I recently completed an interesting industrial system requiring a fair amount of safety logic because of its different zones. Here we’ll look at the three separate physical iterations (we actually purchased and wired the components), one theoretical (hindsight is 20/20, after all), and the manufacturer list prices of each.
The system used standard, common, dual-channel E-Stop buttons and guard switches. Each device also had an auxiliary contact used for PLC monitoring purposes. Initially, they daisy-chained into a single master safety relay: Push a button or open a guard door, and the master safety relay disables everything. The master relay fed into three secondary relay banks (left, center, and right). The secondary banks give zones of safety that don’t affect the others. The left and right banks each had a light curtain feeding into them (as well as the master signal from the switches and buttons). Thus, if a light curtain on the right were broken, the left side would continue to function.
The bill of material for this first logic iteration included:
1x Master Safety Relay
3x Configurable Safety Base Unit
5x Input Safety Modules
7x Output Safety Modules
The prime contractor then asked me to integrate its safety with ours (we shared a common danger zone, so this made a lot of sense). However, the prime contractor required the safety zones be broken out further: E-Stop buttons and guards reported through separate channels. I could no longer do this with a single-function safety relay, and had to exchange it for more of the modular devices as used in the secondary zones. That made sense; it meant simply using more of the common modules already in use.
This second iteration bill of materials removed the master safety relay and added these additional units to those already noted above:
1x Configurable Safety Base Unit
3x Input Safety Modules
5x Output Safety Modules
The total cost of this second bill of materials of 24 modules was $6,358.28.
What you say, William, makes a lot of sense. I would think that zone e-stops would only work if the work zones were obvious - say a particular machine that does not appear to be connected to the rest of the system would have its own stop.
Robotic safety zones is an interesting technology area where there has been ongoing innovation. Robotic programmable safety systems are providing new technology that may enable reducing the footprint of robotic systems used in packaging applications, for example. With that premium on floor space, this is a potentially key feature. Plus, by implementing the safety solution within the framework of the robotic controller, these solutions are eliminating the need and cost of external safety devices such as light curtains, limit switches and other safety-related systems.
The concept of safety zones and limited area E-Stops would undoubtedly let production run more efficiently, but have you ever heard about an operator on one side of the line hitting an E-Stop when they saw an operator on the other side of the line get in trouble? It sounds a bit like the "It's not MY job" syndrom there. I can see the validity of having area stop buttons but for an emergency, unless the machine designer can predict exactly where and how accidents will happen, having a "MASTER Stop" makes a lot more sense.
Excellent point, Kenish. If the systems could be evaluated for risk reduction, false alarm occurrence and other operational performance, that would probably factor as the greatest cost indicator. That evaluation may be a tad difficult, though.
The dollar amounts are really "price", not "cost". Cost requires a holistic view- what are the consequences of the safety system failing to react? How often will a false alarm occur and what is the cost in downtime and product/ ingredient scrap? Also the price range of the various options is ~$6k. If that's part of a $10M system with a few sales per year, the project delays might far exceed any price savings. Liability cost exposure might need to be considered too.
A number of factors are affecting the cost of safety including suppliers moving to provide "right-sized" solutions based on the requirements and the complexity of systems. Plus there is the move to networked safety systems, especially on the Industrial Ethernet side, where there has been an increase in the number of devices available and infrastructure which allows large amounts of safety data to be passed over the network in a failsafe way. A second major trend affecting costs is the combination of failsafe operation, machine and motion control in one controller. Many systems in the past had separate controllers for motion and safety. But increasingly all of these functions are available in a single controller on one network.
TJ, thanks for this post. You've taken the argument to where it really counts--cost. You've also noted that foresight could have saved time and money. Design News will try to come back and take a deeper look at this, along the lines of the article Jon Titus mentions, about analyzing the benefits and tradeoffs of safety in the context of safety-rated PLCs.
Apologies for quoting Yoda, but it does seem like we (engineers) are expected to predict future events, and be right every single time (OR THOUSANDS COULD DIE!!!)
While it was theoretically possible that I could have discovered the manufacturer flaw prior to purchasing the hardware, It would not have been practical. This would mean searching the manufacturer's knowledgebase for every single part used, with multiple searches and good keyword guesses for each part.
I suppose engineers should expect the customer to change their mind several times through the life of a project (we did charge a change fee), planning too much for such events simply drives the cost up unnecessarily.
OK, writing that helped gel the answer to your question. A logic-based (software) solution to problems may cost more up front but is likely to be the lower cost choice over the life of a design. The fact that it is likely the more complex solution as well means the work force needs more education (and should be compensated better for having acquired that education).
The legacy endpoint devices that control our critical infrastructure (utility systems, water treatment plants, military networks, industrial control systems, etc.) are some of the most vulnerable devices on the Internet.
For industrial control applications, or even a simple assembly line, that machine can go almost 24/7 without a break. But what happens when the task is a little more complex? That’s where the “smart” machine would come in. The smart machine is one that has some simple (or complex in some cases) processing capability to be able to adapt to changing conditions. Such machines are suited for a host of applications, including automotive, aerospace, defense, medical, computers and electronics, telecommunications, consumer goods, and so on. This radio show will show what’s possible with smart machines, and what tradeoffs need to be made to implement such a solution.