Motion Control Resources
Zone Safety Technology and Creating a Safety Culture
by Ray Chalmers, Contributing Editor
Motion Control & Motor Association Posted 01/28/2019
In light of ever-growing competition and ever-tightening supply chains, manufacturing businesses around the world are being held much more accountable. Management from both production and customer organizations monitor downtime and delivery dates like a hawk, while workplace safety may get less attention.
Worker safety is a fundamental human requirement in manufacturing and industrial settings. It protects workers, prevents unnecessary downtime, and satisfies standards compliance. Still, plant-floor safety can be seen as a productivity drain -- an onerous and costly obligation that adds little value to overall operations. But best-in-class companies regard safety as a core value and productivity driver. They realize driving employee behavior with safe processes, procedures, and technology implementation enable them to go far beyond simple compliance and deliver improved productivity and greater efficiencies in addition to dramatically lower injury rates. A safe workplace also boosts employee satisfaction, which is especially important for personnel retention. This takes advance planning and engineering, the latest in safety components, and the desire to build an overall safety culture.
As defined in numerous international standards, following a functional safety life cycle provides a systematic process for machinery safety. First, identify potential causes for accidents and unsafe situations by conducting a risk assessment, then, design a safety system that helps reduce those risks, achieve compliance, and improve productivity.
By definition, functional safety is the critical part of the overall safety of equipment or a system that depends on automatic protection operating correctly in response to inputs, including the safe management of likely operator errors, hardware and software failures and environmental changes. As more and more products and systems incorporate complex microelectronics and software, assessing and implementing safety-related functions can be challenging.
Products and systems are becoming interconnected as the Internet of Things (IoT) becomes a reality in many domains such as smart grids in the energy sector; the automotive industry’s connected vehicles and autonomous driving; the healthcare industry’s shift toward eHealth; smart home products; and the manufacturing industry’s own Industrial Internet of Things (IIoT), including robotics, industrial control systems, smart factories and supply chains.
Achieving functional safety starts with a process that includes the following steps at a minimum:
- Identifying safety risks and required safety functions. This means hazards and safety functions must be known. A process of function reviews, formal hazard identification and risk analysis (HAZID), hazard and operability studies (HAZOP) and accident reviews will identify these.
- Assessment of the risk-reduction required by the safety function. This will involve a safety integrity level (SIL) performance or other quantification assessment. A SIL applies to an end-to-end safety function of the safety-related system, not just to a component or part of the system.
- Ensuring the safety function performs to the design intent, including under conditions of incorrect operator input and failure modes. This involves having design and lifecycle managed by qualified and competent engineers carrying out processes to a recognized functional safety standard.
- Verification that the system meets the assigned SIL, automotive safety integrity level (ASIL), or performance level (PL) by determining the mean time between failures and the safe failure fraction (SFF), along with appropriate tests. The SFF is the probability of the system failing in a safe state: the dangerous (or critical) states are identified by a failure mode and effects analysis (FMEA) or failure mode, effects, and criticality analysis (FMECA) of the system.
- Conduct functional safety audits to examine and assess evidence that the appropriate safety lifecycle management techniques are applied consistently and thoroughly in the relevant product lifecycle stages. Neither safety nor functional safety can be determined without considering the system as a whole and the environment with which it interacts.
Safety and Automation
Brandon Cox, motion specialist with Pilz Automation Safety (Canton, Michigan) offered that most companies are getting into building a safety-oriented culture, which is a very different thing from employing safety components. “At the very least, we need to conduct risk assessments, which could lead to a totally new automation structure, one that communicates with the existing network, but engineers a safety function.”
Engineering such a safety automation structure follows the structure outlined above and ties together components such as PLCs and sensors to specific safety components such as light curtains, door locks, and guard components that can monitor, run, and control plant-floor equipment and processes.
