Best Practice is to Assess...
I know that when I reply with these kinds of posts it is probably never what the OP wants to hear, but hear it they must, I feel...
theColonel26 said:
E-Stop Wiring - Best Practices (Sub Machines)
Best practice is to carry out a Risk Assessment (I know you did not design this). This should determine how many/where, and what each Emergency Stop actuator should actually be intended to dissipate (Electrical/Pneumatic, etc.). Think Zonal Safety.
theColonel26 said:
...The E-Stop on the main panel kills everything, but the E-Stop on each solenoid panel only kills that machine...
You sound like you think they must all either do the same thing, or all do a separate thing, but not do a mix of things? Again, a Risk Assessment would (should) have decided this Zonal Safety design.
theColonel26 said:
...If I were gonna do this from scratch, I would have all 4 E-Stops in series each one would kill everything, or not have the E-Stop on the Main Panel at all, but leave the ones on the solenoid panels alone, to only control their machines.
Your Risk Assessment should decide what way
you would design it. If properly assessed, you would (should) not really be saying things like the above. "I would have it this way, or if not this way, I'd have it that way"? That is not how Functional Safety Design works, or not how it should work. Assess the risks, reduce or mitigate what's possible, calculate the required Safety levels for the remainder, design and implement. Test, document, and where necessary, periodically proof test. If Zonal Safety was assessed to be the most suitable design here, then that is perfectly fine to implement.
Just because this design does not sit right with your way of thinking (or whatever it is about it you don't like?), it does not necessarily mean it is incorrect. If a proper Risk Assessment/Hazard Analysis had been carried out here, then there could be good reasons it is designed this way. The master control panel could be deemed exactly that - only to be used in certain circumstances, for a system-wide Emergency Shutdown (Master Zone). For each individual machine, if their local Emergency Stop actuator is deemed only necessary to bring that one machine to its Safe State, and no other machine need stop, and it does not create any further risks/hazards to other parts of the running system, or stopped machine, then it may be fine to use a Local Zone.
For Functional Safety Design, there is no best practice for vague or loosely similar scenarios, such as a multi-machine application. Each application may vary a little or a lot, especially with regard to the risks and hazards that may be involved. These are never predetermined or prescribed. From a Safety point of view, we cannot look at systems holistically. You must assess each system, or functional parts of a system, individually, and case by case.
The "Oh, I always this...", or "Oh, I never that..." mentality cannot and should not apply for Safety Design.
Even though Emergency Stop actuators are only classed as a complimentary protective measure to the primary Safety Related Parts of a Control System (SRP/CS), they are designed to provide an important function within the overall Safety Design. Therefore, we cannot apply standard practices in control philosophy when deciding which way we might like to wire them up.
An existing Risk Assessment, or a new Risk Assessment would be required here before any of us, and especially you, could determine if what has been implemented here is suitable, or not. Without that, I'm afraid, all else would simply be an "Oh, I..." control philosophy discussion, which has no real place here, in my Safety educated opinion.
So why might you think it was done this way? Or more importantly, why do you think it should not be done this way? This would be the beginning of you assessing this, but only consider possible risks and hazards when thinking about this. Not best practices, not control wiring principles, and not what sit right with you.
Functional Safety is all or nothing. You should not half implement it and you should not touch it if unsure. I say "should" because many do.
Regards,
George