It comes down to the plant and personnel safety mindset. People that bypass safety equipment most likely don't think far ahead as to what can happen if... scenarios, until is too late.
Force it on, latch it out, or shut down and fix it??
- Thread starter MitsM83
- Start date
It comes down to the plant and personnel safety mindset. People that bypass safety equipment most likely don't think far ahead as to what can happen if... scenarios, until is too late.
My two favourite examples of why it's a bad idea.
#1: Locked out a motor at it's local isolator. Motor kept running. Found the isolator had failed so maintenance had just put line and load wires in the same side, bypassing the isolator, and left it without so much as a "warning" tag. No work orders on that motor for several years, so either it had been like that for several years, or whoever did it knew full well the severity of what they were doing and didn't want it traceable.
#2: plant that washed widgets with deionized water. DI plant had just been replaced and had some issues (one of which was that the code was some of the worst I've ever seen in my life). There were two columns, the idea being that one column ran water to the line while the other performed a regen with acid and caustic solutions. While I was ther on day shift, one column went into regen (which takes about an hour). The second column kicked in, but after 30 minutes went out due to needing a regen too. I was asked to force it to keep running until the other column finished a regen. I asked for something in writing, as this is the last stage of the widget washer and I didn't want my name dragged through post mortem crisis meetings in case of quality failures. No such written directive was forthcoming, so I went about my day ignoring the sirens for the next half hour until the other column came back into service. That night, the same thing happened. The night shift sparky gave in and forced a valve open. After half an hour, the second column came back into service, and the first column started a regen. With a valve forced open. The plant emptied the contents of its caustic tank all over the production line.
I think AustralIan summed it up pretty well. If you know the process inside and out, and have the capacity to make an informed decision which is backed up by higher-ups, and you can document any safety implications of your "temporary" fix, then proceed with caution.
But then, I've been called in to put temporary fixes on temporary fixes that have been temporary for longer than I've been alive, so I don't believe there's any such thing as "temporary"
#1: Locked out a motor at it's local isolator. Motor kept running. Found the isolator had failed so maintenance had just put line and load wires in the same side, bypassing the isolator, and left it without so much as a "warning" tag. No work orders on that motor for several years, so either it had been like that for several years, or whoever did it knew full well the severity of what they were doing and didn't want it traceable.
#2: plant that washed widgets with deionized water. DI plant had just been replaced and had some issues (one of which was that the code was some of the worst I've ever seen in my life). There were two columns, the idea being that one column ran water to the line while the other performed a regen with acid and caustic solutions. While I was ther on day shift, one column went into regen (which takes about an hour). The second column kicked in, but after 30 minutes went out due to needing a regen too. I was asked to force it to keep running until the other column finished a regen. I asked for something in writing, as this is the last stage of the widget washer and I didn't want my name dragged through post mortem crisis meetings in case of quality failures. No such written directive was forthcoming, so I went about my day ignoring the sirens for the next half hour until the other column came back into service. That night, the same thing happened. The night shift sparky gave in and forced a valve open. After half an hour, the second column came back into service, and the first column started a regen. With a valve forced open. The plant emptied the contents of its caustic tank all over the production line.
I think AustralIan summed it up pretty well. If you know the process inside and out, and have the capacity to make an informed decision which is backed up by higher-ups, and you can document any safety implications of your "temporary" fix, then proceed with caution.
But then, I've been called in to put temporary fixes on temporary fixes that have been temporary for longer than I've been alive, so I don't believe there's any such thing as "temporary"
Geoff White
Member
I almost got murdered by a temporary fix. Some moron had rewired the safety contactors to be driven by the PLC with logic using a NO "Safety Tripped" output of the safety relay.
A CB trip powering the safety relay meant the contactors stayed on and the PLC had no idea the guards were opened. The stupid thing is there was nothing wrong with the hardware and it worked correctly when rewired to spec.
A CB trip powering the safety relay meant the contactors stayed on and the PLC had no idea the guards were opened. The stupid thing is there was nothing wrong with the hardware and it worked correctly when rewired to spec.
Some of our products have E-stops with a safety relay. A client called me for an issue with his system. It would not reset from the E-stop after powering up. After a lot of searching and troubleshooting (on the phone, several 1000 miles away) it turns out the safety relay was defect. That doesn't happen every day, they are typically quite robust. So we searched on to understand how that could have happened. Turns out they had hired a local electrician for some repairs or maintenance. Somehow he had managed to fry the safety relay, presumably by patching 230V or 480V into a 24V circuit.
Anyhow, sending a new safety relay would mean a few days downtime, production lost. The site manager asked me on the phone how to bypass the safety relay until the new relay had arrived. I kindly but decisively refused. Followed by an email in which I spelled out why we would not do this. No way I would ever want to be involved in a production system with a patched out safety relay.
Funny thing is, this client had been bugging us way beyond reason on safety back in the time when the system was initially installed by our team, all experienced and qualified staff with an excellent safety record.
Anyhow, sending a new safety relay would mean a few days downtime, production lost. The site manager asked me on the phone how to bypass the safety relay until the new relay had arrived. I kindly but decisively refused. Followed by an email in which I spelled out why we would not do this. No way I would ever want to be involved in a production system with a patched out safety relay.
