machine safeguarding seminar -...
TRANSCRIPT
Nelsa Ltd 1
Tim ShaneCED TRC
Specialist for Rockwell Automation
Industrial Controls, Sensors,
Connection Systems, MCC’s and
Machine Safeguarding
Machine Safeguarding Seminar
May 5, 2010
Technical resource Center
Seminar Intent
To provide awareness of MINIMUM
U.S. Safety Codes and Consensus
Standards as they relate Machine Safe
Guarding
To provide awareness of CED and
Rockwell Automation SUPPORT and
product capabilities.
AgendaIndustry Concerns and Statistics
Approach to Machine Safe Guarding
Code Resources and Requirements
OSHA, NFPA 79, ANSI, IEC, NEC
Disconnects, Estops, PLC’s, Interlocks,
Light Curtains,
Demos and Current Product Offerings
Safety relays, light curtains, 2 hand control, Safezone, interlocks, e-stops
Questions and Answers, Applications
Allotted time: 3 to 4 hours
Useful Safety LinksLink Content
http://www.osha.gov Standards Library, Fact Sheets, FAQ, Safety
Compliance guideshttp://www.ansi.org
http://www.nfpa.org NFPA 70,70E, 79 All have Safety references
http://www.ab.com/safety Safety Tutorials, Application tips, Industry
trends, on-line catalogs and user manuals
http://www.sandesystems.com Safety checklists, training events
http:/www.global.ihs.com Technical standards for PURCHASE
download
http://www.asse.org Industry news, training and development for
safety professionals
http://europe.osha.eu.int Set up by European Union to serve information
needs in occupational safety and health
http://www.newapproach.org European directives and standards, search
engines
Nelsa Ltd 5
We are mandated by OSHA and our insurance providers to
employ machine safeguarding because we want to…..
Prevent Injury
Avoid Litigation(remember this slide)
List 2 reasons why we MUST Safeguard
OSHA’s 2001 Most Cited Violations
The 10 Deadly Sins* - Sept. 2000 to Sept. 2001
1. Scaffolding – Construction, (29 CFR 1926.451)
2. Fall Protection – Construction, (1926.501)
3. Hazard Communication – HazCom, (1910.1200)
4. Lockout/Tag Out, (1910.147)
5. Machine Guarding, (1910.212)
6. Respiratory Protection, (1910.134)
7. Electrical Wiring, (1910.305)
8. Mechanical Power, (1910.219)
9. Powered Industrial Trucks, (1910.178)
10. Excavation, (1926.651)
Customers, Labor Unions, States and Gov’ts All Care About Safety
*Safety+Health Magazine – Nov. 2001
Note: The top 8 most serious violations were the same as in 2000 (Sept 1999-Sept. 2000)
OSHA’s 2006 Most Cited Violations
OSHA’s 2009 Most Cited Violations• Most Cited Violations (2009) and Number of Violations
• Scaffolding 9,093
• Fall Protection 6,771
• Hazard Communication 6,378
• Respiratory Protection 3,803
• Lockout/Tagout 3,321
• Electrical (Wiring) 3,079
• Ladders 3,072
• Powered Industrial Trucks 2,993
• Electrical (General) 2,556
• Machine Guarding 2,364
OSHA’s 2006 Highest Penalty per Standard
Universe Model of U.S. Machinery Standards
OSHA
29 CFR
“A”
“C” B11.1
B11.2
B65.1
HS-1738
ANSI
Z244.1
B11.20
R15.06
1910.147
Lockout/Tagout
B11.TR3
General
1910.213
Woodworking
1910.217
Mechanical
Presses
1910.214Cooperage
1910.218
Forging
“B”
Safeguarding
SAE
Automotive
Mechanical
Presses
Robots
Hydraulic
PressesMfg Cells
Printing
Risk Assessment
NFPA 79
Electrical Std. for Ind.
Machinery
U.S. versus The World
Machine Safety
EN 1050
EN 954
EN 292
DIN 19250
VDE 801
EN 692
OSHA
ANSI TR 3
ANSI TR 4
ISA SP 84
UL 1998
ANSI B11
ISO 13849
IEC 61508
IEC 62061
IEC 60204
Converging standards
are changing the rules
BG
Safety Standards Migration
NEMA
OSHA
UL
CSA
• North American standards and practices are strong guidelines
• Following standards protects you from litigation
• Insurance requires compliance
• Guidelines make good design sense
• Use of guidelines demonstrates corporate responsibility
IEC
EN
DIRECTIVES
• Directives are legislation - Not Optional
• EN - European Norms accepted by all EU members
• Compliance is table stakes
• Basic objective of EN and Directives is good
• Globalization means compliance with EU standards
The standards in North America and Europe are not that different in their
objectives. However, Europe has made theirs Law!
CompetitiveWeapon
Safety = Profitability “AB SafetyNow”
Safety is Good Business “Safety Now”
Improved Productivity via Safety System Design
OKDown
Ma
ch
ine
Sto
ps
Ma
inte
na
nce
Arr
ive
s
Fault Identified
LO
TO
Re
pa
ir P
erf
orm
ed
Mach
ine U
nlo
cked
Re
pa
ir T
este
d
Ma
ch
ine
ba
ck in
Au
to
Pro
du
ctio
n R
esu
me
s
MTTR = 12 minutes
OK
Typical Downtime Event
Improved Productivity via Safety System Design
•If the safety system design
meets target safety level, the
safety system may be used in
lieu of LOTO, reducing MTTR
by ~3 minutes.
•Manufacturer’s value of 1
minute
of production = $12K
•Average downtime events
per plant per year = 3000
•Value of safety solution due to
improved productivity
(via reduced MTTR) =
$12K X 3 X 3000 = $108M/yr
Safety = Productivity = Profitability
Safety is a System View ...
