E-Stop Circuit Wiring

jshiepe

Member
Join Date
Sep 2003
Location
Strongsville, OH
Posts
229
Well folks, I've been lurking here for a while, occasionally responding to a few threads, but now ask the assistance of the great minds out there, specifically the OEM's and SI's.

For the longest time, and even still today, I have used the practice of terminating power to PLC outputs when the E-stop is pressed, while leaving the input power energized to maintain the state of the program. To me, this is generally a safe practice, especially in today's world of remote tech support where the tech should have complete confidence that if the e-stop is pressed, nothing on the machine should energize or actuate.

We recently ordered some new equipment from two different vendors on which I found out that this practice is no longer observed. Both are reputable vendors, so naturally I thought that this was some coincidence. Is this now an accepted practice?

The scenario that makes me nervous is the fact that a programmer could potentially force an output and energize something while the machine is e-stopped. If this is an air-driven machine, and the e-stop kills the air to the valve bank, but the outut power for the solenoids is still live, is this an acceptable e-stop state?

I've reviewed NFPA79 and found a couple of arguable points (9.4.3), but I'm just curious if there was some sweeping change in the way e-stop circuits are now allowed to be run through PLC's rather than hard-wired, and output power does not need to be removed.

Thanks,
Jeff
 
There are several different ways to achieve the same goal. If the air is dumped and someone forces the output to a air controlling device, the device should energize but there will be no air to move the air component, so no harm no foul. If the air is not dumped or is dumped after a delay, the machine may need to "home" then dump the air. This would be machine specific and the risk of NOT going home would need to be more severe than if it did go home. Most machines can be safely homed before running the machine and don't need to be homed after they stop.
The ultimate goal for the e-stop is too prevent HUMAN injury or worse, then machine well-being; not the other way around. If there is little risk of personal injury the steps taken to prevent machine damage are as widespread as machines are.
 
From everything I have seen and still use we kill output power on all E-stop hits. Even though the air is killed if back pressure were to somehow build an output turns on etc. For all OEM's I've worked at and as a consultant to large automobile manufacturers E-stop power will kill output power through a hardwire means. I find this still practiced a lot. I don't think you'll ever see a sweeping change for safety circuits from hard-wired to software controlled. Too many things can go wrong.
 
Siemens was pimping an S7 safety plc. Apparently it was tested by some EU certifying body or another and found to be a viable replacement to hardwired safety relays. They also had some type of safety rated Profibus implementation. I don't know if this is the case in jshiepe's situation. But these things are on the way.

Keith
 
I have been using a type 4 IEC safety relay mounted to the rack of Omron CS1 PLCs. The PLC cannot influence the operation of the safety relay in anyway but can read status for placement on a HMI screen.

Type 4 uses 2 input circuits, control 2 contactors in series with each other and monitors both of them. If the 2 contactors are turned off by the relay but only 1 of them opens, the safety relay cammot be reset. The contactors are then used to power up the output/control circuits. The PLC is obviously not on the same supply so that error/alarm messages can be written to the HMI.

There are several brands of safety PLC available but you require very large pockets full of lots of dollars to buy them. The rack mounted safety relay is an inexpensive way of achieving a safe result.
 
jshiepe said:
For the longest time, and even still today, I have used the practice of terminating power to PLC outputs when the E-stop is pressed, while leaving the input power energized to maintain the state of the program. To me, this is generally a safe practice, especially in today's world of remote tech support where the tech should have complete confidence that if the e-stop is pressed, nothing on the machine should energize or actuate.

We recently ordered some new equipment from two different vendors on which I found out that this practice is no longer observed. Both are reputable vendors, so naturally I thought that this was some coincidence. Is this now an accepted practice?

If you mean "Has the CODE changed to allow this?", I would say no, but only because I don't think it was ever required 'by code'. I feel it's good practice, and have always done it myself.

Had these vendors previously wired the output commons through the MCR? If so, I would question why they have decided to change. There's really not much cost or labor saved by skipping this step, so it may simply be that they have a new guy designing panels, and he just never thought of doing it this way... :confused:

You may want to add it to your machine requirements so vendors know they must do it to sell you equipment... :nodi:

beerchug

-Eric
 
Eric has pretty much stated my thoughts on this.

As companies grow, new help gets added.

New people fresh out of school don't get the same education some of us got 10, 20, 30 years ago, whether it was in school or out on the shop floor.

I spent a summer a few years ago (1999) in a plant that gave me their company standard for e-stops, before I got started doing anything beyond shuffling papers. Basic reason was they had several new young engineers who didn't know what an e-stop was for.

