Integrated Safety Moves Beyond Outlier Status

DN Staff

June 2, 2011

11 Min Read
Integrated Safety Moves Beyond Outlier Status

Integrated safety continues to develop more potent solutions, driven by this year's deadline for complying with European safety standards which make it a requirement to calculate the performance level achieved by each safety function in a system.

But the equally important ongoing trend is a view of integrated safety as a key component in the drive to productivity and enhanced diagnostics. Along with a move to wireless operation, these developments are resulting in a new generation of machines that are increasingly being implemented using a single controller and one network for both failsafe and non-safe devices.

Impact of Safety Standards

"The biggest dynamic for safety systemscontinues to be standards development with EN/ISO 13849 becoming mandatory thisyear," says Tim Roback, manager of marketing - Safety Systems for RockwellAutomation. "That standard is fundamentally changing the way the industrialmarket thinks about safety. It is driving different behavior for the automationsupplier, the machine builder and the end user."

EN 954-1 "Safety of Machinery" is a prescriptive standard thatexplains how to set up a safety system in terms of required component featuresand wiring configuration. However, EN/ISO 13849, which is scheduled to replaceEN 954-1 at the end of this year, includes a reliability component associatedwith the determination of safety levels. Every component in the safety systemconsumes a certain amount of the safety budget needed to achieve a requiredsafety level, and also affects the overall reliability of the system.

Machine builders now have a greater burden to calculate thePerformance Level (PL) achieved by each safety function. By following thisstandard, it's possible that if the system is complicated enough, a user canselect all Performance Level e- (PLe) rated products and not be able to achievean overall PLe rating for the system. The reason is because individualcomponents may consume varying amounts of the overall safety budget, and thereliability impact associated with the safety components is cumulative.

"Now you have to be more knowledgeable regarding the design ofyour safety system and the parameters which affect the Performance Levelcalculations," says Roback. "Additionally you need to access safety dataassociated with each component within a safety system."

Understanding these reliability aspects is challenging safetyproduct providers to make sure that data is readily available and up-to-date.Increasingly, the safety market is introducing safety calculators to simplifythe calculation process. Some calculators are developed by safety productproviders, while others are developed by independent safety agencies and arefree to use. Regardless of the calculator used, a critical requirement for themachine builder is that the libraries contain the safety data relevant for thecomponents they intend to use in their systems.

Machine builders who need to comply with EN/ISO 13849-1 will beforced to reevaluate their existing safety systems. Roback says that when theydo that, they're also going to learn some things about what they actually needin terms of risk reduction and mitigation.

"I think they'll find that, insome cases, maybe they don't need as much risk mitigation as they originallythought," says Roback. "It's also going to require some flexibility toimplement exactly the level of safety they need. The macro trend we see comingis an industry that is becoming more intelligent consumers of safety, andhelping drive optimized safety solutions."

One Network, One Controller

An important ongoing trend with networkedsafety is the combination of failsafe operation and motion control in onecontroller. In the past, automated systems had a separate controller for motionand another controller for safety, but now all of these functions are oftenavailable in a single controller on one network.

Click here for larger image.

With the move to networked safety systems, especially those usingindustrial Ethernet, there are larger numbers of devices available on thenetwork such as failsafe motor starters and drives. Most of these devices havetraditionally been hardwired and provide a minimal level of diagnostics.

"The main impetus behind putting safety on a network is toincrease productivity," says John D'Silva, marketing manager - SafetyIntegrated for SiemensIndustry Inc. "The level of diagnostics that is available, for example, hasa direct impact on reducing downtime."

"Now with safety networks, a large amount of safety data can bepassed over the network in a failsafe way. This facilitates designing complexsafety systems and architectures that are easy to implement," says D'Silva.

Another key trend picking up speed is wireless safety. Inautomotive and aerospace assembly operations, plus warehouses, distributioncenters or material handling applications, there is an incentive when it isdifficult and expensive to do all of the wiring required to integrate thesafety systems. Wireless is the perfect fit for applications because there is adesire to get rid of the wires. And the technology is easier and faster toimplement, and uses a minimal amount of floor and cabinet space.

An added feature of wireless safety is mobile safety panels.Estops can be implemented on these panels because the location of the HMI panelhas long played a central role in the diagnostic process. To determine thesource of a problem, the operator often needed to go physically to the HMI.What the mobile safety panel does, using the wireless connection, is providethe operator with a safety panel in their hands. With the ability to walkaround the machine and view diagnostic screens, using switching zone controlsto view different parts of the process, the operator can control multiplemachines with safety included.

"Wireless is at the cutting-edge of technology for safety systems,"says D'Silva. "The feedback we get from customers is that it saves so much interms of cable and cabling costs. It is great technology for OEMs becausenormally they would set up a system, test it out, take it apart and then shipit wherever it needed to go. Wireless makes it easier to build and ship systemsand helps them with installation and commissioning of systems."

The mobile safety panel is an addition for a complete safetysystem with a PLC and a safety I/O. Now, the user has a wireless operator panelin their hand and can walk around and make changes from machine to machine.

