Interface Options for Robotic Safety Control Systems
by James F. O’Laughlin
, North American Product Marketing Manager for Safety Interface Technology, Safety Systems Division
SICK, Inc. Posted 03/04/2006
With the increasing acceptance of safety-rated network architectures and firmware-based control systems, users have the opportunity to leverage numerous benefits previously reserved for non-safety applications. These systems are typically third-party certified to meet the requirements defined by the Occupational Safety and Health Administration (OSHA) and Ministry of Labour regulations as well as industry standards such as ANSI/RIA R15.06 Safety Requirements for Industrial Robots and Robot Systems .
This article provides information regarding existing and new safety interface technologies for use in robotic and other machine applications.
Users have had to meet control circuit performance requirements mandated by regulatory agencies such as OSHA. Requirements were historically satisfied using hardware-based safety control strategies with redundant control relays and mechanically linked contacts. Feedback from these relay contacts was used to verify proper safety control system operation as well as to detect potential fault conditions. These components were later packaged together into a single housing that became known as the safety relay.
As industrial controls systems continued to evolve over the last twenty years, new technologies emerged to meet regulatory requirements and industry standards for safety control systems. ANSI/RIA R15.06 Safety Requirements for Industrial Robots and Robot Systems foreshadowed these technologies in its 1999 revision.
When implementing safety-related software or firmware based controllers, the R15.06 standard requires that a Nationally Recognized Testing Laboratory (NRTL) certify products to an approved standard applicable for safety devices. This became possible when IEC 61508 Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems was formally adopted in 2002.
To this end, three different technologies are widely used today for safety-related control to satisfy the safety requirements for robots and robot systems. When correctly implemented, these technologies can satisfy control reliability, the most stringent circuit performance requirement outlined in ANSI/RIA R15.06 and OSHA regulations related to machine safeguarding applications.
The remainder of this article explores some of the features and benefits associated with safety relays, stand-alone safety-rated controllers and safety network systems. This article is not meant to advocate one technology over another, but rather to inform the reader of potential benefits that could be realized with each technology.
Safety relays have the longest tenure of the safety interface technologies. Safety relays utilize multiple relays with mechanically linked contacts that are mounted in a single housing. This allows the user to monitor the state of the safeguarding device control circuit to ensure that they system is operating properly.
Safety relays are best suited for smaller safety-rated control applications. Often, safety relays are viewed as the least expensive of the three solutions based on the initial cost of the devices.
However, since safety relays are electromechanical devices, they have limited electrical and mechanical life that depends on the current requirements and frequency of switching cycles. However, the life cycle costs associated with safety relays may actually be higher based on the downtime associated with their replacement as well as the cost of the replacement of the device itself. Typical replacement cycles may occur every one or two years.
One of the other challenges associated with this technology is the implementation of control logic. Generally, safety relays require that the safety logic be implemented through a combination of signals using hard-wired connections. The connections for logical AND (i.e. series connection of signals) and logical OR (i.e. parallel connection of signals) become increasingly more difficult as the number of monitored safeguarding devices increases.
In addition, complex logic may also be more difficult to implement using hardwired techniques. Typically, each dual channel safety input requires a separate safety relay for signal evaluation. Another challenge may occur when an additional safeguard needs to be added into an existing system.
Since safety relay information is binary (e.g. ON/OFF), diagnostics are limited. Analysis of machine runtime data relies on the monitoring of auxiliary contacts at the primary system control. Details regarding fault or trip conditions are therefore not generally available, making Pareto analysis of root causes difficult. Furthermore, reporting data to supervisory systems (e.g. Enterprise Resource Management (ERP) systems) is limited to this binary data. Hence, preventative maintenance concepts may also be difficult to implement.
Newer safety relay component designs have added features to minimize some of the shortcomings of historical safety relay technology. Features within these newer devices may include:
- Incorporation of solid-state outputs rather than relay outputs (e.g. to prolong the life of the device)
- Advanced functionality, including AND, OR, Bypass and Muting without software configuration (e.g. to simplify wiring requirements)
- Support for multiple dual channel safety inputs saving up to 60% of the panel space required for traditional safety relays (e.g. to minimize number of devices required)
- Fieldbus interfaces that provide additional diagnostic data for determining root cause of fault or trip conditions
Safety-rated Controller Devices
Rather than relying on hardwired connections to implement safety control logic, safety-rated controller devices (i.e. Safety Programmable Logic Controllers [SPLC or FPLC]) allow users to implement safety-rated logic using a software programming environment. However, the safety-rated controller devices still require that all input and output devices are wired back to the central control cabinet. Once safeguarding devices have been connected to the safety-rated controller, changes to the safety logic are easily implemented with programming software rather than by rewiring the system.
