Standards for Safety Controls

Status
Not open for further replies.

mic

Member
I am trying to find any standards (UL, IEC ...) that deal with safety controls, specifically for the system requirements of E-Stop switches, safety limit switches, safety controllers, and safety relays on large scale industrial equipment.

Thanks ia
Chris
 

kc8dxx

Senior Member
Location
Ohio
Start with UL508 & NFPA79 for Domestic. Start with Directive 98/37/EC and IEC 60204-1 for EU-land. Google Risk Assessments and Hazard Analysis for further information. Google is your friend (especially if you are a long-time owner of stock).
 

mic

Member
Thanks for the info.

I was looking into ul508 but it does not seem to cover systems or the requirment for emergency stops or safety controls. It seems to be primarily concerned with individual components.

I will definitely check out NFPA 79. Even if it doesn't have safety design requirments it is still relevant to our business.

Thanks
 

petersonra

Senior Member
Location
Northern illinois
Occupation
engineer
You won't find much in the way of cookie cutter type recommendations if that is what you are looking for. There are a few requirements in NFPA79 as to where an estop is required, but very little on just how it has to be wired.

You find everything from wiring the estop pb directly into a motor starter circuit (in lieu of a stop pb) to elaborate systems of safety relays, safety contactors, redundancy, ...

What you are supposed to do is make a hazard analysis of the entire system, and then reduce the hazards to "acceptable" levels by some means, acceptable being a completely undefined term.

Most of the time, if it is my choice, I put a self checking safety relay in place, as they cost less then $100 these days and the time it would take to do a hazard review over what could go wrong if the master relay failed would far exceed that cost. I sometimes put in safety contactors for the same reason, especially at lower current levels.

Keep in mind that the estop pb has to stop all motion, not just stuff that is electrical in nature. if you have a vertical axis for instance, it may need some kind of spring loaded brake on it to stop it. You may also need center open valve stacks for pneumatically driven cylinders so when power is interrupted, the air pressure will bleed off and the cylinder will not move.

Despite what many people believe, the estop pb does not need to be the category zero stop the code calls for. The disconnect switch serves that purpose quite well.
 
Last edited:

Pie Man

Member
My guiding light has been OSHA, MIOSHA (Michigan OSHA) and ANSI/ASSE Z244. The Z244 document (must be purchased) goes through the risk levels and the required control system for each risk level. If you have a LOT of time on your hands you can also visit www.osha.gov and browse letters of interpretation.
 

pfalcon

Senior Member
Location
Indiana
petersonra said:
... Despite what many people believe, the estop pb does not need to be the category zero stop the code calls for. The disconnect switch serves that purpose quite well.

NFPA79:2007 9.2.5.4.1.3
The emergency stop shall function as either a Category 0 or a Category 1 stop (see 9.2.2). The choice of the category of the emergency stop shall be determined by the risk assessment of the machine.
 

mic

Member
We have done a risk assesment in the past but with the exception of the E-stop buttons the devices in our safety system are standard components, not "safety" components with a known fail state. Do any of the standards require that the "safety" version of the device must be used. (example relays, plc's, limit switches...)

If it isn't obvious, I am trying to initiate a redesign to incorporate new technologies in safety design. A regulatory requirement would have made my life a lot easier.

Chris
 

petersonra

Senior Member
Location
Northern illinois
Occupation
engineer
mic said:
We have done a risk assesment in the past but with the exception of the E-stop buttons the devices in our safety system are standard components, not "safety" components with a known fail state. Do any of the standards require that the "safety" version of the device must be used. (example relays, plc's, limit switches...)

If it isn't obvious, I am trying to initiate a redesign to incorporate new technologies in safety design. A regulatory requirement would have made my life a lot easier.

Chris
the standards require that you make an evaluation of all the possible hazards, including the possibility that a component could fail (to include the estop circuit).

then you have to decide how serious each of the 4 million hazards you have identified is.



then you have to redesign the machine to eliminate the hazard, or reduce it to an acceptable level.

as an example. some controls may not require much more than a start and estop pb, if the hazard is minimal. it may cause machine or process damage, but not harm a human being, which is all that matters in making these determinations.

other controls may require redundancy and self checking if there is a hazard associated with a failure of the estop circuit.

the hazard assessment can be long and involved, so it may make some sense to come up with a standardized list of things you plan to do (such as using a safety relay with redundancy and self checking) in your estop circuit so you do not have to look real close at those areas. you can spend an enormous amount of time on this the first few times you do it, and a lot of it is not well defined as to just what is required.

in the long run though, you will eventually come up with some standardized way of dealing with the most common hazards, and incorporate them into your specs so you don't have to worry about them next time around.

<added>
One thing to keep in mind - the estop is not necessarily there to protect human beings. it is required, but it may not add anything to the protection picture.

for instance, you cannot claim it is there to stop the machine as a means of reducing the hazard of someone being sucked into the machine. you have to prevent someone from being sucked into the machine directly (such as by guarding).
 
Last edited:

pfalcon

Senior Member
Location
Indiana
mic said:
... Do any of the standards require that the "safety" version of the device must be used. (example relays, plc's, limit switches...)

If it isn't obvious, I am trying to initiate a redesign to incorporate new technologies in safety design. A regulatory requirement would have made my life a lot easier.

Chris

Each circuit is considered unique so a "regulation" is tough to find. Consider a few of these things though:
* Most safety applications cannot be deemed safe without positive acting components. A safety lock on a fence has a key insert that physically (not electrically) separates the electrical contacts in order to be removed.
* No one in industry believes the whisker (limit) switch is safe as it is subject to too many failure modes.
* Press operations of any type require special muting that cannot be accomplished properly without safety designed components.
* The traditional (non-safety) PLC cannot be effectively used in a safety circuit. In fact, using contacts from Estops and MCRs and CREs in a PLC will typically mask defects in the safety circuits.

Training, Experience, Lots of Reading, Patience and Diligence.
 

mic

Member
Thanks to everyone for the responses. Although not the result I was hoping for the info is great.

Chris
 

petersonra

Senior Member
Location
Northern illinois
Occupation
engineer
pfalcon said:
The traditional (non-safety) PLC cannot be effectively used in a safety circuit. In fact, using contacts from Estops and MCRs and CREs in a PLC will typically mask defects in the safety circuits.
I am not so sure about that.

It is common to put a dry contact controlled by the PLC into the estop string so that if the PLC fails, the contact will open, and the machine will go to a known safe condition.

It is also very common to bring some kind of feedback from the estops and MCRs to the PLc so one can determine just what tripped the machine.

What you do not want to be doing is to use the PLC to make any kind of decision that the safety circuits cannot override.
 
Status
Not open for further replies.
Top