Drive-based integrated safety: How advanced drive designs can be used to better implement mandated safety functions on production machines

July 28, 2014 – While safety functions have been integrated into drives packages for some years now, the current trends are very exciting, from many angles. Today, a full complement of safety functions can be implemented at the front-end of a system design on all types of production machines. This can be accomplished in full compliance with all the current regulations for machines used worldwide.  

Furthermore, machine designers can look to a drive-based safety integrated protocol that has greater flexibility than ever before, both in terms of its mechanical footprint and component savings, owing to the various ancillary devices such as external contactors and redundant electromechanical safety devices, with all their inherent wiring, cabinet space and related costs.  

Lastly, and perhaps most important to the designers working on that factory of the future with an eye on lean, green and expandability, the safety-integrated features on today’s drives allow additional functionality to be included without excessive rework. Combined with the current state of safety communication capabilities over protocols such as Ethernet/Profinet and Profibus, plus the rapidly emerging and already utilized automation platforms of wireless communication of critical safety function data in a manner isolated from non-deterministic information, these are not your father’s drives, to put it mildly.  

In the past, the common practise for monitoring drive reaction to shutdown requests came through the machine controller, be it a PLC, CNC or other motion controller hardware. Current safety requirements — especially Category 3 of NFPA 79 and the corresponding category of EN 954-1 and its recently implemented upgrade, ISO 13849-1 — allow drive-based safety functions to be utilized independently. Drives are now performing the continuous safety monitoring with control-reliable safety action inside the drive, through dual-channel safety inputs.  

Coupled with a safety controller, safety monitoring in a drive must be continuous and integral, so the drive no longer needs to “wait” for a periodic signal from the machine controller to detect, for example, an over speed condition, a break in a light curtain, or even improper inputs that may have resulted from welded contacts or other off-normal conditions. In this manner, the loss of productivity to your machine is radically reduced, while the drive can also send a signal directly to an HMI screen, identifying the fault, in sharp contrast to bygone days when this was not possible without lengthy breakdown and analysis. Troubleshooting and maintenance costs are further reduced by the safety-integrated drives.  

Dual benefits derive from these drives for the practical execution of machine control, as well. First, safe stop of the drive without disconnecting the low-voltage power means faster restart and less degradation of the drive over time. Additionally, motion safety is achieved by monitoring drive speed through functions such as safety limiting speed, safe brake control and safe speed monitoring functions, which in some drives can be achieved without encoder feedback. These are the more recent advancements beyond the basic safe stop, torque off and safe operating stop functions.  

These drives are typically available in variable frequency, vector and servo control models to accommodate induction, servo, linear and torque motors from the subfractionals to the megawatt variety. For inputs, safety incidents from light curtains, laser scanners, position switches and other machine hardware are routinely accepted. Output signals processed in the drive CPU are sent via wire or bus to higher-level safety controls or available upgrade modules that activate the drive functions.  

During commissioning, the safety functions are set by the password-protected relevant parameters in the drive architecture protocol and triggered for single or multi-axis groups. Therefore, these drives are finding applications in every type of basic point-to-point linear or rotary motion scheme from a pump or fan to a packaging line up to the highly sophisticated interpolation of multiple axes on machine tools. Highly reliable circuitry controls the output of the low-voltage power that runs the rotational speed output of the drives, so the machine can retain drive power without shutdown to remain more productive. This contrasts sharply with the old three-phase contactor technology of the past. For installation simplicity, many of these drives also feature plug-and-play connectivity for implementing all functions, either at startup or subsequently, as the manufacturing protocols or monitoring requirements change in the field.

The new thought process for engineers in this area must now be to build monitoring of safety functions into their systems at the front end, knowing they can add I/O with more design work done in the software than the hardware without redundant external devices and custom safety wiring on every job.

Machine designers will realize substantial engineering savings, component cost reductions and improvements in footprint configuration through the use of these safety-integrated drives, while building compliant machines for use worldwide to protect equipment, manufacturing integrity and, most importantly, workers in the process. 

John Krasnokutsky is the marketing manager in the Motion Control Business of Siemens Industry, Inc.