FAQ: Is It Safe?

If we go back in time and examine the introduction of another “disruptive technology”, Programmable Logic Controllers (PLC’s) and the impact it had on the relay market, we can learn how the introduction of safety PLC’s is shaping the future of safety technology. The PLC eliminated the complexity of electrical programming, wiring and troubleshooting found in relays and were quickly adopted in complex processes such as automotive. To expand the PLC market share, vendors had to produce more cost effective, smaller footprint PLC’s to penetrate less complex applications. While relays were still viable in less complex applications, the pressure was on to adopt the new technologies introduced by the PLC or face extinction. The innovation race was on. The PLC took a top to bottom approach and the relays a bottoms up. The intersection of these innovations, multi-function programmable relays and mid-size / micro PLC’s, became the “sweet spot” where customers benefited from competition. The same spectrum of innovation is happening today in the safety area. We are seeing the introduction of electronic, modular, programmable safety relays as well as PLC and even PC based safety controllers. This is happening at a much faster pace thanks to pace of modernization in design and manufacturing.  This has allowed Siemens to quickly introduce technologies such as wireless Ethernet based safety networks in 2006. Expect to see even greater innovations in the future.  Safety and standard I/O with built in wireless. A wireless mobile pad with a built-in e-stop that has intelligence to detect its location relative to different machines in a plant and allow the operator to monitor, control or even apply an E-Stop.

If it fills the safety requirements based on your risk assessment.

If you can block, grade or fence an area to remove the risk, this is considered safe practice.

Not at this time, Distributed Safety 5.4 SP4 with support for Visa is due out soon.

When this relates to Safety PLC's,  the NFPA 79 states that any PES "Programmable Electronic Safety System" must meet the related specifications of the IEC 61508 standards.

Yes. ASI/ASI Safety at Work specs are defined and published by the ASI Trade Organisation "ATO". All vendors that develop ASI products must follow these specs to insure compatibility.

All Siemens controllers and I/O can meet the requirements of Control Reliability.

This is all determined when doing a risk assessment on that machine.

This is called out in the IEC 61508 standard. Machine safety is normally discrete I/O based while Process Safety normally utilizes analog I/O. Machines stop and go on a regular basis  and "stopped" is consided a safe state. Processes on the other hand continue to run 24/7, if an error shuld occur they are normally "left running" at a determined safe state.

As per NFPA 79, 2007 a Risk Assessment shall be conducted on all machines. You might start with any equipment that has had safety issues in the past.

We have 2 suggestions. ASI/ASI safe  is a very low cost safety solution that has many savings compared to conventional safety. It has the ability to integrate a system with a small Safety I/O count  and the flexibity to be expanded as needed, without the pain of a complete redesign or rewire of the application. It is very easy to install on new projects and on retrofits without removal of the existing field devices.The IM151F CPU and I/O would be the other recommendation.  This is a small safety PLC that supports a variety of standard and safety input/outputs including safe motor starter and drives.

We currently have application utilizing EStops on wireless I/O, no Bluetooth at this time.

A Safety PLC (Safety Interlock System) acts as highly intelligent safety relay.  Some the fundamental requirements to meet the standards are the same such as dual channels and verify outputs, but with a configurable PLC based safety system has additional requirement that have to be met. Additional diagnostics in PLC that actually check the condition of the wiring and internal diagnostics to check the logic and communication are required. The Estop input rather than going into the safety relay now are inputs into the safety PLC and the PLC performs the Safety Logic and the PLC Safety Output shut off the coil of device you are deactivating (a safety rated interposeing relay between coil and PLC output is required) Siemens provides tools to assist with that, one is a Safety Integrated Function handbook that shows the wiring of an interlock system with a safety relay or connecting it to a safety plc and/or safety network.

Getting the job down fast is not always best way to improve throughput. Adding a Integrated Safety PLC System allows for quick Isolation of problems in safety circuit which keep the plant up and running. Using a PLC also allows for more safety zones of coverage which allows only part of the machine effected by the safety issue to shut down, hence improved uptime. The other major down fall or getting the job down quickly is safety circuit are sometime disabled which may seem to improve throughput but with the additional injuries and potential fatalities the legal fees and insurance premium increase outweigh the marginal increase in throughput. The benefit to a safety PLC system it is extremely hard to override the safety systems.

By monitoring machine downtime and production time. How offen has an Estop, GateSwitch, or Lighcurtain be accuated etc. This information can be brought up to the ERP system.

This is achieved by conducting a Risk Assesment which would incorporate all the functional aspects of the machine safety and thereby providing that balance that is necessary. And the Siemens Safety Solutions in addition provide the flexibility needed to make that a reality.

A complete analysis in only possible by Risk Assessment and then by looking at the applications and the safety solutions that can be implemented i.e hard guarding, optical safety etc.

The National Fire Protection Association sets recognized standards for electrical safety in the workplace. NFPA 70E specifically addresses arc flash hazards, which are dangerous situations that can cause injury, severe burns, and death if a worker is exposed to an electrical arc. NFPA and OSHA have worked together to establish this standard. For more information about this standard, visit: http://www.nfpa.org or http://www.osha.gov

Yes, we utilize open bus networks so you can add any of our networks to your existing machine controller and connect our safety PLC as distributed controllers. This provides you all the benefits of Simplified safety and a new control method that will allow one programming method for the whole machine.

