Machine safety design

There comes a point in machine safety design when the designer needs to decide if it makes more sense to use multiple safety relays or to upgrade to a safety controller. This point typically occurs when the application requires three or more safety relays. This article focuses on some of the issues that designers must consider when determining whether a safety relay or a safety controller is the best solution for a particular job.

In terms of functionality and safety I/O density, a safety controller solution is a step above a safety-relay solution and a step below a safety PLC. Safety controllers must also typically be configured using software. The software allows for simple-to-implement safety circuit flexibility and functionality.

Machine safety designers need to consider three main areas when making machine safety decisions:

• Basic hardware design
• Safety controller configuration software
• Dollars and cents

Basic hardware design

If you are considering changing from multiple safety relays to a safety controller, you need to make some fundamental choices about hardware. The first key element is to understand the technology itself.

Most safety-relay designs have traditionally used safety relays constructed with internal electromechanical, force-guided relays. The key advantage here is voltage flexibility, as nearly any typical control voltage can be switched. Typical voltages include: 5 VDC, 12 VDC, 24 VDC, 120 VAC and 230 VAC. The nominal current at 24 VDC is about 6 A for a resistive-based load.

A safety controller, on the other hand, is a solid state device. This means that its output’s only designed to switch 24 VDC at a typical maximum of 2 A. If you plan on controlling a higher power relay or contactor, then these outputs will work fine. However, if you are using a safety relay to control the final load switching using voltages other than 24 VDC, then this is an important consideration.

Safety controllers are typically modular, so safety I/O can be added. The safety I/O expansion modules are either solid state or electromechanical. If safety controller expansion modules are needed, these costs will be an important consideration. Expansion modules can also be added to a safety-relay system.

Width and space are also important factors if DIN rail space is valued. Generic safety relays are typically 22.5 mm wide and can be as wide as 45 mm or more. Safety relay width is directly proportional to the number of safety output contacts and overall functionality. Traditionally, safety controllers have been 140 mm wide. However, smaller versions are now on the market. For example, a safety controller with a standard amount of I/O is now available in a compact size of 67.5 mm. So it’s easy to see that, if the application would require three or more 22.5 mm safety relays, space becomes an important consideration.

The number of safety I/O is the next consideration. A basic 22.5 mm safety relay typically has two or three normally open safety outputs and dual safety inputs. For the higher degrees of safety, such as safety category 4 according to EN954-1 or Performance Level ‘e’ according to ISO 13849-1, each safety door or emergency stop would require its own safety relay to maintain the highest level of safety. For comparison, consider a safety controller with 20 inputs and four safety outputs. With 20 inputs, the designer could connect 10 dual-channel e-stops to the same safety controller and maintain safety category 4.

Safety controller configuration software

For a designer accustomed to using safety relays, a safety controller’s configuration software is one of the main unknowns. Many people find the idea of using a software-based safety product intimidating. They worry about the required programming expertise and additional costs.

In this writer’s opinion, the configuration software can be a positive aspect. It increases flexibility and offers advanced functionality that a multiple safety-relay circuit cannot provide.

Software environment

Configuration software designed with non-programmers in mind will simplify the design process. Software with drag-and-drop functionality enhances software’s ease of use. Those familiar with safety-relay technology should be familiar with the terminology and function blocks used in the software, and there are safe function blocks for most major safety applications. Examples include emergency stop, safety door, light curtain, light curtain with muting, mode selector, enable switches, two hand controls and safety sensor. These safe function blocks can be mixed to create anything from very simple safety functions to advanced logic for multiple zone control. The real power of the software resides in the abundance of safe logic functions. Examples of safe logic functions include AND, OR, time off delay, time on delay and a pulse generator. These safe function blocks take the place of individual safety relays, and the safe logic functions take the place of specialised, expensive functionality and creative hardwiring in a safety-relay circuit.

Safety project simulation

Another powerful aspect of the safety controller is the availability of a safety simulation mode. This mode is perfect for designing a safety project at your desk and going into simulation mode to validate your safety project before going on site to download it to the safety controller itself. When a field installation needs a quick change to the safety project, the safety designer can develop the change, validate in simulation mode and email his project to the field for download via a standard USB connection. If technicians in the field request additional functionality, the safety engineer can make the changes in the safety project, validate the changes using the provided simulation and send an email back to the machine location.

Simulation mode is a perfect way to begin your evaluation of a safety controller. It’s a no-risk test drive of the fully functional software. The best part is that no hardware is required for the test drive. Not all safety controller configuration software packages support an integrated simulation mode, but this is a very valuable feature if you can get it.

