Achieving safety isn't a risky business — if you have the right solutions and tools. That's where safety PLCs come in, as these systems can make factory floors less dangerous to people, product, the environment and other machines. But to get the most out of the technology, it helps to know the basics.
It comes down to understanding and reducing risk.
For instance, a safety PLC differs from its standard cousins in a few important respects, says John D'Silva, safety technology manager at Siemens Industry. One involves communication. For instance, Profisafe, a safe protocol layer that runs atop industrial Ethernet, has consecutive numbering of messages, time expectation with acknowledgement, a unique codename between sender and receiver, and cyclic redundancy data-integrity checks.
"A receiver can see whether or not it received the messages completely and within the correct sequence," D'Silva says of an outcome of these safety integrity checks.
Together, they reduce the risk of a communication breakdown. If one occurs, then the safety PLC, operating according to its programming, can initiate necessary actions, such as stopping a machine. The same set of actions might be taken by distributed fail-safe I/O with built-in redundant microprocessors.
Another key difference between a safety and a standard PLC involves system diagnostics. A safety PLC has a more extensive set, and these cover a greater number of exceptional situations, such as relevant unsafe conditions. This greater and more complete diagnostics capability reduces risk by minimizing or eliminating the chance of an undetected fault. Such data also can decrease downtime by providing information needed for troubleshooting, which means the safety PLC might be able to pay for itself.
A third way that safety controllers differ from standard PLCs involves internal configuration and components. For instance, they have multiple processors monitoring an application. These cross- check each other, but this doesn't preclude the processors from performing other tasks. For example, Rockwell Automation says its GuardLogix safety PLC handles both standard control and safety functions.
"We have two processors, and each of the processors is executing the safety tests to look at and compare all of the safety information from the application," says Geoff Sieron, GuardLogix safety controller product manager. "In one of the processors, we're executing all of the standard control tasks."
Finally, standard and safety PLCs have a paper difference. The latter achieve a given level of reliability in terms of failure rates. This performance is not something to which only the system manufacturer attests.
"A safety PLC will carry a certification describing the reliability of the system, because, since you're dealing with safety, there are standards and regulations that describe requirements for minimum levels of reliability and for third-party certifications," says Gil Dominguez, safety consultant with Pilz Automation Safety.
The question of certification brings up an important point, he adds. Different industries must answer to different regulatory bodies, and thus, any certification must be acceptable by the regulator with jurisdiction. Likewise, geographical regions have different regulators. At one time, there was a lack of regulatory consistency between regions, which sometimes lead to conflicting directives. However, that problem largely has been addressed, thanks to harmonization of rules and edicts.
An important point to remember when you consider a safety PLC is that it can be overkill for some situations. A very simple machine with only a handful of I/O or a limited number of safety functions might need only one or more safety modules, which can be programmable or discrete. The threshold at which it becomes cost-effective to use a safety controller is measured in a few tens of combined I/O points and safety functions, Dominguez says.
To consider any safety PLC or even whether to use one at all, it's critical to keep in mind that the objective is an acceptable level of risk. Ashok Acharya, senior product marketing manager at GE Intelligent Platforms, notes that determining this includes a risk analysis based on both the process and the machine. That is followed by an iterative evolution in which risks are addressed systematically, and any impact they might have is reduced. When the estimated risk and impact fall below the designated target, the application can be considered acceptably safe and the iterative process is complete.
While this ratcheting down of risk is going on, the question will come up about what is necessary with regard to the system's safety integrity level (SIL). SIL addresses the chance of random, not design, failures, Acharya says. He adds that attaining a higher level of protection is something that should be considered. "The cost versus SIL level equation is the key consideration," Acharya says. "For a small delta in cost, if a higher SIL rating can be accomplished, then that incremental cost is worth it."
Other factors also can play a role in the selection of a safety PLC. The system, after all, will be a computer that either monitors a stand-alone system or monitors and controls an integrated system, a process. Thus, ease of programming and connectivity options of a safety PLC can be important elements to evaluate.
Tina Hull, safety product engineer at Omron Automation and Safety, notes that a safety PLC uses test pulses and other diagnostics to spot problems that a standard system would miss, such as contacts that have been welded closed and cannot open. This check can be accomplished by dropping a 24-V signal periodically down to 0 V, with the controller looking at the return to determine that contacts and other components function as they should.
Selecting a safety PLC and other safety devices is the easiest part of the process of mitigating risk, Hall says. The real challenge takes place before that, when a risk assessment is being done. As she says, "First, understand the risks associated with your machines and processes. Understand how everyone interacts with the equipment, what job functions they need to do and how sneaky they can be at bypassing features."
More from Control Design: