Not only are machine safety standards and rules becoming more harmonized and widely accepted, and not only are many builders realizing that machine safety pays instead of costs, but more end users are demanding it, too. Machine safety is becoming a big-time, must-have service that's essential for builders to deliver.
Jim Montague is the executive editor for Control. Email him at [email protected].
However, despite its newfound fame, machine safety is challenged by a combination of new equipment capabilities, different regional needs, and shifting regulatory requirements — all of which need new safety solutions. For instance, Messer Cutting Systems in Menomonee Falls, Wis., juggles all of these factors as it keeps its plasma, oxyfuel and laser cutting machines operating safely and efficiently for its users.
"We've always taken machine safety seriously, which is driven in the U.S. by OSHA's non-prescriptive rules and the ANSI and UL standards. No one says, 'We're policing you,' but we don't want incidents to happen; we don't want to get sued; and we want our users, staff and everyone else to go home safe," says Justin Ponzi, Messer's senior electrical engineer. "Because in the U.S. it's the end user's responsibility to keep their staff safe, they often ask us for help, and we provide recommendations. Originally, this meant bump cords, lifelines, static-tensioned cables, which were followed by normally opened/held-closed safety circuits that were then tied to safety relays with interlocking logic. Next, light curtains were added to allow more access, but then some customers might ask for light barriers around whole machine perimeters."
New Rules Need New Tools
However, Messer's latest machine safety efforts really began when it sold and installed its large Titan cutting machine at a railway equipment manufacturer in Canada about five years ago. The end user and the Electrical Safety Authority (ESA), which is Ontario's version of the Canadian Standards Assn. (CSA) required a pre-start health and safety review (PSR), including an inspection and follow-up to ensure compliance and to specify any added safety equipment.
"We had to build some extra safety stuff into Titan, and it needed a pretty complex solution," Ponzi explains. "The ESA's consultants can say what areas are exposed in their PSR report and give some general ideas, but they can't say exactly what needs to be done because of liability issues. So we tried four or five different design iterations, and the winner involved putting three light curtains around the cutting table — two on the perimeter and one across the middle. This allows one side of the machine to run autonomously, while parts are being loaded or unloaded from the other. Then the inspector comes back, checks the design, and signs off if it's acceptable."
The hurdles in Canada and countries with similar regulations are costly, and can increase shipping time from a normal 8–10 weeks to as much as six months, Ponzi reports. However, customers in regions with less stringent rules for builders, such as the U.S., also are asking for more sophisticated safety solutions.
Besides complying with safety regulations, Messer also is integrating safety equipment as its machines add new operations and cutting technology. "We added material handling, such as intelligent conveying and storage, to our cutting machines," Ponzi says. "Users needed material handling to increase throughput, but we recognized we needed more safety for those functions, and that we had to be more proactive than our customers to add it in. It's not easy to move 20,000 pounds of steel and stop on a dime."
The builder's two material handling devices include its Messer Loading Storage Shuttle (MLSS) that employs a 50x50 ft pad, and its smaller Messer Shuttle Table (MST). Messer already was using safety PLCs for the distributed I/O on its cutting machines, Ponzi notes. However, its evaluation and design for MLSS spurred it to add three laser scanners that sweep in 270° arcs to identify material moving through the system, a light curtain on MLSS's exposed side, a sound abatement enclosure that limits access via interlocks, a hard guard fence, and four video cameras that allow operators to see all aspects of the machine.
"Without a safety PLC, we wouldn't be able to control individual zones on our machines. This is crucial, so one zone can be active, while another zone is safely locked out," Ponzi says. "However, we built the Titan cutter for the railroad manufacturer with relays, but we had to go through so much red tape and it took so long that we didn't have time to build software for it. So we began looking to use micro safety controllers, and adopted Beckhoff's TwinSafe."
Tony Rigoni, Beckhoff's safety expert and sales manager for northern California, adds, "Users are waking up to the value of machine safety and that spending $1 on safety can return $3–12 in productivity. And building safety controls into machine designs to enable safety zones and speeds is even more valuable than trying to protect against hazards after a device is built."
Fieldbuses Pave Way for Safety
So, what's been enabling machine safety to evolve rapidly and serve so many operating advances lately? Well, the same networking revolution that turbocharged all of automation and control in recent years is now dragging machine safety up the same learning curve.
For example, Stolle Machinery in Centennial, Colo., recently simplified the former point-to-point wiring on its machines that form, inspect and decorate cans by replacing it with fieldbus-type networking such as EtherNet/IP and DeviceNet to reach its I/O points and other devices. This saved on materials and interconnection time, but it also provided the networking concept and pathway for later adding safety-related communications.
"Over the past five years, we networked a lot of regular I/O via fieldbus, but all our safety functions were still hardwired," says James Chapman, Stolle's electrical engineering manager. "However, our customers, especially in Europe, have been getting more comfortable with the idea of safety on fieldbus."