For example, intelligent servo amplifiers are used as drive controllers for a broad range of motor technologies. They can be used to operate all common types of motors, from servo motors to asynchronous and linear motors, including rotary direct drives, linear servo motors and applications with special motors.
|Safety servo amplifier from Pilz|
Such modern servo amplifiers do much more than just drive the motor. They provide:
- Positioning (driven via bus or inputs)
- Ability to store hundreds of motion tasks
- Implementation of complex motion sequences through motion tasks
- Speed control
- Torque control
- Electric gear function
Safety servo amplifier from Pilz
The combination of the safety card and the servo amplifier produces the safe drive solution – safe motion. Intelligent servo amplifiers can be used for standard PLCs and motion-control systems. They provide safe inputs and outputs to activate the safety functions and can also provide a variety of encoder interfaces plus a connection to all common bus systems. Motion is monitored precisely where it arises and reaction times are reduced as a result. Costs are reduced at the same time, as there are fewer external safety components.
Time and Space
Reaction time of the safety device, monitoring device, output triggers, machine motor, etc. must all be taken into account, even if the total is within the millisecond range. In a white paper titled “Calculating Safety Distances,” author Devin Murray, functional safety engineer with Schmersal USA, says it is very possible to be exposed to a residual hazard after triggering the safety device if it is positioned too close. Once time-stop measurements have been conducted, they can be used in a safe distance formula for the given safety device as called out in ISO
13855 (Safety of machinery – Positioning of safeguards with respect to the approach speeds of parts of the human body).
|Driving employee behavior with safe
processes, procedures, and technology
implementation enables improved
productivity and greater efficiencies
ISO 13855’s general formula for the minimum safe distance is: S = (K x T) + C, where S is the minimum distance in mm, K is the human approach speed in mm/s, T is the total stopping time in seconds, and C is the intrusion distance. The different non-separating guarding device will have some variation of this general formula. For example, the formula for a safety mat is S = (1600 x T) + 1200, so if a machine hazard is being guarded by a safety mat and has a total stopping time of 100 milliseconds, the minimum safe distance installation will be 1,360 mm. The light curtain formula will be dependent on vertical or horizontal mounting and its resolution (detection capability). If we take the previous machine example and utilize a vertical 14-mm-resolution light curtain with a total stopping time of 80 milliseconds the formula will be S = (2000 x T) + C where C is calculated by 8 (d – 14) with d representing the light curtains resolution. For this setup the minimum safe distance for the light curtains will be 160 mm.
Shop Floors Getting Tighter
According to SICK Inc., current safety trends are calling for a smaller solution footprint and the greatest possible solution flexibility, functionality, and safety. With a large number of usable monitored and protective fields in addition to their increasingly smaller size, the demand for safety laser scanners is growing for area and access protection. This trend is driven by the adaptation of new types of industrial applications.
Newly introduced safety laser scanners to the industrial automation world now offer the desired smaller footprints with the added potential for remote diagnostics and performing safety control logic for the customers’ entire safety system. The basic operation of a safety laser scanner uses time-of-flight measurement. Light pulses are emitted from a scanner to create a two-dimensional scan of its surroundings. If the emitted light strikes an object, it bounces back and is received by the scanner. A rotating mirror spreads the light pulses out in a fan shape over an angle of up to 270 degrees. Objects within a user-configured area are detected by the scanner, even if mounted in space-constrained areas. Beam-detection height as low as 35 mm off the ground for repeatable detection of workers’ shoes is cost effective and easy to install.
For these reasons, small-sized scanners are ideal for applications such as Automated Guided Carts (AGCs) or as safety mat replacement in any industry. AGCs are currently demanding smaller sized scanner for the increasingly compact sized vehicles now on the market. As for safety mats, a smaller sized laser scanner offers a no wear solution, with less demanding field size requirements and can be concealed in a more compact space which can reduce the overall footprint of a machine and save on costs.
Triple-Field Sets Reduce Downtime
A triple-field set is a feature now offered in some smaller-sized laser scanners. A triple-field set can be programmed with one protective field and two warning fields. The safety and warning fields or “zones” are freely programmable and can be changed dynamically or statically. Once an object is detected in the defined “warning zone,” the scanner can initiate an output signal – an audible and/or visible indicator that can notify personnel in the area that they are coming too close to a hazard. Advantages of triple-field sets can be found in mobile applications by using a warning field output to slow the speed of a vehicle. Similarly, stationary applications can use a warning field output to reduce machine speed instead of a complete stop. This translates into a smaller required protective field, thus saving floor space and minimizing downtime.