•Each hazard on a machine will consist of one or more “safety
loops” that monitor and control its supply of energy
– As determined by the risk assessment
•Each safety product must be applied as part of a whole to
effectively reduce risk
– Safety is the sum of its parts and safety is only as good as its weakest link
•The complexity of the inputs (sensors) and outputs (actuators) and
the flexibility of the control will determine the type of logic solver
– Stand-alone relay, modular relay or safety PLC
Logic Solver(e.g. Safety Relay or PLC)
Actuator(s)(e.g. Motor)
Sensors(e.g. Door Interlock)
Sensors(e.g. E-Stop)
Sensors(e.g. Speed Reference)
Actuator(s)(e.g. clamp)
Main Goals
•Improve Safety
•Simplify LOTO
•Improve MTTR
•Increase Machine Availability
•Improve Cost of Doing Business
The Safety Life Cycle
STEP 3SAFETY SYSTEM
IMPLEMENTATION• Design hazards out of the system• Choose / Purchase Safety Products for
Guarding• Implement the Safety System
STEP 4
SAFETY SYSTEM
VALIDATION• Verify that the Safety System
meets the requirements
• Train personnel to safely
operate and maintain machine
STEP 5MAINTAIN & IMPROVE The SAFETY SYSTEM• Maintain the safety system at
optimal levels• Improve the safety system as
new knowledge is gained
STEP 2
SAFETY SYSTEM
REQUIREMENTS• Determine how much risk is tolerable
• Define methods to reduce risk to
tolerable levels
MACHINE SAFETY LIFE
CYCLE
STEP 1RISK OR HAZARD ASSESSMENT •Identify the Hazards and Sources of Failure on a machine or process
Summary•Safety is a shared responsibility – we are all stakeholders!
•Every manufacturer must provide for a safe work environment.
•Well designed systems improve both
Safety and Productivity.
•Safety is a System Solution –
not just components.
– Integrated into the control, information
and people systems
•Safety is Specification Based.
•Leverage Internal and External
application knowledge and expertise
– Maintenance, Engineering, Operations, Suppliers
•Single source full service safety supplier can help with
comprehensive safety solutions.
•OSHA - Occupational Safety & Health Administration– Title 29 of the Code of Federal Regulations, Art 1910
•ANSI - American National Standards Institute
ex.: RIA - Robot Industries Association
AMT: Association of Manufacturing Technologies
•NFPA 70- National Electrical Code
•NFPA 79- Standards for Industrial Machinery
•SAE - Society of Automotive Engineers
•CE - Required by European Community
Baseline U.S. Safety Standards
Machine Safe Guarding LibraryThe following are Machine Safe Guarding references to begin a safety library/documentation list: Order as needed.
!! OSHA 1910.212 download www.osha.gov General Requirements for all Machines
•!!OSHA 1910.147 download www.osha.gov Lock Out/Tag Out
•!!OSHA 1910.333 download www.osha.gov Lock Out/Tag Out
•OSHA 1910.210 download www.osha.gov Mechanical Power Presses As needed
•!! NFPA 70 2005 order from www.nfpa.org National Electrical Code New for 2005
•!! NFPA 70 order from www.nfpa.org Standard for Electrical Safety in the Workplace 2004
•!! NFPA 79 2007 order from www.nfpa.org Standards for Industrial Machinery New 2007
•!! ANSI B11.19 order from www.global.ihs.com Machine Tool Safety Standards Performance
•ANSI B11.TR3 order from www.global.ihs.com RISK ASSESSMENT
•ANSI B11.2 order from www.global.ihs.com Hydraulic Power Presses As needed
•ANSI B11.3 order from www.global.ihs.com Power Press Brakes As needed
•ANSI B155 order from www.global.ihs.com Packaging Machines
•EN415-4 order from www.global.ihs.com Palletizers
•EN415-5 order from www.global.ihs.com Wrapping Machines
Who are the Safety Standards Police•You and your employer
•OSHA (DOL, Title 29 of the CFR)
•Insurance Provider (AHJ as per NFPA 79 2007)
•The Plaintiff’s Attorney, the Judge and Jury
• NOT THE STANDARDS WRITERS
OSHA Employer Requirements•OSHA requires that each employer shall furnish to each
of his employees employment and a place of employment
which are free from recognized hazards that are causing
or are likely to cause death or serious physical harm to his
employees.
•OSHA specifies minimal standards.
•OSHA uses industry standards as well as
manufacturer’s instructions when investigating
accidents.
•Manufacturers and employers should apply consensus
standards to help assure safety.
Hazard Identification and the USA
•In US, if hazards are identified - then they are
required to be corrected or guarded against
IMMEDIATELY
– High product liability issue if hazard analysis dictates a
particular control or guarding scheme for the EC, but the
same is not done in the US
OSHA 1910.212(a)(3)(ii)
•The point of operation of machines whose operation
exposes an employee to injury, shall be guarded. The
guarding device shall be in conformity with any
appropriate standards therefore, or, in the absence
of applicable specific standards, shall be so
designed and constructed as to prevent the operator
from having any part of his body in the danger zone
during the operating cycle.
(Confidential – For Internal Use Only) Copyright © 2007 Rockwell Automation, Inc.
OSHA CFR 1910 Standards
• CFR 1910.147 – Lockout / Tagout Standard– Applies when employees perform maintenance and service to production equipment
– Requires that unexpected energization of equipment be prevented by removing all energy from a
machine and locking the energy sources in the off-state whenever an employee must place any part
of their body in a potentially hazardous location
• CFR 1910 Subpart O – Machine Guarding Standards– Applies when employees operate and work around equipment that is in the production state
– Requires that employers provide safeguarding of hazards that could cause injury or illness to
employees
• Exception to Lockout/Tagout– Applies when employees perform “minor servicing” to equipment
– Requires that employers provide effective “alternative measures” to safeguard employees
Question: What OSHA standards apply to machine guarding of
production equipment?
(Confidential – For Internal Use Only) Copyright © 2007 Rockwell Automation, Inc.
Relationship of OSHA Standards
Machine Maintenance• Regulation: Lockout / Tagout per CFR
1910.147
• Requirement: Release stored energy
• Tasks: Isolation of Mechanical / Electrical Equipment for Service and Maintenance
Production Operation• Regulation: Machine Guarding per CFR
1910 Subpart O
• Requirement: Protect operators from machine production hazards
• Tasks: Operator Interaction for Regular Machine Production
Minor servicing must be routine, repetitive and integral to
the operation
Minor Servicing Exception
• Regulation: Machine Guarding per Subpart O
• Requirement: Protect operators from machine
production hazards when performing minor
servicing
• Tasks: Minor servicing such as clearing minor
jams, minor tool changes & adjustments, exchange
of work piece, etc.