Though its business was half domestic U.S. and half elsewhere just three to five years ago, Stolle now sells about 80% of its equipment overseas, mostly in Europe. Chapman adds that many of the European Union's machine safety standards are recognized and required internationally, especially since EN 954-1 was officially replaced by ISO 13849-1 this past Jan. 1 after a two-year delay. "So we adopted the better-defined ISO 13849-1 safety standard, and we're in the middle of transitioning to safety networking and safety PLCs over 24 V, Ethernet cabling, though we still use hardwiring for high-speed functions," he says.
To learn to apply ISO 13849 and the EU's latest machinery directive, Stolle's engineers researched and educated themselves about the rules, brought in outside experts, investigated where and how the new standards superseded older ones, and evaluated how this would affect their decisions during machine design and construction. "Previously, we followed four safety categories, but ISO 13849 has five performance levels (PLs), 'a' through 'e,' which are better defined and less ambiguous," Chapman says. "We also still use safety integrity levels (SILs) from the IEC 61508 standard. All of these give us a more complete overview of our machines, and then we also apply more specific standards for particular equipment, such as EN 692 for presses, which has an equivalent ANSI B11 standard."
Settling Shifting Standards
Machine safety standards such as ISO 13849-1, ISO 12100, ANSI B11 and ANSI TR11, and their supporting organizations have resolved some of the regional and international differences between former standards, but many small builders are still left mostly on their own to figure out which standards to use and how to make their machines and users safer. Sadly, harmonization isn't much good if you can't hear the music.
"It's already confusing for builders and users to understand what standard to apply to their specific machine or production process," says T.J. McDermott, senior project engineer and manager at Systems Interface, a system integrator and control panel builder in Bothell, Wash. "But I object when standards are specified by a government, and then we have to buy them from the same third party that interprets and enforces them. If standards are going to be required by law, then they should be a lot easier for everyone to find and access."
In addition, many builders remain hampered by lingering philosophical and practical differences in the EU's prescriptive Machine Safety Directive and related laws and North America's less-proactive, OSHA-based rules. The ISO standards are run by the International Organization for Standardization, and the ANSI standards are run by the American National Standards Institute.
Mike Steele, controls engineer at Oystar North America in Covington, Ky., reports that, before adopting ISO 13849-1 for European applications, Oystar used EN 954-1. "We started looking closely at ISO 13849-1 in 2009, but since the extension didn't require compliance until the end of 2011, we were in good shape once the official compliance date arrived," Steele says. "The first machine we evaluated with ISO 13849-1 was our Criterion 3 cartoner." (Figure 1)
In fact, some observers report that ANSI B11.0 merged general machine safety, risk assessment and risk reduction more efficiently and with more updated language than ISO 12100, which combined three former European standards in the mid-1990s, including EN 1050 and EN 292, parts 1 and 2. They say this helped the North American standards leapfrog their European counterparts, and develop the performance levels now used by ISO 13849-1.
"In the past, European standards and directives seemed to be more conservative than domestic U.S. standards," Steele adds. "I see this changing due to global harmonization. Examples where Europe is still more conservative: European Machinery Directive 2006-42-EC section 1.4.2.1 requires the fastening system of fixed guarding remain attached to the guard or to the machinery when the guard is removed. Basically, any fixed guards that would be removed during the lifecycle of the machine (typically for maintenance or cleaning) must use captive fasteners for fixings (to prevent loss of fasteners and guard panel not being replaced on machine before operation). I suspect future domestic standards might adopt this rule or something similar. Also, one European standard specific to packaging machinery, EN 415-3, Section 5.1.5, requires an e-stop every 4 m or less along the machine's perimeter. Domestic U.S. standards aren't this specific."
Tim Roback, marketing manager for safety systems at Rockwell Automation, adds, "Machine safety standards are converging globally because large, multinational end users are demanding common, worldwide standards. So, it's hard to keep justifying that different regions still need different standards. Still, ISO 13849-1 does put an added burden on builders, which is why we offer our Safety Services program and our Safety ROI Calculator to help with risk assessments (RAs) and performance-level calculations."
Assess Risk, Calculate Performance
The initial step in determining required safety performance levels is to perform a risk assessment, and then use ISO 13849-1's Annex A for guidance, Steele says. "Basically, once hazards are identified, severity of injury needs to be determined," he explains. "The options are S1 (slight) or S2 (serious). Next, determine the frequency and/or exposure time to the hazard. The options are F1 (seldom) or F2 (frequent to continuous). Third, the possibility of avoiding the hazard is determined, and its options are P1 (possible under specific conditions) and P2 (scarcely possible). Following the ISO 13849-1's risk graph will point to a specific, required, 'a' through 'e' performance level." (Figure 2)
"Initially, we referenced ISO 13849-1 and supporting documentation to determine our machine's overall category and performance level," Steele adds. "Part of the challenge was getting relevant data from component manufacturers to perform the calculations. I suspect giving the component-level OEMs more time to gather and publish necessary data was one reason the ISO 13849-1 extension was granted. Even now, with certain components, the data is not published."
In general, Steele notes, this is Oystar's step-by-step procedure for machine safety:
- Conduct an RA and identify machine-specific safety functions and characteristics of those functions.
- Determine the machine-required performance level per section 4.3 and Annex A of the ISO 13849-1 standard.
