From electromechanical devices to safety PLCs, to fieldbuses, to the new challenges of Industry 4.0 Automation machines and systems must meet safety standards now common throughout […]
From electromechanical devices to safety PLCs, to fieldbuses, to the new challenges of Industry 4.0
Automation machines and systems must meet safety standards now common throughout the European market. In the past, only electromechanical devices (such as safety relays) could be used to ensure compliance with these standards, as both purely electronic and software-only solutions were prohibited. Interruption of an electrical circuit, for example, was considered acceptable only if it was achieved with a switch or disconnector that caused a physical discontinuity in the circuit. The choice of components used to create a safety system has continuously expanded to include interlocking devices, light curtains, pressure-sensitive mats, two-hand control pulpits, and so on.
Security PLCs clearing the way for electronic and information technology
In recent years, the signals emitted by safety devices in the field are also being monitored by components such as safety PLCs.These are PLCs designed with special criteria regarding the I/O wiring and the control program processing to meet the criteria for securing a machine, plant, or area in general.
For example, in safety PLC, two processors often perform a plausibility check on the logic they will process. Everything is brought into a safe condition if an inconsistency is detected. Then some criteria also include checking the actual time of information processing because there must be a certain reaction in terms of safety when, for example, an emergency button is pressed.
Over time, safety PLCs have undergone a series of transformations similar to standard PLCs: from stand-alone units to input/output distribution to control distribution.
At the same time, variable speed drives have replaced many traditional motion control techniques. In addition to precise process control and improved energy efficiency, variable speed drives have also helped machine builders more easily comply with current safety standards and reduce plant complexity. In variable speed drives, using electronic and software technologies has enabled new solutions in managing traditional safety functions such as STO – Safe Torque Off, SS1- Safe Stop 1, SSE – Safe Stop Emergency, and so on.
New scenarios: the emergence of fieldbuses
The advent of field buses (fieldbuses) gradually changed the situation and encouraged the reduction of wiring, offering new opportunities in terms of design flexibility, modularity, testing, and maintenance.
Today, the same advantages can be seen in safety circuits, which can be deployed using safety fieldbuses: circuits have become less complex, while the reduction in wiring and connections has improved reliability, made maintenance easier, and facilitated system reconfiguration.
One of the most tangible benefits of this new technology is the operator’s accessibility to the production process by reducing physical safety barriers in favor of state-of-the-art software-managed safety functions.
Why are special fieldbuses needed to manage safety? Because conventional fieldbuses are unsuitable for transmitting safety-related controls, specific error detection and prevention mechanisms are required, without which faults cannot be identified promptly. Therefore, additional functions are needed, guaranteed by safety protocols, which can detect errors in data transmission, such as repetition, loss, insertion, incorrect sequence, message corruption, and delay, while allowing normal process data to be sent.
But let’s take a closer look at the main features of some fieldbuses created with safety in mind.
SafetyBUS p
SafetyBus p is an open bus based on CAN (Controller Area Network) technology, suitable for use in safety systems up to EN 954-1 Category 4 and SIL 3 applications according to IEC 61508. It allows up to 64 devices to be connected to a network having a maximum length of 3.5 km.
The main advantages of SafetyBus p are fast reaction times, secure communication between safety functions and standard automation functions, integration of advanced diagnostic features, open connection to popular standard fieldbuses, great flexibility in case of system expansion, and easy programming and installation thanks to certified software blocks.
On SafetyBUS p, the transmission of safety signals takes place separately from standard data at the physical and logical levels. Normal plant automation processes, therefore, in no case affect safety functions.
Finally, SafetyBUS p operates in event-oriented mode, in which messages are sent only if the status of I/O or the number of connected devices changes, ensuring low reaction times.
Safety over EtherCAT (FSoE)
To realize secure data communication on the Ethercat high-performance network, the FSoE protocol, certified by TÜV at SIL3/IEC61508 level, was developed. It is a protocol that allows safety and standard information to coexist in the same single-channel communication system; the solution is independent of communication media and error detection mechanisms and has no limitations regarding safety data length, transmission rate, and cycle time.
The FSoE can handle data errors such as corruption, repetition, exchange, loss, delay, and invalid addressing. Among the various security measures is the assignment of a session number and a unique identifier for each connection.
Profisafe
In the large Profibus-based family, Profisafe is a protocol that combines standard and safety communications on a single fieldbus, allowing standard and safety-capable devices to be connected on the same network. Suitable for both Profibus and Profinet networks, this protocol follows an approach to safety called ‘Black Channel,’ which has no impact on the underlying fieldbus and is independent of the physical transmission medium.