Security

A safety controller typically requires two passwords for security. The first password protects the security of the software safety project itself. Without this password, no changes can be made to the safety project. The safety controller hardware also has a password, which is required to download or upload the program to or from the safety controller. Machine builders can therefore decide how much access their customers need to have.

For each safety project, a CRC check sum is provided. If the end user is granted software access and makes changes, the CRC check sum will reflect the change from the documented value.

Monitoring and diagnostics

If the software has a diagnostics capability it will save time during start-up and during troubleshooting safety circuit failures. Troubleshooting a discrete safety-relay circuit can be a daunting task due to all of the wiring and the variety of safety relays being used. With a safety controller, you can connect the software via the USB, upload the project and go online. At this point, the software will indicate the reason the circuit failed to activate. This is usually indicated by a red box around the failing safety function indicating the problem (for example, a door is open). Typically a ‘tool tip’ is available in the software when your cursor is placed over the failing function block. The tool tip normally gives the reason for the failure and how to correct the problem. This kind of information may also be available over a network. Network interfaces can be integrated into the safety controller or might be a separate piece of hardware to add to the safety controller. If a network interface is desirable, then this cost should be considered.

Documentation Safety documentation is a very important part of the machine delivery package. Software configuration packages often have a predetermined offering where you can document and print: Application description – life-cycle details, applied standards, etc Project details - name, last revision comments Contact information Project manager Machine delivery details Inspection results I/O descriptions

Figure 1: Program print out of safety documentation.

Dollars and cents

For this cost comparison, we will use a baseline of safety relays with basic functionality. Keep in mind that safety relays with advanced functionality add to the cost of the safety-relay solution. A standard list price for a safety relay can vary greatly. This writer assumes that a fair price for a safety relay with dual input channels and two normally open safety outputs is around $200. This writer will also say that a fairly priced safety controller lists for around $720.

Safety controller software

The next extremely important consideration is the potential cost of safety controller configuration software. Pricing for a safety controller configuration software package can range from a free download to up to around $1800.

Licensing fees are also critical. They can add hundreds of dollars for each machine that uses a safety controller. This writer recommends a free, downloadable configuration software package with no licensing fees and a simulation mode. Since free options are available, we will not include configuration software in the pricing examples below.

Possible hidden safety controller charges

There can be other hidden charges associated with a safety controller purchase. These are not nearly as significant as the configuration software, but can add up and cause inconvenience.

Safety controllers often require a specialised memory module for program storage and portability. The designer should make sure that this item is included in the box and installed into the safety controller at no extra cost, as it is common for this to be a separate line item. Receiving a product with no memory can be quite frustrating and will lead to additional delay. The memory module can be in the $60 range.

Note that some safety controllers do not use a memory module. In this case, programs are not as portable.

Another possible hidden cost is the cable used to download the program to the memory. Make sure this cable is standard mini-USB style cable. Some companies offer inexpensive proprietary cables (around $30), but once again, this could cause inconvenience in the field. It’s nice to know that, in a pinch, a standard camera or phone USB cable will work.

Note that hidden costs will not be used in the following pricing examples. Pricing example A With three standard safety relays at $200 each, the total cost is $600. The safety controller is $720. The safety-relay solution costs $120 less, and space is a trade-off. Since the price of safety relays is directly proportional to the number of safety contacts and to functionality, the safety relays would have to average over $240 each before the designer saw a cost advantage. However, safety controller flexibility, the ability to stock only one part number and other benefits might be attractive enough to make the safety platform change.

Figure 2: Using three standard safety relays.

Pricing example B

With five standard safety relays at $200 each, the total cost is $1000. The safety controller is $720. The safety-relay solution is $280 (39%) more expensive and uses 67% more space on the DIN rail. If six safety outputs on a safety controller are enough, then there is no question that the safety controller is a viable option at this point. Once again, the numbers become more dramatic depending on the type of safety relays being used.

Figure 3: Using five standard safety relays.

Summary

When an application requires at least three medium-priced safety relays, it makes economic sense to consider moving to a safety controller platform. The more safety relays that are involved, the more this solution makes sense.

If the platform change seems to make sense, the next step would be to evaluate the safety controller technology to determine if it fits the specific application needs. The designer should also consider functional flexibility, stocking a single part number and the monitoring and diagnostic features.

In the end, if the designer decides the safety controller is the best solution for the project, the machine and the end user will reap the many benefits that a safety controller has to offer.

By Mike Garrick, Product Marketing Lead Specialist, Interface Relays, Phoenix Contact