«
»

Safety Design principles for control circuits

Original article date: July 1999

Designing safety circuits needs a methodical approach and the application of some basic principles. DEAN TERRELONGE of Erwin Sick guides us through the steps involved.

To design a machine control system that performs efficiently, is cost effective and is safe, is extremely demanding. A designer will usually attend to the function then add safety at the end. This is unfortunate because, if safety was considered throughout the design process, its incorporation would have a minimal effect on the overall machine cost.

Consider a hydraulic press for the forming of cold metal: this could have emergency stops, interlocked gates and a light curtain. When designed in the traditional way, only the emergency stop would be incorporated into the machine control.

All the other safety related parts are added to an essentially complete machine. This usually means the addition of expensive safety modules to an already full control cabinet.

The alternative is to design a machine with safety as an integral part of the machine control. This takes a great deal more thought initially, but results in cost savings for every machine made. This philosophy is not often applied in Britain, but is used effectively by Swedish and German manufacturers. In essence the safety circuit is contained within the machine control so that safety components may be added without additional costs. At present we design for function primarily, and then add the safety making the machine modular.

Duplication and cross monitoring

We have the assurance that the photo-electric guard will fail to a safe condition. To maintain that integrity throughout the circuit certain rules should be followed. To start with, the choice of relay will have a bearing on the performance of the safety circuit. The relays used should have forced operated contacts. This ensures that if any normally open contact welds closed, all normally closed contacts will remain open when power is removed from the coil.

Continuing with our press analogy we will look at the way in which we can develop a safe interface for a photo-electric guard.

If a single switching relay is used and the contact welds, the guard will not de-energise the solenoids. Things can be substantially improved by using two relays.

With two relays we now ensure that when one contact welds, the solenoids will be de-energised by the guard. However, this failure may occur the first time the machine is used, therefore any subsequent failure will also result in the guard failing to stop the machine. The best way to protect against such an eventuality is to monitor both of the relays.

In a typical circuit, every time the guard is opened, a reset is required. In doing this the condition of the two relays relays are checked. At this stage nothing less than forced operated relays are suitable, because the operation of the monitoring depends on knowing the relative conditions of the relay contacts.

Even if all of this has been done, the circuit still has failure conditions worthy of consideration. Firstly it is undesirable for the reset to be tied down and not detected. Secondly the monitoring relay K3 should also be monitored. These requirements have caused many designers to exclaim in exasperation, “where does it all end?” The answer is quite simple: duplication and cross monitoring is the scheme for safe engineering, and it need not result in additional components.

The addition of the normally closed contact of K3 monitors both the K3 relay and also the reset push button. If the push button is not released, or a normally open contact of K3 welds closed, then the K3 normally closed contact will remain open and thus prevent the solenoids from being energised.

The above circuit is not exclusive to photo-electric guards, it may equally be used on emergency stops and gate switches. These basic concepts of interface design, when applied to the machine control at the machine design stage, will result in cost savings on safety components and ? because there are fewer components ? reduced probability of down time.

  • Erwin Sick
  • Tel 01727 831121

July 1999

Added on 27 May 2009 at 2:23 pm | Read more machine building articles