Machine Safety

Functional Safety for Machines and Processes

As part of Machinery Directive 2006/42/EC, all manufacturers must assess the risk posed by their products so that people who come into contact with the machine are protected. However, the Machinery Directive does not apply solely in the EU. It is also used in other countries in the European Single Market. Local standards often make reference to European safety standards, which are listed in the Machinery Directive as harmonized standards.

The risk posed by the machine must be reduced to a reasonable residual level. To this end, the manufacturer carries out a three-stage risk assessment. The risk must be reduced through design measures, by applying technical safeguards and by providing user information such as manuals. 

Classifying risks into performance levels

In order to assess which technical safeguards are appropriate to the risk in question, manufacturers are guided by parameters that indicate the probability that safety-related components will fail. These parameters are called performance levels (PL).  First, the manufacturer determines the required performance level (PLr) of a safety function. After designing a safety control to implement this function, the manufacturer determines the actual performance level. At the end of the process, PL and PLr must be the same. Broadly speaking, there are three types of safety controls. 

HMI, central I/O system, connected safety relays with connected safety functions

Conventional safety technology with safety relays is very wiring-intensive in large applications, but is understood all over the world.

Three Concepts of Machine Safety

Relay technology

Conventional safety technology uses safety relays. The safety logic is mapped using hard-wired contacts. The relays ensure, for example, that a drive cannot be started as long as a safety light curtain is connected. These installations are relatively inexpensive and can be understood around the world. No software is used. However, in larger and more complex safety installations, the relay technology becomes confusing. Finding and diagnosing errors is a very time-consuming process. It is not possible to self-test the system. 
 

Central safety wiring with safety controllers

From a certain level of complexity onward, it becomes more advantageous to implement safety applications with safety controllers. In controllers or safety controls, programs can be written that—in simple terms—link actions to conditions and Boolean operators (AND, OR, NOT, XOR). The wiring for these applications is simpler than in relay technology, but safety signals must be routed to the central controller in the control cabinet, which is costly and time-consuming

HMI, central I/O system with connected safety controller, to which safety functions and contactors are coupled

Safety controllers are usually installed in the central control cabinet

The advantage of the safety controllers is that safety programs can be copied and used multiple times for similar machines. Enhancements to safety functions are relatively easy. In addition, the safety applications can be displayed graphically via the HMI. Information and signals can therefore be transferred from the controller to the PLC and from the PLC to the controller.

Decentralized Safety Concepts

HMI, Ethernet-based PLC with three connected IP67 safety modules, each connected to a conventional IP67 I/O module

Decentralized I/O modules can control the safety applications autonomously for testing. Later, in live operation, a central safety control can take over.

Decentralized wiring – central control

Safety signals can also be collected directly in the field via IP67 I/O modules and brought to a safety control system via safety fieldbus or a secure Ethernet protocol. The safety functions are then controlled centrally, which may mean that longer response times need to be taken into account when calculating the bus cycle times and for concatenated messages. These in turn require greater distances between the protective equipment and the sources of danger.
 

Decentralized wiring – decentralized control

Safety I/O modules from individual manufacturers can also control the safety functions directly on the module in the field. These consistently decentralized safety solutions allow users to avoid any potential problems caused by long cycle times. Commissioning is also made easier by the fact that individual machine parts or modules can be tested offline. 

Icons for safety functions, connected to safety I/O modules

Decentralized safety modules that control safety applications avoid long cycle times, which makes the design process easier

Both decentralized solutions offer efficient wiring with standard connectors. The information that is communicated to higher-level controllers facilitates commissioning and diagnostics for the applications.

to top