Minor Service
Exception to Lockout Tagout
Must provide alternative
Measures that offer effective protection
Consensus Standards
•By Definition: Consensus standards are published by
U.S. industry, based on committees representing
industries like…
•America National Standards Institute (ANSI)
•NEMA involved in new light curtain standard
•National Fire Protection Association (NFPA)
•RIA Robots: published as an ANSI standard
•SAE for specific automotive industry concerns…
ANSI Standards
ANSI B11.19 Committee
ANSI Standards
ANSI Standards
ANSI Standards
ANSI Standards
•Used in Product Liability Lawsuits as Minimum
requirements (follow or lose)
•Referenced by OSHA in citations, in the absence of a specific
OSHA standard
rarely happens…instead OSHA 1910.212 is usually cited
used for training OSHA personnel and in OSHA’s
training documents
ANSI ConcernsMachine Builders and End Users
Nelsa Ltd 38
ANSIB11.TR3
Risk Assessment andRisk Reduction
Why is Risk Assessment So Important• This is the first step in identifying hazards and the level
of risk an employee is exposed too.
• Provides direction as to what risk reduction
methodologies should be used.
• Provides evidence that the employer has done due
diligence in providing a safe working environment,
especially in light of an employee being injured or
defeating a safety system.
• Required by performance related standards (NFPA
79, IEC60204, RIA 15.06, all ANSI B11. standards)
and required to sell and use machinery in Europe.
Risk Reduction
Design it out
Fixed enclosing guard
Monitoring
Personal protective
equipment
Training & supervision
Most Preferred
Least Preferred
User-Supplier RelationshipRisk Assessment
Protective measures taken by supplier
design
safeguards
other protective measures
Protective measures taken by user
additional safeguards
organization
training
personal protective equipment
Residual Risk
User Input
Risk
Supplier Input
Record all results and test data.
Risk Assessment
How
Bad?
Standards
• ANSI B11.TR3 “Risk Assessment and Reduction”
• EN1050 “Principles for Risk Assessment”
How
Likely?
How
Often?
One Possible Method of Estimating Risk
Severity
Probability ofOccurrence of Harm
Catastrophic Serious Moderate Minor
Very Likely High High High Medium
Likely High High Medium Low
Unlikely Medium Medium Low Negligible
Remote Low Low Negligible Negligible
Other methods are possible
Risk Estimation Matrix
Risk Assessment
• U.S.
– ANSI B11.TR3
– NFPA 79
– ANSI RIA.15.06
• Europe
– EN1050
• International
– ISO14119
• Canada
– ISO14119
• Australia
– EN1050
• Risk assessment must be performed to determine safety
requirements.
– This topic is not covered in this presentation.
ANSI B11.19-2003
ANSI B11.19 NFPA 79 reference
ANSI B11.19 OEM, Integrator, Contractor Reference
ANSI B11.19 “Grandfather” Question?
ANSI B11.19 Safe Distance Formula
Dpf mm = 3.4 X
(Object Sensitivity –
6.875 mm)
ANSI B11.19 Control Reliability
Per ANSI B11.19, Section 6.1, Control Reliability:
When required by the performance requirements of
the safeguarding, the device, system, or interface
shall be designed, constructed, and installed such
that a single component failure within the device,
interface or system shall prevent a successive
machine cycle. This requirement does not apply to
those components whose function does not affect
safe operation of the machine tool. DEMO
Per ANSI B11.19, Section 2.12, Definitions: Control
Reliability is defined as a method of ensuring the
integrity of the performance of guards, devices, or
control systems.
The 3 Ds,Aspects of Control Reliability• Diagnostics (Monitoring) - The checking of system
components to detect a failure of a component,
subassembly or module that affects the performance of
the safety-related functions.
• Diversity - The use of different means, e.g., use of
different processors or other hardware such as relays,
storage media, programming languages, and software
to perform the same function.
• Duality (Redundancy) - The use of multiple means to
perform the same function.
How can we comply?
By using....
• Redundancy
• Positive Guided Relays
• Self Checking/Cross Monitoring
• Understanding Component Failure Mode
• (See the current issue of “Safety Now”)
Control Reliability
EN954-1 (ISO13849-1)System response by Category
Single Channel, No Monitoring
Control Reliabilty Category 2
Check at every machine start up cycle
Minotaur
Trojan
M100S-C
Machine
ControlAux/indication
NO
Monitoring
PLC
EN954-1 (ISO13849-1)System response by Category
Dual Channel, with Monitoring
Control Reliability/ Category 3
No loss of safety function with a single fault
Minotaur
Machine
Control
M
Trojan
monitoring100S-C
Aux/indication
100S-C
PLC
NEC 2005 (NFPA 70) Changes•Article 409 Industrial Control Panels *NEW
409.110 Marking Must Have Nameplate and Panel Short
Circuit Current Rating based on UL508A Sup B
•Article 670 Industrial Machinery
Reference back to NFPA 79
More Name Plate Requirements
Overcurrent Protection
Supply Conductors
NFPA 79
See OSHA 1910.212
NFPA 79
194R Disconnect NFPA 79 Solutions
National Fire Protection Association 79 (NFPA 79) Nov 2002
• 5.3.3.1-The supply Circuit Disconnecting Device shall: – (3)- Be provided with a permanent means permitting it to be locked in the
open position independent of the door position.
– (5)- Be operable, by qualified persons, independent of the door position
without the use of accessory tools or devices.
Summary of NFPA 79 Changes for Rotary
Disconnects
• 6.2.3.1.2-The interlocking means shall:– (2)- Be reactivated automatically when the door is closed.
– (3)- Prevent closing of the disconnecting means while the enclosure door is
open, unless an interlock is operated by deliberate action.
194R Disconnect NFPA 79 Solutions
UL 508A for Industrial Control Panels April 25 2003
• 66.1.5 (b) -The disconnecting means is not closeable with the enclosure door
open, unless an interlock is operated by deliberate action;
• 66.1.5 (c) The disconnecting means is not closeable with the door in the initial
latch position or until the door closing hardware is fully latched.
