Dual Channel Estop Design

[OkiePC]

The other condition that will make you pull your hair out troubleshooting is when the safety contacts get out of sync with each other enough to cause the safety relay to fault due to timing errors. I wish they were less sensitive. The best non contact (door/cover) switches I have seen and worked with that never seemed to suffer from this problem are the a/b sensaguard non contact RFID switches with LEDs, excellent tolerance to misalignment, and they are pretty cheap. We had much better results than with the magnetic ones in areas where they are operated frequently and washed down a lot.

The Ferroguard or any other magnet/reed switches will fail in a random fashion after so many uses even though the contacts are supposed to be locked together, when they die in my experience it has been only one of the 3 contacts to fail first.

 

[Geospark]

Good morning to you, too... so nice of you to let it go after I tried to.

If someone gets caught and you have to hit an estop or pull cord you want to know beyond the shadow of any doubt that it will work when needed.

that is supposed to be the point of the whole matter, and while claiming you would "tear strips of me" ( which I doubt ) you admitted "how they can misbehave"

This is an excellent site, and I do not want to disrespect it with an argument, and after posting what I realized was probably an inflammatory post, I withdrew it, and apologized...but I have no intention of allowing you to rub my nose in anything either, so perhaps you might want to tone it down a bit.... or not ... suit yourself

realolman,

We'll take a step back I think. I made no reference to what you withdrew, I was just pointing out how I was preparing to "get into it" with you, just before you withdrew and apologized, which you should be commended for. I was certainly not rubbing your nose in it. That is not my style. I apologize if that's how it looked or read.

Please don't take it personally. I was going to "tear strips" off your opinion on safety, not you literally. Whether I would have succeeded or not?...we may never know.

"Tear strips" was a reference to how passionately I would have counter argued. I am passionate about safety matters. When I see broad sweeping statements on safety, which, in my opinion, are not backed by anything of substance, I tend to react, passionately.

I then made reference to "Joking aside..." so as to let you know that "tear strips" was meant more in jest as an indicator of how passionately I was going to "go at it" with you. I then pointed out how you could ask the question, why is it safer?, so that your "tone" does not seem so dismissive of safety in general, as in your post #6: "the whole safety schmear has gotten outta hand". This statement is broad and sweeping. If I did "go at it" with you, I would have been attempting to educate you, not put you down, or rub your face in it.

Yes, I sympathized with you on the issues that multiple contacts can raise, but also tried to point out how that is a failing more so of the device, than the concept.

I always try to educate. This is how I post here. I do not post where I do not have the knowledge, or some knowledge, worth contributing, be it information, a correction, or what I feel is a valid opinion. How I go about doing so might not always please some people, but my intentions are always good.

Peace :site:

Regards,
George

 

[Geospark]

Just to tackle this...

...If someone gets caught and you have to hit an estop or pull cord you want to know beyond the shadow of any doubt that it will work when needed.

Tim,

I'd just like to make this point...

Redundancy, which I believe was the topic at the time of this comment, alone, will not guarantee "beyond the shadow of any doubt" that the safety function will be 100% Control Reliable. In fact, nearly all designed Safety Functions have inherent flaws. Devices can fail. Wiring faults can occur. How important these faults and failures are is determined by the level of risk involved. This is why we use Risk Assessments, Hazard Analysis, Performance Levels (PL) and Safety Integrity Levels (SIL), Probability of Dangerous Failure per Hour (PFHD), Mean Time To Dangerous Failure (MTTFd), Diagnostic Coverage (DC), etc. It's about trying to detect, negate, or mitigate the possible failures in the Safety Functions design in an effort to provide, to an acceptable level, the Safety Functions Control Reliability. The higher the risk, the higher the reliability needs to be. These failures are known as Common Cause Failures (CCF). Redundancy, is one countermeasure for CCF, as is Diversity, Segregation, Environmental, etc. Diagnostic Coverage (DC) is an important factor in the level of fault detection available.

A combination of the above, as well as other factors, goes toward reducing the probability of failure, as required by the Risk Assessment. This, essentially, is what reduces the doubt which one might have as to whether or not the Safety Function will perform when called upon.

Regards,
George

 

[Geospark]

I see far more "fail open"s and broken wires than welded contacts and short circuits...especially with safety gear. Yes, it is only my experiences and my opinion, but I see N.C. contacts as a favorable choice for stop signals as a general rule of thumb.

Paul,

Just so you're not misreading me here. I am not arguing in favour of N.O. contacts. I'm not arguing in favour of either. Again, they both have their pros and cons. I am more pointing out that it's a moot point. It doesn't matter which is used per se. We will all have our wiring preferences at the end of the day, but it is not mandatory for either/or on an E-Stop auxiliary.

I got the feeling from the opening post, even though not stated, that Tim felt that they should be N.O., for some good reason that escaped him, as this is what he has mostly seen before.

The other condition that will make you pull your hair out troubleshooting is when the safety contacts get out of sync with each other enough to cause the safety relay to fault due to timing errors. I wish they were less sensitive. The best non contact (door/cover) switches I have seen and worked with that never seemed to suffer from this problem are the a/b sensaguard non contact RFID switches with LEDs, excellent tolerance to misalignment, and they are pretty cheap. We had much better results than with the magnetic ones in areas where they are operated frequently and washed down a lot.

The Ferroguard or any other magnet/reed switches will fail in a random fashion after so many uses even though the contacts are supposed to be locked together, when they die in my experience it has been only one of the 3 contacts to fail first.

Ferrogard sensor - this is the very device I had in mind when I was going to reply to realolman.

This is an excellent example of devices failing at the contact level, which many of us have suffered, I'm sure. I have used several Ferrogard magnetic non-contact sensors in the past where either the channels are good, but the auxiliary is letting you down, or the auxiliary is good, but one of the channels is letting you down. Very annoying and difficult to sort, especially on doors that have a lot of play in them. I just chucked another one in the bin last week. The Sentinel 1 non-contact switches before the Ferrogard were even worse.

The Ferrogard sensors have been discontinued since 2007, replaced by the superior SensaGuard. They have a larger sensing range (up to 18mm) and a higher tolerance for misalignments. I have set about replacing any troublesome Ferrogard with SensaGuard as and when I can.

Regards,
George

 

[Geospark]

Forget the NO/NC argument.

Wire each device to programmable safety device and you won't need a third contact to detect which button is pressed. In to the bargain you'll get checking of shorts between channel etc. and 100% diagnostic coverage for EN13849 (which you'll never achieve with a daisy chain estop system). Not sure of the regs accross the pond...

Nick,

While I agree that that's a far superior setup, it is not always practical, cost-wise, to place each emergency stop device on its own "programmable safety device". This would be getting up to Catagory 4, which may not be required at all. Of course, if a Risk Assessment deems it necessary to do so, then there is no argument. But in Tim's case, this is an existing setup which is at Catagory 3, as daisy-chaining is limited to Catagory 3. To change this out to your suggestion would be nice, but hardly practical in this case.

Regards,
George