You are not registered yet. Please click here to register!


 
 
plc storereviewsdownloads
This board is for PLC Related Q&A ONLY. Please DON'T use it for advertising, etc.
 
Try our online PLC Simulator- FREE.  Click here now to try it.

New Here? Please read this important info!!!


Go Back   PLCS.net - Interactive Q & A > PLCS.net - Interactive Q & A > LIVE PLC Questions And Answers

Reply
 
Thread Tools Display Modes
Old February 12th, 2020, 12:09 PM   #1
theColonel26
Lifetime Supporting Member
United States

theColonel26 is offline
 
theColonel26's Avatar
 
Join Date: Feb 2014
Location: West Michigan
Posts: 493
E-Stop Wiring - Best Practices (Sub Machines)

So I have this existing design. No, I did not design it.

There are three identical machines controlled by 1 PLC.

So there is the Main Control Box (with the PLC), with an E-Stop on the front, and each machine has it's own air solenoid box, with a master Air Solenoid, and it's own E-Stop.

The E-Stop on the main panel kills everything, but the E-Stop on each solenoid panel only kills that machine.

If I were gonna do this from scratch, I would have all 4 E-Stops in series each one would kill everything, or not have the E-Stop on the Main Panel at all, but leave the ones on the solenoid panels alone, to only control their machines.
__________________
SkyCad is by far the Best ECAD Schematic Software I have used.


Fact my "Fun Facts" are never fun
  Reply With Quote
Old February 12th, 2020, 01:37 PM   #2
jholm90
Member
Canada

jholm90 is offline
 
Join Date: Mar 2012
Location: Ontario
Posts: 81
If they are stand-alone/separate operator workstations and have just saved cost with one plc instead of three would that change your opinion? It should be everyone is the captain of their own ship if it’s a separate process regardless of where the main control box is located, each with its own separate safety circuit.
  Reply With Quote
Old February 12th, 2020, 01:52 PM   #3
Geospark
Lifetime Supporting Member
Ireland

Geospark is offline
 
Geospark's Avatar
 
Join Date: Feb 2012
Location: Kildare
Posts: 2,934
Best Practice is to Assess...

I know that when I reply with these kinds of posts it is probably never what the OP wants to hear, but hear it they must, I feel...

Quote:
Originally Posted by theColonel26
E-Stop Wiring - Best Practices (Sub Machines)
Best practice is to carry out a Risk Assessment (I know you did not design this). This should determine how many/where, and what each Emergency Stop actuator should actually be intended to dissipate (Electrical/Pneumatic, etc.). Think Zonal Safety.

Quote:
Originally Posted by theColonel26
...The E-Stop on the main panel kills everything, but the E-Stop on each solenoid panel only kills that machine...
You sound like you think they must all either do the same thing, or all do a separate thing, but not do a mix of things? Again, a Risk Assessment would (should) have decided this Zonal Safety design.

Quote:
Originally Posted by theColonel26
...If I were gonna do this from scratch, I would have all 4 E-Stops in series each one would kill everything, or not have the E-Stop on the Main Panel at all, but leave the ones on the solenoid panels alone, to only control their machines.
Your Risk Assessment should decide what way you would design it. If properly assessed, you would (should) not really be saying things like the above. "I would have it this way, or if not this way, I'd have it that way"? That is not how Functional Safety Design works, or not how it should work. Assess the risks, reduce or mitigate what's possible, calculate the required Safety levels for the remainder, design and implement. Test, document, and where necessary, periodically proof test. If Zonal Safety was assessed to be the most suitable design here, then that is perfectly fine to implement.

Just because this design does not sit right with your way of thinking (or whatever it is about it you don't like?), it does not necessarily mean it is incorrect. If a proper Risk Assessment/Hazard Analysis had been carried out here, then there could be good reasons it is designed this way. The master control panel could be deemed exactly that - only to be used in certain circumstances, for a system-wide Emergency Shutdown (Master Zone). For each individual machine, if their local Emergency Stop actuator is deemed only necessary to bring that one machine to its Safe State, and no other machine need stop, and it does not create any further risks/hazards to other parts of the running system, or stopped machine, then it may be fine to use a Local Zone.

For Functional Safety Design, there is no best practice for vague or loosely similar scenarios, such as a multi-machine application. Each application may vary a little or a lot, especially with regard to the risks and hazards that may be involved. These are never predetermined or prescribed. From a Safety point of view, we cannot look at systems holistically. You must assess each system, or functional parts of a system, individually, and case by case.

The "Oh, I always this...", or "Oh, I never that..." mentality cannot and should not apply for Safety Design.

Even though Emergency Stop actuators are only classed as a complimentary protective measure to the primary Safety Related Parts of a Control System (SRP/CS), they are designed to provide an important function within the overall Safety Design. Therefore, we cannot apply standard practices in control philosophy when deciding which way we might like to wire them up.

An existing Risk Assessment, or a new Risk Assessment would be required here before any of us, and especially you, could determine if what has been implemented here is suitable, or not. Without that, I'm afraid, all else would simply be an "Oh, I..." control philosophy discussion, which has no real place here, in my Safety educated opinion.

So why might you think it was done this way? Or more importantly, why do you think it should not be done this way? This would be the beginning of you assessing this, but only consider possible risks and hazards when thinking about this. Not best practices, not control wiring principles, and not what sit right with you.

Functional Safety is all or nothing. You should not half implement it and you should not touch it if unsure. I say "should" because many do.

Regards,
George
__________________
"A little nonsense now and then is relished by the wisest men".
  Reply With Quote
Old February 12th, 2020, 02:01 PM   #4
Geospark
Lifetime Supporting Member
Ireland

Geospark is offline
 
Geospark's Avatar
 
Join Date: Feb 2012
Location: Kildare
Posts: 2,934
Quote:
Originally Posted by jholm90-
If they are stand-alone/separate operator workstations and have just saved cost with one plc instead of three would that change your opinion? It should be everyone is the captain of their own ship if its a separate process regardless of where the main control box is located, each with its own separate safety circuit.
With respect,

This is a holistic approach and one of the points I am trying to make. Retro-recalling a previous or similar scenario that someone has previously implemented or is aware of and assertively applying the same "rules" to a different system. For Functional Safety, we cannot or should not pin any one design to another. This application is unique, and no matter how similar or identical we think it might be to other systems, we cannot apply the same Functional Safety Design here. It must be uniquely Risk Assessed.

I am not talking about an OEM manufacturing identical machines or systems with identical Safety Designs. That is fine. I am talking about one individual advising another, assertively, based on previous experiences.

Most definitely, one size does not fit all here.

Regards,
George
__________________
"A little nonsense now and then is relished by the wisest men".
  Reply With Quote
Old February 12th, 2020, 05:00 PM   #5
janner_10
Lifetime Supporting Member
United Kingdom

janner_10 is offline
 
Join Date: Dec 2014
Location: Tewkesbury
Posts: 1,101
Quote:
Originally Posted by theColonel26 View Post

If I were gonna do this from scratch, I would have all 4 E-Stops in series each one would kill everything, or not have the E-Stop on the Main Panel at all, but leave the ones on the solenoid panels alone, to only control their machines.
Why?
  Reply With Quote
Old February 12th, 2020, 05:01 PM   #6
mass89
Member
United Kingdom

mass89 is offline
 
Join Date: Oct 2017
Location: England
Posts: 60
As mentioned, each system should be designed within its own rights (based on a risk assessment) and there's not a "one for all" rule.
  Reply With Quote
Old February 13th, 2020, 12:57 AM   #7
Aabeck
Member
United States

Aabeck is offline
 
Aabeck's Avatar
 
Join Date: Feb 2013
Location: Detroit
Posts: 1,861
I work on a system with 3 hot platen presses, one cooling press, a carriage, 4 assembly stations, a load station, an unload station, a main operator station and a master control panel.

Each one has an E-stop circuit with safety relay, but also has another safety relay in series tied to every other safety relay in the system. Pressing any 1 of the e-stops kills every machine, component and panel there. The safety relay that is tripped by the E-stop has to have its Reset PB pressed to reset that panel, but the second safety relays all reset automatically when the one (or all) tripped have been reset.

I also built a panel for a rinse line after a deburr machine and made sure that if the e-stop on either one was pressed it killed the other machine, since they were connected together in a single line and the e-stop at the entrance of the rinse line was right at the deburr machine exit.

Unless the OP's 3 machines are completely independent and separated I would be thinking of one loop.
__________________
Never underestimate the quality of idiots that will be running your machines
http://aabeck.com
  Reply With Quote
Old February 13th, 2020, 04:49 AM   #8
JesperMP
Lifetime Supporting Member + Moderator
Denmark

JesperMP is offline
 
JesperMP's Avatar
 
Join Date: Feb 2003
Location: Copenhagen.
Posts: 14,468
Quote:
Originally Posted by theColonel26 View Post
If I were gonna do this from scratch, I would have all 4 E-Stops in series each one would kill everything, or not have the E-Stop on the Main Panel at all, but leave the ones on the solenoid panels alone, to only control their machines.
It is totally acceptable to design a safety system where an E-stop does not neccessarily stop everything.

If for example pressing an E-stop causes the stop of an entire production line, thereby causing a significant loss of production, then that is an incentive to "misuse", like bypassing the E-stop interlocking between machines. Taking this into account can therefore make a safer system, because it prevents mis-use.

You go about that by your risk assessment you decide to split the areas where there will be operators into "zones".
So if you have an operator that can be in a zone "z1" where he has access to machine areas "a1" and "a2", but not area "a3", then the E-stop in zone z1 is wired to a safety relay that will stop the machinery in area a1 and a2.
If there is another zone z2 where an operator has access to a machine areas a2 and a3, but not a1, well you get the idea.

To put it simple, in a zone where an operator or maintenancen person can be, and there are any risks that arent always guarded, then there must be an E-stop in that zone that stops these risks within the area the zone covers. The E-stop in an area does not have to stop risks outside the area in question. Zones can be overlapping.
__________________
Jesper
See my profile interests for Q&A
  Reply With Quote
Old February 13th, 2020, 05:04 AM   #9
JesperMP
Lifetime Supporting Member + Moderator
Denmark

JesperMP is offline
 
JesperMP's Avatar
 
Join Date: Feb 2003
Location: Copenhagen.
Posts: 14,468
Oh, regarding the mis-use, then it is a greater concern that many believe.
This because that when individual machines are interlocked via their safety circuits, then that is usually done via safety relays. The E-stop contacts on one machine are not directly connected to other machines.
This has the effect that the safety contacts will drop not only when there is an emergency, but any time that the safety relay is off. For example when the machine is powered down for maintenance. So the safety relay contacts will be off much more frequently then you would think, and that makes the need to avoid stopping other machines unneccessarily more important.
__________________
Jesper
See my profile interests for Q&A
  Reply With Quote
Old February 13th, 2020, 10:39 AM   #10
James Mcquade
Member
United States

James Mcquade is offline
 
Join Date: Oct 2007
Location: Tennessee
Posts: 2,903
in regards from doing this from scratch, you MUST follow the rules as set forth in the following.
NEC70 - electrical code
NFPA70E - arc flash
NFPA 496 - purging and pressurizing of enclosures - if applicable
NFPA 79 - electrical standard for industrial machinery.
other codes may apply based on your application.
doesn't matter what is at your facility, when doing a new design, you have to go by these codes.


James
  Reply With Quote
Old February 13th, 2020, 08:59 PM   #11
theColonel26
Lifetime Supporting Member
United States

theColonel26 is offline
 
theColonel26's Avatar
 
Join Date: Feb 2014
Location: West Michigan
Posts: 493
While I appreciate the level of detail. My question was more along the lines if shouldn't it be one or the other not both, as it seems it would confuse people.

As for running risk assessments I have heard this time and time again on this form but I have yet to ever meet an Engineer that does them or even knows anything about how to do one.

The most risk assessment I have ever done is sitting around a table with a couple other people and discussing the possibilities of what could happen and whether we think they are very likely, and how that ways against productivity.
__________________
SkyCad is by far the Best ECAD Schematic Software I have used.


Fact my "Fun Facts" are never fun
  Reply With Quote
Old February 13th, 2020, 09:01 PM   #12
theColonel26
Lifetime Supporting Member
United States

theColonel26 is offline
 
theColonel26's Avatar
 
Join Date: Feb 2014
Location: West Michigan
Posts: 493
Quote:
Originally Posted by James Mcquade View Post
in regards from doing this from scratch, you MUST follow the rules as set forth in the following.
NEC70 - electrical code
NFPA70E - arc flash
NFPA 496 - purging and pressurizing of enclosures - if applicable
NFPA 79 - electrical standard for industrial machinery.
other codes may apply based on your application.
doesn't matter what is at your facility, when doing a new design, you have to go by these codes.


James
Yes I try to Follow the NEC 70, but most of it is inapplicable to what I design though. I still try to follow the spirit of it though.

I am actually going to order a copy of the NFPA 79 and NFPA 496 right now. I've heard people mention the NFPA 79 but I've never had a copy to look at.
__________________
SkyCad is by far the Best ECAD Schematic Software I have used.


Fact my "Fun Facts" are never fun

Last edited by theColonel26; February 13th, 2020 at 09:04 PM.
  Reply With Quote
Old February 14th, 2020, 01:36 AM   #13
ValeoBill
Member
Canada

ValeoBill is offline
 
Join Date: Aug 2019
Location: Wasaga Beach, Ontario
Posts: 44
My two cents worth - and pardon me if I repeat what others may have written.
The primary purpose of an e-stop is to protect people. There is legislation EVERYWHERE as to where they are to be placed and how they must work. This is the purpose of a risk assessment. In today's society of "sue first and ask questions later", I would not reposition/remove an e-stop without engineering approval/sign-off and they shouldn't request its relocation without a risk assessment. Here in Ontario, virtually any change to a safety circuit an engineered review with an associated paper trail. ...FWIW
  Reply With Quote
Old February 14th, 2020, 03:00 AM   #14
dogleg43
Member
United States

dogleg43 is offline
 
Join Date: Dec 2005
Location: Indiana
Posts: 424
Quote:
Originally Posted by ValeoBill View Post
My two cents worth - and pardon me if I repeat what others may have written.
The primary purpose of an e-stop is to protect people. There is legislation EVERYWHERE as to where they are to be placed and how they must work. This is the purpose of a risk assessment. In today's society of "sue first and ask questions later", I would not reposition/remove an e-stop without engineering approval/sign-off and they shouldn't request its relocation without a risk assessment. Here in Ontario, virtually any change to a safety circuit an engineered review with an associated paper trail. ...FWIW
The above statement is so true and is a reason I am so happy to be retired and out of this field.

My bosses did not like it when a situation required the above to be done and resented it when Id tell them these type of rules needed to be followed, basically saying Why do you have to make everything so complicated?
  Reply With Quote
Old February 14th, 2020, 01:18 PM   #15
alive15
Member
United States

alive15 is offline
 
Join Date: Oct 2015
Location: Montgomery, AL
Posts: 549
If you have one plc, with 4 separate e-stops, one for each station, could you not tie the estops just to the output cards of their respective stations? This way, if you estop station 1, only station 1 output cards turn off, motor contactors open up, etc.? Would this be a valid option, if the risk assessment approved it?
  Reply With Quote
Reply
Jump to Live PLC Question and Answer Forum

Bookmarks


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Thread Thread Starter Forum Replies Last Post
PowerFlex 40P External Stop Button MY_USER.NAME LIVE PLC Questions And Answers 2 September 10th, 2014 04:37 PM
e-stop question joeparrish LIVE PLC Questions And Answers 16 October 26th, 2010 03:28 PM
OT: Diodes in control circuits? plchacker LIVE PLC Questions And Answers 66 November 26th, 2007 06:52 PM
Manual/Auto jthornton LIVE PLC Questions And Answers 9 October 5th, 2006 01:40 PM
VFD Standard labingtone LIVE PLC Questions And Answers 11 January 31st, 2003 07:28 PM


All times are GMT -5. The time now is 02:19 AM.


.