The disconnect handle is able to have a self-restoring “defeat” mechanism for
servicing. Exception: External interlocking circuits and disconnect switches for maintenance lighting circuits operating at 150 volts
or less are not required to be interlocked.
Summary of UL 508A Changes for Disconnect
Switches
• 30.3.3 A manual motor controller marked “Suitable as a motor disconnect” shall
be installed only on the load side of the branch circuit protective device.
194R NFPA 79 Solutions
194RF Front-Operating Disconnect
194RF with internal handle and interlock
194R NFPA 79 Solutions
194RF-NJ030 – Side view
Interlock mechanism
Released by a
“push-to-turn” action
of the red,
Internal handle
Shaft tube preventing the use of tools
194R NFPA 79 Solutions
194RF-NJ030 – Top view
Handle has large ergonomic grip
and finger-safe back
NFPA 79 Stops•9.2.5.3.2
Category 0, Category 1, and/or Category 2 stops
shall be provided where indicated by an analysis of the
risk assessment and the functional requirements of the
machine. Category 0 and Category 1 stops shall be
operational regardless of operating modes, and Category
0 shall take priority. Stop function shall operate by de-
energizing that relevant circuit and shall override related
start functions.
NFPA 79 E Stops *Change in 2007
•2002 Edition
•2007 Edition
9.2.5.4.1.4 Exception
Drives, or solid state output devices, designed for
safety-related functions shall be allowed to be the final
switching element, when designed according to
relevant standards.
NFPA 79 Control Reliability•9.4 Control Functions in the event of failure.
•9.4.1.1 Measures to reduce these risks shall include, but
are not limited to, one or more of the following:
1)Interlocks and trip devices
2)Protective Interlocking of electrical circuits
3)Use of proven circuit techniques and components
4)Provisions for partial or complete redundancy or
diversity
5)Provision for functional tests
Redundant Safety Contactors2 Safety
Contactors in
Series
(Redundancy)
NFPA 79 E StopsReset of an emergency stop circuit shall not initiate a restart.
•10.7.2.2* Pushbutton-type devices for emergency stop shall be of the self-latching type and shall have positive (direct) opening operation.
•10.7.2.3 Emergency stop switches shall not be flat switches or graphic representations based on software applications.
•10.7.4 Emergency Stop Actuators. Actuators of emergency stop
devices shall be colored RED. The background immediately
around pushbuttons and disconnect switch actuators used as
emergency stop devices shall be colored YELLOW. The actuator
of a pushbutton-operated device shall be of the palm or
mushroom-head type. The RED/YELLOW color combination
shall be reserved exclusively for emergency stop applications.
NFPA 79 Approval and AHJs•A.3.2.2 Authority Having Jurisdiction (AHJ).
The phrase “authority having jurisdiction,” or its acronym AHJ, is
used in NFPA documents in a broad manner, since jurisdictions
and approval agencies vary, as do their responsibilities. Where
public safety is primary, the authority having jurisdiction may be a
federal, state, local, or other regional department or individual
such as a fire chief; fire marshal; chief of a fire prevention
bureau, labor department, or health department; building
official; electrical inspector; or others having statutory
authority. For insurance purposes, an insurance inspection
department, rating bureau, or other insurance company
representative may be the authority having jurisdiction.
NFPA 79 2007 PLCs *Change•New 9.4.3 (11.3 Old #) Programmable Equipment.
•9.4.3.4* Use in Safety-Related Functions.
Software and firmware based controllers to be used in
safety-related functions shall be listed for such use.
The asterisk is the reference below
•A.9.4.3.2
IEC 61508 provides requirements for the design of
control systems incorporating the use of software and
firmware based controllers to performing safety-related
functions. Ref to ISO 13849 (Safety Related Categories)
SIL 3 reference
NFPA 79 Interlocks•9.3.6 Protective Interlock.
Where doors or guards have interlocked switches used in
circuits with safety related functions, the interlocking
devices shall be listed safety switches, have either
positive (direct) opening operation, or provide similar
reliability and prevent the operation of the equipment
when the doors or guards are open (difficult to defeat or
bypass).
NFPA 79 Listed Equipment•3.2.4* Listed. Equipment, materials, or services included in a
list published by an organization that is acceptable to the authority
having jurisdiction and concerned with evaluation of
products or services, that maintains periodic inspection of
production of listed equipment or materials or periodic evaluation
of services, and whose listing states that either the equipment,
material, or service meets appropriate designated standards
or has been tested and found suitable for a specified
purpose.
(Confidential – For Internal Use Only) Copyright © 2007 Rockwell Automation, Inc.
NFPA 79 and Safe Drives
9.2.5.4.1.4 Drives or solid state output devices, designed for safety-related functions shall be allowed to be the final switching element when designed according to relevant safety standards
Pre-2007 2007Drive
SR
SC
Drive
SR
SC
SRS
O
Drive
SRS
OSRS
O
Drive
Question: Can I use safe drives for final removal of power in a safety E-Stop?
Certification Bodies• TÜV Rheinland, TÜV Product Services
– Technical Inspection Associations (Two Independent Companies)
– Functional Safety Certifications
• IEC 61508, EN954-1, IEC 61511, etc.
• Recognized Worldwide
• Started in 1880’s in Germany for Boiler Safety
• More Experience Certifying Equipment for Functional Safety Than Any Other Organization in the World
• BG / BIA– German Institute for Statutory Accident Insurance and Prevention
• Recognized Experts
• Certify Products, Applications
• Still Germany-Centric
• Limited Resources
• FM Global– AKA Factory Mutual
• Will certify products, but contracts TÜV Product Service to do the actual testing / examination
• Process Focus
• UL– Electrical Safety (Fire and Shock) Recognized Worldwide
– Functional Safety Service, AKA NRGF Listing, Very Recent (Fall of 2003)
• Requires Compliance to IEC 61508, UL 508, UL 1998 and NFPA 79
• North American Focus
Interlock Switches• Interlock switches are designed to
monitor the mechanical guards protecting a hazardous area.
• If a protective gate is opened, power to the machine is shut off to prevent injury to the individual.
