Examining Robot Safety Standards
by Roberta Nelson Shea, General Manager/COO Pilz Automation Safety L.P.
Pilz Automation Safety L.P.
ANSI R15.06-1999 is the accepted American National Standards Institute standard covering safety requirements for industrial robots and robot systems. Speaking of safety, it’s safe to say that many end users or systems integrators simply assume that any new robots or systems automatically meet this standard, when in reality, regularly reviewing how the standard applies to your manufacturing operation can be very beneficial, even in non-robotic applications.
First of all, a review of pertinent terms is often helpful. The standard defines an industrial robot as an automatically controlled, reprogrammable, multi-purpose manipulator, either fixed in place or mobile, programmable in three or more axes, for industrial automation applications.
An industrial robot system covers equipment that includes the robot’s hardware and software, manipulator power supply and control system, end-effectors, and any other associated machinery and equipment within the safeguarded space.
Space, also, has a number of definitions within the standard. Maximum space is the volume of space encompassing the maximum-designed movements of all robot parts, including the end-effector, workpiece, and attachements. Restricted space is the portion of maximum space to which a robot is restricted by limiting devices. Operating space is that portion of restricted space actually used by the robot while performing its task program. Safeguarded space is that space defined by the perimeter safeguarding devices.
The Robotics Industries Association (RIA) maintains an “Ask the Expert” section on its website, where many questions regarding robot safety involve interpreting the standard. A few recent ones are good examples of how thinking about and interpreting the standard keep it alive and pertinent to manufacturing.
Q: Axis-limiting devices are often integrated and interlocked with barrier guards. Is there a minimum safety distance when there is no access when the robot is moving?
A: Referring to the standard (10.4.3), when signalling the hazard to cease with integrated devices, two-hand controls, or pressure-sensing safeguarding devices, there are formulas (Table 6) that shall be used. But does this apply in this case? No, because these devices do not signal the hazard to cease. However, be sure that the means of preventing access meets the control integrity requirements of the risk assessment. A properly designed and validated enclosure can be a minimal distance from the hazard if it complies with the Guard Opening table and the locking access control meets the Safety Circuit Performance Requirements. Now if the enclosure is acting as a mechanical limiting device for the robot, then the enclosure has to withstand the forces of the robot hitting the enclosure. And if the risk assessment requires a control-reliable solution for access during operation, then this portion of the system must be control-reliable.
Q: Is there a safety-rated key switch where the safety rating is for the purpose of bypassing the guard doors?
A: The standard outlines some basic rules for bypassing, such as the robot cannot operate in automatic mode, and the bypass control shall be designed and installed consistent with the circuit performance of the device being bypassed.
Individuals have used a mode key switch and circuitry to bypass guard door switches to allow them entrance into the work cell and still have the robot function, at least in teach/manual/ reduced speed mode. Guard door switches and related safety devices are safety-rated, meaning they have passed certain tests and possess certain contact ratings. A typical key switch is not safety rated.
So does this mean that entering restricted space while still being able to move the robot (in teach mode only) is basically against the rules? Like anything, the question deserves a close look. First of all, is there a key switch safety-rated for the purpose of bypassing? To my knowledge, there is no such thing. But is it OK to be in safeguarded space to teach the robot (where the system is not in automatic mode, but in teach)? Yes, the standard specifically has a clause on this (“Safeguarding the Teacher”).
Thinking a little further, is this situation about a key lock or a mode switch? The answer is mode switch, but does the mode selection and the logic of ‘muting the guard’ while in teach meet safety circuit performance requirements?
It does and it can, but it has to be designed with the appropriate monitoring and redundancy, if required. There are a number of potential solutions, but again, what is most important is that the solution meets the requirements. For example:
· The mode selector at the gate is a type with contacts that can be monitored and it has a long life.
· Safety-control circuitry monitors the mode selector, the gate, and any other attributes.
· When the mode selector is in Teach/ Manual Reduced Speed mode, the guard door can be opened (the safety circuits are muted), the robot is in Manual Mode (reduced speed and enabling devices required), other equipment is put into the state determined to be appropriate by the risk assessment.
ANSI B11.20, ISO 11161 draft, ISO 10218-1, and the draft of ISO 10218-2 discuss modes and risk assessment.
Q: My situation involves using pneumatic valves with light curtains for safety. If the light curtain is broken, I need a stop. If I use a three-position valve, closed center, the motion will stop and hold position, but if the person got pinched, they will remain pinched unless you drop the air. Then I will have cylinders slamming when the air comes back up. If I use open-center valves, I would not have to drop air to the machine, but I will still have cylinders slamming when the person gets out of the light curtain. Using soft-start valves and/or programming never seems to cure the problem very well. We will be using shocks on the cylinders this time, so if they do slam, it won’t be too bad.
A: This question is really about a couple things: understanding the failure potential of valves/pneumatic safety design, and PSDI (presence-sensing device initiation). First, there are pneumatic valves that are designed for safety application, called “dual-monitored.” For help with the pneumatic design, there are a number of guides, vendors, and experts available. About PSDI, ANSI RIA 15.06 does have a clause about PSDI and when it would be permitted. Canada does not allow PSDI. However, if the light curtain is installed at the correct safety distance and the safeguarding is properly designed, no one should be able to be pinched.
Q: Does robotic equipment in the US need to be tested or listed by a nationally recognized test house, and if so, where is this requirement stated?
A: The requirement for NRTL approval (nationally recognized testing laboratory) is based on codes. It is not a national requirement, but there are cities, counties, and states that may require it. It is not a requirement in R15.06. Only safety controllers are required to have NRTL approval. The standard that a NRTL would use for a robot or a field evaluation of a robot system, is ANSI UL1740.
Safety standards exist for the protection of all, and questions like these keep them alive and evolving for improved manufacturing. Truly, the only stupid question is that left unasked.
Roberta Nelson Shea is Chair of the ANSI RIA R15.06 Safety Standard Committee and General Manager of Pilz Automation Safety, L.P., Canton, MI. Pilz is the world leader in the development and manufacture of safety automation systems, products, and services. More information is available at www.pilz.com
Originally published by RIA via www.robotics.org on 07/07/2008