Implementing Emergency Stop Systems - Safety Considerations & Regulations A PRACTICAL GUIDE V1.0.0

Similar documents
PL estimation acc. to EN ISO

Why do I need dual channel safety? Pete Archer - Product Specialist June 2018

CT433 - Machine Safety

Safety in pneumatic automation

Introduction to Machine Safety Standards

The following gives a brief overview of the characteristics of the most commonly used devices.

Operating instructions Safety Rope Emergency Stop Switches ZB0052 / ZB0053 ZB0072 / ZB0073

New Thinking in Control Reliability

The Best Use of Lockout/Tagout and Control Reliable Circuits

Session: 14 SIL or PL? What is the difference?

Safely on the way in the automotive and Tier 1 supplier industry

Safe Machinery Handbook

DETERMINATION OF SAFETY REQUIREMENTS FOR SAFETY- RELATED PROTECTION AND CONTROL SYSTEMS - IEC 61508

TEST REPORT Safety Laboratory-MD Team Report No.: RA/2013/90003

Managing for Liability Avoidance. (c) Lewis Bass

Machine Safety Guide 1

What safety level can be reached when combining a contactor with a circuitbreaker for fail-safe switching?

Available online at ScienceDirect. Jiří Zahálka*, Jiří Tůma, František Bradáč

Safe Machinery Handbook

Safety Legislation and Standards

Integrating Safety and Automation

MTS SafeGuard Technology. Solutions to protect test operators, equipment and specimen. be certain.

Applications & Tools. Evaluation of the selection of a safetyrelated mode using non-safety-related components

Application Note. Safety Sub-functions SSC Category 1, up to PL c PUS Category 1, up to PL c. Application Note SSC, PUS, Category 1, up to PL c STOP

RISK ASSESSMENT. White Paper.

Safety Manual OPTISWITCH series relay (DPDT)

Functional Example CD-FE-I-029-V30-EN Safety-related controls SIRIUS Safety Integrated

Ultima. X Series Gas Monitor

Safety Manual VEGAVIB series 60

Partial Stroke Testing. A.F.M. Prins

Safety Manual. Process pressure transmitter IPT-1* 4 20 ma/hart. Process pressure transmitter IPT-1*

Understanding safety life cycles

Safety Manual VEGAVIB series 60

E28/Q28 Safety Exhaust Valve Externally Monitored

Application of EN ISO in electro-pneumatic control systems

Solenoid Valves used in Safety Instrumented Systems

Application Note. Safety Sub-function PUS Category 1, up to PL c. Application Note PUS, Category 1, up to PL c M20 S22 R20 M1 Q20

Tullis Russell Machinery Safety Conference. David Robinson - Process Control Manager

Safe hydraulics for hydroforming presses. more finished product to be created from less raw material.

Exercise 3-2. Two-Wire and Three-Wire Controls EXERCISE OBJECTIVE DISCUSSION OUTLINE DISCUSSION. Two-wire control

IST-203 Online DCS Migration Tool. Product presentation

Table 1: Safety Function (SF) Descriptions

Valve Communication Solutions. Safety instrumented systems

e.do Gripper Safety requirements, technical features and assembly and integration instructions

P33 Safety Exhaust Valve Externally Monitored. Bulletin 0700-B14 ENGINEERING YOUR SUCCESS.

Operating Manual for the Evance Iskra R9000 Wind Turbine

Safety Critical Systems

Supplementary Operator s Manual 42/24-14 EN Rev. 3

SIL explained. Understanding the use of valve actuators in SIL rated safety instrumented systems ACTUATION

Functional Safety SIL Safety Instrumented Systems in the Process Industry

EDUCATION DEPARTMENT ACCU-TEST

Stand-Alone Bubble Detection System

Control of Hazardous Energy Lockout / Tagout Program

XMPA12B2142 pressure sensor XMP - 12 bar - G 1/4 female - 2 NC - without control type

SIL Safety Manual. ULTRAMAT 6 Gas Analyzer for the Determination of IR-Absorbing Gases. Supplement to instruction manual ULTRAMAT 6 and OXYMAT 6

Design of safety guards Under observation of ISO 14119

Linking Risk and Reliability Mapping the output of risk assessment tools to functional safety requirements for safety related control systems.

