CaseyK
Member
Welcome chamo_plc
You will get a much better response starting a new thread for this.
regards.....casey
You will get a much better response starting a new thread for this.
regards.....casey
PLC for safety related systems
- Thread starter leitmotif
- Start date
elevmike
Member
chamo,
go to the top or bottom of this page and click on "Live PLC questions and answers" then go to the top of that page and click on "Post Topic" This will start a new thread with the title relevent to your question. Your more likely to get a usefull response then posting in another thread like this one who's topic has nothing to do with your question...
Welcome to the forum...
go to the top or bottom of this page and click on "Live PLC questions and answers" then go to the top of that page and click on "Post Topic" This will start a new thread with the title relevent to your question. Your more likely to get a usefull response then posting in another thread like this one who's topic has nothing to do with your question...
Welcome to the forum...
safety systems
The issue first of all is design (as mentioned above). Normally you would be expected to perform a system assessment to determinate the safety integrity level (SIL) required for the applications. An independent accredited 3rd party (consultant) is normally used for performing the initial assessment and for checking the final design at the end (to satisfy statuary regulations) … assuming you’ll be doing the design and programming (of coarse you could be the consultant and someone else the designer).
I have commissioned lime and cement kilns and co-generation plants and in all those jobs have used safety PLCs. The main difference is that after commissioned (unlike a normal PLC) the safety PLC becomes a black box … if future modifications are required then the whole process of certification will have to be repeated (i.e. GAS authority will be involved) no matter is the modification is as simple as a change on a timer preset. Procedures will have to be created to control access to the safety PLC program and configuration after commissioned.
By the way AB CLx can achieve accreditation up to SIL2 (especial order) with firmware revision 11.35 or earlier … we commissioned a CLx safety system (anti-collision) for a coal stockyard.
Regards,
LJAM
The issue first of all is design (as mentioned above). Normally you would be expected to perform a system assessment to determinate the safety integrity level (SIL) required for the applications. An independent accredited 3rd party (consultant) is normally used for performing the initial assessment and for checking the final design at the end (to satisfy statuary regulations) … assuming you’ll be doing the design and programming (of coarse you could be the consultant and someone else the designer).
I have commissioned lime and cement kilns and co-generation plants and in all those jobs have used safety PLCs. The main difference is that after commissioned (unlike a normal PLC) the safety PLC becomes a black box … if future modifications are required then the whole process of certification will have to be repeated (i.e. GAS authority will be involved) no matter is the modification is as simple as a change on a timer preset. Procedures will have to be created to control access to the safety PLC program and configuration after commissioned.
By the way AB CLx can achieve accreditation up to SIL2 (especial order) with firmware revision 11.35 or earlier … we commissioned a CLx safety system (anti-collision) for a coal stockyard.
Regards,
LJAM
dsgrijalva
Member
- Join Date
- Jan 2005
- Posts
- 3
Hi,
Perhaps there is a missunderstanding of what safety should be. All the equipments sold by any Automatitation or Control brand is always tested under several conditions, all of this to comply with standards, UL, CSA, IEC, etc.
The apllication is the key. Any design cannot be perfect or cover all possible failure conditions, it could so expensive if we want that a product be under this concept.
I work for perhaps tha biggest control & automatitation brand overseas, testing all its products under UL, IEC, CSA, NEMA standards and something that I realized is that equipments always have weaknesses, so it´s impossible and not logic to ask for a product be almost perfect. No one will pay for it. Keep it in mind, try to realize what could be the limitations of the products.
Regards
Perhaps there is a missunderstanding of what safety should be. All the equipments sold by any Automatitation or Control brand is always tested under several conditions, all of this to comply with standards, UL, CSA, IEC, etc.
The apllication is the key. Any design cannot be perfect or cover all possible failure conditions, it could so expensive if we want that a product be under this concept.
I work for perhaps tha biggest control & automatitation brand overseas, testing all its products under UL, IEC, CSA, NEMA standards and something that I realized is that equipments always have weaknesses, so it´s impossible and not logic to ask for a product be almost perfect. No one will pay for it. Keep it in mind, try to realize what could be the limitations of the products.
Regards
I agree that there isn’t a perfect design (neither a perfect world) … but my understanding is that if an accident occurs you will have to demonstrate that you did an assessment base on international standards (i.e. IEC61508/IEC61511) and your design follows all logical steps covering the basis … now your design could have overlook few critical details or was based on some wrong assumptions (human error) but as long as you can demonstrate that logical procedures were followed your are most likely to be exonerated.
