megloff11x
Senior Member
NFPA 79, 9.4.3(3) and 11.3.4 note that a device used for software or firmware safety functions must meet the requirements of IEC 61508.
Are there any other listings or requirements to be met when looking to specify such a control system?
I have a system that requires a category 1 controlled E-stop due to possible hazard if an uncontrolled category 0 E-stop is employed. Since this is a process shutdown, it will have to be software/firmware controlled, and power removed after it is rendered safe & stopped.
Can anyone recommend PLC or controller models that comply with this and other needed standards?
Also, for belt & suspenders, if the system doesn't respond, I would like to provide backup in the form of a time delay relay to pilot the various contactors. The time delay would be long enough for the controlled stop to complete plus a safety margin. If it didn't stop itself because of a runaway program, a category 0 stop would soon follow.
Is this allowed by code and what listing(s) would such a time delay relay require?
I once ran a CNC milling machine that ignored its E-stop mushroom button. I won't mention the make and model, but I had to run around chasing the conduit path to find it's main disconnect switch while it mindlessly carved a channel in its own worktable. It's amazing how much self-inflicted damage can occur in less than five seconds.
Matt
Are there any other listings or requirements to be met when looking to specify such a control system?
I have a system that requires a category 1 controlled E-stop due to possible hazard if an uncontrolled category 0 E-stop is employed. Since this is a process shutdown, it will have to be software/firmware controlled, and power removed after it is rendered safe & stopped.
Can anyone recommend PLC or controller models that comply with this and other needed standards?
Also, for belt & suspenders, if the system doesn't respond, I would like to provide backup in the form of a time delay relay to pilot the various contactors. The time delay would be long enough for the controlled stop to complete plus a safety margin. If it didn't stop itself because of a runaway program, a category 0 stop would soon follow.
Is this allowed by code and what listing(s) would such a time delay relay require?
I once ran a CNC milling machine that ignored its E-stop mushroom button. I won't mention the make and model, but I had to run around chasing the conduit path to find it's main disconnect switch while it mindlessly carved a channel in its own worktable. It's amazing how much self-inflicted damage can occur in less than five seconds.
Matt
