Fluid Power and Machinery Safety
Safety Related Part of the Control System
The safety related parts of the control system (SRP/CS) comprises three elements – is an input from a manual control or sensor, a logic device to determine what needs to happen and outputs to control the power to the hazardous portion of the machine. For example, the depression of an e-stop, an input device, initiates a machine stop via the logic device. The machine stop is achieved by a power control device.
When it comes to machinery safety, and the SRP/CS, inputs are usually easily identified, interlocks, presence sensing devices, emergency stops etc stand out because they are mounted such that they are visible, but what about the devices they are controlling? When a gate interlock is operated it typically issues a stop command that is delivered, via the logic device, to a power control element, probably residing in a machine control panel nearby.
In an age of digital technology, it is easy to forget that hazardous energy may also be pneumatic, hydraulic or even kinetic, and these energy sources require the same safe control as electrical sources. The safety contactor is often the first consideration as a power control element when the SRP/CS is considered because the electrical supply is typically the initial thought of an automation or control engineer, but what about fluid power? We’ll need to consider valves rather than electrical contactors and how they fit into the SRP/CS.
Incorporating Fluid Power
Performance levels, Safety Integrity Levels and Categories are all dependent on the entire system meeting certain parameters, so using just one component that doesn’t meet the requirements will severely limit the safety performance of your SRP/CS, potentially exposing operators to unacceptable levels of risk. A pneumatic or hydraulic valve incorporated into the SRP/CS to safely control an energy source must meet the same category architecture and reliability requirements that a safety contactor must meet.
Taking Category 4 as an example, the requirements are:
In the case of a fluid power system, this will mean not only dual channel inputs but also two valves as outputs to ensure the continued performance of the safety function in the presence of a single fault. Redundancy alone will not ensure the detection of faults, so monitoring or diagnostic coverage is required. If each valve is fitted with positively driven switch contacts monitoring the valve position it adds the required layer of diagnostic coverage.
领英推荐
Unique failure modes
Fluid power also has potential faults that would not be considered for electrical power sources, not least contamination, particularly in the case of hydraulics. In a typical application, an operator is relying on a light curtain to issue a stop command which signals a hydraulic valve to close and stop the hazard. If the hydraulic valve, previously operating as designed, is affected by oil contamination and ceases to close in the required time to prevent access to the hazard an operator may be exposed to a hazardous situation.
In this situation, it is vital that all fault conditions are monitored. With correct integration of dual spool monitored safety valve system slow closure of either safety valve can be immediately detected and further machine movement / operation prevented.
What do the Standards say?
Input devices, such as interlocking devices, two hand controls, emergency stops etc are well served by international standards and industry white papers, particularly when it comes to integration into the safety related parts of the control system but fluid power integration is not so well served. The US standard ANSI B11.26 Functional Safety for Equipment:
General Principles for the Design of Safety Control Systems Using ISO 13849-1, published in 2018, is the exception that proves the rule. It devotes over 50 pages to circuit diagrams and analysis tables providing detailed practical examples of fluid power systems designed to comply with ISO 13849-1.
The analysis tables detail the safety function of each example, provide a list of potential faults to consider, any fault exclusions to be considered, and finally give the safety principles utilised in the system. These tables are a wealth of useful information for system designers.
The dearth of useful guidance, outside of B11.26, has resulted in the widespread usage of lockout/tagout to control fluid power sources. Whilst effective when procedures are followed correctly, lockout/tagout may have serious implications for productivity and efficiency. Correctly integrating monitored safety valves into the SRP/CS can reduce downtime due to lengthy lockout procedures as well as reducing risk to employees due to human error during the lockout process.
Conclusion
Safe control of fluid power is often overlooked in machinery safety but is an essential consideration to protect operators from the very real risks it presents. Dual channel monitored safety valves are one way of achieving the highest levels of reliability and risk reduction.
Senior SH&E Manager and Director at TEG Risk & Sustainability Services
2 年Warren Wagener Barry Kleine Charles Webb Ken Camden CMSE? Keshawa (K.C.) Senaratne Colin Read a good read easy read and the ANSI standard is a good reference for us to add to our library.
Category Optimisation | Market Analysis | Change Management
2 年Joe Hischar, Douglas Oliver, STEVE PRESTON, Richard Taig, Brendan Sheppard A quick read, could be something worth sharing around your teams ?? ??
Manufacturing | Bus Dev | M&A | Operations | Marketing
2 年Safety inputs and outputs get all the lime light, it's the safety outputs that always get overlooked but they are just as important!