Who, what, where
By Dan Hornbeck
Dan is Manager Safety Business Development at Rockwell Automation, Mayfield Heights, Ohio.
Edited by Leslie Gordon leslie.gordon@penton.com

Many of today’s legacy manufacturing systems were developed with a either a blind eye or a minimalist approach to safety. Older technology usually forced machines to come to a full stop and be in a “safe state” before repair or maintenance work could be performed. Because this downtime decreased productivity, personnel often bypassed safety equipment, a hazardous condition, to say the least.

Fortunately, new global standards, technological innovations and well-defined risk-management tactics have helped minimize these issues. When deployed properly catwith what we call a “holistic” approach, safetyautomation systems can provide a safer workplace, boost productivity and reduce environmental impact.

Functional standards
New safety standards, commonly referred to as functional standards, improve the way that safety equipment is designed. Historically prescriptive in nature, safety standards provide a guide on how to design control systems to help ensure safety requirements are met. Older standards used redundancy, diversity, and diagnostic principles. But one important element was missing — time. The new functional safety approach to global standards adds a time element — known as the Probability of Dangerous Failure, and its inverse, the Mean Time to Dangerous Failure — to build on the existing safety structure approach. The time element adds a confidence factor that the safety system will perform properly today and tomorrow.

Standards ISO13849-1:2006 and IEC62061:2005 apply the time element for the machinery sector. ISO13849-1:2006 builds on the “categories” of safety structure, while IEC62061:2005 builds on the structure’s foundation, or the “hardware fault tolerance.” Diagnostics, a historical element, is also included. The three elements combined yield a time-sensitive level of integrity in a safety system.

Each component in the safety system must have an assigned probability of dangerous failure or mean time to dangerous failure rating assigned by the component supplier. While this information is often unavailable, many product-design standards are being modified to define the criteria for dangerous failure, testing requirements, and statistical tools used. This data can then be used in appropriate calculations to ensure system integrity.

Technological innovations
Traditional hardwired safety systems can be difficult to troubleshoot because they provide no indication of what went wrong. For example, in a scenario where multiple E-stops are daisy-chained together and hardwired into a safety relay, an open circuit will stop the machine and put it into safe state. Maintenance must then investigate whether an E-stop was activated, or the circuit failed for some other reason. Without approCircle efpriate diagnostics, this process can take a lot of time, resulting in lost production.

E-stop events can cause even more trouble than simply being difficult to diagnose. They usually occur when a machine is in production, potentially leading to machine-alignment issues, material waste, longer restart times, and possibly even equipment damage over time. These factors contribute to increased downtime and costs because the work in progress might need to be cleaned, removed, reset, or scrapped, and equipment rehomed or reinitialized.

Fortunately, new technology lets E-stops be wired into a safety I/O block that connects via a safety-capable network, such as DeviceNet or EtherNet/IP, to the automation system. This arrangement provides diagnostic information to the controller and HMI in a readily accessible format so the controller or an operator can take appropriate action. Such information might reveal, for example, a serious electrical problem, or that the operator on the third shift keeps hitting the E-stop to perform a task rather than following the correct steps to put the system into a safe state. In any case, new safety technology helps users quickly diagnose the problem so production can resume.

Additional new technology for safety in automation comes from programmable automation controllers, where safety and standard control can be tightly integrated into one controller, newer safety relays, as well as variable-frequency drives and servodrives. Also in place are safety communication networks that use message redundancy, cross-checking, and stringent timing.

This new technology helps minimize hardware costs because components can be used by the production and safety portions of the application. The technology also helps reduce software and support costs because the same software can be used, which lets personnel focus on and keep current with one overall architecture. Furthermore, the scalability of solutions lets users deploy and distribute hardware as necessary to meet application demands.

With safety automation systems now being integrated with the standard plant-automation system, end users and machine builders reap the rewards of having a single platform that meets safety standards and efficiently operates the plant. This holistic approach provides a way to design- out hazards based on detailed risk assessments in the early stages of projects. It also allows designing in capabilities for improved diagnostics, maintenance procedures, and quick recovery processes.

For example, manufacturers historically required employees to remove all sources of energy from an entire machine to gain access to hazardous areas and perform maintenance operations, a process known as lock-out/tag-out. In contrast, manufacturers can now create safety zones in the application that can be managed independently. This design flexibility helps reduce the time it takes to restore the machine to working order.

Also supporting flexibility is communication using open protocols. In the past, seamless communication was nearly impossible because no single network could tie together safety and standard controls, while also letting data transport across several plantfloor physical networks. The CIP Safety networking standard has eliminated this problem. CIP Safety is based on the Common Industrial Protocol (CIP) standard, an open-application protocol for industrial networking that is independent of the physical network. The standard lets safety-rated devices be connected to the same communications network as standard control devices. The combination of fast-responding, local safety cells and the routing of safety data among cells make for safety applications with fast response times, as well as speeds up system configuration, testing, and commissioning.

Risk management
Manufacturers that conduct effective risk assessments are better able to ensure safety without decreasing productivity. The definition of a formal risk assessment covers identifying, quantifying, and mitigating risk, and it is included in many regional and international standards including IEC61508, ISO13849, and ANSI/ B155.1. A formal risk assessment gives a company a way to practice due diligence and good engineering practices in the process of providing a safe work environment.

Risk assessments give companies a means to identify specific hazards on a machine, quantify the risk these hazards present to employees, and evaluate practices to mitigate the risk. In addition, an assessment will specify the most appropriate safety circuit architecture needed to mitigate the initial risk rating determined by the assessment team. Once risks are fully defined and understood, they must be designed-out, or mitigated to the greatest extent possible.