• What makes a safety interlock switch safer than a normal sensor?
– Means to prevent welded contacts (direct opening contacts)
– Redundancy (multiple or duplicate contacts)
Operating Principles
See Demos
• Control Interlocking
– The stop command from the interlocking device is introduced
into the control system so that interruption of the energy supply
to the machine actuators, or mechanical disconnection of moving
parts from the machine actuators, is triggered by the control
system.
• Power interlocking
– The stop command from the interlocking device directly
interrupts the energy supply to the machine actuators or
disconnects moving parts from the machine actuators.
• “Directly” means the control system does not play any intermediate
role in the interlocking function.
PLC not Primary Safety Controller, but used “In Addition To”
No loss of safety function with a single fault
Minotaur
Machine
Control
M
Trojan
monitoring100S-C
Aux/indication
100S-C
PLC
Typical Forms of Control InterlockingSee Demos
•Interlocking
– Always possible to open the guard
– Generates a stop command when not closed.
•Interlocking with Guardlocking - Two types• 1. Unlocking the guard at any time by operator
• 2. Unlocking the guard only if a condition exists:
– Timing Function
– Stop Motion Detector
Interlocked Barrier Guards
• A barrier & an interlocking device
– Interlocking device (safety switches)…
• Difficult to defeat (Positive mode mounting)
• Actuators difficult to duplicate (tamper resistant)
• Interlocked barrier is installed such that
– Motion stops when the guard is opened
– Initiation of an automatic cycle is prevented
• Action, besides closing the gate, needed to start motion
– Easily unlocked from inside the safeguarded space, with or
without power
“Positive-Opening” / “Positive Break”
Welded contact is
forced open
when actuator
is removed
• … are electro-mechanical switches designed with normally-closed (N.C.) electrical contacts
• Upon switch actuation, these contacts are forced to open by a non-resilient mechanical drive mechanism
– Spring actuators are not considered positive -opening mechanisms
Positive Mode Operation
Positive Mode
Operating Contact
Negative Mode
Operating Contact
Contact Terminology
Official Wording Direct Opening Positive Guided Mechanically Linked
Characteristic Breaks welded contacts
All contacts remain in position if one contact
is welded
Commonly Used Wording
DirectDrive Positively Driven Positive Opening
Forced Disconnection
Positively linked Direct Acting
Mechanically Linked
Symbol
Non-Coded Magnetic Switch Requirements
A NON-CODED magnetic switch shall be mounted in such a
way that when the guard is opened the switch CANNOT be
accessed
No access to switch
This text box serves as a patch for a PowerPoint slide transition time bug.
Coded Magnetic Switch Requirements
CODED magnetic switches shall be used where they can be
OVERIDDEN with a magnetic device
Switches exposed with guard door open.
This text box serves as a patch for a PowerPoint slide transition time bug.
When is a Safety Relay Needed?
• Control Reliability
– The control system shall be constructed
so that...
• a single failure within the system does not
prevent the normal stopping action.
• does prevent initiation of a successive cycle or
stroke until the failure is corrected.
• failure shall be detectable by a simple test, or
indicated by the control system.
OSHA 1910.217, ANSI B11.1, ANSI B11.19
MCR
L1 N
M
MCR
Is this your E-Stop Circuit?
MCR
L1 N
M
MCR
Residual
Magnetism
Welded
Contact
What if the relay sticks closed or contact welds?
CR1
L1 N
CR2
MCR1 CR2
First, add redundancy
CR1
L1 N
CR2
MCR1 CR2
What if CR1 welds
Drops
Out
Replace Standard Relays with Safety Relay
MSR5M M M
100S-C 100S-C100S-C
L1
CR1
N
CR2
MCR1 CR2
TD
TD
TD
TD
CR1
CR2
CR1 CR2Reset
Next, we have to add self checking
CR1
L1 N
CR2
MCR1 CR2
TD
TD
TD
TD
CR1
CR2
CR1 CR2Reset
Prevents a reset if 1 circuit fails
Where are Safety Relays Used?•Emergency Stop Relays
– Monitors the E-stop Circuit
– Monitors Safety Gate Limit Switches
– Monitors Light Curtains
– Monitors Rope Pull Switches
•2-Hand Control & Safety Gate Monitors
– 2-Hand Anti-tiedown & Anti-repeat relay
– Controls machine from safety gate limit switches
•Provide additional safety contacts
•SEE PAGE 5-1 IN SAFETY CATALOG Mar 2008
When Specifying a Safety Relay
• What are the safety inputs
– Gate Switch, Mats, Light Curtains, Two Hand Control
– What are the input contacts (2 N.C.)
• Relay Type
– Input Voltage 120, 240 VAC, or 24 VDC– E Stop, Two Hand Control, Gate Switch, Mats, etc.
• Output Contacts Required
• Drive relays with both instantaneous and timed contacts
– (3 N.O. 1 N.C.), ( 6 N.O. 3 N.C.),
• Current Requirement?
• Cross Monitoring
Gate Application on Page 300
• Note that each gate is daisy chained and
connected to both channels of the safety relay.
E-stop Application
Fault Detection - An example
E-Stop
Switch
Safety
Relay
At Startup - No Faults
Fault Detection - With Daily Testing
E-Stop
Switch
Safety
Relay
A short time later - Short in wires of one input
Fault Detection - With Daily Testing
E-Stop
Switch
Safety
Relay
Still more time later - Short detected by
comparing inputs when E-Stop is pressed.
Safety function is successfully performed.
Fault Detection - Without Daily Testing
E-Stop
Switch
Safety
Relay
At Startup - No Faults
Fault Detection -Without Daily Testing
E-Stop
Switch
Safety
Relay
One month later - Short in wires of one input
goes undetected.
Fault Detection -Without Daily Testing
E-Stop
Switch
Safety
Relay
Two months later - Short occurs in second
input, also not detected.
Fault Detection -Without Daily Testing
Three months later - Button is pressed, but
safety relay does not respond.
E-Stop
Switch
Safety
Relay
The safety function is lost with an accumulation of faults.
The safety system can not be rated to EN954-1 Category 4.
