Dr Martin Kidman, a Safety Specialist with Sick UK, explains that selecting the correct safety equipment - such as laser scanners - will only get you half way to a safe machine; getting the rest of the way requires that the safety equipment is used correctly.
In virtually any potentially dangerous situation in our working lives, there are two parts of the safety equation to consider:
Too often, the fact that the hardware (and its associated firmware, connections and so on) is designated safe to the appropriate levels is considered as an end in itself. In fact, as we will see in the article below, the choices involved in the way the safety equipment is used must be subject to the same scrutiny and standards.
Imagine you have two bungee ropes of different lengths for two bridge locations, one 80 metres and the other 150 metres high. The ropes comply with the highest standards and also have an additional safety rope for the unlikely event that the bungees snap.
However, every week both ropes are packed away into the same box. You can imagine what would happen if the 150 metre length bungee was sent to the 80 metre bridge? Therefore you would think that some extra safety precautions should be taken when choosing a rope.
The same can be said when switching between protection fields on a safety laser scanner.
A laser scanner is a safety device that that uses a spinning infrared laser beam in combination with time-of-flight measuring to form a detection field, as in the diagram below.
The output light is emitted to various points (by a rotating mirror) and then the reflections are detected sensitively. The distance is calculated by measuring the elapsed time of echoes and using the following equation (time of flight method):
Protection fields can then be created for these scanners using complementary software in order to safely detect people when they enter the field. Warning fields can also be set up for diagnostics and non-safe detection, as in the diagram below.
Modern scanners are well tried and tested devices and have been around since their introduction in the 1990s. Their origins can in fact be traced back much further than that - one particular example being in 1976 when Dr Irwin Sick developed an area scanner with a V-shaped rotating beam and special reflector.
The technology has developed ever since and with every new model introduced to the market comes extra features such as more fields, longer distances and higher resolution. One feature that industry finds very useful is the ability to change fields while in normal operation. This is a particularly useful feature for increasing both productivity and safety by reducing the need for more than one set of OSSDs and improving the automated process.
A simple way to explain this is to look at a winding machine illustrated below.
There are many different type of winding machine but generally they are used for wrapping a material (tape, plastic or metal, for example) onto a spool, bobbin or reel.
At high speed, winders can be dangerous because they have drawing-in capability and may also have other hazards such as an actuated knife or similar.
One application for a safety laser scanner could be to safely detect a person approaching the machine to slow down/shut down the energy to the drive providing the rotation and maybe activate a breaking system. However, human interaction is usually required in modes such as:
It is therefore very useful to be able to switch between different size fields on the safety laser scanner.
However, a VERY important question that may be overlooked in this application is what criteria are being used in order to make the decision to switch the fields? (Think of it as the equivalent of who chooses which length bungee rope to use?)
If, for example, there was a fault in the signals telling the scanner which mode the machine is currently in, or a fault in the signal telling the scanner what speed the reel is spinning at, then, depending on the interface, there is a possibility that an incorrect field could be chosen. In other words, if a small field was selected for slow speed but the machine was actually running at full speed then it is likely that the machine would have a risk associated with it that could workers at harm and therefore not be in compliance with the latest laws.
The law requires that everything 'reasonably practicable' is done to protect people from harm, therefore the selection of field needs to have a safety integrity or performance level assigned to it.
In order to meet the requirements of the Machinery Directive, harmonised standards have been developed. If a hazard cannot be removed by safe design, then technical protective measures can be used by means of protective devices, a scanner for example, to perform safety functions.
Where the effect of a protective measure is dependent on the correct function of a control system, the term functional safety is then used, and this is where the term safety-related part of a control system (SRP/CS) comes from. To implement functional safety, two of the type B harmonised standards that can be used to help the designer of safety systems are EN ISO 13849 and EN 62061. If there is a type C standard for a specific machine this should be used instead; however, for the purposes of this article, only EN ISO 13849 will be considered.
EN ISO 13849 is a two-part standard that describes the general principles, design and validation of SRP/CS, and many other articles and online reference materials regarding this standard can be found.
Safety functions are defined and given a performance level requirement (PLr) via risk assessment, which is measured in probability of dangerous failure per hour (1/h). The circuit can then be assessed using a combination of manufacturers' specifications and software tools such as SISTEMA to see if it exceeds the assigned PLr. Performance Levels range from PLa (>10-5) to Ple (<107) and the following graph in the figure below is given as an example in EN ISO 13849 to determine the level required.
The safety function defines how the risk is to be reduced by protective measures and is to be defined for each hazard that has not been eliminated in design. An exact definition of the safety function is necessary to obtain the required safety. The type and number of components needed for the function are derived from sensors, logic units and power control elements.
So, for the winding machine example, the safety function for stopping the rotation of the reel if the protection field is disturbed could be described as follows:
This example shows a typical safety function consisting of an Input, Logic and an Output. In this particular case, when the scanner protection field is infringed (Input) the OSSD outputs drop out and the safety controller (Logic) then activates the final switching device (Output). The total Performance Level can only be as high as the lowest block. The scanner is PLd, the safety controller is PLe and the two contactors achieve PLe by calculation using EN ISO 13849 and SISTEMA. Thus, this safety function can at a maximum achieve PLd.
However, let us consider the switching of fields in this safety function. The switching of field must be of the same performance level as the safety function for operating a stop when the protection field is infringed. If this was not the case then we have a high-integrity protective measure with a low-integrity selection function. It is easier to understand if this safety function is referred to as a 'Mode Selection' safety function. Therefore, this function could look like the arrangement below:
If, for example, we had a standard PLC at L, which has no safety PL (or SIL for EN 62061) rating, then it cannot be assumed that the safety circuit meets the requirements of PLd and therefore does not comply with the Machinery Directive.
There are a number of different ways to implement a 'mode selection' (field switching) safety function that achieve PLd. One particular example using Sick rotary encoders and a Sick Flexi Soft safety controller with FX3-MOC drive monitor module can be seen below:
This safety function achieves PLe by using two rotary encoders to determine speed/direction of the reel, and a PLe-rated safety controller with safe encoder inputs and PLe rated outputs. If a single Sin/Cos rotary encoder is used then PLd can be achieved.
We must apply the logic and reasoning of EN ISO 13849 to the selection and operation of the safety functions. By using appropriately rated controllers and software to support the use of rated switching devices such as laser scanners, it is easy to achieve the appropriate rating for the whole safety circuit. Corners must not be cut. It is more or less the same as indelibly and clearly marking one bungee rope 80 metre jump only and the other 150 metre jump only!