Manual Reset of E-stops

I agree with Tom, you cannot reset safety relays remotely.

We may be talking about two different things, but any safety relay in a control system cannot be remotely reset! that's the whole point of a safety relay, human intervention required. Remotely resetting any safety device while someone is working on the equipment is asking for trouble. How do you know if someone is working on the machine?

See NFPA 79 - Electrical standard for industrial machinery for any issues you have, that's the standard to go by.

james
 
James Mcquade said:
I agree with Tom, you cannot reset safety relays remotely.

We may be talking about two different things, but any safety relay in a control system cannot be remotely reset! that's the whole point of a safety relay, human intervention required. Remotely resetting any safety device while someone is working on the equipment is asking for trouble. How do you know if someone is working on the machine?

See NFPA 79 - Electrical standard for industrial machinery for any issues you have, that's the standard to go by.
Click to expand...
I hesitant to disagree with James and Tom because of their experience but in this case I think it isn't cut and dried. First since the OP asked about use in the EU, we can throw NFPA 79 out (I don't think it directly addresses the situation in any case).

E-Stop devices (i.e. buttons, lanyards, etc.) must latch when activated by standards. The E-Stop relay cannot be reset if one of these devices was actually activated without manual intervention. However, a power-on reset could, since no device is actually activated. Automatic reset of the E-Stop relay is often supported by the manufacturers of these relays. The big no-no is the machine restarting without human intervention.

Since this is described as a remote site (that would require personnel to go to) it means the danger is lessened as personnel aren't normally in harm's way.

I would argue that with a detailed hazard analysis, that looks at site security, warning lights and horns, as well as other measures that resetting the E-Stop relay may be permissible.

In the long run, I would say the best solution is getting a UPS that is more tolerant of these brownouts is by far the better solution.
 
James Mcquade said:
I agree with Tom, you cannot reset safety relays remotely.

We may be talking about two different things, but any safety relay in a control system cannot be remotely reset! that's the whole point of a safety relay, human intervention required. Remotely resetting any safety device while someone is working on the equipment is asking for trouble. How do you know if someone is working on the machine?

See NFPA 79 - Electrical standard for industrial machinery for any issues you have, that's the standard to go by.

james
Click to expand...

Edit: I was typing the same time Timbert was!

That's the US standard. I'm sure he needs to comply with some IEC standard.
I would say it is all in the risk assessment / hazard analysis / what ever you want to call it. I would like to point out, there is a difference between AUTOMATIC reset and REMOTE reset. Depending on the size of the machinery, any reset at any particular control station (SCADA, HMI, or Push Button) could be considered REMOTE as you may not can see the entirety of the machine to assure someone is not inside it or it is in a safe condition to be reset. So, if you have done a risk assessment AND you have all the proper interlocks, presence sensing devices, properly designed safety circuits, and proper work procedures to assure the machine is in a safe state when it accepts a reset command, then a REMOTE reset COULD be perfectly acceptable. I don't have copies of IEC codes and regulations, so I could be totally wrong!

Derail:
Although, to what extent is IEC codes and regulations the authority? Just to be IEC compliant to be able to sell the machinery or IEC compliant in to avoid being sued if something were to happen? To be honest, I'm not sure to what extent it means to follow the NFPA 79? I have a copy that I reference when designing, but never questioned as to why, other than assuming it is best practice and a compliant design would stand ground in court.
 
Yes, I was pointing out the USA standard.

The EU standard is even more strict, I worked for a company in England for 8 years. their USA office was in Tennessee.

There are 3 standards that you must comply with (sorry, I can't remember them) as well as a risk assessment.

when all is said and done, I do not think even the eu requirements will allow remote safety resets.

if I am wrong, someone please correct me.

james
 
Tom Jenkins said:
I disagree. If an E-Stop is momentary then a machine can unexpectedly restart after a shutdown situation clears or a spin timer times out. A perfect example would be a high temperature switch closing after sufficient cool down time.

Latching E-Stops aren't 100%, but they are a step in the right direction. I can't think of a good reason to not use latching E-Stops. Even in the case of the original poster, unless he can completely guarantee that there is absolutely positively no one working on that machine when he hits reset, he stands a chance of tearing some poor *******'s arm off.
Click to expand...

Exactly the points I was going to mention but Tom got there first.
 
Straight from ISO 13849-1.

5.2.2 Manual reset function
The following applies in addition to the requirements of Table 8.

After a stop command has been initiated by a safeguard, the stop condition shall be maintained until safe conditions for restarting exist.

The re-establishment of the safety function by resetting of the safeguard cancels the stop command. If indicated by the risk assessment, this cancellation of the stop command shall be confirmed by a manual,
separate and deliberate action (manual reset).

The manual reset function shall
— be provided through a separate and manually operated device within the SRP/CS,
— only be achieved if all safet y functions and safeguards are operative,
— not initiate motion or a hazardous situation by itself,
— be by deliberate action,
— enable the control system for accepting a separate start command,
— only be accepted by disengaging the actuator from its energized (on) position.

The performance level of safety-related parts providing the manual reset function shall be selected so that the inclusion of the manual reset function does not diminish the safety required of the relevant safety function.

The reset actuator shall be situated outside the danger zone and in a safe position from which there is good visibility for checking that no person is within the danger zone.

Where the visibility of the danger zone is not complete, a special reset procedure is required.
Click to expand...

Take note of the bolded parts, the first being that it all comes down to a risk assessment of the specific safety function for the machine.