Use auxiliary contacts to force checking
E-Stop SwitchesSafety Relay
At prescribed times (e.g., startup or maintenance),
the PLC requires each e-stop to be verified.
To PLC
How many E-stops or Interlocks?•How Many Contacts Can you Wire in Series to a Safety
Relay ?
•How Do you know Which Was Pushed/Tripped ?
Relay
Interlocks Noncontact Cable Pull E-Stops
How Many E-Stops or Interlocks?• Dependent on impedance
– Contact resistance
– Wire size
• Dependent on Relay Design
– MSR5T 250 ohms
– MSR6R/T 500 ohms
– MSR8T: 250 ohms
– MSR9T: 500 ohms
– MSR10RD: 500 ohms
– MSR11: 500 ohms
– MSR12: 500 ohms
– MSR14T: 500 ohms
– MSR15RD: 500 ohms
– MSR16R/T: 500 ohms
22 16.14 ohms
20 10.15 ohms
18 6.38 ohms
16 4.016 ohms
14 2.525 ohms
12 1.588 ohms
NEC 16 Gauge THHN
Per 1000 Feet:
Note: Typical Contact
On E-Stop or Key Switch
= 200 to 300 milliohms
CONTROL CIRCUITRY
EM
ITT
ING
RE
CIE
VIN
G
CHECKING & MONITORING
Category 4 - e.g. light curtain
Guard Shield Type 4
Light Curtain to Safety Relay
Review of Potential Benefits•Meet recommended standards
•Meet Control Reliability
– Redundant, positive guided, self checking
•Saves space over 3 individual relays with positive guided
contacts - i.e.: AB 700P
•Saves installation time
– Pre-wired with clear terminal identification
•Reduces risk - certified by 3rd parties
•Simplifies standardization of safety circuits
Conclusion - Products• Resets
– “Monitored Manual” or “Automatic/Manual”
• Positive-Guided Relays– The normally closed and normally open can not be in the
closed position simultaneously.
• Checking– Internal Relay Logic
• Redundancy– Dual inputs - in parallel
– Dual Outputs - in series
• Diversity– Opposite Polarity Inputs
• Monitoring– Checks status of output switching device
Nelsa Ltd 113
BREAK
Vision
Rockwell Automation
A global leader in factory automation has combined
*Allen-Bradley control expertise in automation
with
*Guardmaster safety expertise in automation
to bring you
Safety Control in Automation
Brand Name
Rockwell Automation introduces the…
...brand of safety products.
Rockwell is the Worlds Largest Safety
Solutions Provider!
Company Confidential
Allen Bradley Safety/Sensing Business
Chelmsford, Massachusetts, USA•HQ, Marketing, Engineering, Finance
Manchester, New Hampshire, USA• Manufacturing, Purchasing, Administrative• Products: Limit Switch, Encoders, Proximity,Photoelectrics, DeviceNet
Wigan, Lancashire, UK•Development, Marketing, EngineeringManufacturing
•Products: Safety Products
Santo Domingo, Dominican Republic,
Caribbean• Manufacturing•Products: Proximity & Photoelectrics
RA Safety Business Highlights to Date• Acquired EJA - Oct 1999
• Introduced EJA Safety Products in CY2000
under A-B / Guardmaster
• Added New Products - Light Curtains,
Safety PLC’s, Mobile View, Electro-Guard
• Re- organized into One Business -November
2001
• Acquired Tesch GmbH - Jan 2002
• Introduction of GMS Safety Services 2002
• Announced CIP / DeviceNet Safety
development activities – September 2002
• Rockwell buys Cedes of Switzerland-Feb
2008
• Safety is touching every part of our business
• Rockwell has invested over $100 Million
Dollars
GuardPLC
Modular Safety RelaysMSR200 Features
• Microprocessor – dual processors– Modular – Future expansion considerations
– Flexible – Light curtains, mats, interlocks, e-stops
• Up to 10 input modules, 2 output modules, with 1 base unit
• Safety Integrity– Individual input channel per device
• Economic– Reduced wiring cost
– Reduced inventory cost
• Ease of Installation– wiring, interconnections
– input and output expansion
• Compact– smaller panel space required
• Diagnostics4 Line Display, DeviceNet
MSR300 modular with zone control
Module 1= Config. 8, Group Sel. 1
Module 3 = Config. 4, Group Sel. 8
Muting Lamp Control=
2 Bulbs + 2 Reserve Bulbs
Output 1= Group 3 Type
Module 2 = Config. 8, Group Sel. 2
Module 4 = Config. 4, Group Sel. 9
I/O Module Configuration Example:
NO/NC
Base module= Y40-S34 linked:
Auto reset for all groups
SmartGuard 600 Safety Controller•The SmartGuard 600 safety
controller is a general purpose
programmable safety controller
designed for safety applications
that require some complex logic,
allowing for more advanced safety
functionality.