Also usable wirelessly, Profisafe was developed following the Safety IEC 61508 standard and prevents potential addressing errors, delays, etc., on the bus, with techniques such as consecutive numbering of data packets, monitoring of transmission time and message authenticity, and so on.
AS-interface ‘Safety at Work’
We conclude with AS-interface, a master-slave fieldbus complying with EN 50295. The transmission medium consists of a simple copper twisted pair with high immunity to electromagnetic interference.
Each AS-i network consists of a master, a dedicated power supply, and multiple slaves for connecting sensors and actuators. Power for the sensors and slave electronics on the network is provided by a decoupled power supply (30 VDC) from the data.
With AS-i ‘Safety at Work,’ parallel wiring for the emergency circuit can be eliminated by using a single transmission medium for handling safety-relevant signals and indications.
Finally, it is noteworthy that the AS-i bus can be defined up to the highest risk category (Cat. 4) under EN 954-1, and it is possible to assign emergency devices in the network to safe slaves.
The normative frame of reference
Harmonized Machinery Safety standards are divided into types: Type A, Type B, and Type C. Type A standards (or base standards) define the basic concepts, design principles, and general aspects that apply to all machines. Type B standards (or group standards) deal with a specific safety aspect or device. Finally, Type C standards (or machine family standards) deal with the safety requirements required for each type of machine.
Some safety-related standards are, for example, EN/ISO 12100 (Type A) – Safety of Machinery. Fundamental concepts of risk assessment and risk reduction; EN/IEC 62061 (Type B) – Operational safety of electrical, electronic, and programmable electronic control systems; EN/ISO 13849-1 (Type B) – Safety-related parts of control systems; EN/IEC 60204-1 (Type B) – Electrical components of machines; and EN 1037 (Type B) – Protection against unexpected start-up.
According to EN/ISO 12100, where construction following safe design principles is impossible, technical safety measures, such as installing fixed or movable guards, presence detectors to prevent unexpected start-ups, etc., are required.
Technical safety measures must prevent unintentional access to or contact with a hazardous item involving a risk of personal injury or reduce the risk by bringing it to a safe state before the person can come into contact with it.
For a machine (or other equipment) to be considered safe, it is necessary to carefully assess the risks that could result from its use, as outlined in EN/ISO 12100.
The challenges of Industry 4.0
In a traditional manufacturing environment, with lines or cells often designed for the production of only one type of product, safety management is generally straightforward: a risk assessment of all aspects of the operation-from individual components to the operator’s “points of contact” with the equipment-allows for the creation of a guide that will remain in place until the use of the line changes or changes are made to its components. Risks can thus be minimized as long as the correct procedures are followed.
In contrast, a plant operating under the new Industry 4.0 principles potentially presents a very different and more complex set of problems. These include, for example, the safety issues created by reconfiguring production areas at short notice, involving the rapid changes in equipment and even the physical movement of components.
However, there are a variety of technologies available to counter this problems-and it is no exaggeration to say that Industry 4.0 even offers the opportunity to further enhance safety through the ability to collect real-time data and intervene before a potential hazard becomes real. In addition to providing increased safety, this also introduces important new applications, such as predictive maintenance.
Finally, obtaining a logical representation of the plant (Digital Twin) makes it possible to simulate all hazardous situations, thus intervening beforehand with the necessary corrective measures.
Safety in Motion Control Systems
Although safety has not been an intrinsic part of motion control systems in the past, this has changed over time. As we have seen, safety was initially entrusted to electromechanical devices, as no other type of solution was provided in the standards. On the other hand, electronic or software solutions’ real or perceived reliability had not yet reached current levels.
The advent of fieldbuses and distributed automation changed the scenario, making it possible to locate safety devices in the most appropriate places (command pulpits, control room, etc.) and simultaneously introduce the first software solutions. Devices such as variable speed drives, inverters, and centralized Motion Controllers made it possible to concentrate safety management upstream of the system, simplifying the control of individual Motion units and making them more accessible. Indeed, it has been possible to replace armored units with units equipped with a simple casing, protection provided by features and functions that are no longer local but distributed throughout the system.
Today we are talking about Safety 4.0, which refers to more flexible and versatile security systems responding to the potential need for continuous plant modifications to meet new market demands.
In this field, AMK offers panelboard (centralized) systems such as the KE and KW series, nearby drives (decentralized architecture) such as the iX series, and integrated motor plus drive solutions such as the iDT5 series.
Since safety is transmitted via the network and thus via cable, the well-known advantages of a distributed system again translate into simplified wiring since it will no longer travel on a dedicated medium but on a shared EtherCAT network.