2 Safety PLCs interactions

UKB

Member
Join Date
Aug 2014
Location
UK
Posts
56
Hello,

A new process line is being installed, it has its own safety PLC monitoring various E Stops / Guard switches etc...
Within the line is a piece of OEM equipment that has its own safety PLC, with its own E stops and guard switches etc..

Any E stop operated anywhere should inhibit the movement of everything on the line.
Only 1 reset PB is permitted.

I can see this would work using a time delay output from the master safety PLC to give an input to the slave safety plc, which will in turn give a reset enable input back to the master. But that all seems rather clunky

I've been having a think and cant really come up with a solution that doesn't require a timer somewhere..

Has anyone got any pointers or done anything similar?

kind regards
UKB
 
What use is the timer?

Why does the line need a global e-stop?

By modifying the oem machine, it's your responsibiltiy to CE mark the whole line as a machine. Along with re prooving the safety calculations.
 
I work on a system that has 4 hydraulic presses, a transport carriage, load station, unload station and about 1/4 mile of conveyors.

Each control panel has 2 safety relays - one local to that panel and one from a main safety relay in the operating station, that has a reset PB to reset that safety relay, and once it is reset all the remote tripped safety relays come back on (the reset on those is a wired jumper)

One of the other panels only needs reset if that local E-stop is pushed.

If it matters the system was built in Germany, but designed for use in America.
 
Safety communication

Hello.
What why don't you use, if in Siemens, F_SENDDP and F_RCVDP blocks or something like that?
You use F-application blocks F_SENDDP and F_RCVDP for fail-safe sending and receiving of data by means of:

· Safety-related master-master communication
· Safety-related master-I-slave communication
· Safety-related I-slave-I-slave communication

Create a logic to manage the interlock safety signals.
 
What brand of PLC's are they?

If they're both AllanBradley you can use safety produced/consumed to send the status of each safety system to the other.

-Benaiah
 
You could ask the OEM to integrate their safety circuits into the main PLC and safe out to the OEM PLC, thus keeping the 1 reset PB, making the one local to the OEM machine redundant.

I used to work for an OEM, the amount of time something like came up time and time again. Only a small handful ever thought about it before they actually ordered the machine.
 
Here's an explanation I gave to some one else on how I do it with two safety PLC's that have a safety Produce-consume. I would think you could do it similar with some relays. No timers

Two safety PLC’s: Main_PLC and Slave_PLC

Main PLC Tags:
Main_Devices_Ready: True is all devices are reset (no PB’s, Cord’s, Light Curtains, Etc Tripped)
Main_Reset: A reset signal from the only reset pushbutton
Main_Estop_OK: Main Estop Circuit is reset (Main Line can Run)
Slave_Devices_Ready: From Slave PLC indicating that all it its devices are ready
Slave_Estop_OK: From Slave PLC indicating that its Estop Circuit is reset (Slave Line can Run)

Slave PLC Tags:
Slave_Devices_Ready: True if all it its devices are ready
Slave_Estop_OK: Salve Estop Circuit is reset (Slave Line can Run)
Main_Estop_OK: frm Main PLC indicating that Main Estop Circuit is reset (Main Line can Run)
Main_Reset: From Main PLC - A reset signal from the only reset pushbutton in Main


MAIN LOGIC:
IF Main_Reset is true, always pass that signal to Slave to reset slave devices

If ( Main_Devices_Ready AND Slave_Devices_Ready AND Main_Reset ) THEN Main_Estop_OK=True
Seal-in the Main_Reset with (Main_Estop_OK AND Slave_Estop_OK)

SLAVE LOGIC:
If Slave_Devices_Ready AND Main_Estop_OK THEN Slave_Estop_OK (no seal-in)


So when you press and hold the Reset, if the main devices are OK and the slave devices are OK, the Main_Estop_OK will go true and stay true while you hold the Reset PB.
Initially, the Slave_Estop_OK from the slave will be false (but you’re holding the reset, so its OK)

On the slave side where Slave_Devices_Ready == True, when it sees the Main_Estop_OK go true, it sets Slave_Estop_OK=true and passes that signal back to Main.