Cat 3 and Cat 4 both require redundancy on input and output safety devices. Cat 4 requires the addition of monitoring the safety inputs on separate channels, where as Cat 3 devices can use the same voltage source. Siemens safety input modules give you the flexibility to turn monitoring on or off via software.

IEC 61508 is the international basic standard for safety that describes the state of art of safety engineering in all aspects. EN-954-1 is used to determine the Function Safety and Risk Categories for machinery.

PROFISafe is the added network protection layer that connects the CPU and I/O layers of safety protection together and provides failsafe network reactions to all faults. These three layer function together to provide a safety control environment for combining safety and automation as discussed below. You still use standard Profibus (or PROFINET) components so it is not a “separate” or “new” network. The safe communication network (PROFISafe) provides the reliability to insure that data passed between the CPU and I/O arrives correctly to the proper partner and is properly interpreted. Amazing as it may seem due to the attention placed on the safety rated communication bus it actually accounts for less that 1% of the risk formula in the safety analysis. Key features of the safety rated bus are fault detection, fault reaction and recovery. A high speed cyclic reading bus like PROFIBUS provided several inherent features that made it a great candidate for the first choice of and open safety rated communication bus. By looking at the large data telegram size and the cyclic reading of all data it is easy to see that with features like sequence numbers and partner IDs that the data integrity is superior to a network design that relies simply on change of state to trigger communication. The central layer of protection is the safety rated Controller which creates redundant evaluation of input and safety commands for outputs. In order to provide the extreme level of reliability required the controller is designed to detect single errors in the program execution and the electronic hardware as it executes the program logic. To achieve this in the safety-oriented program, the S7 Distributed Safety package performs automatic safety checks and links in additional redundant safety blocks for error recognition and handling. These control blocks create a level of time bounded diverse logic that continuously monitors for software errors and hardware faults. As listed below the final protection is provided by the Failsafe input / output modules that are relied upon to perform several tasks that insure safe I/O are correctly handled: Monitored signal wire – The I/o modules have built in self testing. It generates test pulse signals that are used to insure valid monitoring of the safety devices, Intelligent modules provide local protection actions (lockout & reset), Discrepancy analysis and time out insure failsafe reactions to faulty modules, Communication watchdog time out, Error detection of communication telegrams to the safety PLC, Category 3 & 4 requires redundant monitoring signals, so two inputs per device can be easily software configured to function together.

Yes, They run in separate scans in the control to facilitate a compiled and safety test logic execution of the safety program.

The intelligent functioning of the safety I/O modules insures that any fault is captured at the remote end of the wireless link and all actions monitoring and controlling the field devices are lock in a safe (de-energized) state until the communication is restored and valid control is returned.  A reset function is also required by the operator to clear the faults and put the safe system back in operation.  Note, we recommend using wireless for safety only if you cannot use a network (PB or PN) due to physical constraints.

Standard 802.11 A, B, or G wireless devices will handle the safety connections a full safety protection levels.  However, there are several advantages in using Siemens wireless devices when you consider system design, monitoring, and diagnostics.

Time and date stamp is added at every compile. Program ID Signatures are created with every program change. Safety passwords are required. The used Id is put in log file then the change is made.

The following segments: Automotive, Semiconductor, Material Handling, Packaging, Printing and Publishing are the primary areas that are leveraging the benefits of integrated safety with applications such as perimeter guarding, robots and work cells.  Secondary segments are:  pulp & paper, metals, pharmaceutical, and consumer.

Profisafe has been around since 1999 and it wasn't until 2006 before Devicenet Safe could handle both standard automation and safety on the same network. However the standard and safety I/O can not exist in the same rack. Profisafe has so many safety devises that there is no comparison when it comes to Devicenet Safe.

Same editor then a compiler creates the diverse programming that captures any faults in the CPU and insures a safe stop.  You can use standard function blocks provided (i.e. for a light curtain or gate switch) or write your own.

The decision for which type of guarding to be used in based on a number of criteria, at the nip point, for example if access to the area around the nip point is required say during maintenance or normal operation fo the machine then a hard guard would be a hinderance in this case. If a light curtain is considered then the safety distance shall be calculated for the mounting distance of the curtain, this would be acceptable if there is a large space around the machine is readily available and the speed of the machine is not too fast. As for a safety mat care must be taken that the area being protected is not a walkway as there will a considerable amount of nuisance tripping, also if say a fork lift or such were to travel over the mat, it would be in-operable.

Siemens will have a new family of gate guards available later this year, which have numerous advantages like direct integration into ASIsafe network, more installation options on a single switch hence requiring less inventory and one switch can be used or re-used on different applications. Also LED indications on the switch themselves will assist in faster diagnostics. The current drawn is lesser, more space saving (smaller sizes) and larger intelocking force.

When the Risk assessment shows that the hazard is catastrophic and the injury is irreversible, then there is a requirement to have control reliable circuits.

Proper design and selection of Integrated Safety systems should not impact production speed, but will also increase uptime of machine and improve safety of employees.

Coded magnets are typically used where the environmental conditions are not very favourable for mechanical switches for e.g environment is to dusty, too much moisture, less mounting space is available etc.

NFPA 79 2007 and ANSI Standards.

Currently the US is utlizing the EN-954-1 standard for machine safety. However in the next two years Europe will be moving to the ISO 13849-1 and the IEC 62061 standards. The US at this time has not decided to follow. The employer is responsible for providng a safe work enviroment for their employees.