Safety and PLCs

sparkie

Lifetime Supporting Member
Join Date
Nov 2014
Location
KS
Posts
1,139
I have been hearing a lot about "dedicated safety PLCs". I am curious as to why you would need a dedicated PLC to perform safety tasks, and if you happen to be using regular safety switches and contacts, what would be the proper way to interface them into a PLC? This issue gets kind of gray and confusing for me.
 
This seems like an interesting thread. new Member has been bookmark.
g.png
 
For us, in boiler safety, we usually have a safety circuit as you describe it. All safety switches in series monitored by dedicated safety relay.
Some applications however do not allow switches in the field. Here we use analog sensors. To satisfy regulations and/or costumer demands we use safety Plc and have multiple sensors configured as 1oo2 or 2oo3.

The safety plc alzo also allows you to monitor cycle times, deactivate complete channels etc etc.

Now, there are many that do not consider a safety Plc safe. Truth be told, I think Siemens managed to get it approved by bedding Tüv in Germany.
 
I have seen all kinds of safeties, from mss to a safety relay, or combination systems that do a hard power break and go back to plc inputs. I have also seen machines where every switch goes back to a plc input. Normally open estops and normally closed. It all gets pretty confusing.
 
As far as normally-opened E-Stops: it's best & proper to require that current be flowing through a circuit to allow any movement (a broken wire or bad NO contact would never let you turn off the control). The only time a normally open contact or switch should be used is when you want to know that something is home, engaged, closed, secured, pressurized, etc.

If it's something that normally won't be tripped then require a normally-closed contact to monitor that it isn't opened (or a wire broken).

And for having every switch go to a PLC input, I would do that if the IO & budget allow.
 
Safety PLCs, and relays etc., are regulated devices OUTSIDE of North America. Here they are recognized, but the regulations surrounding them are not enforced.

So to meet the specific international safety standards, functioning, reliability, redundancy and failure modes are all part and parcel to the specifications. So to get approval of a safety system, ALL of the aspects of it must not only be considered, but also conformance tested and approved by safety evaluation agencies, people like TUV and a host of others around the world.

A "Safety PLC" will meet the criteria for this conformance testing by having totally separated safety functions taking place INDEPENDENTLY of any non-safety functions. Some choose to do this with totally separate PLCs, others, like Rockwell and Siemens, offer PLCs where the safety programming and functionality is built-in to the same hardware, but it has been tested and listed to be in conformance because INSIDE of the CPU and I/O processing, the safety functions are totally separate; separate programming, separate I/O, etc.

As top why a Safety PLC vs Safety Relays? I/O count is the main reason. If you have dozens and dozens of safety circuits on a machine, each one requiring a safety relay, then the programming and wiring gets complicated, expensive and difficult to manage effectively. On the other hand if you have a complex machine but only 2 or 3 safety circuits, then an entire safety PLC can be too expensive too.

As to how to implement safety relays onto a non-safety PLC, that is a question for whomever is designing the safety SYSTEM, as well as the specific safety relays and devices in question. There is no simplistic answer.

Many, if not most, of the major players in safety relays, components and/or PLCs provide system guidance documents describing how their different components work and are implemented. I suggest you start there if you are just beginning to get your feet wet on this.
 
I see what you are talking about as far as the different regional requirements for safety systems. You don't want something hanging up the controller and failing to stop a safety from stopping a machine. Another interesting safety system I have seen, and this one was on a German vacuum packaging machine was with a GuardLogix PLC, but the inputs to the PLC were fed with a PCB.

The MSS would get a signal, invert the wave and then pass it back to the PCB while the other reed in the switch would pass a straight signal back to the PCB and then there was a digital IO cable that passed the data to a PLC. Interesting thing about this machine, when we got it (new) all of the MSS were zip-tied onto the machine and that PCB I was talking about was placed on a piece of cardboard and "shoved" into its slot. We were not to happy about our supposedly wash-down rated machine having its main safety PCB held in place with a cut down piece of cardboard!