Wireless safety is quicklymoving into automotive and aerospace applications, especially for assemblylines. With final assembly in aerospace, for example, there are long lines forfinal assembly with a front section, back section and midsection all movingtogether. People are working on the plane as it moves very slowly. Imaginedoing that with wires all around with the different front, mid and backsections of the plane turning nearly 360 degrees.

"Now put a wireless system in and think of what it does for you,"says D'Silva. "It changes the entire outlook of the plant in relationship toflexibility and cost effectiveness."

Networked Safety Trends

"The original driver for the safetynetwork was to minimize wiring compared to hardwired systems in the past thatrequired longer runs of wiring. But once you add a network, a more significantdriver is access to status or diagnostic information," says Chuck Lukasik, directorof the CC-LinkPartner Assn.

"If a safety switch or pull chain causes the system to shut down,now it's far easier to find out more information than in the past wherecomponents were individually wired. In general, safety networks are reallydriven by two areas: cost reduction and ease of troubleshooting."

Going a step further, a safety system generally has a lot moregoing on

than the actual safety inputs and other outputs that have to becontrolled. Other devices such as indicator lights and devices might feed partsto a robot, for example, but aren't considered part of the safety system.

Increasingly, networks such as CC-Link Safety are able to havethese devices on the same network including safety I/O devices as well asnon-safety I/Os, so that the controller can perform those additional functionsin addition to the safety functions.

"It seems like more peoplehave a desire to incorporate non-safe devices on the same network as the safedevices," says Lukasik. "The reporting aspect is also growing significantlywith intelligent devices providing more internal diagnostics."

Later this year, Lukasik says that CC-Link IE Field, which is theindustrial Ethernet version of CC-Link, will be adding safety functionality tobecome the next-generation safety network within the CC-Link family. Thecurrent version of CC-Link Safety is an RS485-based network, which is notEthernet-based technology. This new safety network will operate at gigabit speedon Ethernet, and
allow safety devices and non-safety devices on the samenetwork.

"Like CC-Link IE Field, the safety version will feature astandard Ethernet physical layer," says John Wozniak, P.E., automationnetworking specialist for the CC-Link Partner Assn. "One of the differentiatorsis the gigabit speed of CC-Link IE Field compared to other networks thattypically operate at 100 megabit. As time goes on, the demand for fasternetworks just keeps marching on."

Another key differentiator is no requirement for the use ofadditional physical layer hardware such as switches in order to achieveabsolute determinism. EtherNet/IP or Profinet networks, for example, typicallyrequire use of managed switches for every field device, which adds morehardware to the total system and increases setup complexity.

With CC-Link IE Field devices, such as an I/O block or an HMI,each one has two RJ45 ports. So future devices compatible with the new IE FieldSafety will have a specific ASIC built into the device. Connecting additionaldevices is done in a daisy chain fashion rather than requiring additionalnetwork hardware such as Ethernet switches.

Importance of Integrated Diagnostics

"One of the biggest advantages withintegrated safety is the integrated diagnostic functionality. In the past,machine and safety controls used to be separate from each other," says StephanStricker, product manager for B&RIndustrial Automation. "Machine builders were used to working withadditional inputs for diagnostics, if they wanted to find out that somebody hadpressed an E-stop button, etc. Now, more and more customers are realizing thevalue of the integrated diagnostics within their safety system because itbrings added benefits to the machine."

Stricker says a key trend is that OEMs are starting to rethinktheir safety automation strategy when they design machines. For them, safety isnot a requirement anymore, but a way to improve their machine's functionalitythat provides them a competitive advantage. With printing machines, forexample, it's a huge benefit if the end user can keep the machines runningwhile refining the process or addressing potential safety issues.

"If a person steps into a machine's safety zone, there usually isa neutral area before the person reaches into the really dangerous zone," saysStricker. "In this case the machine can slow down, once the person is in theneutral area, or at least decelerate more slowly rather than come to a completefull stop that would happen in a real emergency situation. That's a hugebenefit because these machines require a lot of effort to start them back upfrom a full stop."

The major issue is not just production downtime, but the effortand manual time required to restart the machine. In most cases, stopping onepart of the machine line is affecting the whole production process. With abottling machine, all of the production in front of the line would also have tostop. It's a whole chain that comes to a complete stop and then needs to berestarted again. Stricker says that these kinds of situations can now beavoided with programmable safety.

One interesting developmentfrom B&R Industrial Automation is the ability to change the safety systemset-up on-the-fly using an approved certification procedure. In the past, anengineer would need to be available to manually update a machine because an enduser couldn't change the safety software on a running machine. "Now we have asoftware and technology procedure that allows this for customers, and enablesthem to use a lot of different machine options," says Stricker.

If a machine has different sections that can beassembled or disassembled on a weekly or monthly basis a consistent safetysolution can become difficult. The traditional way would be to see each sectionas an individual safety part. Integrated safety allows you to have one singlesafety controller that adjusts the safety configuration according to the hardwarethat is connected. With certified function blocks this can be done through theoperator interface. The safety controller will automatically make sure that theconnected hardware has the correct safety setup.

Sign up for the Design News Daily newsletter.

You May Also Like