The second part to me indicates that if a manual reset is required, then resetting via a standard non-safety PLC or HMI would diminish the safety function.

Typically for us in Australia using AS:4024.1 which closely follows ISO 13849-1 this means that all safety reset functions must be hard-wired to a safety relay or safety controller.
 
Last edited:
5.2.2 Manual reset function
The following applies in addition to the requirements of Table 8.

After a stop command has been initiated by a safeguard, the stop condition shall be maintained until safe conditions for restarting exist.

The re-establishment of the safety function by resetting of the safeguard cancels the stop command. If indicated by the risk assessment, this cancellation of the stop command shall be confirmed by a manual,
separate and deliberate action (manual reset).

The manual reset function shall
— be provided through a separate and manually operated device within the SRP/CS,
— only be achieved if all safet y functions and safeguards are operative,
— not initiate motion or a hazardous situation by itself,
— be by deliberate action,
— enable the control system for accepting a separate start command,
— only be accepted by disengaging the actuator from its energized (on) position.

The performance level of safety-related parts providing the manual reset function shall be selected so that the inclusion of the manual reset function does not diminish the safety required of the relevant safety function.

The reset actuator shall be situated outside the danger zone and in a safe position from which there is good visibility for checking that no person is within the danger zone.

Where the visibility of the danger zone is not complete, a special reset procedure is required.
Click to expand...

brendan.buchan said:
Straight from ISO 13849-1.



Take note of the bolded parts, the first being that it all comes down to a risk assessment of the specific safety function for the machine.

The second part to me indicates that if a manual reset is required, then resetting via a standard non-safety PLC or HMI would diminish the safety function.

Typically for us in Australia using AS:4024.1 which closely follows ISO 13849-1 this means that all safety reset functions must be hard-wired to a safety relay or safety controller.
Click to expand...

You could still hard wire the reset contacts, either push button or relay output, to the safety relay or controller (like it is always done). It would still be monitored and not diminish the safety function even coming from an output of the PLC as long as the reset was not automaticly done when all the safe guards were cleared, but still deliberately some one pressing a button rather it be and electronic one via HMI or a hardwired PB. Heck, I've seen safety contollers promote the ability to communicate with another processor to allow it special functions, like providing the reset button via ethernet. I bet it still monitors the duration of the reset bit being high. Because let's face it, rather it's hardwired or not, it is still being handled by a processor now a days (safety contollers or safety "relays").

I believe what I covered in my orginal post covers any intent the ISO or NFPA 79 means. Even what I mentioned about the work procedures and possibly ANY reset button being considered "remote", the ISO standard covered. By the means of this, you could even be REQUIRED to be reseting the stop function by the safety circuit in a remote location, if it is a hazardous process. I would think an HMI with a camera system for your remote operators would be compliant, if covering everything else in the standard and your risk assessment.

Compliance with the standards are just as much about the design of the control system it self as it is about the components you use. I've seen systems with "certified SIL 4 & PLe" components still fail in an unsafe manner due to the way it was wired and designed.
 
Hi Guys,
Thanks for the amount and quality of responses, I've been using this site as a research tool and a knowledgebase for years and have never posted.

I think its always better to be proactive rather than reactive, so I'm gonna go with a UPS solution to the brown-outs, it's a little more expensive but I think it will prove a more effective solution.
Thanks for all the contributions.
 
for brown outs and lights flickering, I would use a constant voltage transformer.

in regards to the ups, what does your governing rules say about it?
also, you MUST buy a sine wave output ups, not a square wave type.
the plc and controls might burn up with a square wave. I know seimens has that issue.

regardless of what we post, what are your governing rules?
what does the risk assessment say?
the risk assessment involves safety, engineering, maintenance, and operators all agreeing on the same thing.

james.
 
James Mcquade said:
for brown outs and lights flickering, I would use a constant voltage transformer.

in regards to the ups, what does your governing rules say about it?
also, you MUST buy a sine wave output ups, not a square wave type.
the plc and controls might burn up with a square wave. I know seimens has that issue.

regardless of what we post, what are your governing rules?
what does the risk assessment say?
the risk assessment involves safety, engineering, maintenance, and operators all agreeing on the same thing.

james.
Click to expand...

The UPS will supply 24VDC side only
 

Similar Topics

K
Safety circuit auto/manual reset
Hypothetically we have a machine with safety door switch and a E-Stop. The operator places the work piece into the machine, the door is closed and...
2
Replies
20
Views
7,297
BryanG
B
L
Eagle Reset Timer CT531A6 MANUAL?
I know this is not entirely plc related, but the mechanical timer does turn output bits on IN the plc soo... I am looking for a MANUAL for this...
Replies
1
Views
1,135
Leukic
L
jrexrode
Manual vs. Automatic Reset
I have a question concerning automatic reset vs. manual reset of a safety relay. I'm wondering if configuring the relay for automatic reset...
Replies
14
Views
5,852
James Mcquade
J
D
E-Stop manual reset button
Hi guys just wondering if anyone new what colour an illuminated e-stop reset push button can be? I have generally done manual reset circuits with...
2
Replies
20
Views
14,235
TurpoUrpo
T
N
Alarm Horn Manual Silence, Auto Reset.
Looking to silence an alarm from a HMI Button. Right now the HMI button command is set to Pulse the binary bit. Will the attached logic work to...
Replies
9
Views
9,482
Nova5
N
Back
Top Bottom