Review and Assessment of Engineering Factors

Design of safety guards Under observation of ISO 14119

Guidelines on Surveys for Dynamic Positioning System

Technical Data. General specifications Switching element function DC Dual NC Rated operating distance s n 3 mm. Short-circuit protection

High Integrity Pressure Protection Systems HIPPS

Safety-critical systems: Basic definitions

DSL, DSH: Specially designed pressure limiter

PROCESS AUTOMATION SIL. Manual Safety Integrity Level. Edition 2005 IEC 61508/61511

Applicable and have been incorporated into North American Standards.

By Paul Malburg Facility Engineer / Controls Manager Madico, Inc.

Technical Data. Dimensions

Automatic Valve Proving Control

References 6 k thermal overload relays, adjustable from 0.11 to 16 A

model for functional safety of

GAS FUEL VALVE FORM AGV5 OM 8-03

Commissioning and safety manual

Service & Support. Questions and Answers about the Proof Test Interval. Proof Test According to IEC FAQ August Answers for industry.

COMPRESSOR PACK SUCTION CONTROLLER TYPE: LP41x

Safety Manual VEGASWING 61, 63. NAMUR With SIL qualification. Document ID: 52084

Return to Session Menu DYNAMIC POSITIONING CONFERENCE QUALITY ASSURANCE SESSION. The Meaning of LIFE. Richard Purser GL Noble Denton

DeZURIK. KGC Cast Knife Gate Valve. Safety Manual

Hydraulic (Subsea) Shuttle Valves

Time-Delay Electropneumatic Applications

Instrumented Safety Systems

QUANTIFYING THE TOLERABILITY OF POTENTIAL IGNITION SOURCES FROM UNCERTIFIED MECHANICAL EQUIPMENT INSTALLED IN HAZARDOUS AREAS

WF STEUERUNGSTECHNIK GMBH. INFORMATION and TECNICAL DESCRIPTION

BUBBLER CONTROL SYSTEM

Lockout / Tag out Program

TRI LOK SAFETY MANUAL TRI LOK TRIPLE OFFSET BUTTERFLY VALVE. The High Performance Company

RESILIENT SEATED BUTTERFLY VALVES FUNCTIONAL SAFETY MANUAL

Technical Data. Dimensions

TECH TIPS TZ34/20 & TZ50/30. Service Call: Machine will not automatically level. Tools Needed: Multi Meter Jumper wire 7/16 Combination wrench.

HANDBOOK. Squeeze Off Unit SOU 400. Please refer any queries to:

Touch Screen Guide. OG-1500 and OG Part # T011

Wing of Tomorrow Work Equipment Compliance Workshop Day 3

Every things under control High-Integrity Pressure Protection System (HIPPS)

SG36KTL-M Quick Installation Guide. 1 Unpacking and Inspection

CFSW. Hinges with built-in safety multiple switch

Mounting instructions. Strain transducer SLB-700A. B 26.SLB700A.10 e

Polymer Electric. Product information. Normally Closed Safety Edges SL/NC II. GmbH & Co. KG. Polymer Electric

Definition of Safety Integrity Levels and the Influence of Assumptions, Methods and Principles Used

CFSW. Hinges with built-in safety multiple switch

DeZURIK Double Block & Bleed (DBB) Knife Gate Valve Safety Manual

Transcription:

Implementing Emergency Stop Systems - Safety Considerations & Regulations A PRACTICAL GUIDE V1.0.0

~ 2 ~ This document is an informative aid only. The information and examples given are for general use only. They do not describe all the necessary details for implementing a safety system. The manufacturer of the machinery always remains ultimately responsible for the safety and compliance of the product. MCW does not accept any liability for direct or indirect injury or damage caused by the use of information contained in this document. The manufacturer of the machinery is always responsible for the safety of the product and its suitability under applicable laws. MCW hereby disclaims all liabilities that may result from this document.

