Machine Safety: Pausing Index Table?

chakorules

Member
Join Date
Apr 2002
Location
Huntington, IN
Posts
194
Oh great and many wise ones of plcs.net... I have a safety question and wondered how most of you handle this situation.

Let's say you have a machine that is an automatic dial table on an indexer, and there are pneumatic pick and place heads on the dial. The dial has 16 stations let's say. And you have a bit shift register that tracks your parts etc around the dial table.

Your dial table is completely guarded with Lexan and has four access doors on each side. You want to design a safe system so naturally you would tie your door switches into your E-stop circuit that would blow the CRM (control master relay) and dump the system air at the same time when a door is open. This is the best and safest way always in my opinion. But makes restarts a nightmare depending on your valves (single or double) and generally if you drop parts have to clear your entire shift register on the table and throw away 16 parts on the dial which makes the customer unhappy…

Let's say that your customer asked you to design a “pausing” machine. I.E when you open the door, the machine pauses or holds motion until the doors are closed again. Obviously there are some safety issues involved here.

I know that you guys have had this situation come up, how have you handled the situation?

Do you decline totally from the customer request to design a pausing machine and say TOUGH you loose 16 parts every time you open the door instead of pushing cycle stop FIRST before you open the door?

Do you design a control system that will work?

Do you cheat and put your inputs into your PLC and program “DOOR_OK” bits in your program to pause the machine and get a signed waiver from the customer?

If you design a control system that will work, what is your method of safe controls for the above situation?

If your 16 station pick and place has single solenoid valves and you dump the air on an e-stop, upon restart if you have a gripper you will drop the part on a pick and place head. If you design all double valves in every motion and still dump the air, the chances are better for an auto recovery but who's to say the gripper won't still drop the part...or someone gets in there and pulls the part off the gripper.

Or do you guys NOT dump the air, and only kill the output power only?

Just curious what your methods are. Seems challenging in trying to design a system that is safe, make the customer happy, and follows the NFPA 79. I’ve always voted dump the air, but I wondered what your ideas are IE.

SAFE:
Door switches = E-STOP (CRM circuit)
Dump Valve releases = CRM
Output power shuts off = CRM

OR:
Door switches = E-STOP (CRM circuit)
Dump Valve = PLC controlled
Output power shuts off = CRM

OR:
Make up your own?
 
First of all, I never let the customer get involved in system design at this level. A waiver wouldn't mean much after someone lost an arm, because they supposedly hired you to be the expert, and an expert wouldn't do something unsafe. I would do it the way it should be done, and if they want to change it on their own afterwards, that's their problem. But no way would I knowingly be any part of an unsafe machine.

And, from the looks of it, it seems like you are doing it correctly anyway. As long as they open the doors after a "cycle stop", they don't have a problem, right? My guess is that after they open the door during a table index a few times and have to clean up the mess, then they'll get the idea. Typically, with the rotary tables I've worked on, I will not air-down the entire machine if they open the door after the table has indexed to a home position, and they have explicitly switched the machine to manual mode. But you would have to make that determination based on the actual machine.

Of course, it is your responsibility to absolutely minimize the scrap, and you should retain any parts you can (maybe some parts were between active stations and were not affected), but there will undoubtedly be some rejects that you can do nothing about.
 
Why don't you put door switches with solenoind valve so you
can (or PLC) prevent them from accidentally getting inside the
area while cycle is active? Why and when do they need access?
 
A waiver wouldn't mean much after someone lost an arm, because they supposedly hired you to be the expert, and an expert wouldn't do something unsafe.

Good point. I never said I would allow them to sign one, but it's been suggested...I don't like entertaining the idea either.

Typically, with the rotary tables I've worked on, I will not air-down the entire machine if they open the door after the table has indexed to a home position, and they have explicitly switched the machine to manual mode.

Does this mean that your dump valve is NOT connected to the CRM circuit? Or do you have some other means of hardwiring to keep the air enabled if the index table is home? Can you expand a little bit more here on the details of your air down approach?

f course, it is your responsibility to absolutely minimize the scrap

Your exactly right, it's my responsibility to train them to press the cycle stop FIRST then open the doors to minimize scrap, but the customer is asking for a pausing feature in the machine in such a way that the doors act as a "cycle stop" but allowing an operator to pass the hard guarding I.E ( the lexan door )... I've been in the field long enough to see that other machine builders have designed "pausing" machines based on door opening and closing without losing any product, without dumping the air...I wondered how they can met all the NFPA 79 requirements and go to sleep at night at the same time ;-) Must be a "Touchy" issue.
 
It sounds to me like you have two inter-related issues. The first is how do you make the machine safe to work around when it is paused. The second is how do I tell the plc where the machine is after a pause.
I think your idea of double solenoid valves on the grippers is a good one. If you use 3-position closed center valves the grippers should maintain their grip on the parts (assuming the customer can keep up with air leaks). Granted, you have stored energy in this case. The question at that point becomes 'Can the stored energy actually hurt someone?'. Are the parts heavy enough that if they fall on someone that someone will get hurt? Can the grippers clamp tightly enough that they will hurt someone? These points as much as any will determine what you can and cannot do.
As for the second part, you stated that even with double solenoid valves you don't know if the grippers will maintain their grip in the parts, which is true. You may be able to directly access the shift register bits and give the operator a way to tell the plc if it's picture of the machine state matches reality. If a part comes loose the operator can then tell the plc that it did.