Typically, you need a larger safety zone for fast-moving machines or vehicles in order to compensate for longer braking time. If the safety zone does not adapt to a changing machine environment, the vehicle will not be able to go around corners, or machines will require a protective field to cover all possible hazard locations. In order to use fast speed in a condensed space, you need to be able to balance safety zones to maximize productivity. The simplest and safest way to switch zones on a vehicle is using encoders. This technology has been adapted so that vehicles can do tight turns – with built in tolerance functions to maximize usability. The advantage is that speed signals are sent from the encoder to the scanner without any interaction with the vehicle control. Selecting zones safely and simply with a stationery machine which has changing hazard zones normally wouldn’t require encoders. Instead, position signals can be sent from the machine directly to the scanner and are used to monitor zones based on current position of the machine.
Monitoring devices via the Industrial Internet of Things (IIoT) includes safety considerations with connectivity and data collection. Significant deviation from expected operation can indicate any of several issues. Workers might be exposed to an unsafe working environment or are using the machinery inappropriately. Compliance may be compromised.
For example, if the risk assessment determined that an interlocked door will be opened six times per day, the safety performance calculation will determine how long the electro-mechanical interlock will safely operate before requiring replacement. If actual performance indicates the door is being operated 12 times per day, the life of the interlock is halved, effecting compliance. Smart safety systems can even proactively trigger a switch replacement just ahead of schedule to maintain compliance. Conversely, if the door is being opened zero times per day is might indicate the device has failed, is being overridden, or that the machine is being operated differently than designed and must be investigated.
Similarly, E-stops are intended for emergencies only but are often used for other purposes, such as to clear jams. This misuse can increase both scrap and downtime. In a connected enterprise, an E-stop activation’s time stamp, downtime duration, and line and shift details all can be recorded and used to correct any unsafe usage.
The emerging closer collaboration of workers and robots by nature raises safety concerns. Can a collaborative robot, by itself, assure having a safe application? “Not possible,” says Roberta Nelson Shea, global technical compliance officer, Universal Robots.
“Yes, systems have gotten more complex, but they also now have safety functions that did not previously exist. Systems are getting more reliable and lessening exposure of personnel who would otherwise be tending or fixing machinery.”
Shea describes four types of safety-related collaborative operation:
- Safety?rated monitored stop, where a stop is assured without removal of power.
- Manual (“hand-guided”) actuation and control of the robot by the operator during automatic operation.
- Speed and separation monitoring (SSM), where external safety devices such as safety laser scanners or safety vision systems control speed based on separation distance from any intrusion.
- Power and force limited (PFL) robots, where internal power- and force-limiting safety functions control speed, torque, and motion so an impact will cause no injury.
How do we start assessing safety? “First you need an application – even if only a concept,” Shea answers. Factors include:
- What is planned to be done?
- What is the end?effector?
- Where will this happen?
- What does this area look like? What other equipment, motions are needed?
- What is the initial layout for the application? Consider motions, paths, speed, operator location(s), contact potential(s), hindrances to access, etc.
|Predicting all kinds of contact situations is
vital in engineering safety and robotics
“The big deal is auto-resumption of operation,” says Shea. PFL collaborative applications that comply with safety standards are typically going to “low-payload, low-speed” applications. Many PFL applications use a safety scanner, often to run the application at a higher speed than allowed by the standards language while there is no intrusion. Intrusion triggers will reduce speed, which complies when time-to-reach the reduced speed is less than the time to stop, which also requires less floor space.
“When at the reduced speed and settings that comply with ISO/TS 15066:2016 Annex A, there is no requirement to stop operation if a PFL robot is used,” Shea adds. “ A person could interact with the robot system, subject to the risk assessment. When all people leave the scanner field, full speed and operation is permitted to automatically resume.”
While modern zone safety components continue exhibiting more and more functionality, components with functional safety ratings are only as good as the environments in which they are put into use. Safety culture needs to be seen as a required corollary to production efficiency. All stakeholders can strive to reduce the complexity of safety systems and improve the ease of use. Companies must continually assess, train, monitor and support their personnel and safety systems. Creating and maintaining your safety culture must be a top priority.
There are a variety of standards that cover specific types of equipment or systems enforced in different locations around the world. MCMA and its parent organization Association for Advancing Automation (A3) maintain a list of standards and standards development organizations