Safe Systems - Programmable Logic controllers

Modern safety legislation charges employers with duties that include making the workplace safe and free of risks to health, ensuring that plant and machinery are safe and that safe systems of work are established and followed. There is thus a need to assess the risks in the workplace.

This means looking for hazards, that is, anything that can cause harm, deciding who might be harmed and how, evaluating the risks that somebody will be harmed by a hazard and whether existing precautions are adequate or whether more needs to be done to reduce the chance of harm occurring, recording the findings, and reviewing and revising the assessment, if necessary.An important standard is IEC 61508: Functional Safety of Electrical/Electronic/ Programmable Electronic Safety-Related Systems.

Safe Systems

The standard is in seven parts, as follows:

Part 1: General requirements;

Part 2: Requirements for E/E/PE safety-related systems;

Part 3: Software requirements;

Part 4: Definitions and abbreviations;

Part 5: Examples of methods for the determination of safety integrity levels;

Part 6: Guidelines on the application of IEC 61508-2 and IEC 61508-3;

Part 7: Overview of techniques and measures.

Safe Systems

To provide functional safety of a machine or plant, the safety-related protective or control system must function correctly, and when a failure occurs it must operate so that the plant or machine is brought into a safe shutdown state.

PLC Systems and Safety

Safety must be a priority in the design of a PLC system. Thus, emergency stop buttons and safety guard switches must be hardwired and not depend on the PLC software for implementation, so that, in a situation where there is a failure of the stop switch or PLC, the system is automatically safe. The system must be fail-safe. Thus if failure occurs, the outputs must revert to a fail-safe mode so that no harm can come to anyone. For example, the guards on a machine must not be open or be capable of being opened if the PLC fails.With a PLC system, a stop signal can be provided by a switch as shown in Figure.

PLC Systems and Safety

This arrangement is unsafe as an emergency stop because if there is a fault and the switch cannot be operated, then no stop signal can be provided. Thus to start we momentarily close the push-button start switch and the motor control internal relay then latches this closure and the output remains on. To stop we have to momentarily open the stop switch; this unlatches the start switch. However, if the stop switch cannot be operated, we cannot stop the system. What we require is a system that will still stop if a failure occurs in the stop switch.

We can achieve this by the arrangement shown in Figure. The program has the stop switch as open contacts. However, because the hardwired stop switch has normally closed contacts, the program has the signal to close the program contacts. Pressing the stop switch opens the program contacts and stops the system.

For a safe emergency stop system, we need one that will provide a stop signal if there is a fault and the switch cannot be operated. Because there might be problems with a PLC, we also need the emergency stop to operate independently of the PLC. Putting the emergency stop in the input to the PLC gives an unsafe system (Figure).

Figure shows a safer system where the emergency stop switch is hardwired in the output. Pressing the emergency stop button switch stops, say, a running motor. When we release the stop button, the motor will not restart again, because the internal relay contacts have come unlatched.

A safer stop system

A Safer emergency stop system

Emergency Stop Relays

Emergency stop relays are widely used for emergency stop arrangements, such as the PNOZ p1p from Pilz GmbH & Co. This device has LEDs for indicating the status of input and output circuits, the reset circuit and power supply, and faults. However, the base unit can be connected via an interface module so that its status can be read by a PLC. This interface isolates the output from the emergency stop relay from the signal conditioning and input to the PLC by means of optoisolators. Thus, though the emergency stop operates independently of the PLC, it can provide signals that a PLC can use to, say, initiate safe closing-down procedures. Figure illustrates this idea.

A simple emergency stop relay in which operation of the emergency stop button breaks the control circuit to the relay, causing it to deenergize and switch off the power (Figure), has the problem that if the relay contacts weld together, the emergency Stop will not operate. This can be overcome using a dual-channel mode of operation in which there are two normally closed contacts in series and both are broken by the action of the relay deenergizing (Figure). Safety can be increased yet further if three contacts in series are used, one using normally closed contacts and the others normally open contacts. Then one set of contacts has to be deenergized and the other two energized.

Emergency stop relay single channel mode and dual channel mode

Safety Functions

In designing control systems, it is essential that personnel are prevented from coming into contact with machinery while it is active. This might involve:

  • Two-handed engaging so that both hands must be on switches all the time and the machine will switch off if only one of the switches is being engaged.
  • Protective door monitoring to prevent access to a machine while it is operating. This can be achieved by the use of safety interlocks such as doors and gates. Limit switches positioned on door and gate latches can be used so that when the door or gate is unlatched, the limit switch is opened and closes down the machinery. However, it is relatively simple for operatives to defeat such limit switches by sticking a device such as a screwdriver in the contacts to force a machine to operate. More sophisticated safety interlocks have thus been devised, such as proximity switches and key locks.
  • Light curtains to prevent any person getting close to machinery. A danger zone, such as a packaging machine, can use infrared beams to protect people from getting too close. If a light beam is broken, it immediately triggers a safe shutdown command.
  • Safety mats are another way of detecting when someone is too close to a machine. They are placed round a machine and when someone steps on the mat, a contact is closed, causing the machine to stop.
  • Emergency stop relays, to enable machinery to be stopped in the event of an emergency

Thus a safe-operating system for a work cell might use gated entry systems, such as guards on machines that activate stop relays if they are not in place, light curtains, and emergency stop relays.

Safety PLCs

Safety PLCs are specially designed to enable safety functions to be realized. In a safety PLC there can be two or three microprocessors that perform exactly the same logic, check against each other, and give outputs only if there is agreement. An example of such a PLC is the SIMATIC S5-95F. This is a two-channel system with two identical subsystems that communicate with each other via a fiber-optic cable link. The inputs from the sensors are fed simultaneously to both subsystems. During operation, data is passed between the two subsystems via the fiber-optic cable. They operate in synchronism with the same program and compare input and output signals, the results of logic operations, counters, and the like, and automatically go into a safe-stop condition if there are different outputs or internal faults or failures. For safety-related digital outputs, actuators are switched on or off from both subsystems. This means that one subsystem alone can shut down equipment.

All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd Protection Status

Programmable Logic controllers Topics