When you release the reset PB, (Main_Estop_OK AND Slave_Estop_OK) have sealed in around the Main_Reset, so the circuit stays True.

Checking things...
If any device anywhere is tripped, both Estop circuits will trip
If any device anywhere is not reset, neither Estop circuit will reset (even while holding the reset PB)
 
I have the same concern as Rob as to why do you need to do this modification in the first place. Can you do a normal process stop instead of safety stop?

If you have to do safety stop, I think all you need to do is to add 2 safety functions:
1. Press any E-Stops on machine A initiates stopping function of machine B
2. Press any E-Stops on machine B initiates stopping function of machine A

You can also choose to place the E-Stops on both machines in the same safety zone if you plan to add more machines in the future.

I don't know the reasoning behind only one reset PB is permitted, but say if you want to keep the safety reset on machine A and remove the reset button on machine B, the risk arising from the modification of the safety reset function on machine B must not be increased or be acceptable. In this case just configure machine B to reset automatically without a reset signal.

I am not an expert on safety. Please correct me if anything seems wrong.
 
To the people asking why this needs done:

In a highly linear process, if one piece of the process goes down, the rest of the process has to stop. Otherwise, you will wind up with a ton of backed-up product. Think about parts/meat/sand/gravel/whatever piling up and falling off of conveyor belts. That is why it is crucial in some applications to stop the entire process if any one piece of the process goes offline.
 
To the people asking why this needs done:

In a highly linear process, if one piece of the process goes down, the rest of the process has to stop.

My application is anything but linear but requires coordination because we have several machines that utilize the same physical volume. While they have interlocks to keep each other from trying to utilize the same area at the same time, if you hit an emergency stop on one it could very well affect the others if let's say you hit e-stop because some obstruction has entered the work area.

We utilize AB GuardLogix and as kekrahulik said, you can use produce/consume tags to coordinate the different controls. We have eight controllers in total. Any one push button shuts down the whole operation.
 
It's not complicated.

Two things to think about:

1) The production line safety plc should have a safe output that goes to the safe input of the OEM machine.

As long as the E-stop on the line is activated and has not been reset the safe output is activated and it should prohibit the OEM machine from running. When the safe output is gone the OEM machine should auto reset and be allowed to start.

That takes care of the production line stopping the OEM machine.


2) The other thing is the E-stops on the OEM machine. Best practice would be to actually rewire them to the production line safety PLCs. But that may be tricky if it's more than actually just e-stop buttons. If that is the case, a safe output from the OEM machine goes to a safe input on the production line safety PLC. If the e-stop on the OEM machine is pressed the safe output is activated and the production line safety circuit will stop everything.

If you want acknowledge and reset of the safety circuit to be on the production line, you set the OEM machine to auto reset of the safety circuit. Meaning the safe output will reset itself as soon as the e-stop is pulled out. But the machine can't start yet because the production line e-stop circuit has been activated and needs to be acknowledged/reset first.


So basically you need a safe output and a safe input on the OEM machine and corresponding input/outputs on the safety PLC on the production line. Auto acknowledge/reset of the safety circuits on the OEM machine takes care of the problem that you would otherwise have to reset the e-stop both on the OEM machine and on the production line.

With this solution it matters not if you are using safety relays or safety PLCs or what brand they are.
It also requires only very small changes to the safety program of the OEM machine.
 
Last edited:

Similar Topics

Do all of the so-called "Safety PLCs" have a software-generated watchdog or heartbeat, so that if the software locks-up, crashes, or enters an...
Replies
3
Views
908
Hi All, I am looking for a Safety PLC which can execute the I/Os and logic in around 25mSec. This is for about 1000 I/O points. Any suggestions...
Replies
9
Views
2,245
Are there any documents or standards for calculating the response time for a controls system? For example: Light Curtain response 20ms Safety...
Replies
3
Views
3,816
I have been hearing a lot about "dedicated safety PLCs". I am curious as to why you would need a dedicated PLC to perform safety tasks, and if you...
Replies
10
Views
2,943
Hello, Does anyone have a good overview/camparison of Safety PLCs? Looking at an application with about 15-20 inputs and 5-10 outputs. There...
Replies
38
Views
21,739
Back
Top Bottom