Component designs to satisfy functional safety standards
IEC 61508 and IEC 62061 satisfaction involves testing safety controls (and validating machine modes, status criteria, and corrections) to confirm the machine’s functional safety rating. EN ISO 13849-1 and 2 also demand documented testing (static and dynamic) for confirmation of seamless safety control integration. Operator-triggered safety components Many safety-related components are designed to accept input from plant personnel and not through some intermediate section or axis of a machine or guard. These include tactile safety mats,
light curtains, consoles as well as human-machine interfaces (HMIs), touchable machinery locks, and (for emergencies only) bright red mushroom-head stop buttons. Personnel-facing safety components also include enclosures (protecting housed components according to NEMA ratings) as well as machine shields and wire ducts — simple yet reliable machine safety elements to protect personnel who must work near (and sometimes in) machines and their power and control panels. Cable-pull switches encircling hazardous machine sections let operators trigger emergency stops (e-stops) with a quick tug. Especially common around open- faced machines (impossible to guard) as well as unguarded conveyors, these safety elements differ from disconnect switches that de-energize circuits and secure dangerous work cells to keep personnel out. Other offerings include safety edges (strips) that install around machine-tool openings (especially those that execute cutting or pressing tasks) and floor safety mats that trigger (via specialized safety relays) safety responses upon detection of an operator stepping or standing on their surfaces. Somewhat more sophisticated are the aforementioned light curtains. These include an emitter of photoelectric beams that, if broken in the plane of detection
SIL Probability of failure on demand Risk reduction factor 1 0.1 to 0.01 10 to 100 2 0.01 to 0.001 100 to 1000 3 0.001 to 0.0001 1000 to 10,000 4 0.0001 to 0.00001 10,000 to 100,000 Table 1: Required SIL levels depend on the severity of injury should a given unsafe condition occur as well as the likelihood of that condition occurring. (Table source: IEC)
In contrast, EN/ISO 13849- 1:2005 details requirements and recommendations based on SRP/CSs — s afety- r elated p arts of c ontrol s ystems. SRP/ CS performance levels allow for quantification of machine safety capabilities no matter the subcomponents. The standard employs well-known performance level (PL) ratings of functional safety — ranging from “a”
(most rudimentary) to “e” (most integrated and sophisticated). Risks dictating the required PL include those applicable to SILs as well as the frequencies and durations of repeated exposures to the machine hazard. In addition, a complete PL rating includes a Category number (to indicate the overall system architecture) and the mean time to dangerous failure or MTTFd .
Figure 3: Laser scanners are a type of noncontact safety-feedback component best known for their helping AGVs navigate facilities. However, their applications abound — and they can sometimes offer an alternative to light curtains. (Image source: IDEC)
on their way to a receiver, quickly halt dangerous processes. They’re costlier than other options but justified where machine operators frequently interact with a machine section. Yet another sophisticated safety component is the two-hand safety console. These typically require simultaneous activation of separate switches to start or maintain machine operation. Before they’re trusted to protect plant personnel and equipment,
testing standards require that an e-stop using redundant relays should work if an operator trips the first channel between the logic and field devices … and should also work on the second channel between them. Such redundant e-stop functions are separately validated during machine commissioning. Automatic safety switches, sensors, and guards Separate from personnel-triggered safety-related components are those for automatic machine functions.
all operator-triggered safety components (and the safety
logic or controls into which they integrate) must be verified. For example, IEC 61508 and IEC 62061
Figure 2: The appropriate functional safety level for a given installation depends on qualitative variables, quantitative values, and the results of software-based analysis. (Image source: Design World)
we get technical
26
27
Powered by FlippingBook