•Ideally suited for applications
such as:
– E-Stop
– Safety Gate
– Multi-Zone Control
– Light Curtain
– Two-Hand Control
– Perimeter Guarding
Smart GuardApplications•Where a safety relay isn’t quite enough
– Some complex logic required
• Light curtain muting plus enable pendant for a zone
– Multiple safety zones (3 or more)
– Distributed safety I/O required
– Interlocking with other safety controllers (GuardLogix, other
SmartGuard)
•Where a safety PLC is too much
– DeviceNet / DeviceNet Safety is all that is needed
– Simple, uncomplicated software
– Fixed set of functions to choose from
•Where small size is important
Allen Bradley Safety PLCs
• Up to SIL 3 /Cat 4
• High Performance
• Discrete and Analog I/O
• GuardPLC Ethernet &
DeviceNet Safety (future)
• Full IEC 1131 FB
• Certified FB Capabilities
• MSR200
• Modular I/0 Expansion
MSR200
Packaged
GuardPLCs
Modular
GuardPLCs
GuardLogix
• High Performance 1oo2 Safety
• Up to SIL 3 /Cat 4
• Standard Logix – Rack, Power
Supply and Comms Modules
• RSLogix 5000 Software
• DeviceNet Safety
Key Features• EDS and Logix Profile Based Configuration• Configurable Standard Outputs• Removable terminal blocks• Replaceable Relays• DIN Rail mountable
Product Characteristics• 1791DS-IB12:
– 12 Fail Safe Inputs (single channel)• 1791DS-IB8XOB8:
– 8 Fail Safe Inputs & 8 Fail Safe Semiconductor Outputs (single channel)
• 1791DS-IB4XOW4: – 4 Fail Safe Inputs & 4 Fail Safe Relay
Outputs (single channel)
DeviceNet Safety I/O
Safety Application Examples•Completed application examples (available on Literature Library and on www.ab.com/safety/applications.html):
– Laser Scanner Protection for Automated Conveyor Car using MSR200
– Laser Scanner Protection for Automated Conveyor Car using SmartGuard 600
– E-Stop Control using SmartGuard 600
– Single Safety Gate Protection using SmartGuard 600
– Dual Zone Safety Gate Protection using SmartGuard 600
– Safety Mat Control with CompactBlock Guard I/O and GuardLogix
– Safety Mat Control using SmartGuard 600
– Bi-Directional Muting Control of Light Curtains using SmartGuard 600
– Using TLS3-GD2 Interlock with With ArmorBlock Guard I/O and SmartGuard 600
– Using GuardShield Light Curtains with ArmorBlock Guard I/O and SmartGuard 600
– Using MicroLogix 1500 Controller with SG600 as Standard Slave
– Using CompactLogix with SG600 as Standard Slave
– GripSwitch (Enabling Switch) Applications
– GLX to K6K / K7K "Safe Off" for Servo Control with Guard I/O on EtherNet/IP
– GLX to PowerFlex 70 “Safe Off” for AC Drive Control with Guard I/O on EtherNet/IP
Motion, Drive, and Armor Start Guard Safety
• Power Flex 40P
Safe-Off option
• PowerFlex 70
– Safe-off an Option on Enhanced Control
– Certified to EN954-1, Category 3
• PowerFlex 700S
– Safe-Off Option with 2nd Encoder (Phase II Only)
– Certified to EN954-1, Category 3
Kinetix Safe Off Motion Controller
Armor start with Safe Off option
NO ADDITIONAL SAFETY
CONTACTORS NECESSARY
MSR57 Speed Monitoring Relay
•Key Impact
– First Rockwell solution for Safe Speed
monitoring
– RA offers more than just Safe Off
•Main Features supported
– SIL3, Cat 4
– Up to 2 encoders (TTL and Sin/Cos)
– Safe inputs for Safety component products
– Utilizes same HIM module and software used
for PF70 drives (Drive Explorer and DPI
hardware tools)
– Monitors and controls standard and safety drives
– Multi-axis applications
– Door control to prevent access to hazard when
unsafe
– Allows access during safe speed conditions
– Performs shutdown during over-speed
conditions
– Ideal for new and existing installations
•Key Applications
– Roller Coaster Rides
– Ski lifts
List Price $1,300
AFS: Nov 2008
Non K6K and PF755 customers will require MSR57P
to solve their applications
Bulletin 100S MCS Safety Contactors
Mechanically-linked, permanently affixed
auxiliary contacts colored RED for…
• easy identification in panel
• identification as a safety device
• consistency with A-B Guardmaster
•SUVA Approved
•GM Specified
•Trojan QD
Hinge & Tongue Interlock Switches
Elf
Trojan5
Cadet
Trojan5
GD2
TrojanEX
Rotocam
Sprite
Bolt Lock
MT-GD2
movie
Trojan T15 &
T15 GD2
Noncontact Interlocks
Ferrogard
Sentinel
Ferrotek
Ferrocode
Sipha
NEW Door Non Contact Interlock SensaGuard RFID
Safety E-stop Devices
• E-Stops
– Available in 30mm & 22mm sizes
– Metal and plastic construction
– Meet EN418 and IEC 60947-5-5standards
– Push-pull, push-pull/twist release, illuminated,or key-operated devices
• Self Monitoring Contact Blocks
– For use with 800T & 800F E-Stops
– Patented technology improves reliability and safety
– If contact block becomes separated from E-stop,monitoring circuit automatically opens and shuts down the controlled process
– Essentially eliminates contact separation concernsfrom improper installation, damage or high-vibrationapplications
Series 800T/800F & Self Monitoring Contact Blocks
GuardMat™ Safety Mats
Controllers
Mats
Edge Trim Uniting Trim
GuardEdge™ Safety Edges
Component Parts
Profiles/Rails and Controllers
Prosafe™ Trapped Key Interlocks
Solenoid Release
Access Locks
Key Exchange
Miniature ValvesPower Isolators
Zero-ForceTM Touch Buttons
•800Z GP (General Purpose) Line
800Z HI (Heavy Industrial) Line
Safety Limit Switches
2-Circuit, Snap-Acting contact design
802T Plug-in Family of products
— Mounts and operates in accordance to NEMA style limit switches.
— Rugged metal body
— Meets or exceeds durability requirements of NEMA style Limit Switches
– Longer Life and durability as compared to IEC style Limit Switches
Snap Acting contacts for fast change over and no ―contact tease‖
Normally Closed ―safety contacts‖ are forced open when switch is actuated
Lower travel to operate Direct Opening Action feature when compared to IEC style
NEMA 6P enclosure rating
Same Length Mounting Screws
QD and pre-wired versions available
cULus and CE certified and approved
GuardShield
• Type 4, General Purpose Safety Light Curtain
• Resolutions of 14mm and 30mm
• Ranges of 7M (14mm) and 18M (30mm)
• Dip-Switch Selectable Operating Modes
• CE Marked -TUV NORD
• IEC61496 Parts 1 & 2
• cULus 61496 Parts 1 and 2 (In process)
• UL 1998 (In process)
GuardShield• Two box light curtain
• Optically Synchronized
• 24Vdc
• Two PNP Safety Outputs (500ma)
• One PNP non safety Auxiliary (500ma)
• Protective Heights;
320mm to 1760mm in 160mm increments
• Response time varies by length
• IP 65
• Housing; 42mm X 52mm (1.65 in X 2.0 in)
• Beam Spacings:
10mm for 14mm Resolution
20mm for 30mm Resolution
Cascaded GuardShield
•Cascaded GuardShield is a standard GuardShield pair with an M12 quick disconnect connector attached to the top of the Transmitter and the Receiver.
