Machine safety has long been an all-or-nothing business in North America. All of the power to the machine stays on under normal operating conditions. And that power is quickly cut in unsafe conditions, such as an operator crossing a light curtain, hitting the big red emergency stop button or initiating a lockout-tagout procedure before working on the machine.
In many ways, this simple on-or-off approach to safety works just fine. It’s saved many lives and limbs over the years. Yet, traditional safety systems have some drawbacks. For one, they require lots of hardwiring and cabinet space to accommodate all the relays, E-stops, controllers and sensors that together form a traditional safety system.
These hardwired systems, which tend to run independently of the machine’s primary automaton systems, have too often been shoehorned onto the machine at the last minute, according to Dan Hornbeck, a Rockwell Automation safety expert and development manager. “It’s the black-box approach to safety. The safety systems have been added on rather than designed in with the rest of the automation,” he says.
Over the past five years, a more sophisticated way to engineer safety systems has taken hold in Europe. Usually called “integrated safety,” it conceptually has the same underpinnings as a traditional hardwired safety system. Unsafe conditions are sensed and acted upon. But integrated safety systems coexist with the machine’s standard automation systems, sharing a common data network. The safety logic for integrated safety systems runs on existing automation and motion hardware — like PLCs and smart drives.
Now integrated safety has started to fly in North America, too. Hornbeck credits some of its growing popularity to the global nature of many machine markets, which has led to a growing harmonization of North American safety standards with European standards that allow integrated safety. Consider packaging machines, for example. The Packaging Machinery Manufacturers Institute, or PMMI, has developed new safety standards (ANSI/PMMI B155.1) that conform closely to ISO and European standards. As part of that effort, the PMMI is pushing its members to perform documented risk assessments of their machines by this October. These risk assessments are a cornerstone of European safety requirements but not always performed here. Soon they will be. Proctor & Gamble, one of the world’s largest machine buyers, has started to require its vendors to perform a formal risk assessment as a way to improve machine safety and overall design.
But there’s another driving force behind integrated safety in North America. It’s one that involves not just simplifying the physical design of safety systems but also thinking of safety in an entirely new way — one that relates to productivity and overall efficiency.
Safety As Productivity
By segregating safety systems from the overall design of the machine’s automation systems, engineers have arguably passed up an opportunity to create more productive machines. While traditional safety systems work by cutting power to the offending machine or machine section, integrated safety systems offer functions that don’t necessarily require a full shutdown.
These include a variety of safe limited speed profiles for moving components, as well as braking functions and safe torque limits. With these functions, a broken light curtain or machine maintenance operation might simply slow the machine or reduce torque rather than trigger a shutdown. “This has obvious productivity implications,” says Stefanie Warmerdam, manager for Siemens’ Safety Integrated products.
All can be tailored to a specific application, through PLC programming by configuring a lower level component with built-in safety logic. “It’s all done through programming not wiring,” says Elmar Zimmerling, an engineer and global account manager with B&R Industrial Automation, which has recently introduced safety-enabled drives and I/O blocks.
Just about all the major automation suppliers have come out with drives that integrate some safety logic. At Bosch Rexroth, for example, nearly 50 percent of the drives sold in Europe feature the company’s “Safety On Board” functionality, which integrates safe standstill and safe motion into the drive, according to safety engineer David Arens. “It’s just starting to become more popular here, too,” he says.
Likewise, Siemens and other vendors are offering modular safety subsystems that allow simple programmable safety functionality without the need for a PLC. “They’re between relays and a safety PLC,” says Warmerdam.
On a simple machine, all the safety functions could be handled by the drive. Complex machines with many subsections and with the need for coordinated safety actions would typically need a safety-enabled PLC or programmable automation controller. These too are widely available. And one of the best things about them is they allow safety-oriented code to be developed along with the rest of the automation system rather than as an afterthought. Rockwell, Siemens, B&R and others have, over the past couple of years, added a variety of safety analysis and programming tools into their development environments. “Now you can integrate safety and standard control development,” says Hornbeck. “And that drastically improves the value proposition because there’s just one set of software to develop and implement.”
Less engineering time is just one part of the value proposition. Because integrated safety systems typically share a common communications bus and at least some hardware with the primary automation system, there’s less cost associated with installing, maintaining and troubleshooting them compared to traditional safety systems. How much less is hard to say, given the diversity of machine applications. But estimates of a 30 to 50 percent reduction in total installed cost are commonly cited by suppliers.
Future of Safety
Even with all its advantages, integrated safety still isn’t for every application. Plenty of machines are so simple, that they’re well-served by relay-based safety systems. Sometimes it’s just a whole lot easier to wire up a single E-Stop than it is to program an integrated safety system. “There’s a crossover point at which integrated safety starts to make sense,” says Kelly Schachenman, a product manager for Rockwell Automation Safety Systems.
He estimates crossover point might be as little as six safety relays in many applications. Siemens’ Warmerdam says the number might be more like 35 safety signals. In reality, though, rules of thumb don’t really apply here since each safety system has to be individually evaluated in terms of the risks posed by the machine and the level of protection that has to be engineered.
A simple count of I/O also fails to account for some other factors that are increasingly favoring integrated safety. One of the biggest is the upcoming rush toward industrial Ethernet as the factory-floor network of choice. “The big OEMs are trying to collapse the number of networks they use on the factory floors,” Schachenman says. “When they go from multiple networks down to Ethernet, they can gain a tremendous cost savings.” Several flavors of industrial Ethernet have the determinism and bandwidth to handle safety data, allowing integrated safety over Ethernet to tap into OEM’s desire to use fewer, more cost-effective networks.
“The move to integrated safety isn’t really performance- driven. In many cases relays still perform better,” says Schachenman. But when you look at the potential uptime advantage and total cost of ownership, integrated safety looks increasingly hard to beat.
Tweet This
1 
