Personnel safety systems on machines are often seen as a necessary evil. To function correctly, a safety device is required to be self-checking, which adds more complexity and costs compared to a non-safety device. It does not enhance the machine’s performance and can stop production at any point, hence the ‘evil‘ label, despite having the very ‘good‘ function of protecting people from dangerous motion.
Diagnostics
Once an emergency stop has occurred, restarting production is usually the highest priority, assuming that there are no other emergencies to deal with. Good diagnostic information is key to achieving this in the most efficient way.
Gate interlocks and emergency stop buttons are normally the main problem areas for diagnostics. These are typically linked in series, on long chains. Whilst this reduces costs and simplifies installation, it makes identifying which E-stop has been pushed or which door has been opened difficult to find, as there are multiple devices connected to a single input. The alternative is to wire each individual point back to an input, but this is obviously very costly in wiring and inputs.
In-Series Diagnostics (ISD) eliminates this problem. Utilising a four-wire series chain, up to 32 ISD devices can be added to each chain. Either a safety controller with ISD built in, or an external ISD module monitors the status of every ISD module. This is separate from the safety function. In addition to the activated/not activated status of the device, each ISD device provides an array of additional information. This includes a unique identifier, internal temperature and voltage, and device-specific details such as alignment and distance between the sensor and actuator of a safety switch. The system will send warning alarms if a device is near the tripping point, so that remedial action can be taken before a nuisance trip occurs, for example from a door sagging on its hinges.
When a device is tripped, the location of the device is identified and can be displayed through an HMI, indicator light, or smartphone app, or by turning the machine lighting red in the vicinity of the activated device. This clear information can quickly and efficiently guide an operator to the device that was activated, allowing the machine to be restarted, with minimum downtime.
Devices with inbuilt ISD include RFID safety switches and illuminated E-stops. There is also an ISD Connect device which connects conventional E-stop buttons or safe mechanical switch contacts to an ISD chain, thus extending the diagnostic functions. The ISD controller can connect to IO-Link or other bus systems and edge devices, allowing the diagnostic data to be sent to cloud-based OEE systems, where analysis of the data can highlight areas where performance improvements can be made.
Data integrity
There has been a great deal of interest in the vulnerabilities associated with connecting information technology (IT) and operating technology (OT). IT systems have a continuous development of devices and upgrades to prevent cyberattacks from outside of the organisation, but cyberattacks have not been a consideration for OT until very recently. Questions are often raised about whether OT is now the weak point through which a cyberattack enters the IT component. Similar questions are raised as to whether a cyberattack on a connected safety system could lead to a ‘failure to danger‘ situation.
Safety systems, such as those manufactured by Turck Banner, utilise dual diverse redundancy. This involves using two different processor types running two different programs that do not share any coding. Both halves receive the same information from the safety inputs and process it independently, constantly checking that they both get the same result. If the results are different, the safety controller will initiate a safe stop.
The safety circuits and the information circuits are separate parts of the controller, providing another level of isolation. This may not guarantee that a cyberattack cannot cause an emergency stop. However the chances are negligible that a cyberattack creates identical results simultaneously by breaching the isolation in two places and manipulating two different processors running different coding. That is not to say that cyberattacks should be dismissed as a potential cause of production loss, but that the safety system is unlikely to be the target.
Safety systems are an integral part of machines with dangerous motion, where personnel have access. No one wants to expose their operators to potential harm without a safety system to protect them. Employing good diagnostics, combined with good operator guidance, can improve efficiency and productivity, while offsetting the cost of a good safety system.
Tel: | +27 11 453 2468 |
Email: | [email protected] |
www: | www.turckbanner.co.za |
Articles: | More information and articles about Turck Banner Southern Africa |
© Technews Publishing (Pty) Ltd | All Rights Reserved