Why NOT to Wire E-Stops in Series

mk42 said:
My understanding is that in the EU you have rules that if the machine builder is judged to have followed them, they are off the hook
Of course the builder has to have try and remove the risk, if that is not possible cover the risk, if that is not possible guard the risk, and if that is not possible instruct and sign about the remaining risk. It is not enough to just warn about risks if the risk can be avoided.
And regarding the foreseeable misuse, there is a level of reasonable judgement. If you think about it, any misuse (rather than foreseeable misuse) how to prevent that ?

What you are saying, in the US the builder looses any which way.

I am always thinking about why is it more strict to work in the industry - where people are grown-ups, wear protective clothing, are at their full senses, and have received special safety training for the machine in question, compared to the everyday life where any fool can get into trouble.
Open the hood/bonnet of any car, and you can get your fingers into both V-belts and the radiator fan blades.
 
where people are grown-ups, wear protective clothing, are at their full senses, and have received special safety training for the machine in question, compared to the everyday life where any fool can get into trouble.

This isn't always the case...
People can get into a stupid way of working unless there is someone there to reign in on the stupidity.
People wear protective clothing because they are forced to, not because they think they'll get hurt.
People get complacent and bored.
A lot of operators are assumed to know how to operate a machine... sometimes the machine isn't well designed, other times, the operator hasn't even read the manual.

This will be different between industries and countries, but we cannot look past this.
 
cardosocea said:
A lot of operators are assumed to know how to operate a machine... sometimes the machine isn't well designed, other times, the operator hasn't even read the manual.
I dont accept that.
On any respectable facility there must be a safety responsible person, and there may be safety groups that constantly inspect and review the safety, including the people working on the machines.
In such places, both operators and maintenance must sign that they have read and understood the safety instructions before they are allowed to work on the machine.
When we hand-over a machine to a customer, he must sign that he has received all safety instructions, and that the operators are trained, and that they will adhere to the safety instructions and maintain the safety system from then on.
And sure, people may get complacant and bypass procedure, but it cannot be the responsibility of the builder - unless, see below.
cardosocea said:
This will be different between industries and countries, but we cannot look past this.
If complacancy is endemic to the business sector, then yes you must take it into account.
 
The safety requirements of ISO13849 specify that you must protect against "foreseeable misuse". Not "all possible misuse". You're not expected to be a fortune teller, only to assess the machine and say "what legitimate reason might there be for someone to misuse this machine"?


I don't know the circumstances of the company mentioned previously who got in trouble because the operator removing the guard was deemed "foreseeable mis-use", but it's certainly possible that the judgement was reasonable.


Let's say you have a guard which protects a pinch point or some other hazard. Inside that guard is a sensor to detect some part of the process. Now, you can put in your operational procedures as big and bright as you want that you must LOTO the machine before removing this guard, but it's 100% foreseeable that one day that sensor might start playing up, and someone might make the decision to remove that guard to poke and prod it a bit to see what's up. Misuse of the machine, directly contradictory to your operator's manual and procedures - but it's foreseeable misuse. So, as the machine builder, you should identify that possibility and put a guard switch on that guard that will remove the hazard if the guard is removed.


But let's say this guard has nothing behind it that needs to be accessed. Maybe you might need to remove it once a year for a good spring clean, while the rest of the year a hose down will suffice. Maybe there's a bearing behind the guard, but the greasing points are accessible without removing the guard, and the only reason to take the guard off is if you needed to replace the bearing, which requires a total machine shutdown anyway. In this case, there's not really any reasonable (slash foreseeable) misuse to be had, so a fixed guard with no guard switch is probably just fine. You'd still want to provide other safeguards (like signage, administrative procedures, etc), and you'd want to document your decision in a risk assessment showing that you have considered the risk of foreseeable misuse and found it to be negligible. But if after that point someone decided not to bother putting the guard back on after spring cleaning because they couldn't find their 13mm spanner and anyway it was lunchtime, and then someone started up the machine, that's outside the scope of "foreseeable misuse".


Jesper, you have a valid point about operators using e/stops as machine stops, and thus reducing the diagnostic coverage of e/stops in series. And yes, this is something that will have to be considered in any assessment. The facility I'm referring to, operators do not use e/stops except in a legitimate emergency. This company subscribes more or less to the policy that "if I can see that machine from this e/stop, this e/stop should stop that machine". So, you press an e/stop in that plant, a whole s*** ton of machinery comes grinding to a halt. Which is absolutely the best possible outcome if you happen to be trapped in one of those machines! But the operators learn very quickly that this is sure as hell not a process stop. That comes into play in the safety validations they get done. Due to the operator culture and the overall design of their safety systems, e/stops in series can be deemed to have a relatively high diagnostic coverage.


On another site, I had a customer who wanted me to have e/stop pushbuttons only stop the exact piece of equipment they were physically attached to (or better yet, not have e/stops at all), because "the operators press them all the time". We were building him a new facility, and I saw the chance to fix this behaviour. What I did was to make all this e/stops stop the entire line they were on, and then at plenty of strategic positions around the line, provided black mushroom head "production stop" buttons. The operators had a hell of a time the first few weeks restarting their line every couple of hours, but the lesson sunk in pretty rapidly after that, and they realised that red button = my next hour is going to suck, black button = machine in front of me stops and I can clear the jam and continue with my day. Again, the e/stops now have high diagnostic coverage, because the operators have other easy means of stopping equipment without using e/stops.


If your machine has no easy way of quickly stopping the machine other than an e/stop, and it's foreseeable that the machine will need to be quickly stopped, then the diagnostic coverage of your machine will drop if you put e/stops in series. Once again, it all comes down to the risk assessment, which should take these sorts of things into account.
 
I dont accept that.
On any respectable facility there must be a safety responsible person, and there may be safety groups that constantly inspect and review the safety, including the people working on the machines.
In such places, both operators and maintenance must sign that they have read and understood the safety instructions before they are allowed to work on the machine.
When we hand-over a machine to a customer, he must sign that he has received all safety instructions, and that the operators are trained, and that they will adhere to the safety instructions and maintain the safety system from then on.
And sure, people may get complacant and bypass procedure, but it cannot be the responsibility of the builder - unless, see below.

I completely agree... but that is not the case in a lot of industries or countries. Also, the safety features of a machine may not involve operating the machine safely, which is an important distinction to make.
I may have read the manual of my car, I may understand fully well how the braking system, seat belts, etc, etc... works and yet go down a 50km/h speed limit at 150km/h. Though at this point, the OEM of the equipment won't be liable in my understanding.
 
go down a 50km/h speed limit at 150km/h

Can whoever is responsible or safety standards put in the next revision that ONLY metric units can be used, otherwise you get a Performance Level of PLa?

I'd say SI, but noone drives in m/s... yet.
 

Similar Topics

I know I have seen this topic covered in the past. Is there code or law on hard wiring the E-STOPs. I did a large PLC job last summer, and my...
Replies
42
Views
11,093
Hi there, Trying to get some ascii serial communications working via RS485 (COMMREQ functions). I have attached our wiring for the COM2...
Replies
1
Views
947
What's everyone use for I/O drawings on new installs. I am trying AutoCad Electrical, but can't download it due to a MS Office application running...
Replies
11
Views
1,266
I've been tasked with adding a 3-wire pressure differential transmitter to a system and drawing up the wiring to an existing PLC board. The...
Replies
7
Views
740
Hi all, I wonder what's the best type of cable to use for RS-485 2 wire + GND That is, Data+, Data- & GND I know that Belden 9841 (not...
Replies
10
Views
1,014
Back
Top Bottom