Funny thing is, this client had been bugging us way beyond reason on safety back in the time when the system was initially installed by our team, all experienced and qualified staff with an excellent safety record.
This reminded me of a field disconnect I found once, where the line was wired on the bottom and the load on the top. We were asked to reverse the rotation of the motor at the disconnect, which is easy enough by swapping the load side phases with the disconnect off. Probably a bad practice to swap rotation like that, but guarantee most electricians do it that way. Anyway, had we not noticed the disconnect was wired upside down, someone would have received a nasty shock. I tell anyone nowadays either lock out the source or at least check the leads with your meter before putting a wrench on the lug.
John Morris
Lifetime Supporting Member
Probably as old as we are Sparky.
Nay I say, and I damn sure aint going quietly.
I Didn't, wouldn't and never will work for anyone who asks me to bypass anything. Our machines can go sideways FAST
A bit harsh John, they will surely find someone who will bypass things, for money...
I would stay working for them, but when they ask, tell them the reasons why you won't risk someone else's life.
Perhaps a strange way to educate people, but at least you get the chance to..
John Morris
Lifetime Supporting Member
Yes Sir Daba
I was there when a woman lost four of her fingers in a 50 ton stamping press, second shift maintenance super and mechanics were responsible, bypassing the clutch interlock. Damn thing came down, went back up, and came right back down again. I won't expound on the results.
I was the first shift maintenance super. We were called up to the carpet quick. I had to explain there was no turn over on the press. It was having know cycling issue, and tickets were in to have it fixed, but it did what it was supposed to do.......FAIL SAFE. Their bypass to get production out caused the fail SAFE ....to fail. On my shift.
No turn over, no report, no lockout. No Sh**
Now see lawyers, they don't care who's under their big WIDE net when they throw. They just want as many as they can get, and ya better have a damn good lawyer yourself.
That little twist cost me seven thousand dollars in lawyer fees, and four night in jail for punching the second shift super in the face. Harsh.......yes sir.
Now Daba, and electronic bypass is as bad as a mechanical bypass. I will walk out at the first hint. ( see there I just saved seven thousand dollars and four nights in jail )
If I have the chance to teach Daba...........I promise you I do!
I was there when a woman lost four of her fingers in a 50 ton stamping press, second shift maintenance super and mechanics were responsible, bypassing the clutch interlock. Damn thing came down, went back up, and came right back down again. I won't expound on the results.
I was the first shift maintenance super. We were called up to the carpet quick. I had to explain there was no turn over on the press. It was having know cycling issue, and tickets were in to have it fixed, but it did what it was supposed to do.......FAIL SAFE. Their bypass to get production out caused the fail SAFE ....to fail. On my shift.
No turn over, no report, no lockout. No Sh**
Now see lawyers, they don't care who's under their big WIDE net when they throw. They just want as many as they can get, and ya better have a damn good lawyer yourself.
That little twist cost me seven thousand dollars in lawyer fees, and four night in jail for punching the second shift super in the face. Harsh.......yes sir.
Now Daba, and electronic bypass is as bad as a mechanical bypass. I will walk out at the first hint. ( see there I just saved seven thousand dollars and four nights in jail )
If I have the chance to teach Daba...........I promise you I do!
cardosocea
Member
I had something similar, except it was one of the contacts on the relay that wasn't working. I went over, and from the several spare contacts they had on that relay, only one was actually working.
When I asked the tech there if he had a spare and I would do that for him, his face went blank. Turns out that no one ever thought that an e-stop relay would be a critical component and there was none in the warehouse.
In my 28 years I've seen or heard of three deaths in the plants I've serviced. I've seen several maimings and some severe burns (work alot with asphalt)...one guy I worked with often over 70% when a tank ruptured. It's a dangerous business and doesn't need to be made worse by circumventing failed devices in the name of productiion. I'm fortunately in a position where I can walk away....I realize others aren't and the pressures of management and a tight economy cause normally rational people to do stupid things. Dont....just dont. It really is not worth it.
Ron Beaufort
Lifetime Supporting Member
a tragic case in point - in the news today ...
http://www.foxnews.com/tech/2017/03...ning-robot-killed-michigan-woman-at-work.html
the news article doesn't mentioned "bypassed" or other such terms - but the thrust of the story is that "safety" should never be taken for granted ...
http://www.foxnews.com/tech/2017/03...ning-robot-killed-michigan-woman-at-work.html
the news article doesn't mentioned "bypassed" or other such terms - but the thrust of the story is that "safety" should never be taken for granted ...
Last edited:
As I see it, there is no one correct answer to this question.
