Machine Safety is Elemental For New Automated Systems

Once An External Add-On After Construction, Safety is Now a Fundamental, Unifying Building Block in Modern Machine Design

By Jim Montague

Machine safety is moving from the outside to the inside. Traditional guarding and other protections are being replaced or at least supplemented by intelligent, automated safety PLCs, better-coordinated networks and other supporting devices. Integrated into machines at their earliest design and assembly stages, these safety components and software can establish safe zones, guarantee safe speeds and non-injurious motion, and allow operators to stay safe even as they interact more closely with their machines. Likewise, domestic and international machine safety standards are harmonizing to better help builders and users apply common, uniform safety components (Figure 1).

"The Occupational Safety and Health Administration's regulations have been around for more than 40 years, so most companies have some safeguards in place on their machinery, but most of these safeguards are expensive, physical barriers that most likely limit productivity," says Jeff Winter, safety business manager for North America at Grantek Systems Integration ( in Oak Brook, Ill. "However, recent changes in international safety standards have plowed the road for the rest of the world to integrate safety technology into standard automation functionality. Compared to conventional guarding, we now can reduce hardware costs, simplify control architecture, reduce design and engineering time, increase diagnostics and ultimately make a safer work environment. So even if a machine is conventionally safe, overhauling its safety system could improve its safety and overall equipment effectiveness (OEE)."

For instance, Sandvik Materials Technology is a worldwide developer and producer of advanced stainless steels, alloys, titanium and high-performance materials, and its cold-rolling mill in Sandviken, Sweden, has been a key part of its precision-strip-steel production line since it was built in the 1930s. The mill is 20 meters long and processes high-carbon steel and stainless grades, and produces strips up to 400-mm wide and 1 to 6 mm thick (Figure 2).

Understandably, the mill's mechanical, electronic and control systems were renovated over the years, and Sandvik recently added servomotors, standard PLCs and touchscreen HMIs from ABB. However, the company's latest effort to migrate its hard-wired safety systems to zoned safety guarding required it to switch out even more equipment. "We needed to expand the plant and production line's safety, so we decided to install a new control system with a safety central processing unit (CPU) on the cold-rolling mill, but this also meant replacing its safety-related electronics and controls and adding some automatic functions too," says Torbjörn Pettersson, Sandvik's engineering development specialist.
Put Risks into Zones  

To find the most appropriate safety and control solution for their cold-rolling mill, Sandvik's engineering and production staffs conducted a risk assessment (RA) in accordance with Swedish directive 2006:4, användning av arbetsutrustning (use of work equipment), and determined the mill needed six different safety zones based on its inlet parts, rolling and removal parts sections.

Read more: Help Machine Safety Break Free of the Past

"It's important to have a risk assessment to start with,"Pettersson explains. "After that, you must work through function descriptions and operating instructions. For us, it took a lot of time to find solutions for our new safety functions so they would be safe and productive. Once the instructions are finished, it's much easier to write the safety program. This is important because it can take lot of time to do a new RA and change safety functions and programs during commissioning if the initial solutions don't work out. It's also important to separate safety and the non-safety programs in the controls. This will make it easier to commission and test the safety functions, and these systems will be much easier to maintain because a clear, readable program will minimize the risk of any misunderstandings.”

Sandvik also adopted ABB's safety PLC with Profisafe network architecture via Profinet communications protocol to independently control the six safety zones. The new dual-processor safety CPU module and the safety I/O channels are integrated alongside the mill's existing PLC, which controls six dc and ac drives and motors. The dc motors drive the main steel belt and rollers, while the ac motors adjust roller position to achieve desired pressure during strip-steel processing.

This new arrangement with the safety PLC allows parts of the mill to remain operational while an operator gains safe access to some other zone, where safety is assured by disabling power. About 50 safety PLC I/O channels also link to gate switches, light curtains and E-stop buttons. The I/O points also monitor pressure switches to sense that hydraulic power is disabled for maintenance.

"Establishing safe zones inside machines allows power to be brought to a safe level without shutting down and having to resynchronize the entire machine," says Gary Thrall, senior product support engineer and TÜV-certified functional safety engineer at Bosch Rexroth ( "Similarly, safe-direction functions can be set up in safety zones, so all power won't have to be removed when operators are loading or unloading materials. This can save 10% on many production cycle times.”

