Integrated safety continues to develop more potent solutions, driven by this year's deadline for complying with European safety standards which make it a requirement to calculate the performance level achieved by each safety function in a system.
But the equally important ongoing trend is a view of integrated safety as a key component in the drive to productivity and enhanced diagnostics. Along with a move to wireless operation, these developments are resulting in a new generation of machines that are increasingly being implemented using a single controller and one network for both failsafe and non-safe devices.
Impact of Safety Standards
"The biggest dynamic for safety systems
continues to be standards development with EN/ISO 13849 becoming mandatory this
year," says Tim Roback, manager of marketing - Safety Systems for Rockwell
Automation. "That standard is fundamentally changing the way the industrial
market thinks about safety. It is driving different behavior for the automation
supplier, the machine builder and the end user."
EN 954-1 "Safety of Machinery" is a prescriptive standard that
explains how to set up a safety system in terms of required component features
and wiring configuration. However, EN/ISO 13849, which is scheduled to replace
EN 954-1 at the end of this year, includes a reliability component associated
with the determination of safety levels. Every component in the safety system
consumes a certain amount of the safety budget needed to achieve a required
safety level, and also affects the overall reliability of the system.
Machine builders now have a greater burden to calculate the
Performance Level (PL) achieved by each safety function. By following this
standard, it's possible that if the system is complicated enough, a user can
select all Performance Level e- (PLe) rated products and not be able to achieve
an overall PLe rating for the system. The reason is because individual
components may consume varying amounts of the overall safety budget, and the
reliability impact associated with the safety components is cumulative.
"Now you have to be more knowledgeable regarding the design of
your safety system and the parameters which affect the Performance Level
calculations," says Roback. "Additionally you need to access safety data
associated with each component within a safety system."
Understanding these reliability aspects is challenging safety
product providers to make sure that data is readily available and up-to-date.
Increasingly, the safety market is introducing safety calculators to simplify
the calculation process. Some calculators are developed by safety product
providers, while others are developed by independent safety agencies and are
free to use. Regardless of the calculator used, a critical requirement for the
machine builder is that the libraries contain the safety data relevant for the
components they intend to use in their systems.†
Machine builders who need to comply with EN/ISO 13849-1 will be
forced to reevaluate their existing safety systems. Roback says that when they
do that, they're also going to learn some things about what they actually need
in terms of risk reduction and mitigation.
"I think they'll find that, in
some cases, maybe they don't need as much risk mitigation as they originally
thought," says Roback. "It's also going to require some flexibility to
implement exactly the level of safety they need. The macro trend we see coming
is an industry that is becoming more intelligent consumers of safety, and
helping drive optimized safety solutions."
One Network, One Controller
An important ongoing trend with networked
safety is the combination of failsafe operation and motion control in one
controller. In the past, automated systems had a separate controller for motion
and another controller for safety, but now all of these functions are often
available in a single controller on one network.
Click here for larger image.
With the move to networked safety systems, especially those using
industrial Ethernet, there are larger numbers of devices available on the
network such as failsafe motor starters and drives. Most of these devices have
traditionally been hardwired and provide a minimal level of diagnostics.
"The main impetus behind putting safety on a network is to
increase productivity," says John D'Silva, marketing manager - Safety
Integrated for Siemens
. "The level of diagnostics that is available, for example, has
a direct impact on reducing downtime."
"Now with safety networks, a large amount of safety data can be
passed over the network in a failsafe way. This facilitates designing complex
safety systems and architectures that are easy to implement," says D'Silva.
Another key trend picking up speed is wireless safety. In
automotive and aerospace assembly operations, plus warehouses, distribution
centers or material handling applications, there is an incentive when it is
difficult and expensive to do all of the wiring required to integrate the
safety systems. Wireless is the perfect fit for applications because there is a
desire to get rid of the wires. And the technology is easier and faster to
implement, and uses a minimal amount of floor and cabinet space.
An added feature of wireless safety is mobile safety panels.
Estops can be implemented on these panels because the location of the HMI panel
has long played a central role in the diagnostic process. To determine the
source of a problem, the operator often needed to go physically to the HMI.
What the mobile safety panel does, using the wireless connection, is provide
the operator with a safety panel in their hands. With the ability to walk
around the machine and view diagnostic screens, using switching zone controls
to view different parts of the process, the operator can control multiple
machines with safety included.
"Wireless is at the cutting-edge of technology for safety systems,"
says D'Silva. "The feedback we get from customers is that it saves so much in
terms of cable and cabling costs. It is great technology for OEMs because
normally they would set up a system, test it out, take it apart and then ship
it wherever it needed to go. Wireless makes it easier to build and ship systems
and helps them with installation and commissioning of systems."†
The mobile safety panel is an addition for a complete safety
system with a PLC and a safety I/O. Now, the user has a wireless operator panel
in their hand and can walk around and make changes from machine to machine.