One thing you cannot use in your defence is cost … if the risk assessment output a safety integrity level 4 for instance you’ll have to implement a SIL 4 design (or shutdown the plant). Course as everything in live there are ways around … the risk assessment outcome depend entirely on the perception of the people involved in the process. The paradox of risk assessments is that they have a qualitative component, which means that different people can reach different conclusion analysing the same application (base on their personal experiences and knowledge). Many companies I know use these qualitative approaches … many condense the standards in a limited set of rules and matrixes to simplify the process of the risk assessment (all perfectly legal).
Cheers,
LJAM
One thing you cannot use in your defence is cost … if the risk assessment output a safety integrity level 4 for instance you’ll have to implement a SIL 4 design (or shutdown the plant). Course as everything in live there are ways around … the risk assessment outcome depend entirely on the perception of the people involved in the process. The paradox of risk assessments is that they have a qualitative component, which means that different people can reach different conclusion analysing the same application (base on their personal experiences and knowledge). Many companies I know use these qualitative approaches … many condense the standards in a limited set of rules and matrixes to simplify the process of the risk assessment (all perfectly legal).
Cheers,
LJAM
In the UK the machinery safety reglations are derived from the EU "Machinery Directive" but the actual law is formed by a statutary instrument called "The supply of machinery regulations". These regs tell a machinery manufacturer what has to be done to make machines to be considered "safe" but they don't say HOW. In theory you can do it any way you like but the bottom line is that you may have to stand up in court charged with manslaughter and say that what you did was safe. So all the hundreds, if not thousands of standards for machine building are there so that you can say "I did it in accordance with BSEN 60204" or whatever and that was the best way to do it. You can still do whatever you like but you better be able to prove what you did was safe and in accordance with the law. It is a lot easier to get out the relevant standards and just follow them to the letter.
If you are buying and using machinery there is another statutary instrument "The provision and use of work equipment regulations" that works in the same way.
If you want to sell machinery in the EU then it has to be CE marked, which is another can of worms.........
If you are buying and using machinery there is another statutary instrument "The provision and use of work equipment regulations" that works in the same way.
If you want to sell machinery in the EU then it has to be CE marked, which is another can of worms.........
Last edited:
I have seen curiously enough how safety standards have been changed in the past 7 years from a prescriptive form to a more general “guidelines” form (perhaps to protect those that create them from law suits). Standards like IEC61508 and IEC61511 give you general guidelines (engineering best practice) but they don’t tell you what to do (unlike standards like NFPA 85x) … they pass the responsibility to the engineers & process/design people involved. Perhaps recognising that there is not a fixed set of rules that suit every application and that not one knows better the hazards involved in a production process that the people that work there day in and day out. Consequently every risk assessment (analysis) will be affected by the perception, knowledge and experience of the people involved … that’s why I was saying earlier that two different groups of people (working isolate from each other in the same application) could identify different hazards, assign them different severities and reach conclusions that ultimately could determinate different SIL levels.
Cheers,
LJAM
Cheers,
LJAM
Going back to the subject of SILs here is a SIL calculation from a real application. This is based on IEC 61508 and looks at the whole control system including the Machine Primary Control Elements (MPCE) which are not a feature of such standards as EN 954 -1 which deals with just the safety components of a machine i.e CAT 1 to CAT 4. this calculation establishes the overall likehood of a failure of the machine safety system including components that are not "safety" components but nevertheless form part of the safety system i.e. the main contactors.
chris2019
Member
I don't know if I'm talking about the same thing, but to be safe a safety system usually requires wiring double (redundant). So a normal PLC signal with it's single wiring doesn't cut the mustard safely. Unless you have (in effect) two fieldbuses communicating the same information redundantly. This is how most of the "safe" fieldbuses work, piggybacking a double wiring over the top of the normal fieldbus. Hence safe PLC's and safe fieldbuses.
Similar Topics
I've ready through the the previous posts, and we've worked with safety design for a long time.
In the past, we worked with Pilz directly, and...
Hello, I have been programming with Logix for over 2 years now, my current job just put me on a job where we had to change some of our original...
So I'm still a little new to LC muting, and currently do not have a test bench.
THE SITUATION
My LC function is set to manual reset. I mute the...
Hi guys,
This my first time posting hope I get help in my issue..
I have Allen bradley control logix safety PLC (1756-L61S) connected with...
Good evening,
I'm primarily a Siemens user, but I have an incoming project where I need to use Allen Bradley everything.
So far I know that the...