Simpler Standards,Proactive Mindsets

To conduct thorough, uniform RAs and achieve the greatest practical safety at the design stage, there are a variety of domestic, regional and international machine-safety standards that builders can use. Most significantly, the ISO 13849 standard pushes machine builders and users to move from complying with traditional safety categories to instead calculating and achieving performance levels.

Grantek's Winter adds that, "Risk assessments are like resumes. Everyone has one, but they all look a little different. The important part is they all achieve the same basic purpose and contain the same basic information. For that reason, it's important to use an RA and risk reduction process that works for your organization. The first and most important step is to base your process on nationally recognized, consensus standards, such as ISO 12100, ANSI B11.0 or other industry-specific standards. The second and most challenging step is to develop a procedure and rules to support the process to ensure you have consistent results from one RA to another."

Winter reports that deciding which safety standards to follow begins with the location of the end user's manufacturing facility, and then OEMs, integrators, contractors and everyone else follows suit. "In the U.S., you start with federal and state OSHA regulations, and then use standards it has incorporated through reference, which are primarily American National Standards Institute and National Fire Protection Assn."Winter says that because recently revised ANSI standards are starting to harmonize with International Organization for Standardization ( and International Electrotechnical Commission standards, it's important to be aware of their contents too. In Europe, this burden is on machine designers and builders.

"Because U.S. and Canadian machine builders and system integrators are at the mercy of clients' requests, they'll follow national or internal standards most of the time,"Winter continues. "However, it's not uncommon for them to also embrace unique, company-specific, homemade requirements. Europe has a much more restrictive approach, and to meet the ‘presumption of conformity' of the EHS requirements in the Machinery Directive 2006/42/EC, you must follow one or more of the hundreds of harmonized standards listed in the European Union's official journal. In lieu of customer specifications, it's highly advisable to have an internal specification of minimum safety requirements and to list the standards chosen to demonstrate compliance.”

To help machine builders learn and perform ISO 13849-1's calculations, the free "Safety Integrity Software Tool for the Evaluation of Machine Applications" (SISTEMA) is offered by the German Social Accident Insurance organization's Institute for Occupational Safety and Health. The tool provides comprehensive support in evaluating safety in the context of ISO 13849-1.

Safe Motion, New Tools

Besides setting up safe operating zones, the most important benefit of integrating safety PLCs into machine designs is establishing safe direction, speed and other motion that won't allow operators to be injured.  

Back at Sandvik's cold-rolling mill, the safety PLC provides safe speed control, which ensures that hands or fingers can't be trapped between the mill's belt and rollers. The safety PLC also allows Sandvik's engineers to use floating-point numbers that simplify safety programming required for tasks on the mill, such as calculating speed. Programming was further simplified by ABB's integrated PLC development tool, which supports safety PLC programming in its CoDeSys-based integrated development environment and supports the PLCopen Safety Library. ABB also provided its own safety code analyzer tool, which verifies safety programming rules.

"Establishing the zones and using the safety PLC improve the cold-rolling mill's safety, but they also aided our efficiency because we designed new functions for threading the strip to separate operator and machine, and this enabled the mill to run more effectively and more safely," Pettersson says.

To help more users gain these safety capabilities, some developers take them beyond the usual safety PLC. For instance, B&R Industrial Automation just introduced its safety PLC that comes in the form of an I/O module, while its "soft" counterpart is a virtual, purely software-based version that can run on other hardware devices if needed. The PLC provides programmable and network safety to machines that don't need a large complex safety system, according to Corey Morton, B&R's technology solutions director. "Safe motion and safe-limited speeds and positioning can produce big productivity gains because users can maintain existing power, positions and axes in their machines,"he adds. "Both approaches can do these jobs.”

It's important to have a risk assessment to start with. After that, you must take lot of time to work through function descriptions and operations instructions. For us, it took a lot of time to find solutions for our new safety functions so they would be safe and productive.

Similarly, as a longtime practitioner of PC-based control, Beckhoff Automation includes its TÜV-approved Functional Safety over EtherCAT (FSOE) capabilities in its existing control systems, which achieve ISO 13849 Level E and SIL 3 ratings. "ISO 13849 went into effect in January 2012, so machine safety's been at the forefront of everyone's thoughts since then, and their awareness is growing quickly," says Tony Rigoni, regional sales manager for northern California and safety expert at Beckhoff Automation.   

