Two Step Start?

[JankyPLC]

Based in the US, machines sold in the US. What are your thoughts, or does anyone know of any standards regarding multi-step machine reset and start?

The basic debate is whether an Auto/Manual Selector Switch AND a Start Button is needed, or if it's acceptable to combine them into one button where pressing switches between Auto+Starts Machine, and Manual Mode.

In both instances there is a separate reset button which needs to be hit to clear Safety Faults.

One camp says Reset + AutoStart = 2 steps, the other says Reset doesn't count and Auto selector + Start button = 2 steps. Does anyone know if there is even a requirement in the US for a two step start, and if so do both, either, or neither of these meet that requirement?

 

[JaxGTO]

The cost of HMI screens are so low now it really doesn't make sense to use hardwired buttons. Except maybe for safety circuits.

 

[joseph_e2]

My understanding is that the 2-step process is for safety resets. For mechanical power presses, there's also a requirement to "arm" continuous mode before starting it. That's a special case, though.
Personally, I think I'd rather have a second "start cycle" signal after selecting auto mode. I don't think I've ever seen it where selecting the auto cycle automatically starts the cycle, but I don't know of any official standard that rules against it.

 

[I_Automation]

I agree with Joseph


Mode selection and start should be 2 separate operations. Someone is going to press Auto a few minutes before they are ready to start and the machine would start unexpectedly.


Plus, as for mode selection, it doesn't need to be cleared on an E-Stop or fault - the machine can stay in either mode.
EDIT: Unless for some operation it has to be put in manual mode to get things ready to run, then manual can be defaulted to on reset.

 

[James Mcquade]

you might want to look at NFPA 79 - electrical standard for industrial machinery. i don't have a copy handy at the moment.
james

 

[jraef]

First off, I like to keep the "Safety" shutdown / reset functions separate from the control functions. Machine safety is an entire field of endeavor all by itself, tied directly to the machine type and operating systems and involves a lot of other complexities.

As to "Manual / Auto" functionality, it is a generally accepted practice to not allow automated restarting, say after a power failure, unless it is a totally unattended operation with no human interactions. So in your "auto" functionality, that requirement for a "Start/Run" command is going to be part of your programming of whatever automatic system is involved. In the "manual" mode however, it is considered best practice to have a separate manual "Start" input (button) so that if someone is there working on the machine, and power fails, they must again hit the Start button to re-initialize the machine.

This basic functional operating method is referred to as "3 wire control", as opposed to "2 wire control". In 3 wire control, a momentary Start button is pressed, the Start function has an auxiliary contact that seals in around that Start button that keeps it running, until a Stop button is pressed, or some other limit is reached (i.e. float switch, pressure switch, limit switch etc.), someone moves the selector switch to Off, or the power fails. In "2 wire control", you just have the selector switch, so when it is On it's On and if power fails, it comes BACK ON when the power does, leading to "unexpected" restarting of the machine. Again, that MIGHT be desired, for example in an unmanned pump station for example, but it's something that should only be implemented with careful thought.

Once you get into machine safety controls, it is also going to end up being tied into this by default, in that if a Safety device causes a shutdown, resetting that Safety Device should also require a re-start command.

As a side note (and for what it's worth), I DO have a copy of NFPA-79 (machinery controls), here is what it has to say:

9.2.3 Operating Modes.
9.2.3.1 Each machine shall be permitted to have one or more
operating modes (e.g., automatic, manual, normal, and bypass)
determined by the type of machine and its application.
9.2.3.2 Where a hazardous condition results from mode selection,
inadvertent selection shall be prevented from occurring
(e.g., key-operated switch, access code). Mode selection
by itself shall not initiate machine operation. A separate action
by the operator shall be required.
9.2.3.3* Safeguarding means shall remain effective for all operating
modes.

NFPA-79 is a "voluntary" standard of course, unless a particular company or entity has adopted it.

