Machinery and original equipment manufacturer (OEM) designers know that building safety into their equipment is a fundamental requirement. To ensure a consistent approach, the ISO 13849 standard provides guidance for machinery control systems that are applied to provide safety functions for machinery. However, safety design is a complicated subject, and it can be difficult to interpret by both OEMs and their end user customers.
The ISO standard identifies many categories of safety depending on the performance level. There can be a tendency for designers to follow the most restrictive category definitions, often being overly conservative, but any engineer knows that an over-specified design isn’t always prudent. This is especially the case when designers are faced with accommodating the high costs usually associated with more elaborate schemes.
New safety relay modules are now available to help designers incorporate the proper machinery safety automation in accordance with the latest standards. This article looks at where and how these modules can be applied, and why they can promote adoption of appropriate safety in more applications.
Safety as usual
There is a strong bias among many designers to presume that machinery must come to a full stop when errors are detected. This belief, along with overly conservative interpretations of ISO standards, has led many designers to handle most situations as category 3 or 4, requiring full redundancy. It was not possible to select category 2 based on this understanding.
In 2015, ISO 13849 was revised and the requirements for category 2 were updated. In particular, category 2 now allows for situations when “testing occurs immediately upon demand of the safety function.” For cases where category 2 applies, this ISO update permits a more streamlined safety implementation.
This approach means there are now more opportunities for designers to follow category 2 guidance, saving money while complying with standards and maintaining a safe working environment. The ISO standard describes how designers can confirm category 2 is applicable, and in these situations, designers can specify newly available devices rated for this type of service.
The situation in the field
Existing machines, especially those in advanced countries, often incorporate full category 3 and 4 safety. Unfortunately, there are also many cases where the appropriate safety measures have not been incorporated due to cost, misunderstandings, or other reasons. Where a category 2 approach is allowed, safety provisions can more easily be retrofitted into existing equipment or built into new equipment.
A risk assessment must be undertaken to identify the required performance level (PLr) based on how severe an injury could be, how often workers are exposed to the danger, and if the hazard is avoidable. The PLr can vary from PLa at the low end, up to PLe for the most critical cases. For relatively safe machinery with a performance level of PLc or below and where category 3 or 4 is not otherwise required, designers can follow category 2 guidelines (Figure 1).
All machine designs must already be evaluated to ascertain what safety measures are mandated. The new developments are an updated ISO standard making it more practical to apply category 2 methods by using specific category 2 safety devices.
Category 2 safety devices
Typical machine control involves some sort of initiation command, for example a pushbutton or programmable logic controller (PLC) signal, to cause an output, such as starting equipment. When the equipment must include safety measures such as emergency stop buttons, safety interlock switches, or other sensors, there needs to be a way to evaluate these signals and use them to interlock equipment.
This is achieved by incorporating a safety circuit between the initiation command and the output to prevent the equipment from running in an unsafe situation. The safety circuit could be a safety PLC, safety controller, or safety relay module (Figure 2).
The most conservative category 3 and 4 safety methods require redundancy of safety inputs, monitoring logic, and outputs—requiring more complex versions of safety devices. This obviously drives up the difficulty and cost of implementing these designs.
A category 2 approach still incorporates monitoring, but through single connections instead of complete redundancy. Therefore, category 2 implementations reduce the amount of control panel space, require less hardware, use more economical hardware, and need less field wiring.
Safety in more situations
Regulatory agencies like OSHA mandate the incorporation of appropriate machinery measures, following industry standards such as ISO 13849. Designers often default to the most conservative safety categories, which are costly to implement and can hinder adoption.
Because the requirements for category 2 safety have been updated, there are now opportunities for machine builders and OEMs to apply newly available category 2 safety relay modules in far more situations. Because category 2 devices and methods are easier to implement and less costly than other approaches, designers can now ensure that the right level of safety is more widely used.