~ 3 ~ Implementing Emergency Stop Systems - Safety Considerations and The Regulations Stopping Categories (Safest way the machine should stop when E-Stop button pressed) Although emergency stops are required for all machines (the Machinery Directive allows two very specific exemptions) they are not considered to be a primary means of risk reduction. Instead they are referred to as a complementary protective measure. They are provided as a backup for use in an emergency only. They need to be robust, dependable, and available at all positions where it might be necessary to operate them. EN/IEC 60204-1 defines the following three categories of stop functions as follows: Stop category 0: stopping by immediate removal of power to the machine actuators/motors (uncontrolled stop). Stop category 1: a controlled stop with power available to the machine actuators/motors to achieve the stop and then removal of power when the stop is achieved. Stop category 2: a controlled stop with power left available to the machine actuators. However stop category 2 is not usually considered suitable for emergency stops. Emergency stops on machinery must be trigger action. This means that their design ensures that however slowly the button is pressed, or cable pulled, if the normally-closed contact opens the mechanism must latch. This prevents teasing, which can cause dangerous situations. The converse must also be true, i.e. latching must not take place unless the NC contact opens. Emergency stop devices should comply with EN/IEC 60947-5-5. Emergency Stop Integrity Levels - Standards: Old Standard Integrity Levels EN954-1: Users of EN 954-1 will be familiar with the old risk graph which many used to design their safety related parts of electrical control circuits to the categories B, 1, 2, 3 or 4. Please see overleaf -

~ 4 ~ The user was prompted to subjectively assess severity of injury, frequency of exposure and possibility of avoidance in terms of slight to serious, rare to frequent, and possible to virtually impossible, to arrive at a required category for each safety related part. The thinking is that the more the risk reduction depends upon the safety machine control system (SRECS), the more it needs to be resistant to faults (such as short circuits, welded contacts etc). The behaviour of the categories under fault conditions was defined as follows: - Category B control circuits are basic and can lead to a loss of the safety function due to a fault. Category 1 can also lead to a loss of the safety function, but with less probability than category B. Category 2 circuits detect faults by periodic testing at suitable intervals (the safety function can be lost between the periodic tests). Limited redundancy built in. Typical Category 2 System Category 3 circuits ensure the safety function in the presence of a single fault, for example by employing two channels (redundancy) but a loss of the safety function can occur in the case of an accumulation of faults. No feedback loop for monitoring safety relay outputs.

~ 5 ~ Schneider XPS-AC Typical Category 3 System Example of Category 3 safety relay Schneider XPS-AC Category 4 circuits ensure that the safety function is always available even in the case of one or more faults, usually by employing both input and output redundancy, together with a feedback loop for continuous monitoring of the outputs (KM1 &KM2 normally closed contacts). Schneider XPS-AK Typical Category 4 System Example Category 4 safety relay Schneider XPS-AK The selection of the safety device (relay) is critical when differentiating between Category 3 and Category 4 emergency stop systems. Considerations are the particular safety relay s ability to internally monitor itself and to monitor the emergency stop circuit s peripheral devices. (Also, depending which standard is applicable, the mean time to destructive failure and probability of dangerous failure per hour of the safety relay used). New standards - Performance Levels (PL) and Safety Integrity Levels (SIL) ISO13849-1 & EN62061: Unlike EN 954-1(Integrity Level) these new standards require consideration of the reliability of the selected components. The PL (Performance Level) PLa, PLb, PLc, PLd and PLe roughly equates to the old integrity level B, 1, 2, 3 and 4.

~ 6 ~ PL and SIL Safety integrity measures the performance of a safety function. It helps quantify the likelihood of the safety function being achieved when requested. The required safety integrity for a function is determined during risk assessment and is represented by the achieved SIL or PL, depending on the standard used. SIL and PL use different evaluation techniques for a safety function, but their results are comparable and the terms and definitions are similar for both. The performance of each safety function is specified as either a SIL (Safety Integrity Level) In the case of EN/IEC 62061 or PL (Performance Level) in the case of EN/ISO 13849-1. Performance Level (PL) ISO 13849-1 Defines how to determine the required Performance Level (PL) and how to verify the achieved PL within a system. PL describes how well a safety system is able to perform a safety function under foreseeable conditions. Five possible PLs are available: a, b, c, d and e. PL e has the highest safety reliability, PL a the lowest. Safety Integrity Level (SIL) EN 62061 Defines how to determine the Safety Integrity Level (SIL). SIL represents the reliability and integrity of safety functions. Three SIL levels are used in machinery design: 1, 2, and 3. SIL 3 is the highest level of safety integrity and SIL 1 the lowest. How to determine the required PL (ISO 13849-1) To determine the required PL, select one of the alternatives from the following categories and create a path to the required PL in the risk graph (Fig. 3), which lists the resulting performance level as a, b, c, d or e. Determine the severity of injury/damage: S1 Slight, usually reversible injury S2 Severe, usually irreversible injury, including death. Determine the frequency and duration of exposure to the hazard: F1 Rare to often and/or short exposure F2 Frequently to continuous and/or long exposure. Determine the possibility of preventing the hazard or limiting the damage caused by the hazard: P1 Possible under certain conditions P2 Hardly possible. See fig 3

