Integrated drive-based safety: A new era in machine safetyWritten by Martin Grosser Friday, 16 September 2011 08:03
Operating at higher performance dynamics as safely as possible calls for uniform safety concepts at the component, machine and system design levels. The goal is to achieve a higher level of safety to protect machines, their human operators and the environment, while maintaining ease of operation, and accomplishing all of these objectives at a competitive cost.
Machine safety standards are intended to ensure that safety doesn't get short-changed. While CSA Standard Z432-04 - Safeguarding of Machinery - includes basic concepts and general safety considerations for design, the new European Machinery Directive is designed to ensure consistent global standards of safety (i.e., harmonization).
Until recently, a "safe torque off" and "safe stop 1" function was sufficient for most applications. However, the trend towards increased functional safety in electrical drive and automation technology has gained considerable traction.
In December 2011, EN ISO 13849-1 will replace EN 954-1 where the principles of safe design are concerned. For machine and plant constructors, this will mean changes affecting the certification of their products. Probability calculations will now be taken into account when defining safety. The relevant safety-related parameters of individual components are an important factor when defining the overall performance levels of a plant.
Henceforth, construction engineers will be bound primarily by the requirements of three standards when designing and developing safe machines. As the comprehensive standard, the Machinery Directive (MD) 2006/42/EC defines the requirements to be met if a machine is to be put to market in the European Economic Area. Harmonized with the MD are the standards EN ISO 13849-1 and EN 62061 - both address issues of functional safety in machinery.
Risk assessment and evaluation
When engineering a machine, the first question to ask is what risks does it pose? It is fundamentally assumed that a hazard prevailing on a machine will cause damage sooner or later if protective measures are not taken. All hazards that could be posed by a machine must, therefore, be identified at a very early stage in the design and development of a machine.
The results of this analysis are then used to assess the risk posed by each hazard. Risk evaluation then follows, and the findings of this stage of the process are used to make decisions about the need for risk minimization.
Defining a machine's limits and applications requires close scrutiny and identification of potential hazards and associated hazardous situations. While the initial steps identify a need for risk minimization, the EN ISO 14121 standard sets out a hierarchy of measures for reducing the hazards to an acceptable level. Verification and validation are quality assurance measures for the avoidance of errors during the design and implementation of safety-related parts of control systems (SRP/CS), which execute and ensure the safety functions.
Part 2 of EN ISO 13849 deals with the subject of validation in depth. For each individual safety function, the performance level (PL) of the associated SRP/CSs must match the performance level required. The PLs of the various SRP/CSs forming part of a safety function have to be greater than or equal to the performance level required of this function. If a number of SRP/CSs are interconnected, the definitive PL can be determined from the standard. The design of a safety-related control function has to be validated. At the end of the process, the validation must show that the combination of safety-related parts for each safety function meets the applicable requirements.
Drive-based safety is the integration of functional safety tools in the drive that specifically guard against uncontrolled movement - and, in the event of such anomalous movement, the corresponding ability to stop drives significantly faster than manual or conventional solutions employing safety relays, speed monitors or contactors.
The primary purpose of all safety functions is to safely limit the motion of the drive on demand or in the event of an error. Integrated drive safety features generally fall into three categories: safe stop functions; safe motion surveillance functions, which may trigger a stop function in the event of a fault; and means of activation, such as safe inputs or a safety bus system. The safety chain is comprised of sensor input (i.e., light bar, emergency stop button, safe feedback), logic (i.e., safe PLC) and actuator or output (i.e., drive with integrated safety functions). The stop functions are among the most critical functions. According to the situation, the drive is shut down in a technically redundant, safe way - in the form of the "safe torque off" (STO), with which the servo inverter cannot generate a rotating field, which could produce a torque in the motor.
Depending on the application, integrated safety functions might include any or all of the following: safe torque off, safe stop, safe maximum speed, safely limited speed, safe tip mode, safely limited increment, safe direction and safe speed monitoring. Building on this framework, the latest servo safety modules feature higher-order safety functions, such as safely limited speed and safe direction, with variations including safe operational stop, as well as safe inputs and outputs.
Integrated drive-based safety
For machine builders, more stringent standards mean design changes and an increased workload with regard to certification of their products. Drive-based safety offers simplification of machine control systems, which speeds the task of assessment. Designing products in accordance with the strict requirements of international safety standards just makes it easier for global customers to purchase products, knowing that safety has been designed into the product.
Integrating the safety functions into the servo inverter offers many advantages. Drive-based safety gives greater clarity to the form in which the safety technology is implemented, and it simplifies the system structure. One of the positive cost aspects is the savings of external components (e.g., safety switch, speed monitor, guards or a second sensor system for safely limited speed). From a functional point of view, faster shutdown on command or in the event of an error means an increase in safety, since no points of separation with contacts are required. Because the safety technology provides status information available in the servo inverter and, therefore, in the PLC, there is also an improvement in the diagnostic possibilities.
The conventional solution of drive safety required additional external components. That is no longer the case. Advanced safety functions are becoming more prevalent as integrated features. These high-performance drive systems integrate safety technologies in smaller, modular packages, thereby simplifying the system's physical structure and ease of installation.
Effective safety measures ensure compliance with valid standards and help to future-proof an automation system. Safety in a machine should be an integral part of the overall process as early as the design phase, and be considered at all stages of its service life.
Martin Grosser is product manager, Safety, for Lenze (http://lenzeamericas.com/).
This column originally appeared in the September 2011 issue of Manufacturing AUTOMATION.