Safety-rated controllers range in size and capabilities. Devices have varying numbers of inputs and outputs as well as differences functional capability. For smaller applications (e.g. less than seven dual channel safety capable inputs and two dual channel safety capable outputs), compact safety-rated controllers provide a cost-effective solution for safety control applications. Special functions designed for application specific functions (e.g. press control) are also available.
As the number of safety sensors and safety actuators increase, modular safety-rated controllers provide an effective means of solving safety applications. Costs will vary depending on the number of safety inputs and safety outputs required, as well as other features (e.g. logic capability) of the device.
When safety-rated controllers are utilized, users have the ability to automate safety functions based on a pre-defined set of conditions (e.g. safety-rated user mode implementation based on selectively switching modes in the event of specific system fault or error conditions). Implementing such functionality in hard-wired applications can be difficult, especially as the number of safeguarding devices increases.
For some original equipment manufacturers (OEMs), a number of different machine configurations are possible. Using a stand-alone safety controller provides a means for enabling and disabling parameters without requiring the control panel to be redesigned.
Applications can be designed in a modular and scalable architecture based on different machine configuration requirements. Furthermore, these same safety-rated controllers can also monitor and control decentralized safety systems using safety fieldbus network solutions.
Safety Fieldbus Networks
When safety-rated controllers are equipped with safety-rated network communication, users have the ability to realize reduced wiring and improved diagnostic information. Widely accepted open architecture safety networks include DeviceNet Safety, AS-Interface Safety-at-Work and Profisafe. Products related to safety-rated versions of Ethernet networks are also currently under development.
Viewed as having the highest initial costs, safety fieldbus networks frequently have lower life cycle costs based on longevity of components, better system diagnostics and reductions in lost production.
When comparing safety network technology with stand-alone safety-rated controllers and safety relay technology, several features and benefits may be realized:
- Safety fieldbus networks may allow users to implement a decentralized safety control strategy in which safety input and safety output devices are connected to the system via remote I/O devices rather than wiring them individually back to the central control cabinet.
- Reducing hard-wiring and long cable runs also provides additional benefits. Historically, the most common mode of failure during installation and start-up of all control devices is associated with errant wiring. By reducing the number of cables to one or two (i.e. network and auxiliary power), potential wiring issues are reduced, saving both cost and machine commissioning time.
- Since safety fieldbus network components are flexible platforms, users can reduce the number of components that they need to support in order to implement multiple safety control strategies.
- Diagnostic information may be available for each safeguarding device that is part of the safety fieldbus network. Depending on device capability, information may be available including device parameters, diagnostic information and current error conditions. This information may be displayed at the operator interface for immediate troubleshooting allowing operators to isolate problems quickly and effectively, which, in turn, leads to a reduction in the Mean Time To Repair (MTTR). Furthermore, the costs of downtime can be minimized.
- Diagnostic information can also be recorded by ERP system for further evaluation of safeguarding device performance. By making recurrent issues more transparent (i.e. from plant floor to management systems), preventative measures can be implemented to reduce the opportunity costs associated with lost production.
- Remote maintenance concepts can be implemented allowing engineers to remotely monitor maintenance and diagnostic information saving the need to travel to remote locations at a moment’s notice.
- Critical conditions can be closely monitored allows defined user modes to be implemented based on threshold conditions. Based on programmable safety-rated control systems, users have the ability to selectively shutdown portions of the machine in the event of a fault or error rather than unnecessarily shutting down the entire machine or application.
Emerging technologies are building on this architecture to reduce safety-rated control system costs while providing faster deterministic response times (e.g. less than 15ms) and still maintain network communication for diagnostic and reporting purposes. Within the next six months it is expected that decentralized safety-rated remote input/output bus modules will allow standard PLCs to directly control decentralized safety-rated outputs safely, in certain applications, without the need for a separate safety-rated controller.
When correctly implemented, each safety interface technology has the ability to solve safety-rated control applications in accordance with applicable regulations and standards. Understanding the features and benefits that technology offers is the key for making informed decisions regarding the safety interface technology that is best suited for customer application.
The article’s author, James O’Laughlin has been employed in marketing and sales of industrial controls for the past 17 years. His eight-year tenure at SICK, Inc. is focused in the safety systems division. O’Laughlin, holds a BSEE from Mankato State University, Mankato, Minnesota. Jim welcomes questions and comments at (952) 829-4722 .
For more safety-related information, visit Robotics Online, Tech Papers.