Equipment auto re-start after power failure

I have a customer who wants his unit to automatically re-start after power failure, and I am finding getting my head around this logic to be harder than it should be.

My typical logic is a momentary start energizing an output and locking it in, but when the power goes out to the PLC ad cycles back on this logic requires he user to re-start the system.

What is the cleanest way you would write it?

(I am writing in ROCKWELL STUDIO 5000 / ladder logic)

Surely that is not a safe method of operation?

How do they start the Equipment normally?

I would usually specify a user check before a restart, so that they can take a positive decision to restart. Onus is on them to decide whether or not to check the equipment before restarting, then press reset or start.

Safety Safety Safety first, of course.


Here is a thread discussing a similar issue:


http://www.plctalk.net/qanda/showthread.php?t=38180

I TOTALLY agree, but this is an HVAC type application and they counter with "You don't re-start your AC every time the power goes out", so I am on the losing end.

kirk said:

I TOTALLY agree, but this is an HVAC type application and they counter with "You don't re-start your AC every time the power goes out", so I am on the losing end.

Click to expand...

Counter with "The average Joe also does not work on their own AC, and a the professional that does should know to lock out power before working on it, even during a power outage. That said, I am not going to be responsible for a system that does not protect against someone wandering near this motor at the moment a power outage ends. At a minimum there will be a large sign that says 'This motor may start automatically at any time' and a new maintained switch, perhaps near the motor but connected to the PLC, that someone has to throw to enable the autostart after power failure."

kirk said:

I TOTALLY agree, but this is an HVAC type application and they counter with "You don't re-start your AC every time the power goes out", so I am on the losing end.

Click to expand...

Um, develop a program that checks all conditions and interlocks before starting and then have a manual switch that can be put in "auto" and when the PLC starts up it can start the auto program.

I would make sure all safety switches are hard wired so even if the PLC messes up and tries to start it can't. Then make sure you have all alarms and interlocks on an HMI or SCADA system that says why it can't start.

I've made a few "auto" systems, but they weren't after a power cycle but it isn't that much of a leap with an external key or switch that can be placed in auto or not. (Don't have the PLC auto start without an external switch/key b/c that sounds dangerous.)

edit - as drbitboy said also add signs and perimeter boundaries that require lock out tag out.

I'd use XIC(S:FS) to latch on the AC system run signal, after getting their request in writing as well as their decision to ignore what is generally considered safe practice (don't start up equipment automatically after an anomalous event).

If they relent and are ok without automatic restarts, I would use XIC(S:FS) again, to latch in a memory bit. The memory bit, along with any safety interlocks being satisfied, triggers a popup or alarm asking for the AC to be restarted. Then when the AC is on, unlatch the memory bit so the popup or alarm doesn't trigger any time the AC is off, only after a power cycle.

If you use a OTL/OTU instead of an OTE with a seal, the OTL'd bit will retain it's state after power cycle.



Put your permissives as normal in front of the OTL and OTU rungs and it should operate as you want.



IE after start button pressed OTL the output. Whatever normally breaks the seal will now drive the OTU rung. If the bit is latched and power is cycled, as long as the conditions for the OTU rung are not true when the scan begins again, the output will stay on.


Of course this is assuming there is no safety concern. This is basically low voltage release vs low voltage protection. Up to you to determine if low voltage release is appropriate and safe in this instance.

kirk said:

but this is an HVAC type application

Click to expand...

Is it a box car? anything that has moving parts I would NOT touch it, if something happens they will point fingers at you... I would look at maybe installing a UPS before a restart and stop the power from going out in the first place.

I've programmed dozens of systems for wastewater that included pumps and blowers that need to run 24/7. Controlled automatic restart happened when the power came back on. LO/TO procedures were enforced. Labeling the equipment to indicate it will start automatically was always included. Proper guards are a must. The provided operator training emphasized safety. Where required sensor to determine the state of controlled equipment was part of the system.

Let's be realistic - my home HVAC equipment DOES start as soon as the power comes on.

Judgment is needed. For example, I would NOT auto restart a drop-forge!

Less of the faux outrage, some things need to re-start after a power failure as it's more unsafe not to.
We can only let the OP use his judgement.