~ 7 ~ How to determine the required SIL (EN 62061) This process is as follows: 1. Determine the severity of the consequence of a hazardous event. 2. Determine the point value for the frequency and duration the person is exposed to harm. 3. Determine the point value for the probability of the hazardous event occurring. 4. Determine the point value for the possibility of preventing or limiting the scope of the harm. Typical Safety Relay Characteristics Schneider XPS-AK Safety level - Can reach PL e/category 4 conforming to EN/ISO 13849-1 Can reach SILCL 3 conforming to EN/IEC 62061. (SIL CE, SIL Claim Limit) Schneider XPS-AK

~ 8 ~ Schneider XPS-AC Safety level - Can reach PL e/category 3 conforming to EN/ISO 13849-1 Can reach SILCL 3 conforming to EN/IEC 62061 (SIL CE, SIL Claim Limit) Schneider XPS-AC

~ 9 ~ Considerations when Designing and Implementing a High Integrity / High Performance Level, E- Stop Circuit Emergency Stops Basics 1. Emergency stop devices shall be easy to reach and be accessible from all directions 2. Emergency stop devices shall end a dangerous state as quickly as possible without producing additional risks. 3. The emergency stop command shall have priority over all other functions and commands in all operating modes. 4. Resetting the emergency stop device shall not trigger a restart. 5. The principle of direct actuation with mechanical latching function shall be applied. 6. The emergency stop shall be made as per stop category 0 or 1 as described above in this document. Emergency switching off 1. If there is a possibility of hazards or damage due to electrical power, emergency switching off should be provided. Here the supply of power is shut down using electromechanical switch gear, mains isolator. 2. It shall only be possible to switch on the supply of power after all emergency switching off commands have been reset - turned on. 3. As a result, emergency switching off gives stop category 0. Re-setting an E-Stop Device If a device for use in an emergency is actuated, devices triggered by this action shall remain in the off state until the device for use in an emergency has been reset. The reset of the emergency device shall be done manually at the specific location. The reset shall only prepare the machine to be put back in operation and not restart the machine. Requirements and forms of implementation of E-Stop devices The contacts on the emergency stop device shall be positive opening normally closed contacts. The emergency stop device shall be red, any background shall be yellow. Examples: 1. Switches actuated with mushroom head pushbuttons 2. Switches actuated with wires, ropes or rails 3. Foot switches without covers (for emergency stop) If wires and ropes are used as actuating elements for emergency devices, they shall be designed and fitted such that they are easy to actuate when pulled or the wire/rope is cut. Reset mechanisms should be arranged in the manner that the entire length of the wire or rope is visible from the location of the reset mechanism.

~ 10 ~ Implementation and Wiring of E-Stop Devices 1. Devices and wiring systems should be arranged to meet the requirements for survivability, protection against external influences and independence. 2. Independent systems or redundant channels should not share multicore cables with each other or power circuits, and may require diverse routes depending upon the safety integrity level to be achieved. ( Category 3 and 4, SIL 3 and PLe). 3. Employ redundancy at every stage of the design, wherever possible. The more redundancy that can be integrated in to the design, the higher the integrity of the system. Measures to protect against failures include: 1. Cable selection (screening etc.). 2. Protection of cables against fire, chemical attack, physical damage etc. 3. Physical separation or segregation of cables and cable routes. 4. Routing in benign environments. Colour Codes for Push Buttons and Indication Lamps

~ 11 ~ Typical Key Release E-Stop Actuator Button Glossary: 1. PL e, Performance Level e (highest level). 2. SIL 3, Safety Integrity Level 3 (highest level). 3. SILCL 3, Safety Integrity Level - Claim Limit 3 (highest level). 4. MTTF d Mean Time To Destructive Failure. 5. PFH d Dangerous Failures per Hour. Sources of Information: 1. Safety and functional safety a general guide - ABB brochure 1SFC001008B0201. 2. Safety machinery handbook Schneider Electric. 3. Safebook 4 Rockwell Automation. 4. Machine Safety in the European Community Defren / Kreutzkampf 5. Guidelines for safe machinery Sick Inc.

~ 12 ~ Motor Control Warehouse +44 (0)1686 688948 www.motorcontrolwarehouse.co.uk

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback