don't have my copy with me at work.

if you google it, you will find an older pdf copy.

there is an exemption for killing the outputs.

regards,
james

kku · Oct 22, 2013

James Mcquade said:
the requirement is in nfpa 79 - standard handbook for electrical machinery if my memory is correct. I don't have my copy with me at work.

if you google it, you will find an older pdf copy.

there is an exemption for killing the outputs.

regards,
james

Maybe there is an exemption if killing the outputs lead to a hazardous situation?

We have vertical cylinders and grippers. I always have problems with what to do when there is a machine e-stop. If the outputs are turned off, do the vertical cylinders drop? Do the grippers open and drop the product? Do we use center closed solenoid valves and trap pressure in the cylinder to make it stay in place?

dploof23 · Oct 22, 2013

kku said:
Maybe there is an exemption if killing the outputs lead to a hazardous situation?

We have vertical cylinders and grippers. I always have problems with what to do when there is a machine e-stop. If the outputs are turned off, do the vertical cylinders drop? Do the grippers open and drop the product? Do we use center closed solenoid valves and trap pressure in the cylinder to make it stay in place?

I take it on a case by case basis. A risk analysis has to be done before answering these questions safely.

Can these cylinders/grippers be de-energized and disconnected from the power source safely before permitting access by a person?....or on the flip side....if these cylinders/grippers are de-energized would there be potential for injury with something dropping on someone?

We have some equipment with a vertical assembly driven up and down by a pneumatic cylinder that drops when de-energized. All doors are interlocked so the operator can't get into the danger zone until everything is down.

I don't like any access to danger zones with any energy source present.

Dave

bernie_carlton · Oct 22, 2013

While many output devices can be returned to a safe state merely by removing power and/or compressed air/hydraulic, others have to be stopped in a sequence.

When proper safe stopping requires a specific sequence we use safety relays with time delay outputs. These open at set times after the relay is turned off.

In the case of a vertical axis it first signals the actuator to a quick stop (if it was moving) then engages a safe holding brake before removing power.

You can't entrust this timing to the PLC as it may be a single point of failure.

If there is a significant amount of time then solenoid locked access doors may be required to allow access only after all the timed safety procedures have completed.

Fredlaroche · Oct 22, 2013

kku said:
Maybe there is an exemption if killing the outputs lead to a hazardous situation?

We have vertical cylinders and grippers. I always have problems with what to do when there is a machine e-stop. If the outputs are turned off, do the vertical cylinders drop? Do the grippers open and drop the product? Do we use center closed solenoid valves and trap pressure in the cylinder to make it stay in place?

This should all be covered in your risk analysis. However, one thing is for sure, i would NEVER rely on a PLC output to achieve safety states on a machine. There are too many possible electrical failures to take it as a reliable safety device.

Take for exemple you grippers. If you figure that in the event of a E-stop, the grippers have to hold their load so that they don't drop product on staff, don't do this with the output. NEVER. Have a breaking mechanism at the actuator. If it's hydraulic, make it normally clamping. If it's a pin break, make it normally inserted. Something like that. Don't rely on the output. You never know when a Blown fuse will void the output. You never know when a broken wire will void the output.

Risk assessment will help you determine the safest state of the machine and you will then be able to do proper design and parts selection. It's not really a rule you will find anywhere but it's common sense. Do NOT rely on PLC outputs for staff side safety. Figure what the safest state is, and make it so the machine will achieve this state by itself in the even of a power loss or an e-stop.

Also, Bernie brings up a very good point. Safe-state is sometimes acheived through some sort of sequence. In those cases, use hard wired safety logic components that have redundancy and self diagnostic features. You cannot go wrong with those.

The Plc Kid · Oct 22, 2013

Fredlaroche said:
However, one thing is for sure, i would NEVER rely on a PLC output to achieve safety states on a machine. There are too many possible electrical failures to take it as a reliable safety device.

Unless you have a safety plc. That what safety plc's are for and cover most cases but you may still need mechanical or other isolation type devices depending on the device at hand. No Pun Intended.

PLC's and E-stops

dginbuffalo

Member

dmargineau

Lifetime Supporting Member

Fredlaroche

Member

MikeW

Member

Donnchadh

Lifetime Supporting Member

James Mcquade

Member

kku

Member

dploof23

Member

bernie_carlton

Lifetime Supporting Member + Moderator

Fredlaroche

Member

The Plc Kid

Member

Similar Topics