When I've done that in the past if the start conditions are good it latches (L) the Cycle Running bit, add in your own conditions for Unlatch (U) VSD Fault, PB_Stop pressed, Machine on Fire etc etc

That way the system starts as the power comes back on.

I've done this before on a HVAC-type system, where the consequences of the equipment not automatically restarting could be far more serious than the consequences of an automatic restart. Of course, a full risk assessment needs to be done (and had been done).

I had a 24VDC UPS on my PLC, and a phase failure relay to monitor the incoming power. I then had to handle three different scenarios:
1. Short term power failure - e.g. 1-2 seconds. The PLC never shuts down, but VSD's are likely to fault on DC bus undervoltage - if they had powered all the way down, they would have no fault on power up, but if the power is restored too quickly, the drive sees it as an undervoltage condition and latches a fault.

2. Medium-term power failure. VSD's power all the way down, but the PLC remains powered up on UPS.

3. Long-term power failure. UPS batteries exhausted and PLC shuts down. Safety circuit is tripped due to loss of power.

My approach was as follows:
1. If the phase failure relay indicates a power failure while the system is running, I latch (with an OTL, not and OTE/seal in branch) an "auto restart" bit.
2. If the safety circuit becomes unhealthy at any time, I unlatch the "auto restart" bit - so if the safety circuit is tripped for any reason other than a loss of power (which will also kill the PLC and prevent it from unlatching the bit), the auto restart is prevented.
3. On first scan, I latch a "long term power failure" bit - i.e. if the PLC is forced to reboot due to a power failure, it must have been a long term one, and my safety circuit will need resetting.
4. If my auto restart bit is high and my phase failure relay comes back on, this means that all the conditions were met to permit automatic restart (i.e. the system was running when the power failed, and nobody has tripped the safety circuit in the meantime).
5. If point 4 is satisfied, I start a restart timer. After 20 seconds, I reset my safety circuit with an output relay. After 60 seconds, any drives that powered down should have powered back up and reconnected to the PLC (Ethernet/IP in this case). I issue a reset command 2-3 times to clear any faults. After 90 seconds, I trigger a "system start" command to restart the equipment.

Getting this right required lots of testing across all the different power failure scenarios, but it works well. This site is in a location notorious for weather-induced power outages, and many times the auto restart has been performed without a hitch.

Obviously, careful assessment of your particular application is needed to ensure that all the risks are adequately covered off on, and your application may require slightly different techniques to mine. But there are certainly valid reasons to do it, and there are certainly ways to do it safely.

Sorry,

but the automatic restart of production machinery is not allowed - NFPA79 - electrical standard for industrial machinery.
sorry, i don't have the code book in front of me at this time.
to sum it up, no machine may automatically restart upon the restoration of power. human intervention is required to energize the safety relay by pushing a manual pushbutton.

HVAC is totally different, all moving fans and components are already safe guarded.

with production machinery and you loose power, what was the machine doing.
when the power returns, are the parts still secure from movement, is the hydraulic pressure ok to run, is the air pressure ok, has a guard been removed, is maintenance working on the machine, IS MAINTENANCE IN THE MACHINE WHEN IT STARTS?

if i am wrong, someone please correct me.
regards,
james

For equipment that requires auto restart (like utility pumps in my case) I typically put an Enable/Disable switch on the front of the panel that is tied to a PLC input. If the switch is set to "Enable", the system will auto-start on powerup. If system is set to "Disable" , it will immediately stop, and will not auto-start on powerup.

This allows maintenance to prevent the system from turning on unexpectedly during power failure or when downloading a program change or whatever. Also doubles as a way to allow the system to run in the event the HMI fails (albeit with no way to make setpoint changes).

NFPA-2007 7.5.3


7.5.3 Restarting. Upon restoration of the voltage or upon
switching on the incoming supply, automatic or unintentional
restarting of the machine shall be prevented when such a re-start causes a hazardous condition.

is this the same for the most recent? probably, It's likely more stringent now considering all the new fancy safety doo-dads around.[/FONT]
give your guy this standard and keep your hands clean.