Up Into Auto Plants

Of course, once builders and users get a taste of designing and integrating intelligent safety into machines, many want to deploy it in larger production lines and facilities.

For example, Audi recently redesigned its A3 model and built a two-level production building at its plant in Ingolstadt, Germany, for its new body assembly line, which operates up to 800 robots in 130 work cells (Figure 3). The A3's lightweight, third-generation body needed a higher-performance production line that was flexible, reconfigurable and able to deliver more sophisticated diagnostics in the cells and on conveyors, so Audi's engineers selected Profisafe and Profinet networking and safety PLCs from Phoenix Contact.
The safety PLC is unusual because it consists of two independent controllers. One is a standard, programmable, IEC 61131-compliant PLC, and the second is a SIL 3-rated safety control system. While one platform is responsible for standard applications and Profinet communications, the other prepares Profisafe telegrams and performs its safety application. This means the PLC executes its standard system and safety programs in parallel, but separate from each other, which ensures independent control and timing for each function and keeps cycle times short for the control and safety programs. Short software cycle times are crucial to maintain optimal production cycle times by the various work steps in Audi's cells. Also, the control of individual command devices such as robots or frequency converters requires a handshake technique, which means added PLC cycles are needed. However, Audi's engineers report that this solution helped reduce PLC cycle times to an average of 12 milliseconds, which means the cycle time of the larger cells could be reduced by up to one second.

The controls are programmed with two interconnected tools. An engineering tool configures the Profinet system hardware and creates the standard IEC 61131 application, and the safety PLC's software handles the safety PLC. Safety functions of each cell, including emergency stops, protective door contacts, guards in loading and infeed areas, and safety-related robot and drive functions, are programmed in the safety controller. Also, once the PLC's programs are validated, they're password-protected to prevent unauthorized changes, while access to the PLC's safety components also can be password-protected for added safety during start-ups.   

Similarly, Kia Motors (KMC) builds three SUV models, which make up more than half of the almost 230,000 vehicles it produces each year, at its Kia Motor Slovakia (KMS) division in Teplika nad Váhom. The body shop at KMS and its body-complete (BC) line assemble all moving parts with manual handling performed by 20 workers and equipment managed by controllers and software from Rockwell Automation.

Unfortunately, the BC line also suffered frequent breakdowns that decreased productivity and sometimes caused the entire line to stop.

KMS reports its BC line had been using Sick's afety relays and safety scanners, which it says had complicated wiring and long conductor routing from safety devices to relays in the main cabinet and lacked a bypass function from the scanners. Though traditional relays long have prevented hazardous interactions between operators and machines, KMS adds its safety relays also caused many small line stops, and often made it hard to identify why and where they were happening.   

Consequently, KMS decided to add Allen-Bradley safety PLCs to its ControlLogix control system. The BC line added remote safety I/O modules and connected to the plant's EtherNet/IP network, which allowed visualization of safety conditions, alarms, emergency events and programming developed for its HMIs.
Previously, if a person entered a cell, or if a device failed during production, the entire line stopped, and each area had to be checked to find the source of the fault. Now, the BC line is divided into five zones, each with a cabinet with Safety Point I/O components and only two or three meters of wiring. Each safety I/O is connected to the safety PLC via EtherNet/IP. So when the BC line is interrupted, only the relevant zone is stopped, which indicates its location and enables quick recovery while other zones remain operational.

"With the ability to identify failures and solve problems quickly, we've increased productivity by reducing safety breakdown time up to 70%,"explains Ondrey Vasek, body shop maintenance manager at KMS. "The body-complete line is easier to maintain and makes our lives easier."  

"It's important to have a risk assessment to start with. After that, you must take lot of time to work through function descriptions and operations instructions. For us, it took lot of time to find solutions for our new safety functions, so they would be safe and productive.”

"In lieu of customer specifications, it's highly advisable to have an internal specification of minimum safety requirements and list the standards chosen to demonstrate compliance. The more engineers that work on a safety project, the more important it is to have a set of design requirements, specifications and templates to ensure everyone is interpreting the standards in the same way.”

"The best thing about machine safety getting automated is that it opens up the world to more engineering creativity, and the standards give engineers the ability to rate, define and validate safety performance for their users."