I'm pretty familiar with the way the varying equipment works, and I can read user manuals, I was just more interested in the different views and regulations on the application side of things.

Unfortunately, most of my questions tend to be like this rather than very specific :(.
 
I have been hearing a lot about "dedicated safety PLCs". I am curious as to why you would need a dedicated PLC to perform safety tasks, and if you happen to be using regular safety switches and contacts, what would be the proper way to interface them into a PLC? This issue gets kind of gray and confusing for me.
The "truth" is only because "Big Brother" says you do. :geek:
 
I have been hearing a lot about "dedicated safety PLCs". I am curious as to why you would need a dedicated PLC to perform safety tasks, and if you happen to be using regular safety switches and contacts, what would be the proper way to interface them into a PLC? This issue gets kind of gray and confusing for me.

As safety regulations change and more safety devices need to be installed, the task of hard-wiring a safety circuit with the proper relays and dedicated controllers becomes more complicated. For example, light curtains have different requirements than safety mats, Emergency Stops, or Two-hand controls.

Let's say you have an application where you have a light curtain, an E-Stop, and, say a safety mat. Now, let's say the light curtain needs to be muted because product needs to pass through it without shutting off the machine, but it can only be muted WHILE the product is passing through it AND the E-Stop and Safety Mat still must be able to shut the machine down at all times. You need three safety relays (one for each device) and a lot of hard-wiring to make this happen. You could be over $1,000 in costs very easily between parts and labor.

So, instead, you buy a safety controller, like a Guardmaster 440C. All of your devices, resets, lights, etc. wired into the Safety relay, and then you PROGRAM the safety circuit. Now, you are using specialized software that only allows you to program in certain ways and will not let you compile and download if you break the "rules." This of course isn't foolproof. You can program an unsafe safety circuit and you can do it improperly...but you can also designed an improper hard-wired circuit as well. The big thing here is that the program can't easily by changed, and you have to have the proper elements for it to work. The program is also "locked down" when it's downloaded so that changes can be tracked. The one I used for example gave me a unique code every time I downloaded, so that if there was a claim that the machine did something unsafe, I can pull up the program, look at the code, and verify that the program is exactly the same as when I last downloaded it. If not, then I know it has been tampered with.

By using a programmable safety controller in this application, you cut down on costs: design time, wiring time, and components. You cut down on the complexity of the wiring which reduces troubleshooting time. Those are just a few advantages.
 
Last edited:
Normally open estops and normally closed. It all gets pretty confusing.

Normally open E-stops are dangerous. Anytime you see one, changing it to a Normally closed and changing the circuit or program to accommodate should be a top priority. Why? Because wires fall off. And if a wire falls off one side of a N/O E-stop, that E-stop has been disabled and no one knows about it. An Emergency situation happens, someone presses it, the machine keeps going (because the machine doesn't know the difference between "no current because the E-Stop isn't pressed" and "no current because a wire fell off"), and somebody gets hurt or killed.

Fixing the machine is cheaper.
 
I see your point on the Estops. We have an entire floor that utilizes NO estops and just last week an electrician and I were discussing the importance of nc estops.
 

Similar Topics

Do all of the so-called "Safety PLCs" have a software-generated watchdog or heartbeat, so that if the software locks-up, crashes, or enters an...
Replies
3
Views
900
Hi All, I am looking for a Safety PLC which can execute the I/Os and logic in around 25mSec. This is for about 1000 I/O points. Any suggestions...
Replies
9
Views
2,241
Hello, A new process line is being installed, it has its own safety PLC monitoring various E Stops / Guard switches etc... Within the line is a...
Replies
10
Views
2,861
Are there any documents or standards for calculating the response time for a controls system? For example: Light Curtain response 20ms Safety...
Replies
3
Views
3,808
Hello, Does anyone have a good overview/camparison of Safety PLCs? Looking at an application with about 15-20 inputs and 5-10 outputs. There...
Replies
38
Views
21,722
Back
Top Bottom