 

[I_Automation]

NFPA-79 is a "voluntary" standard of course, unless a particular company or entity has adopted it.

"Voluntary" as in when OSHA gets involved they will have an issue with any standard that has been published that wasn't followed.


Plus,I'm guessing on this, but I bet any certification agency will demand following all published standards - UL, CA, etc.

 

[JankyPLC]

Thanks for the feedback everyone.

To clarify a few points that were brought up, all of this is on an HMI, no physical buttons or selector switches. Because of this, the AutoStart/Manual selector switches itself to Manual in the case of an alarm or power failure so it does not auto-restart. The logic in the background is 3-wire style controlish in that way.

Additionally the Button actually says

"Manual Mode
Press for Auto"

when in manual, and

"Auto Running
Press for Manual"

when in auto. Additionally there's a 3 second start delay with audible warning before motion begins so there's time to hit it back to manual if needed.

All of this was in response to constant calls from new operators who would click the selector switches to Auto but not hit Start, and not understand why machine wouldn't be running but there were no alarms. Figured we could simplify the process by combining. Sounds like NFPA might not agree as it seems reasonably clear in that auto/manual switch and Auto Start should not be one action.

 

[joseph_e2]

After my last post, I kind of wondered if NFPA 79 had anything to say about it but didn't have time to dig into it. As with other NFPA standards, you have to read between the lines a little...but not too much. I wonder if an NFPA 79 handbook (if such a thing existed) would provide more insight, but does the separate action only apply when a hazardous condition exists? And if the machine is guarded to keep the operator away from the hazard, does that provision still apply?
My "gut reading" of it says that the separate action to initiate machine operation would apply any time a hazard exists, regardless of whether it's safeguarded. At least, that's the way I would implement it. If the operators have a hard time remembering to hit "Start" after selecting auto...maybe have a light blink or something.

 

[jraef]

... If the operators have a hard time remembering to hit "Start" after selecting auto...maybe have a light blink or something.

LOL, reminds me of an application I did once where putting any part of the machine process in "Manual" caused the red Run lights to flash, because running in manual could mess up the entire process, so it was there only for maintenance. I got a call one day because the PLC was faulted. I found that the relay cards I had used for the pilot lights had contacts that were welded closed. Replaced them and went to verify, EVERY red light was flashing! Turned out the operator "didn't trust" the automated process and ran the entire machine in Manual mode, all the time, with 40+ red pilot lights flashing at him all the time. He "solved" his problem by buying red tinted sunglasses!

 

[joseph_e2]

So....he looked at the world through rose-colored glasses?

 

[James Mcquade]

How do you reset an e-stop or power failure?
james

 

[JankyPLC]

Joseph_E2, the definition of hazardous condition gave me pause too. Is motion that would be hazardous still a hazard if its within interlocked safety fence/gates? The answer, like most things safety related, probably depends on how the OSHA inspectors day is going. Obviously, separating them is an easy way to eliminate any potential for a problem here.

We actually did end up making the start button on systems for one company blink green when in auto but not started, then go solid green once started to help operators with forgetting to hit start.

jraef, operators never cease to amaze.

James M, operator resets safety circuit and any alarms after e-top or power failure with the reset button on the HMI.

 

[I_Automation]

jraef, operators never cease to amaze.

I have always designed my controls with the thought in mind to make them Idiot Proof.
Then I was told I was highly underestimating the quality of idiots HR was hiring.

 

[mk42]

I have always designed my controls with the thought in mind to make them Idiot Proof.
Then I was told I was highly underestimating the quality of idiots HR was hiring.

Early in my career, I had the idea to run a marketing intern with no relevant knowledge through a set of instructions that theoretically required no special skills. Wanted to double check things, figure out if I made any goofs, etc.



Turned out that because I had pictures for some of the steps but not all of them, he only did what there were pictures for and skipped anything that was text only.



My bar for idiot proof instructions was reset that day.