Bridging safety onto automation networks

Incorporating safety into an automation network increases flexibility and reduces complex wiring. This, however, may require special training for safety software engineers

By Zachary Stank, Phoenix Contact June 17, 2013

With the creation of new standards (IEC 13849-1 and IEC 61508) and the ongoing update cycles for existing standards, processor- and software-based safety controls have begun to find wider acceptance in more applications. Incorporating safety into an automation network increases flexibility and reduces complex wiring; however, adding safety into PLC-based control may require special training for safety software engineers.  

New technology innovations make safety control easy to integrate directly into a standard automation control, via drag-and-drop function block safety software. The ability to minimize the upfront integration and engineering costs is the key roadblock of building safety into an automation system.

Many, if not most, plant applications use less than 50 safe I/Os. A safe controller usually does not make economic sense in such applications, unless, for example, the plant covers a large area. Many users therefore want a solution that combines the flexibility of a safe controller and the associated safe I/Os distributed in the network with the intuitive operation of the safety relay.

The majority of manufactures still use relay logic for their safety circuits. The benefits of relay logic in simple or small machines far outweigh the negatives. Relay logic is usually simple to wire for single functions: inputs get wired to inputs, and outputs to outputs.  

Typically, these applications use one safe relay per safe application (and depending on the level of safety required, one relay per sensor), so as the number of safe inputs and outputs increases, the complexity of the safe relay logic increases. Adding different zones and timing sequences will also complicate the design, but usually the biggest issue of relay logic is getting status back from each individual sensor.

At the highest levels of safety, it is important to know the status of all safety sensors in the field, especially when an emergency sensor is causing downtime. Signaling contacts are used in the safety relays to send feedback status to a PLC or HMI. Each different safety sensor then requires a signaling input again, increasing engineering and wiring costs. 

Improving safety

Integrating safety into an automation control system will mitigate most of the shortcomings of safety relay-based logic. A PLC-based control scheme allows safe inputs and outputs to be directly connected to the automation network. This means that all safe sensors will have an input directly into the PLC or distributed I/O, allowing for status to be directly derived from the I/O bits. Wiring also becomes less of an issue because the sensors are directly wired into the I/O. Any type of zone control or multiple-sensor design can now be handled by the safety programming and inputs, and outputs are directly wired into distributed I/O. There is no more need for complex relay jumpering or cascading contacts.  

An integrated safety system also offers the flexibility of having I/O placed throughout the machine and only needing a communication cable to connect it back to the PLC. Distributed I/O allows placement and configuration of safety systems only where required, maximizing control cabinet space.

Adding safety to an automation network, however, comes at higher unit cost. Safe PLCs require redundant processing and safety certification, which inherently add cost. However, adding safety to a PLC also requires the use of a safe communication protocol. This leads to most safe PLCs having proprietary software and hardware.

Proprietary hardware and software are usually necessary to ensure proper functionality, but they also allow manufacturers to price these units at a premium because they can’t be used on any other system, and other safety control can’t be integrated into their networks easily. In addition, proprietary safety software usually requires special training because safety must be integrated properly, following standards. These added costs and infrastructure requirements usually make integrated safety automation systems feasible in medium to large machines.

New innovations have started to bridge the gaps. Systems that offer an open safety solution can be integrated into a standard control platform. Using the black channel principle, safety can be directly incorporated into an automation controller. The safety logic processor is no longer onboard the PLC controller, but rather placed in the standard automation I/O network, and communicates to the safety I/O through the standard networking protocol. Using this system architecture, different PLCs can use the same standard and safety I/O solution.

This creates flexibility in the automation control scheme and broadens choices for engineers.  

The standard controller can access the input and output signals of the module at any time. The standard application program can thus respond to an emergency stop request directly and then graphically show the user where the safety-related event occurred.

The standard controller can also access the diagnostic messages from the individual safety I/O modules, such as short circuits or cross circuits. This can reduce downtime without additional programming or connection work. 

Creating flexibility

Using this communication principle, the safe I/O can be distributed throughout the network while still communicating back to the same logic module. This creates even more system flexibility. Input and output devices can be wired where they are needed, eliminating the need for long bundled sensor and actuator wire runs throughout the system. There are several advantages to having the standard PLC on the black channel. This gives the standard PLC:

  • Direct readable access to all safe input signals coming from the input devices
  • Direct readable access to all safe output signals, which are mirrored as standard inputs by the safe output devices
  • Direct access to all diagnostics information from all distributed safety modules
  • The ability to use standard I/O in line with safe I/O modules.

Essentially, all safety functions the user is concerned about have been combined into one configurable relay function. The black channel eliminates the need for a detailed network view of the configuration.

Over the years, safety technologies used in such systems have proven effective in safety protocols, such as Interbus Safety and PROFIsafe. By using these technologies within the right parameters, it is possible to implement applications up to PL e and SIL 3. Safety software offers a convenient way to configure the safety input and output channels and generate the safety logic. Simple drag-and-drop software, which requires no programming experience whatsoever, can be used to quickly implement safe applications since ready-made function blocks are available for almost any application. This makes it quick and easy to design safety applications distributed in the network at a low cost and independently of the network and standard controller.

The open safety concept also allows for safety to be easily integrated into existing platforms that have already been commissioned. Simple safety software that uses predefined, TUV certified function block logic creates an easy-to -use, drag-and-drop configuration interface. Simply create a safety system, import it, and configure new I/O in the standard PLC programming software, and then add the safety I/O where it is needed.  

The benefits of integrating safety into an automation network often come with a hefty price tag. Open safety solutions remove the upfront cost of upgrading controllers and allow small to midsize applications to easily integrate safety control.