Wireless safety is quickly
moving into automotive and aerospace applications, especially for assembly
lines. With final assembly in aerospace, for example, there are long lines for
final assembly with a front section, back section and midsection all moving
together. People are working on the plane as it moves very slowly. Imagine
doing that with wires all around with the different front, mid and back
sections of the plane turning nearly 360 degrees.
"Now put a wireless system in and think of what it does for you,"
says D'Silva. "It changes the entire outlook of the plant in relationship to
flexibility and cost effectiveness."
Networked Safety Trends
"The original driver for the safety
network was to minimize wiring compared to hardwired systems in the past that
required longer runs of wiring. But once you add a network, a more significant
driver is access to status or diagnostic information," says Chuck Lukasik, director
of the CC-Link
"If a safety switch or pull chain causes the system to shut down,
now it's far easier to find out more information than in the past where
components were individually wired. In general, safety networks are really
driven by two areas: cost reduction and ease of troubleshooting."
Going a step further, a safety system generally has a lot more
than the actual safety inputs and other outputs that have to be
controlled. Other devices such as indicator lights and devices might feed parts
to a robot, for example, but aren't considered part of the safety system.
Increasingly, networks such as CC-Link Safety are able to have
these devices on the same network including safety I/O devices as well as
non-safety I/Os, so that the controller can perform those additional functions
in addition to the safety functions.
"It seems like more people
have a desire to incorporate non-safe devices on the same network as the safe
devices," says Lukasik. "The reporting aspect is also growing significantly
with intelligent devices providing more internal diagnostics."
Later this year, Lukasik says that CC-Link IE Field, which is the
industrial Ethernet version of CC-Link, will be adding safety functionality to
become the next-generation safety network within the CC-Link family. The
current version of CC-Link Safety is an RS485-based network, which is not
Ethernet-based technology. This new safety network will operate at gigabit speed
on Ethernet, and
allow safety devices and non-safety devices on the same
"Like CC-Link IE Field, the safety version will feature a
standard Ethernet physical layer," says John Wozniak, P.E., automation
networking specialist for the CC-Link Partner Assn. "One of the differentiators
is the gigabit speed of CC-Link IE Field compared to other networks that
typically operate at 100 megabit. As time goes on, the demand for faster
networks just keeps marching on."
Another key differentiator is no requirement for the use of
additional physical layer hardware such as switches in order to achieve
absolute determinism. EtherNet/IP or Profinet networks, for example, typically
require use of managed switches for every field device, which adds more
hardware to the total system and increases setup complexity.
With CC-Link IE Field devices, such as an I/O block or an HMI,
each one has two RJ45 ports. So future devices compatible with the new IE Field
Safety will have a specific ASIC built into the device. Connecting additional
devices is done in a daisy chain fashion rather than requiring additional
network hardware such as Ethernet switches.
Importance of Integrated Diagnostics
"One of the biggest advantages with
integrated safety is the integrated diagnostic functionality. In the past,
machine and safety controls used to be separate from each other," says Stephan
Stricker, product manager for B&R
. "Machine builders were used to working with
additional inputs for diagnostics, if they wanted to find out that somebody had
pressed an E-stop button, etc. Now, more and more customers are realizing the
value of the integrated diagnostics within their safety system because it
brings added benefits to the machine."
Stricker says a key trend is that OEMs are starting to rethink
their safety automation strategy when they design machines. For them, safety is
not a requirement anymore, but a way to improve their machine's functionality
that provides them a competitive advantage. With printing machines, for
example, it's a huge benefit if the end user can keep the machines running
while refining the process or addressing potential safety issues.
"If a person steps into a machine's safety zone, there usually is
a neutral area before the person reaches into the really dangerous zone," says
Stricker. "In this case the machine can slow down, once the person is in the
neutral area, or at least decelerate more slowly rather than come to a complete
full stop that would happen in a real emergency situation. That's a huge
benefit because these machines require a lot of effort to start them back up
from a full stop."
The major issue is not just production downtime, but the effort
and manual time required to restart the machine. In most cases, stopping one
part of the machine line is affecting the whole production process. With a
bottling machine, all of the production in front of the line would also have to
stop. It's a whole chain that comes to a complete stop and then needs to be
restarted again. Stricker says that these kinds of situations can now be
avoided with programmable safety.
One interesting development
from B&R Industrial Automation is the ability to change the safety system
set-up on-the-fly using an approved certification procedure. In the past, an
engineer would need to be available to manually update a machine because an end
user couldn't change the safety software on a running machine. "Now we have a
software and technology procedure that allows this for customers, and enables
them to use a lot of different machine options," says Stricker.
If a machine has different sections that can be
assembled or disassembled on a weekly or monthly basis a consistent safety
solution can become difficult. The traditional way would be to see each section
as an individual safety part. Integrated safety allows you to have one single
safety controller that adjusts the safety configuration according to the hardware
that is connected. With certified function blocks this can be done through the
operator interface. The safety controller will automatically make sure that the
connected hardware has the correct safety setup.