We have a 25 hp motor pump setup that is being used for a temporary test set-up . We have a 480V fusible disconnect on the wall that feeds a VFD just below it . They start / stop the motor using the run/stop button on the drive . The safety department is requesting that a e-stop be added . If we added a E-stop it would just be next to the VFD . Does OHSA require a E-Stop in this situation ?
1. OSHA does not REQUIRE an E-Stop in any regulation EXCEPT for presses.
2. BUT if you call it an E-Stop then there are certain requirements that apply, mostly laid out in NFPA 79.
One of the most important requirements, and this applies to safety in general, is that OSHA (among others) requires a risk assessment to be performed. This is where we get to the heart of the matter. First, you need to know what specific events (hazards) are being protected against, and what the reliability (likelihood of failure on demand) is going to be. This defines for any safety function the level of reliability and for higher level cases, the minimum level of redundancy that is required.
And ultimately, and here's the crux of the issue, humans are good for about 10% failure rates and this has been proven over and over again in countless studies, BUT it presumes that the human is in good health, focussed on the job, not overtired, not emotionally stressed, and most importantly, has plenty of time to evaluate the situation and make a calm, comfortable decision. In a typical "emergency" situation (buddy is being sucked into moving equipment and being mangled), the normal response is governed not by higher brain functions but a bunch of automatic functions at the lower brain stem tied to instincts. Typically this means you get a freeze or flight response, and just maybe if you're lucky, a rush to try to save their buddy without thought of what can be done in the current location. About the last thing you ever get is calmly reaching out to hit the E-Stop. So the failure rate for E-Stops is typically around 40% for the main sensor and processing mechanism, the person that has to hit the E-Stop. There is a ton of research on this subject (look for human reliability studies) with results that vary all over the map but consistently the trend is nowhere near reliable enough to actually use it.
So yes, you can install a "control reliable" E-Stop connected to a safe-stop drive that uses two fully redundant paths for both the input and the output functions and generally go crazy making the whole system SIL 2 (1% failure rate on demand) or even SIL 3 (0.1% failure rate) but it's silly and pointless because the human isn't that good.
And that's the important issue. If you do the risk assessment properly in the first place then all hazards or at least 90% of hazards (yep, the human's ability to find all the hazards is fallible as well) creeps in and you will quickly find that for any actual hazards for which an actual safety system is required, relying on humans screwing it up 10-40% of the time is simply unacceptable when it comes to a bonafide safety hazard. So the E-Stop has no place in safety systems in the first place as anything more than a feel-good.
Furthermore, and this is an even bigger issue with using the disconnect, the normal meaning of an E-Stop is that you have to stop as quickly as possible, even if you have to destroy equipment in the process of doing so. After all, it's an emergency. If the risk assessment is done then one of the things that comes out is a timing requirement...how fast does it need to stop. And guess what is almost never acceptable? Coast to stop, which is what you get when you just cut power. I've seem some very low friction systems literally take almost an hour to coast to a stop. So what you really need is a very fast stop and due to the fact that reliability becomes problematic when you try to do it under power (e.g. use the drive to execute a controlled deceleration) this means having a mechanical brake which is energized to release the brake. So now the motor is a brake motor and you've got a single phase system alongside the VFD to energize the brake coil to release the break, along with some coordination with the drive. Ideally the drive will even apply torque before releasing the break to do a torque check to find how much braking power you have, and then and only then release the brakes and start running once that check has been passed. Or this same level of work has to be done as a functional capacity test with some regularity to verify that the safety system which is almost never actually used will actually perform when required and hasn't failed via some kind of hidden failure over time such as if the brake shoes wore out.
Finally, consider this. You trigger all the Code and regulatory requirements by calling it an E-Stop. Nobody is requiring you to have one (again with the exception of presses) but as soon as you call it that, then the various requirements for an E-Stop apply. Nobody is holding you back though from having stop buttons and you can call it whatever you want. Process stop, equipment stop, or just stop. Just anything and everything except Emergency Stop.
So with all that being said, I don't even subscribe to the "just put one in" philosophy. It's on your head as the electrical representative to do an E-Stop system exactly according to Code. Since 99.99% of safety professionals have no idea what they are doing when they start throwing E-Stop requirements around or they typically knee-jerk it when questioned and basically "blow up" a project, calling them out on it is the best solution. The safety personnel have to be very specific when telling you exactly what to install and they must provide that level of detail. Otherwise, if you take the previous advice, just put in an E-Stop button as requested. Do not connect it electrically to anything. It's just a button, AS REQUESTED. Without a definition as to what it stops, how, with what level of reliability, under what Code (there are a bunch of competing safety Codes), it's a nonstarter.
By the way if you need to give SOMETHING, use the Robot Industries Association (RIA) Code for safety systems related to moving machinery. The reason is because it has definitions for everything including injuries, frequencies, what the electrical requirements are, and what is "safe enough". All of the other safety Codes out there are wishy-washy when it comes to this and provide no sort of guidance at all beyond a lot of hand waving and leave it up to safety departments to do stupid things. If it's more a process problem you can get something similar (although not as good) from the CCPS LOPA Handbook which is based on the same concepts as RIA but is more open ended because it deals with rare events and more generalized equipment, although the basic system is very much oriented towards pipes, pumps, and valves.
Some Codes that can be useful such as burner codes (NFPA 85, 86), or packaging equipment (PPI) standard are industry/equipment specific and prescriptive (do XXX) in nature, so there's no safety department feel good effort to do stupid things but it doesn't sound like this is your situation.
