sistema safety functions

JOLTRON

Lifetime Supporting Member
Join Date
Aug 2006
Location
MI
Posts
692
Hello all,

If a system has:
-a servo drive
-a safety relay (enables the servo drive)
- (5) gate switches in series (Channel 1 and 2)

Would this be considered (5) seperate safety functions (gate switch + relay + drive) repeated (5) times. Or would this be (1) safety function with all (7) items as subsystems?

I would think the later of the two, but a machine builder has sent me an example with it all as separate safety functions.

Any advice is greatly appreciated.
 
So 4 years later, still no answer :)

Well, I am wondering if someone can answer this now. If I have 6 e-stop buttons each wired to a separate safety input, logically ANDed within the safety controller program and firing two contactors wired to safety outputs - how would the emergency stop safety function be modelled in SISTEMA?
 
So 4 years later, still no answer :)

Well, I am wondering if someone can answer this now. If I have 6 e-stop buttons each wired to a separate safety input, logically ANDed within the safety controller program and firing two contactors wired to safety outputs - how would the emergency stop safety function be modelled in SISTEMA?

Warning: I hang out with serious safety guys regularly, but I only dabble myself.

I THINK that you model each "safety function", but I guess that just pushes the question back a step.

My guess is that it makes a difference whether the estops/gate switches are all in series or in parallel.

In Parallel (each to its own input), to me that seems like multiple instances of 1 sensor, 1 logic device, 2 contactors, which fits the model nicely.

In series, wired together sharing an input, I think that would all be one big system. It feels like that's where diagnostics coverage would be a big factor (could an error of one device fault the system?).
 
OK, this is something, thank you. So it seems that in my case I actually have 6 identical e-stop functions in my system, right?

That's my thought, though it may also depend how you document it.

If you document it as 6 safety functions (Motor stops if Estop 1 is pushed, motor stops if estop 2 is pushed, etc), that seems logical to me. As long as there isn't any way an error in one could cause a loss of function in another, and it seems like that would be sorted out in the statistics of the safety relay/PLC.

For whatever my logic is worth... Like I said, I don't usually dive too deep into the actual documentation side of things.
 
Has anyone used a safety rated plc called Compact Logix 5370 L3; apparently all my safety devices are going to go into an input card into this plc. I'm unsure how the logic is going to be written for this by the vendor. Do these things work well, or should I stick with actual safety relays with channels on them.
 
Has anyone used a safety rated plc called Compact Logix 5370 L3; apparently all my safety devices are going to go into an input card into this plc. I'm unsure how the logic is going to be written for this by the vendor. Do these things work well, or should I stick with actual safety relays with channels on them.

Safety PLCs are very reliable and very safe. I've never used that specific model, but I've seen plenty of systems with fail safe PLCs from both Rockwell (like yours) and Siemens. The whole principle is that it is constantly detecting faults, and if it finds any, it shuts itself down. You can even have Safety IO over Ethernet comms.

Now, that said, the tools are only as good as the person using them. Just like it is entirely possible to wire up a safety relay in an unsafe way, the same is possible with safety PLCs.
 
Has anyone used a safety rated plc called Compact Logix 5370 L3; apparently all my safety devices are going to go into an input card into this plc. I'm unsure how the logic is going to be written for this by the vendor. Do these things work well, or should I stick with actual safety relays with channels on them.

The safety devices have to be wired into safety rated inputs and then the safety logic is designed in the safety task which in turn drives safety outputs. The safety task has a host of safety instructions that mimic hard wired safety devices with the added bonus of diagnostics that you can use for fault reporting, etc. If you can,stick with the safety controller instead of hardwired devices, much better.
 
Okay, is it possible to force these safety devices "on" through the PLC or make them appear "made" to the PLC to bypass any safety devices such as light curtains or e-stop? For example, if the e-stop is pushed in, can anyone go into the PLC and force the input to appear unpressed?
 
Okay, is it possible to force these safety devices "on" through the PLC or make them appear "made" to the PLC to bypass any safety devices such as light curtains or e-stop? For example, if the e-stop is pushed in, can anyone go into the PLC and force the input to appear unpressed?

I will note that, specifically, a standard CompactLogix is not a safety PLC. However, AB has the Guardlogix family which is versions of its CPUs that can do both safety and standard.

I can't speak for guardlogix specifically, but in my experience, in any safety PLC platform I've used, any sort of force/bypass on the safety code is either disallowed in the editor, or is detected and causes the system to go into stop. There is redundant processing in place to run the code twice, and crosscheck to ensure you get the same result.

If someone makes a change to the safety code, that usually requires them to A) know the safety password and B) a checksum will change, indicating that the safety logic is not the same.

Hypothetically, it is possible for someone to install a physical jumper in the cabinet. However, in my experience it is fairly common to require a test of all safety inputs/functions periodically (say, at the beginning of each day or shift), to prove that the estop can still be read as ON or OFF.

Now, it IS possible to program a bypass into the original safety code. Which is why code review and a well managed acceptance test/buyoff is important.

I know an "appeal to authority" is technically a logic fallacy, but I've seen safety CPUs for years in use all over the automotive industry (Ford, GM, Chrysler, etc) as well as Aerospace (where customers get much crankier if you namedrop them). To be honest, I hardly ever see systems WITHOUT a safety PLC.
 

Similar Topics

I'm doing a safety evaluation for a robotic system using a FANUC robot with DCS. To do the evaluation I am using the Siemens online safety...
Replies
0
Views
2,018
Hi, Need a little bit guiding using SISTEMA software. As I understand a subsystem consist of components and are the same category. I'm confused...
Replies
11
Views
2,542
Hi guys, I have been looking around for SISTEMA libraries, and i have not been able to find a library with Rockwell components. Can anyone help...
Replies
2
Views
2,938
Hi there, The Pilz PAScal tool (V1.9.0) will not allow me to import the Rockwell SISTEMA library (V2). It appears PAScal will only import older...
Replies
4
Views
3,519
Can anyone give me a link so i can download ti to import the Library into the Pilz Safety software.
Replies
17
Views
40,467
Back
Top Bottom