Robotics Case Studies
- This case study is filed under:
Nuclear Scientists in Australia Choose Pilz PSS to Safeguard Facility and People
Pilz Automation Safety L.P. Posted 07/07/2008(CANTON, MI) - No other Australian safety system faces the intense scrutiny as that focused on the country's nuclear reactor and, arguably, no Australian workplace takes safety more seriously. So, when some of the world's most brilliant scientists use a new Australian Nuclear Science and Technology Organization (ANSTO) experimental facility, they will be protected from radiation exposure by a meticulously designed network of Pilz Programmable Safety Systems (PSS).
The new $331 million (US) OPAL reactor produces neutrons for eight neutron beam instruments (NBIs) that allow scientists to investigate the atomic structure of new materials, chemical reaction kinetics and biological processes. The instruments operate almost continuously; research breakthroughs are expected from the $428.3 million (US) Neutron Beam Instrument Project (NBIP) and the international scientific community is already enthusiastic to gain access to the information.
Managing both Australia's most stringent safety standards, together with the need for maximum uptime, called for a sophisticated safety approach. ANSTO electrical project engineer Frank Darmann and his team were responsible for the solution.
The safety system begins with the science itself, which is deceptively simple at face value. Neutrons from the reactor are directed at the materials under investigation to see how they scatter, thereby revealing the materials' atomic structures. Three shutters control the flow of particles along the neutron beam guide. A primary shutter sits at the reactor face and a secondary shutter at the guide hall interface, which is closed when access to the shielded area is needed. A third, sample, shutter is attached to each instrument.
Access to the instrument area is interlocked with the sample and secondary shutters, using fortress and gate locks. The positions of another 76 moveable radiation-shielding blocks are detected by dual-channel limit switches. An array of light curtains, sirens, dual-channel safety switches and 78 emergency stop switches adds to the security of the NBIP. It all adds up to a highly complex system with some 1,200 inputs and outputs (I/O).
Coordinating the I/O are five Pilz PSS or safety PLCs, each one dedicated to a separate safety zone. This impressive configuration is easily justified, says Darmann, who ran the numbers to compare the operational safety performance of traditional electro-magnetic systems with the PSS.
"The mean time between failures (MTBF) to a safe condition - that is, a failure that only affects operations, not safety - of this myriad of devices with a Pilz PSS overseeing them would be 3.4 years," he says. "Otherwise, we would have needed a complex web of interconnections and the MTBF to a safe condition would have been less than six months.
"The safety numbers were even more compelling," Darmann continues. "The MTFB to a potentially unsafe mode for an electro-mechanical system was calculated to be 5.7 years compared to 140,000 years for the Pilz safety PLC. The Pilz PSS safety PLC concept was a clear winner."
The superior ability of the Pilz PSS was also matched with powerful diagnostic software, so that even if a failure did occur, downtime would be minimized. "Locating a fault in a maze of 100 relays would be difficult and time-consuming but the PSS indicates the malfunctioning unit or circuit exactly on a touch screen," Darmann says. "Circuitry is automatically and continually checked for welded contacts and short circuits instead of once a year or never."
Darmann identified a host of other benefits too, including the ability of the logic-based system to be readily expanded, reconfigured and upgraded. "You basically need much less control cabinet real estate - about 70 percent less in this case," he says. "The web of complex physical wiring interconnections is also eliminated, which makes tweaking the system to match changing and demanding operational requirements much easier, and also simplifies fault finding, documentation and chance management processes. A legacy system is avoided. New operating rules can be programmed in a straightforward manner in software that is not possible using hard-wired relays."
The Safety Interlock System (SIS) and Instrument Control System (ICS) remain separate for maximum safety. Darmann says: "Each has independent logic elements, power supplies and cabling. Opto-isolation of logic between the two systems ensures electrical separation. There are, however, some interfaces between them to assist the smooth operation of the instrument. For example, the ICS has access to all of the logic states that exist within the NBI SIS so that the computer control of the instrument does not commence until the SIS deems it is safe. In addition, the ICS can make a limited number of requests of the NBI SIS, such as closing or opening a shutter after the furnace temperature is met, which it is free to deny."
ANSTO's preference for specialized safety carried through to its choice of safety systems. "Pilz was chosen as the main vendor for safety logic processing because of their long experience in the field, participation in the Australian Standards 4024.1 review committee and the significant back-up and resources of the German headquarters. I found the staff to be knowledgeable of the safety standards and they could give advice on choices and approaches. Other companies had safety PLC capabilities too but were principally involved with general automation; we wanted a specialist who intimately knew the intricacies of safe automation."
"The instruments are used by visiting scientists from overseas who might only stay a day or a few days," Darmann says. "They are interested in using the instrument for science, so the safety interlock and the human interface must be instinctive. It also has to survive interaction with a novice user without falling over and requiring technical maintenance."
"At similar institutions in the past, electronic safety measures were achieved with a simple chain or barricade. In fact, one scientist told me during a review of the design that 'we used to do this safety interlocking with a $5 box on transistors.' Despite this history, there was no hesitation on the part of the scientists or the review group to approve the funds required. This safety system is benchmarked to be the world's best but we believe any safety interlocking system should be designed along the same principles of safety, compliance and performance."
Pilz Automation Safety L.P. The world leader is SAFE automation, Pilz offers a full range of leading-edge safe automation products and services. The company's innovative technologies and safety expertise provides customers with the leanest and safest solutions. Products include sensor technology, electrical monitoring relays, automation solutions with motion control, safety relays, programmable safety and control systems and an operating and monitoring range. Wireless and safe bus systems are also available for industrial networking.
Pilz also provides a comprehensive range of consulting, engineering and training services. Certified consultants provide a wide range of services worldwide such as risk assessment, safety concept, safety design, CE services and safety sign-off. To keep a company LEAN and SAFE, there is no better partner than Pilz.