Keith
 
I think your idea of double solenoid valves on the grippers is a good one. If you use 3-position closed center valves the grippers should maintain their grip on the parts (assuming the customer can keep up with air leaks).

That's a good idea, but the key word is "air leak" I bet. If you have an air leak on either side of the cylinder with a 3 position center blocked valve doesn't that cause the cyclinder to move voilent when air is reapplied? I think I've seen that, it doesn't look too pretty.
 
How about locking guard door interlock switches (I think this is what panic mode was illuding to).

Then the PLC can control the stopping of the table and determine when the operator get's access to the area. i.e. when it is safe.
 
Well, perdner, I don't know diddly squat about indexing machines, but ya has to look at the consequences of dumpin' or not dumpin pressure on each station. If not dumpin' is inherrently unsafe, then screw the scrap and dump. I suspects, though, thet not dumpin' will be jist as safe in most cases.

Fer example, I used t' design arial work platforms, whut put a feller up 60 feet in the air. When the "deadman" switch was realeased we didn't dump hydraulic pressure - thet would have been unsafe. We jist locked everything in position.

Don't get caught in th' trap of tryin' to cover every possible simultaneous interaction of mulitple failure scenarios. Ya has an obligation to make the machine safe fer normal and forseable errors and problems, but it is impossible t' cover simultaneous earthquake, fire, flood, and meteor strikes. Thet is where engineerin' judgement comes in.
 
Why don't you put door switches with solenoind valve so you
can (or PLC) prevent them from accidentally getting inside the
area while cycle is active? Why and when do they need access?

For some reason..I really like this idea. The dang STI switches called "atlas" cost alot of money, but cheaper than the cost to repair someone's "arm"...I thought about this once but never tried it, I think this is probablly the best solution. Lock the doors and "MAKE THEM" press the cycle stop. Great solution. If I think of a problem with doing this, I'll post back, but so far I've thought about it now for about three hours and can't come up with any reason why this would not work other than the customer complaining...screw them complaining....right? lol.....

So basically that still does not give them the "pausing" mode they asked for when a door is opened, it just makes sure that the machine is cycle stopped before dumping air. Really I am enquiring about other machine builders that have machines or designed machines that pause when the door is opened and not locked. I am questioning this design pratice. I know you guys have seen this too...or am I the only one?
 
Last edited:
The problem might not be clear to me: When you say that they have to do a cycle stop first, do you mean they have to complete all of the in-process parts and clear the table, or do you mean they have to let the machine finish indexing? If it's the former, then I offer more of an explanation below. If it's the latter, then I think you are already doing what I recommend. :)

Does this mean that your dump valve is NOT connected to the CRM circuit? Or do you have some other means of hardwiring to keep the air enabled if the index table is home? Can you expand a little bit more here on the details of your air down approach?

Yes, the dump valve was connected to the CRM circuit, but under certain conditions they were allowed to open the door without dumping the air:

1) The table had to be at home position. I wouldn't compromise this, because some tables will move easily while in the partial-index position, and someone could get hurt if their hand was on a fixture while the table shifted. Many tables lock in mechanically when in the home position, so it is inherently safe.

2) Only one door could be open at a time. This prevents two operators from being around the table at the same time.

3) Before opening a door, they had to move a selector switch on the operator panel from the Auto to Manual mode position. This makes them think about what they are doing a little bit, and forces them to do something to re-enable the machine after closing the door again.

If any of these conditions are not met, then I air down the machine.

Of course, the manual switch and home position switch were parallel to the door circuit, but I used true safety relays (made by Pilz ). Those machines indexed ten of millions of times, and no one has ever been hurt.

To be honest, I would think it would be more dangerous to air down a machine every time the door opened. How would an operator make a machine adjustment? If there are two many restrictions, they will just cheat the system anyway, so my goal was to always give them a reasonable procedure that would allow them to make necessary adjustments and recover quickly from errors without making scrap.
 
One option for you to consider is using separate relays for the gaurds in addition to an e-stop or MCR. This way opening a door can stop the machine without dumping the air. We have machines wired this way and at least in our case I don't see any safety issues. The e-stop circuit shuts off all power to the I/O's and gaurd relays. The gaurd relays stop the machine and prevent it from running but leaves some things enabled. This might give you the 'pause' mode your customer is looking for.
 
How do you confirm that an air dump has occurred ?
For projects i have been working on lately i have been installing safety pnematic valves from a company called FluidSentry, this option might be on the expensive side. Here is a link to there site
Fluid Sentry Link

Also I would use the solenoid locking gate switches as previously mentioned. :D
 
Just briefly read the previous posts, and from my perspective as an OEM::

Safety of the system is your responsibility , I don't know how the law works where you are but if I supplied a system that was not safe I would be legally responsible !!!!!, People can NOT "Sign off" on safety matters as fundamentally you can not sign your rights away, so therefore even with customer consent you are always liable ".

On the matter of Stored energy, the system shall always be designed as to "Hold Parts" in the event of an E-Circuit fault occuring. When I briefly read the previous about 3-position valves etc, it represented that the stored energy was Pressurised air to some degree. Generally in most cylinders that we use that operate in the Z-Axis we will use Port locks or check valves, these do not store pressurised air to the same degree as they hold the cylinder release or exshust air trapped in the cylinder hence it cannot fall.


Hope I haven't missed the point.......

Cheers
 
We have a machine in the commisioning stage at the moment that sounds very much like Chako's. Rotary table, 6 stations. Registers that follow the part around the table to indicate test status. There is only 1 station with a pick and place, the rest are test stations where the testing probes come to the part. The one Pick and place picks up the parts and moves them into a cropping station-- a hydro-pneumatic cylinder there creates about 15 tonnes of pressure to chop a few bits of metal out from the middle of the part.

Now, if a part were almost into the cropping station when air was dumped, it could fall into the cropping station in a wrong orientation. If the operator didn't clear it and started the machine again, that 15 tonnes of pressure could come down in the wrong position and do a fair bit of damage to the tool. Our solution was to have the vacuum valve that was holding the part be wired before the dump valve, so that if a door was opened at the wrong time or emergency stop pressed, the vacuum would stay on, while all the other valves dumped. Our reasoning-- the vacuum is not going to harm anybody, but there could be serious damage if a part got loose in the machine. Sure it might be annoying to have the vacuum hissing away while the rest of the machine is stopped, but nobody should be opening doors at the wrong time....

I have a battery backed bit that sets when the part is picked up, and is only reset when the cycle is complete. If this bit is on when the machine is reset, the station will place the parts back on the table without passing them.

As to scrap, why would you scrap all of the parts on the table? Most are probably good parts (or there is somnething wrong with the production, but that is another issue!). I have programmed the machine so that if a stop occurs, a value is written to the data register and when the part gets around to the operator (the machine is manual load/unload- they wouldn't pay for the automatic station...) the operator can either reject the part or just leave it on the table for a retest. This extends the reset time-- the table must index up to 6 times before new parts can be loaded, but it does cut down on scrap.

I have used the locking solenoids on a few machines before and found them very handy. The best solution I saw was one one line with 4 seperate machines, each station had their own locking interlocks that would only open if a local switch was turned off. This of course broke the local saftey relay as well. But even if the main emergency stop was pressed, the switch still had to be turned off to access the station, making whoever did it think that little bit more, and take a little bit more responsibility. I would recommend the Guardmaster Spartans, compact and simple to use.
 
I ALWAYS dump air. No if, ands, or buts. Air also ALWAYS comes on through a soft-start valve so you don't get the "BANG" as cylinders return to their home positions. Beyond that point, you have to look at each project individually. I think I have done ALL the methods suggested so far at one point or another over the years. Pilot-operated check valves, vacuum normally ON, etc. to make the machines more capable of recovering from a stop.

I look at it this way... If the door has been opened, then someone has likely been in the machine. Now, what have they done while in there? Have they added/removed parts? Have they moved cylinders, etc. by hand? You don't know!

When the machine is started after a door was opened, you only have the information from sensors to work with. Operators can be (and usually are) STUPID. That's why it's important to have some sort of initialization routine to get the machine to a 'known' state.

I differentiate between a 'normal' stop, and an 'emergency' stop. If someone yanks open a guard (or hits an E-stop) while the machine's cycling (I call this a 'hard' stop), I may run a different routine than if the machine was properly stopped before opening a door. A 'normal' stop may allow allow some processes to continue after a restart, while a 'hard' stop might clear out the machine before feeding new parts. A 'hard' stop also triggers a fault like "Emergency Stop(s) Pressed During Cycle", which has to be reset before the machine can be restarted. Stop the machine 'nicely', and you won't have to go through this extra step... ;)

Again, it all depends on the machine. You have to strive to build a machine that's incapable of damaging itself, no matter what those (stupid) operators do to it... :rolleyes:

beerchug

-Eric
 

Similar Topics

First off I know this can get very involved so I will attempt to respond with whatever questions you guys have. I know this is a very loaded...
Replies
5
Views
2,399
We are buying some duplicate machines from overseas (one from Asia and one from Europe). Both of these machines don't have pneumatic lockouts...
Replies
19
Views
6,897
Hi, We have a machine that's fairly new on site, but has been designed fairly badly from a controls perspective. One of my concerns is that the...
Replies
14
Views
3,167
Anyone know a good source to see some wiring examples of machine safety systems ? Just for reference... My lower rated systems with low access...
Replies
13
Views
5,589
Hi, I'm reading up on the ISO 13849-1 and have downloaded Sistema to evaluate the safety circuits and develop my skills. I have a question about...
Replies
18
Views
5,053
Back
Top Bottom