They were also upset because I was using a small 30 amp 2-pole branch breaker panel on the side of smaller machines for the control circuitry. There was a tab for a padlock, that I thought would be ideal for Lock Out Tag Out. They didn't like the idea of locking out a machine for any reason.

The "best" e-stop circuit I ever saw was a maintained mushroom head switch, with the contacts directly across the source voltage. Hit the switch, kill the power. They went thru a lot of fuses, eventual replaced fuse with circuit breaker. As far as I know, that switch is still across the supply line. Leagal??? Sure It Is. Effective? OH YEAH!

regards.....casey
 
I think the only exception off cutting power to output modules in a e-stop situation is when that output module is strictly used for lights or some sort of signals to display the E-stop mode.
 
Originally posted by kc9ih

The "best" e-stop circuit I ever saw was a maintained mushroom head switch, with the contacts directly across the source voltage. Hit the switch, kill the power. They went thru a lot of fuses, eventual replaced fuse with circuit breaker. As far as I know, that switch is still across the supply line. Leagal??? Sure It Is. Effective? OH YEAH!

Oh yeah, that sounds like a real good method. Tell me again, what machines did you wire?
 
I can't take credit for that one. I was doing mechanical cost-out projects and sheet metal redesign there.

The safety team thought it worked just fine, and the plant electrical engineer/licensed electrician didn't want to be bothered.

That was in a union plant of a major manufacturer of consumer products, appliances, and industrial controls. One of the group leaders called me over right after I started there and said "you gotta see this", and he hits the button. The e-stop buzzed a couple of seconds, then the line went dark. They probably hit it 8-10 times a week. Not for safety, just to break the boredom.

Since they assembled combination starters and controls in the plant, there was an endless supply of fuses and e-stop buttons. i'm not sure the maintenance people there could wire up a MCR circuit. But that is why the maintenance crew made the big bucks.

BTW Ed, why not register and check in regularly.

regards......casey
 
In my experience I have found that the only acceptable way is to cut off all power sources when an estop is actuated.

in other situations such as door and guard switching, some forms of power need to be maitained such as vacuum and some pneumatics to keep machine parts in position and to stop assembly items being dropped.
However the most important thing is a reset button.

A manual reset should always be operated before any power sources are restored to a machine after an estop or a door or guard being opened.

All wiring for estop and door/guard switching should also be monitored using a safety relay.There are lots of these on the market, I have found Pilz and Telemechenique to be quite good and expanable.

Gunner
 
kc9ih said:
The "best" e-stop circuit I ever saw was a maintained mushroom head switch, with the contacts directly across the source voltage. Hit the switch, kill the power. They went thru a lot of fuses, eventual replaced fuse with circuit breaker.

Sounds like someone misunderstood the term 'shunt trip'... :D

beerchug

-Eric
 
Hi

Kamenges mentioned "Siemens was pimping an S7 safety plc." This makes it sound little more than a lash-up someone did in a lab over the weekend.

I've had a little experience of the S7 F-series PLCs and they are substantially different beasts to the run-of-the-mill S7s. If you're intending to use a PLC to control processes to a fail-safe level your thinking has to go a lot beyond where you wire in an e-stop. Things like burner management, press control etc are so complex that just killing power may not be the right way to deal with a problem.

Siemens aren't the only suppliers of safety-qualified PLCs. Some specialists do nothing else: they don't have a vanilla range.

What is clear is that a holistic approach to human, machine and process safety is the only correct route. Someone has to do a survey of the possible hazards associated with any procedure. If they exist you must have some formal plan for dealing with them or eliminating them. Look at your sensors - are they reliable and do they have a guaranteed predictable state/value on failure; look at your code; look at your actuators; look at your operational practices. Safety is not a joking matter.

Regards

Ken.
 
Gunner said:


A manual reset should always be operated before any power sources are restored to a machine after an estop or a door or guard being opened.



Gunner

I bet at least once a month one of the higher ups comes over with an idea to increase production and its always the same, they want to automatically restart the process after someone breaks the light curtain or opens a safety door. My answer is always the same also NO, NO, NO

back to the subject at hand. I always wire my output commons thru MCR.

Bob
 
This has always been one of those "...well... it depends..." kinda things.

The range of possibilities extends from dropping power to the entire system (as if you threw the main breaker)... to using a simple Normally Open, Momentary Pushbutton to inform the PLC that you would like to execute an E-Stop.

In some systems it might be perfectly reasonable to simply kill the power to everything; including the PLC.

That approach might not be so good for systems that contain potential energy sources. Potential energy can exist in the form of compressed or stretched springs, compressed air, or vaccuums, or movable masses like drop-weights or pendulums. Sometimes the existence of potential energy is not so readily apparent.