AFI'S, shorted branches, dummy bits, and all sorts of work arounds are common practice in almost every industry. I have, and will continue to use them when the situation calls for it. But that is the crux of the problem. When exactly is the right time to do a quick AFI around a fault or an eye, and when is it the exact wrong thing to do? I was asked once to jump out an oil pressure switch, I did it, and the new switch never got ordered. 3 months and $8,000 later we got the new switch along with the cylinder head it was supposed to protect. I have jumped out door switches, but I was able to chain, and lock the door closed, so safety was not, in my opinion, compromised. I have been asked to jump out other safeties, flatly refused to do so, only to come back the next night and find out that 1st shift had no problem doing what I refused to do. The reasoning is always the same. The line needed to run for this or that reason, we don't have the parts, and there is a 3 week lead time to get them, or insert any other excuse you wish. At the end of the night it comes down to one thing. Is this going to keep anyone from getting home to there family at the end of their day? If you are any less than 100% sure about the answer to that, then it's time to dig in your heels and tell anyone who complains to GFY. It it is a situation that the widgets may end up out of spec, then I let the production supervisor know the risk as I see it, but I will let them make the call. This is always followed by an email to everyone in my address book stating that after I explained the risk to Goober, he made the decision to proceed. I wish I always had the right parts on hand, and the time to put them in, but the reality is, that isn't always the case.
Bubba.
AFI'S, shorted branches, dummy bits, and all sorts of work arounds are common practice in almost every industry. I have, and will continue to use them when the situation calls for it. But that is the crux of the problem. When exactly is the right time to do a quick AFI around a fault or an eye, and when is it the exact wrong thing to do? I was asked once to jump out an oil pressure switch, I did it, and the new switch never got ordered. 3 months and $8,000 later we got the new switch along with the cylinder head it was supposed to protect. I have jumped out door switches, but I was able to chain, and lock the door closed, so safety was not, in my opinion, compromised. I have been asked to jump out other safeties, flatly refused to do so, only to come back the next night and find out that 1st shift had no problem doing what I refused to do. The reasoning is always the same. The line needed to run for this or that reason, we don't have the parts, and there is a 3 week lead time to get them, or insert any other excuse you wish. At the end of the night it comes down to one thing. Is this going to keep anyone from getting home to there family at the end of their day? If you are any less than 100% sure about the answer to that, then it's time to dig in your heels and tell anyone who complains to GFY. It it is a situation that the widgets may end up out of spec, then I let the production supervisor know the risk as I see it, but I will let them make the call. This is always followed by an email to everyone in my address book stating that after I explained the risk to Goober, he made the decision to proceed. I wish I always had the right parts on hand, and the time to put them in, but the reality is, that isn't always the case.
Bubba.
Ron Beaufort
Lifetime Supporting Member
from willxfmr:
I'll go along with you on that ...
to move the discussion along - or maybe to gracefully move on from the topic - maybe we could boil it down to three (or so) categories ...
"temporary edits" which:
(1) MIGHT BE detrimental to the product ...
(2) MIGHT BE damaging to the machinery ...
(3) MIGHT BE dangerous to personnel ...
a true story from my personal experience ...
several years ago, I received a phone call from someone (not a customer) who asked:
yes, he actually said "safety sensor" ...
I wouldn't touch that turkey with a ten-foot pole ... and I've got a pretty good guess as to how they "lost all of their PLC technicians" ...
I'll go along with you on that ...
to move the discussion along - or maybe to gracefully move on from the topic - maybe we could boil it down to three (or so) categories ...
"temporary edits" which:
(1) MIGHT BE detrimental to the product ...
(2) MIGHT BE damaging to the machinery ...
(3) MIGHT BE dangerous to personnel ...
a true story from my personal experience ...
several years ago, I received a phone call from someone (not a customer) who asked:
yes, he actually said "safety sensor" ...
I wouldn't touch that turkey with a ten-foot pole ... and I've got a pretty good guess as to how they "lost all of their PLC technicians" ...
At a local automotive plant the safety guy noticed someone working unsafely inside a robot cell. He told the controls department they needed to install some kind of safety interlock to prevent this from happening. After a brief investigation they found 4 or 5 of the safety interlocks had been bypassed.
The controls engineer refused to install another one. Damn near got fired but he had a point: what's the use of installing another one? They'll just jumper it out.
The controls engineer refused to install another one. Damn near got fired but he had a point: what's the use of installing another one? They'll just jumper it out.
cardosocea
Member
This reminds me of a safety barrier that is actually a spring loaded steel wire connected to a switch. These will normally be installed at least an arms length of the dangerous bits of the equipment to prevent anyone from reaching it.
One of the last plants I visited, the electrician moved these to be right against the body of the machine, thus defeating its purpose and allowing people to put their hands where they shouldn't.
Notified management... but doubt they'll do anything.
Similar Topics
Hi everyone
i have a customer, who wants to show an alarm on the machine, if the I/O forces are enabled and set, on at ControlLogix L81E with...
Hi there,
I'm doing some extensive testing and commissioning with a slew of new Emerson PACSystems RX3i PLCs. It would be convenient to...
Hello all,
I have a question in regards to RSlogix 5000. I am having issues with the program force closing when I try to make online edits. We...
Hello all,
I have some parameter files that I'm using. Most of the tags are direct reference to the PLC, but a couple are HMI tags.
If I change...
Hello all, this is my first time working with a PLC and dealing with hardware, so please have patience with me.
I have an electric rod-style...