Machine Safety Question - Keeping Pump On after ESTOP

Hi,

We have a machine that's fairly new on site, but has been designed fairly badly from a controls perspective. One of my concerns is that the big robot picks up an 80kg sack using 2 vacuum suckers. If the machine is stopped due to a guard being broken, the robot will hold this sack high up and an operator can walk around the inside of the cell and under the sack which could be about 6 feet above them. The vacuum pump obviously stays on to hold the sack. If someone was to hit the e-stop the vacuum pump will stop and then drop the sack. If someone was inside the cell, this could obviously cause an injury.

With this case, would it be normal to not drop the supply to the pump contactor when the e-stop circuit drops out? There is a lock off isolator close to the pump, so that should cover any engineer wanting to work on it.

Thanks

Was there a Hazop performed for this machine? There should have been and personnel safety should be the first concern. This would determine what needs to happen when and why.

This is an example of a machine part that must NOT be powered down by an E-stop.
Another example is the electro-magnet on a scrap metal crane.

If during normal production the vacuum pump does not create a risk by itself, then it is not necessary to stop the vacuum pump.
It may be necessary to have a repair-switch for the pump or the entire machine.
Since the vacuum may hold up a load when someone cuts the power, there should be signage at the switch and documentation for the user, that no person must be under the suspended load when the repair switch is opened.
And... since there can be a power outage at any time, if that can cause the load to drop on a person, then there must be signage and instructions (*) for the user about that risk.
*: Something along the lines, that no person that have not received special safety training may be near the machine.

Since this for a robot, I guess that the entire area is fenced in ?
And then there are doors to the dangerous area with safety locks that are normally locked and must be unlocked actively by the safety system, when the robot has come to a safe stop ?
An additional precaution could be to delay the opening for so long that it allows the vacuum to drop and a load to fall harmlessly to the floor.
It wouldnt affect the E-stop or repair switch considereations though.

edit: And some robots use Safe Slow Speed with a handheld enabling device, to allow an operator to be near the robot while it is moving at a harmless slow speed. In that case there is an issue with that a person can be under the suspended load if there is a power outage and the load drops.

Safety is a minefield but in general, all attempts should be made to "ENGINEER" out all safety issues, if this cannot be achieved then procedures need to be in place and personnel be trained. In this situation I would suggest that the guards should have electrically operated bolts that can only be released when the equipment is in a safe position. Only maintenance personnel should be allowed to override such access when fully trained etc. Electrically operated door bolts will not retract until the machine is put into a safe position i.e. the sack is lowered and sensed as such or some form of restraint to stop the sack from falling in the event of e-stop or power failure.
Many machines I have worked on have lock bolts to "LOCK" equipment in place or need to be in a safe position before allowing the guards to be opened.
I think your company needs to do a risk assessment on this machine ASAP.

As said normally the pump should stay on when e-stop is pressed. That would cause bigger danger than keeping the pump on (im pretty sure, naturally has to be analyzed by the case.

Second thing is, the robot cell must be fenced with locks. Normal "pause" "stop" etc. operation should allow the robot to stop and the locks be opened only on designated phases of the movement. It can be also set to move to certain safe position before opening.

In this case it definitely sounds, there should be modification on the program so that the robot would move always so that the load cannot be dropped on top of anyone when stopped.

Hi all,

thank you for all your great replies.

The robot cell does have a fence around it with key locked guard doors, but it also has two light guards for the entry and exit of the pallets. So with all the best programming in the world you can't really prevent a person from stopping the robot by breaking a light guard, leaving the sack held up in a dangerous position. Also, they seem to take the guard lock key out too early most times, stopping the machine before the controlled stop has finished.

The robot head also has two large grippers that operator via pneumatic cylinders. The air does drop when a guard is broken, but a bag could potentially be held there under gravity, but there are no guarantees.

it sounds like the options are either to kill the vacuum when the guards are broken, which could only potently damage equipment, or to keep the vacuum on at all times unless isolated by an engineer.

I hadn't thought about loss of power too, so that is another concern. Thank you.

I've waiting on all the safety documentation to see if this problem was assessed properly.

