Safety and risk minimization in the operator control of plant machinery
Validation of specification functions of safety-related parts
Verification and validation are the quality assurance measures required to avoid errors during the design and implementation of SRP/CS which execute safety functions. Part 2 of EN ISO 13849 in particular deals with this subject in depth. For each individual safety function, the PL of the associated SRP/CS must match the PLr. The performance levels of the various SRP/CSs forming part of a safety function have to be greater than or equal to the PLr of this function. If multiple SRP/CSs are interconnected, the definitive PL can be determined using Table 11 contained within the standard.
The design of a safety-relevant control function must be validated by showing that the combination of safety-relevant parts for each safety function indeed meets applicable requirements. That’s one important reason to select suppliers whose products requiring functional safety engineering are already certified to new standards. For example, certified Lenze frequency inverters with the safe torque off (STO) safety function and servo inverters with high-grade functions, such as safely limited speed (SLS) are tested and certified to achieve the highest performance levels. By providing the relevant safety-related parameters and required performance levels, using such certified products makes standards compliance on an overall machine design vastly easier.
Today, there are also powerful software tools to support safety engineering and validation. SISTEMA is a tool provided free of charge by the Institute for Occupational Safety and Health IFA-Germany) for determining the achieved performance level in a machine. Dialog boxes guide mechanical engineers through the process of creating their individual safety functions in a project and entering the safety-relevant parameters for the individual disconnecting paths. Parameters for all components in the safety chain (sensor-logic-actuator) must be entered.
The tool then calculates respective and aggregate performance levels. Lenze takes the tool to the next level by providing a SISTEMA library of its components which have already been certified to the latest standards. The library can be integrated into a project and used, without having to determine and enter individual safety-related parameters for each drive component. This saves time and avoids erroneous entries.
Mechanical engineers who want machines certified in accordance with the new EN ISO 13849-1 are pushing hard for all manufacturers to provide relevant parameters for the components they supply. Towards that end, the entire industry sector is working to define and publish accurate parameters. Creation of a comprehensive global databank is already underway in a joint venture making available the relevant safety-related parameters of functional safety components as provided by suppliers and verified by the TÜV Rheinland.
Drive-based safety engineering
From a design perspective, the moving parts of a machine pose the most risk to plant personnel. The primary purpose of all safety standards and functions is to safely limit the motion of the drive on demand or in the event of an error. The most effective design approach is to intervene at the place in the machine where the dangerous movement originates—directly in the controller.
Drive-based safety is the integration of functional safety tools in the drive that specifically guard against uncontrolled movement. In the event of anomalous movement, the corresponding ability to stop drives significantly faster than manual or conventional solutions employing safety relays, speed monitors or contactors. Drive-based safety can also simplify machine control systems, thereby driving down cost and expediting risk and hazard assessments.
Integrated drive safety features generally fall into three categories—safe stop functions, safe motion surveillance functions, which may trigger a stop function in the event of a fault, and means of activation, such as safe inputs or a safety bus system. The safety chain comprises sensor input (i.e., light bar, emergency stop button, safe feedback), logic (i.e., safe PLC) and actuator or output (i.e., drive with integrated safety functions).
Obviously, the stop functions are among the most critical safety functions. According to the situation, the drive is shut down in a technically redundant, safe fashion by means of the STO, which prevents the inverter from generating a rotating field that would produce a torque in the motor. Depending on the application, integrated safety functions might include any or all of the following: safe torque off, safe stop, safe maximum speed, safely limited speed, safe tip mode, safely limited increment, safe direction and safe speed monitoring. Building on this basic framework, the latest drive safety modules feature higher-order safety functions, such as safely limited speed and safe direction, with variations including safe operational stop, as well as safe inputs and outputs.
Conventional solutions for drive safety typically required additional external components. That is no longer the case. Drive-based safety gives greater clarity to safety technology and implementation, and simplifies the system structure. One of the positive cost aspects is the savings of external components (e.g., safety switch, speed monitor, guards or a second sensor system for safely limited speed). From a functional point of view, faster shutdown on command or in the event of an error means an increase in safety. Because the safety technology provides status information available in the servo inverter and, therefore, in the PLC, there is also an improvement in the diagnostic possibilities.
The best engineered safety designs break down complex barriers. Drive-based safety reduces space requirements, wiring and hardware needed for external safety engineering. Moreover, the machine operator has the benefits of transparent safety parameters programmed right into the controller. These high-performance drive systems are available in small, modular packages, with safety functions integrated in the drive and even on optional pluggable modules.
Safety modules enable tailor-made scalability with different grades of safety depending on the application and validation standards. Using modular and scalable drive components also means the system is open to subsequent changes to accommodate future safety standards.
Simplify compliance and certify at the product level
Modern machines are produced with faster lead times and designed to operate at considerably higher speeds than in the past. In the great race to meet production deadlines and budgets, safety must never be an afterthought. The overarching goal for the engineer must be to protect human operators, machines, materials and the plant environment, while maintaining ease of operation, and accomplishing these aggregate objectives at a competitive cost. Operating safely at higher performance dynamics calls for uniform safety concepts at the component, machine and system design levels.
As new machines are designed and built the newer safety regulations are only now coming into effect, which place responsibility for machine safety more squarely on the machine manufacturer, rather than on the end user. The safety landscape especially in manufacturing industries is set to change dramatically. For machine builders the more stringent standards mean design changes and an increased workload with regard to certification of their products. The new standards don’t have to necessitate more complexity. But they do underscore the importance of using all of the design strategies and tools one has at their disposal.
The right design strategies can incorporate certified drive components and advanced safety functions as integrated features. Effective safety measures ensure compliance with valid standards and help to future-proof plant machines and automation systems. Specifying certified components and designing in accordance with the more stringent requirements of international safety standards makes it easier for global customers to purchase products, knowing that safety has been designed into the product.
Chuck Edwards is president of Lenze Americas.
- Events & Awards
- Magazine Archives
- Oil & Gas Engineering
- Salary Survey
- Digital Reports
- Survey Prize Winners
Annual Salary Survey
Before the calendar turned, 2016 already had the makings of a pivotal year for manufacturing, and for the world.
There were the big events for the year, including the United States as Partner Country at Hannover Messe in April and the 2016 International Manufacturing Technology Show in Chicago in September. There's also the matter of the U.S. presidential elections in November, which promise to shape policy in manufacturing for years to come.
But the year started with global economic turmoil, as a slowdown in Chinese manufacturing triggered a worldwide stock hiccup that sent values plummeting. The continued plunge in world oil prices has resulted in a slowdown in exploration and, by extension, the manufacture of exploration equipment.
Read more: 2015 Salary Survey