•The information for the middle and end segments is passed through to the Host pair.
•Each segment operates independently, as there is no communication between the segments
•Maximum of 3 pair of 1760mm GuardShield interconnected with a common pair of outputs (same OSSDs as a standard pair of GS)
•Maximum patch cord length between segments is 2 meters
•Able to configure each pair separately,
– Host functionality: (Beam coding, EDM, Start / Restart interlock, Fixed / Floating Blanking)
– EDM and Start / Restart not allowed in middle or end pairs
•Mixed resolutions (14mm and 30mm) can be interconnected.
•Response time is not affected by the Cascaded system. The longest response time of any configured GuardShield light curtain pair in the system is that systems response time, usually 20ms.
•Offered from 320mm to 1760mm in 14mm and 30mm resolutions
Patchcord Information•Cascaded GuardShield uses standard GuardShield
cord sets
•Patch cords offered in 3 lengths; 1/3 M, 1 M and 2
Meters.
•Patch cords are unshielded
•If GuardShield Host units used as “Stand alone”
pairs, a Termination plug must be attached to the
top connector of the Receiver
GuardShield Remote Teach•Provides a remote means to teach and
re-teach fixed blanking areas
•Targeted to customers who change
“Fixed Blanking” areas one or more
times per shift –Mainly Press
applications
•Fixed Blanking dipswitch 4 must be in
ON position
•GuardShield Receiver “learns” new
fixed blanked area after die change with
different object size or position in
sensing field
Guardshield 3 Beam Perimeter Access Control
3 Beam
960 mm
Beam coding
External Device Monitoring
(EDM)
Start interlock
Restart interlock
Internal or external restart
Copyright © 2009 Rockwell Automation, Inc. All rights reserved.
GuardShield Safe 4
• Basic ON / OFF functionality (Guard Only)
• Two 300ma OSSD Outputs
• IP 65
• 14mm resolution – 9 m operating range
• 30mm resolution - 6 m operating range
• Operating temperature 0°C to 55°C
• 950nm wave length
• 30 mm x 40mm housing
• 5 Pin M12 Connectors
• Visible status LEDs
Copyright © 2009 Rockwell Automation, Inc. All rights reserved.
GuardShield Safe 4 Integrated Alignment
• Powered Class 2 visible laser beams
located at the top and bottom of each
light curtain pair.
• Simply touching the finger symbol
on the face of the transmitter and
receiver activates each alignment
laser
• Visible laser stops transmitting after
finger symbol is retouched - or
automatically ceases transmitting
after 5 minutes
• Used to ease alignment at installation
or during the course of production if
knocked out of alignment during
The Integrated Laser Alignment System provides quick and easy alignment
Copyright © 2009 Rockwell Automation, Inc. All rights reserved.
GuardShield Type 4 to GuardShield Safe 4 GuardShield Type 4
• Fully featured with 16m range
• Aux non-safety output
• 500ma OSSDs
• Minimal non-sensing area
• 160mm to 1760mm (in160mm increments)
GuardShield Safe 4
• ON / OFF with 6m or 9m range
• Integrated Laser Alignment system
• 120mm to 1920mm (in 120mm increments)
GuardShield Micro 400NEW
SafeShield•Software configured
•Software Included
•Cascadable
•Two Box Safety Light Curtain
•Resolutions of 14mm and 30mm
•Protective Heights of 300mm to 1800mm (150mm increments)
•2 PNP 500mA cross-monitored, short circuit protected OSSD’s
•24Vdc input power
•Optically Synchronized
•CE certified by TUV, cULus listed
AAC (Area Access Control)
SafeZone Multizone Overview• Newest generation of safety laser
scanner
• 2 Zone independent capable
• Ideal for Stationary and Mobile applications
• Vertical or Horizontal mounting
• 190 deg coverage
• Diagnostic ouputs
• Diagnostic and recording with software
• Software included
Future Safety Laser scanners• Launching two new safety laser scanners - Q2
FY09;
1. Series B SafeZone Multizone (442L-SFZNMZ B) Same
5M safety field range with 4 switchable field sets instead of
the current two
• Series B not backwards compatible with Series A
• Series A to be discontinued with launch of series B
• Series B I/O Module (442L-SFZNMZ B) Replacement Part
2. SafeZone Singlezone (442L-SFZNSZ A) Priced $800
below Single field set with 4M safety field
• New Scan Head (442L-SFZNSZ A) 4M Safety field range Replacement
Part
• New I/O Module (442L-SFZNSZ-FM A) Replacement part
– All software (Series A and B and Singlezone) on same CD
Electroguard Safety Isolation Systems
Allen Bradley 440J Enabling Switch
CED Training and Proof Center
Machine Safety Services
from
Rockwell Automation
Machine Safety Services
Standards Training & Updates
Risk Assessment
Conformity Audits
Hazard Assessments
Technical Specification Development
Design Reviews
Safety Circuit Design
Stop Time Measurements & Safety
Distance Calculations
System Integration Services
Field Support Services
E-Stop w/No Yellow Background
Not compliant to NFPA 79
Un-Guarded Palletizer
Two Hand Control Station
Un-guarded Door
Depth Penetration Violation
Inductive Prox
Plunger Limit Switch
Muting Light Curtainsee ANSI B11.19
Best Practice
Let’s take a quizFalse
False
False
False
True
True
True
True
All
True
1) Implementing a safety system will cause reduced production?
2) Safety systems are complex and require a specially certified Engineer
3) The first step in the safety lifecycle is to identify risks
4) The main goal of implementing a safety solution is to increase productivity
5) When identifying risks, you must consider the consequences,
chances and frequency
6) The best engineering method for risk reduction is to deploy a safety
control system
7) Who is responsible for safety?
8) One way a safety system can improve productivity is by reducing
the duration of a down time event.
9) The 3 D’s of a safety product are: Duality, Diversity and Diagnostics
10) Rockwell Automation has the broadest offering of safety solutions
EtherNet/IP
ControlNet
DeviceNet
The End•Questions
•Concerns
•Arguments
•Demos