In those systems containing potential energy sources, one must very carefully consider the effect of an E-Stop in mid-cycle.

In a large system there might be a "Local E-Stop" at each of several modules in the process. Pressing a "Local E-Stop" certainly affects the local module. Should it be the case that pressing that Local E-Stop immediately kills all power to all of the Outputs in the system?

Here's a silly example to illustrate the point...(It's silly, but not unheard of.)

Imagine an assembly line with a single conveyor running through 5 stations. The purpose of Station-3 is to drill a hole in a widget. Let's say that the drill-bit has broken at the chuck. There is a set of limit switches that indicate that the drill is "At Home" or "Fully Extended". The drill has been merrily going through the drilling sequence. "Extend", "Stop", "Retract" and "Wait". The last 50,000 widgets have been packed and shipped... without being drilled.

Someone finally notices that the bit is broken and slams the Local E-Stop.

The other four stations are in the middle of their particular operations when the E-Stop occurs.

Let's say that Station-2 is performing a milling operation on the widget. The milling-head is mounted on an X-Y rig. (Z is adjusted manually by means of a crank & lock). The head is moved by two air-cylinders. The valves controlling the cylinders are of the 2-position type; extend or retract; no dead-center position. There are limit switches to indicate move-extents.

"D" "C"
+----------+ ^ +-----+
| | ^ | |
| | ^ | |
| | ^ | |
+----------+ ^ | |
"A" > > > "B"| |
+--------------+ |
| Top View of Widget |
+--------------------+


"A" is the "HOME" position.
Moving from "A" to "B" is the "X" direction.
Moving from "B" to "C" is the "Y" direction.
Moving from "C" to "D" is the "-X" direction.
Moving from "D" to "A" is the "-Y" direction.

The sequence begins. Air is applied to the "X-Cylinder" to extend the head in the x-direction. The head moves from "A" to "B". When the head reaches "B", air is applied to the "y-cylinder". The head begins to move from "B" to "C".

Tangent: If the programmer was on his toes... he might have installed timers to monitor the time it took to get from "A" to "B".

If it takes too long, then the milling-bit is probably dull and in need of replacement. If the head gets to "B" too soon, then the milling-bit might be broken or gone. Likewise for "B" to "C".

He could have applied the same method at Station-3 and automatically prevented 50,000 widgets from being shipped without being drilled.

But... no... this was a quick and dirty, get it going, minimalist-engineering kinda development.

So, the E-Stop occurs at Station-3 while the milling head in Station-2 is moving from "B" to "C". If the E-Stop kills all power to all Outputs... then the milling-head will immediately try to take a bee-line back to HOME. Meanwhile, the rotary motion in the milling-head might be "coasting" to a stop... or it might actually do a hard stop. That depends on the method used to produce the rotary motion.

Regardless of how the rotary motion is developed, what happens to the milling-bit? The milling-bit might or might not survive the E-Stop action.

Is this a good thing? Me thinks, not. Could this have been handled better? Certainly.

If there is a fault or foul-up at Station-3, resulting in an operator pressing the E-Stop at Station-3... should that affect the other stations? If not, then is the E-Stop really an E-Stop?

It boils down to developing a "crisis management" scheme.

In the case of a TRUE E-STOP condition where all power is killed to the process in mid-cycle, one must be willing to accept the possibility of further damage occurring to the equipment and product.

If that cost is unacceptable, then the process needs to be designed to handle a real, "aw-$hit!" kinda shutdown.

There also needs to be some effort put in to determine the difference between a REAL E-STOP condition and a "less-than-real-E-Stop condition".

This might mean that each station has two E-Stop-type buttons; one for system-wide and one for local.

These are complicated issues that depend on the nature of the particular process.

There simply isn't one answer that applies to all systems.

You have to KNOW your process and all of the potential hazards. Then you need to make rational decisions as to how E-Stops are employed.
 

Similar Topics

I'm working on a project that has e-stop pull cords around the full length of a conveyor system which is about 750 feet long and it has 16 e-stop...
Replies
16
Views
7,893
We were having a discussion here about E-Stop circuits and more specifically using a lighted push button to power on the E-Stop Circuit. One of...
Replies
22
Views
7,516
Hello everyone. This is my first time designing a system from scratch. The system is for a rubber injection molding press. I have the PLC all put...
Replies
35
Views
11,234
Question about an EStop circuits. I have a cell running off of 1 plc. The cell has multiple sections with multiple Auto Circuits. Should we have a...
Replies
3
Views
2,156
I have a project that I'm doing the automation for and wanted to throw my scenario out there to see if anyone could offer some advice/suggestions...
Replies
17
Views
7,444
Back
Top Bottom