- Identify the actual performance level, which starts by determining the mean time to dangerous failure (MTTFd), diagnostic coverage (DC) and common cause failure (CCF) values.
- Repeat the previous step for each safety function.
Luckily, understanding and learning ISO 13849-1's calculations isn't too hard, and there are many software and online tools that can help, notes Martin Grosser, product manager for functional safety at Lenze. For example, the freely downloadable Safety Integrity Software Tool for the Evaluation of Machine Applications (SISTEMA) provides developers and testers of safety-related machine controls with comprehensive support in evaluating safety in the context of ISO 13849-1. It's available from the German Social Accident Insurance organization's Institute for Occupational Safety and Health.
Software Assists Calculations
To ease the ISO 13849-1 evaluation process, Oystar also generates SISTEMA files for each of its product lines, Steele says. "Most global safety component manufacturers have SISTEMA library files for end users to reference," he says. "From our experience, it seemed challenging at times to perform the calculations by using the guidance of the standards alone. This was due to limited data supplied by some component manufacturers. In these situations, we had better luck completing our task by using the SISTEMA software, and it does provide a nice results report."
One of the main obstacles to implementing ISO 13849-1 is that it involves so many calculations, but SISTEMA and other software tools can get users over these initial hurdles, adds Robert Meuhlfellner, director of automation technology at B&R Automation. "Using ISO 13849-1 for the first time can be very difficult, but most builders tell us the calculations get easier with practice," he says. "Machine safety is all about finding previously undetected faults, including those in safety systems. And, because typical machine life is 20 years, standards and builders must also address safety issues that may come up 18–20 years in the future."
Siemens Industry also offers an online, TUV-tested Safety Evaluation Tool for IEC 62061 and ISO 13849-1 standards, adds John D'Silva, Siemens' technology manager for safety integration.
Controllers, PCs Lend a Hand
Just as fieldbuses provided a pathway and format for machine safety on a common network, software and PC-based control also help organize many machine safety tasks, and make it practical for more builders and users. For instance, Voortman Automatisering in Rijssen, the Netherlands, specializes in machines for processing flat and angled steel profiles. The company relies on its own software, Voortman Automatisering Computer Aided Manufacturing (VACAM), which runs on Beckhoff's TwinCAT PLC, which contains all software and control parameters. Voortman also uses EtherCAT to monitor and manage its frequency controllers, and Beckhoff's TwinSafe enables precise emergency-stop analyses.
Automated steel production is possible only if machines can communicate with each other and an ERP system, reports Erik Dommerholt, Voortman's software development manager. "We use VACAM in 90% of our machines, and it determines which is responsible for what task. When the machine is switched on, it automatically configures its runtime. The complete machine configuration is specified in an SQL database."
In addition, TwinSafe enables safety tasks, and can set up networks in which standard and safety signals are either mixed or use separate networks. "TwinSafe can be used as an autonomous safety solution or as a local controller that communicates with a higher-level safety control system," explains Jurjen Verhoeff, of Industrial Automation Link, a Netherlands-based Beckhoff distributor. "TwinCAT's system manager enables flexible integration of TwinSafe terminals into the network. This facilitates connection and decoupling of individual modules to and from a machine, and makes it possible to expand the system and its safety capabilities without added wiring." (Figure 3)
In the past, large production systems had a single circuit, Dommerholt recalls. "In the event of an emergency stop, the circuit was completely switched off, and operators were regularly faced with the task of finding the cause," he explains. "TwinSafe can pinpoint where the emergency stop was triggered, and the response is also known because the function is coupled to the module. Also, wiring the safety circuit is simpler, so it let us become more flexible in terms of the safety circuit."
Safety Never Sleeps
Perhaps it's because "no good deed goes unpunished" or just due to universal entropy, but once responsible builders have done everything they can think of to achieve machine safety, some new potential danger or regulation seems to pop up. Not surprisingly, machine safety is one of those eternal, necessary chores.
Likewise, while adding safety to its material handling devices, Messer recently implemented fiber laser cutting on its smaller devices, such as its MST, which would need even more protection. Fiber laser carries its laser signal in a fiberoptic bundle to the cutting head, improves edge quality, has a smaller curve slot, and is 30% efficient compared with regular CO2 lasers, which are about 15% efficient. However, while traditional plasma and oxyfuel lasers can run in the open with just e-stop, noise abatement and eye and ear protection for the operators, a fiber laser's infrared, invisible, potentially tissue-damaging beam must operate in a U.S. FDA Class 1 sound- and light-tight enclosure, can't be accessed during cutting, needs interlocks, and requires operators to wear special goggles.
"We just found out what kind of safety fiber lasers needed, learned about it, and applied it," Ponzi says. "We identify the applicable government standards, but many end users have standards as well, and so lots of these efforts require us to be self-governing, too. We do risk assessment and know basically what protections are needed for our machines, but we also ask our customers what they're looking for and what protection they think they need. We also ask our vendors for help, and they all can assist us with the basic calculations about how to protect a particular function running at a certain speed, distance and other parameters. We try to think ahead on machine safety because we enjoy being able to sleep at night."