Again, The guard lock should be the type where the key cannot be removed until a signal from the controller allows it, this way the key cannot be removed before the control system has placed everything into a safe position. Some of the machines I worked on had a safety relay that if the e-stop was pressed, it delayed the release of the guard to allow certain shot bolts to release before the guard cold be opened.

I'm not sure of the safety rules in your area but here in Ontario, Canada the rules are pretty much cut and dried - not always followed but that's another story. As noted by many, a risk assessment MUST be done. This should involve the cell designer and integrator, your maintenance staff and operations personnel to try to identify and engineer the "what ifs" out of the equation. All situations must be covered - E-stops, re quested controlled stops, idle time if interlocked with other equipment. Keeping air/vacuum supplied to part of the cell under an e-stop is not unusual. Try to eliminate the need for a controlled stop with the load elevated. If a "request to enter" is generated with the load elevated, have the robot move its load to a safe height position BEFORE allowing the door solenoid change state. I've seen too many air lines /vacuum systems fail to trust only them with my life.

You also need to question whether the pump itself could be a reason for the Estop If so do you want two Estops and the operator to have to think which is it, or one?

IMO (which (legally) counts for nothing!), no 'safe' system should count on Utility power being maintained. Stuff Happens, and you could lose incoming power to the plant at any time.

I'm by no means a safety designer, or anything remotely close, but lives matter.

Gene Bond said:

IMO (which (legally) counts for nothing!), no 'safe' system should count on Utility power being maintained. Stuff Happens, and you could lose incoming power to the plant at any time.

Click to expand...

There are applications were this is not always possible. For example the electromagnetic scrap crane I mentioned earlier.

That's my point, without lowering the load to the ground (or over an area safely out of the way), there's not much you can do to ensure a safe passage under the load.

you cannot predict when the plant will loose power !
therefore, you MUST have a protective fence around the area that will NOT allow anyone to open the safety door while the robot is not in the home position. can an upper flooring be installed where the sack will travel?
by that i mean you have an area with the floor painted red where the robot picks up the sack, the robot lifts the sack above the protective floor and moves it to the unload area, you then have another red painted floor area for the robot to lower the sack. if you hit the e-stop, loose the vacuum pump, or loose plant power, the danger area is marked and the protective deck will catch the sack.
regards,
james

We have done a few robot cells but instead of a 80kg bag we dealt with 5kg bags of empty milk bottles. I designed it to drop the bag on an estop / light guard.

My train of though was there never would be a situation whereby somebody could be in the cell with a bag still on the head, it didn't matter, additionally the 5kg bag was never going to harm anything in the cell when it did drop ie the conveyors and stillages it was stacking them on.

Having an 80kg bag suspended when there could be people in the cell, to me is a cause for concern. Even with a UPS or backup generator or whatever your facility has against blackouts, there is always a very infrequent risk and the severity is obviously high with that sort of weight.

I see it as you have 2 options, drop the bag but then dropping an 80kg bag like a stone could cause damage to your infrastructure inside of the cell, thats a fair weight and only you can access the potential damaged it could cause, but it does remove the risk from humans.

Set up a safe zone around the light guards, so the robot will go to a safe position at a safe speed if anyone enters this area, yes movement is permitted when light guards are broken, but the robot must move at a slower speed iirc it's about 250mm/s, the bag can them be placed somewhere safe in case the scenario arises that an Estop is pressed when someone is in the cell.

This is a safety function though and generally would require an additional option card to facilitate the safety input, and they generally don't come cheap for ABB it was around £3k for this option. You can't just make the robot go slower on a digital input, this is not safety rated, you must use the card.

Either way, I think you are going to set for a p!ssing contest with the Robot OEM / SI.

When we designed our first robot cell, we hired a specialist industrial risk assessment guy for a day to go through our own risk assessments, findings and implementations to check we are on the right track. He was very helpful and not surprisingly, very good at at it! From memory he charged about £700, which turned out to be well worth it.

This is something I would consider if I were you, it will certainly help arm yourself with getting the original robot installer to make changes.

A risk assessment, at the end of the day, is just a set of someone's opinions, but dangling an 80kg bag that folk can walk under and just hope the power doesn't fail or that clumsy operator doesn't hit the Estop, seems like someone has missed a trick.