Catalogs > Safety Products Catalog > Principles, Standards and Implementation > Protective Measures and Complementary Equipment
Protective Measures and Complementary Equipment
| Introduction |  |
Preventing Access | |
Detection Devices | |
Safety Switches | |
Guard Locking Switches | |
| Non-Contact Interlock Switches | |
Hinge Switches | |
Position (Limit Switch) Interlocks | |
Trapped Key Interlocks | |
Operator Interface Devices | |
| Logic Devices | |
Integrated Safety Controllers | |
Safety Networks | |
Output Devices | |
Connection Systems | |
Stop Function
In the U.S., Canada, Europe, and at the international level, harmonization of standards exist with regard to the descriptions of stop categories for machines or manufacturing systems.
NOTE: these categories are different to the categories from EN 954-1 (ISO 13849-1). See standards NFPA79 and IEC/EN60204-1 for further details. Stops fall into three categories:
- Category 0 is stopping by immediate removal of power to the machine actuators. This is considered an uncontrolled stop. With power removed, braking action requiring power will not be effective. This will allow motors to free spin and coast to a stop over an extended period of time. In other cases, material may be dropped by machine holding fixtures, which require power to hold the material. Mechanical stopping means, not requiring power, may also be a used with a category 0 stop. The category 0 stop takes priority over category 1 or category 2 stops.
- Category 1 is a controlled stop with power available to the machine actuators to achieve the stop. Power is then removed from the actuators when the stop is achieved. This category of stop allows powered braking to quickly stop hazardous motion, and then power can be removed from the actuators.
- Category 2 is a controlled stop with power left available to the machine actuators. A normal production stop is considered a category 2 stop.
These stop categories must be applied to each stop function, where the stop function is the action taken by the safety related parts of the control system in response to an input, category 0 or 1 should be used. Stop functions must override related start functions. The selection of the stop category for each stop function must be determined by a risk assessment.
Emergency Stop Function
The emergency stop function must operate as either a category 0 or category 1 stop, as determined by a risk assessment. It must be initiated by a single human action. When executed, it must override all other functions and machine operating modes. The objective is to remove power as quickly as possible without creating additional hazards.
Until recently, hardwired electro-mechanical components were required for e-stop circuits. Recent changes to standards such as IEC 60204-1 and NFPA 79 mean that safety PLCs and other forms of electronic logic meeting the requirements of standards like IEC61508, can be used in the e-stop circuit.
Emergency Stop Devices
Wherever there is a danger of an operator getting into trouble on a machine there must be a facility for fast access to an emergency stop device. The e-stop device must be continuously operable and readily available. Operator panels should contain at least one e-stop device. Additional e-stop devices may be used at other locations as needed. E-Stop devices come in various forms. Pushbutton switches and cable pull switches are examples of the more popular type devices. When the e-stop device is actuated, it must latch in and it must not be possible to generate the stop command without latching in. The resetting of the emergency stop device must not cause a hazardous situation. A separate and deliberate action must be used to re-start the machine.
For further information on e-stop devices, read ISO/EN13850, IEC 60947-5-5, NFPA79 and IEC60204-1, AS4024.1, Z432-94.
Emergency Stop Buttons
Emergency stop devices are considered complimentary safeguarding equipment. They are not considered primary safeguarding devices because they do not prevent access to a hazard nor do they detect access to a hazard.
The usual way of providing this is in the form of a red-colored mushroom-headed push button on a yellow background which the operator strikes in the event of an emergency (see Figure 79). They must be strategically placed in sufficient quantity around the machine to ensure that there is always one in reach at a hazard point.
|
| Figure 79: E-Stop Push Button—Red Colored Mushroom Head on a Yellow Background |
E-Stop buttons must be readily accessible and must be available in all modes of machine operation. When a pushbutton is used as an e-stop device, it must be a mushroom (or palm operated) shaped, red colored, with a yellow background. When the button is pressed, the contacts must change state at the same time the button latches in the depressed position.
One of the latest technologies to be applied to e-stops is a self-monitoring technique. An additional contact is added to the back e-stop that monitors whether the back of the panel components are still present. This is known as a self-monitoring contact block. It consists of a spring actuated contact that closes when the contact block is snapped into place onto the panel. Figure 80 shows the self-monitoring contact connected in series with one of the direct opening safety contacts.
|
| Figure 80: Self-Monitoring Contacts on E-Stop |
Cable Pull Switches
For machinery such as conveyors, it is often more convenient and effective to use a cable pull device along the hazard area (as shown in Figure 81) as the emergency stop device. These devices use a steel wire rope connected to latching pull switches so that pulling on the rope in any direction at any point along its length will trip the switch and cut off the machine power.
|
| Figure 81: Cable Pull Switches |
The cable pull switches must detect both a pull on the cable as well as when the cable goes slack. Slack detection ensures that the cable is not cut and is ready for use.
Cable distance affects performance of the switch. For short distances, the safety switch is mounted on one end and a tension spring mounted at the other. For longer distances, a safety switch must be mounted at both ends of the cable to ensure that a single action by the operator initiates a stop command.
The required cable pull force should not exceed 200 N (45 lb) or a distance of 400 mm (15.75 in.) at a position centered between two cable supports.
Two-Hand Controls
The use of two-hand controls (also referred to as bi-manual controls) is a common method of preventing access while a machine is in a dangerous condition. Two controls must be operated concurrently (within 0.5 s of each other) to start the machine. This ensures that both hands of the operator are occupied in a safe position (i.e., at the controls) and therefore cannot be in the hazard area. The controls must be operated continuously during the hazardous conditions. Machine operation must cease when either of the controls are released, if one control is released, the other control must also be released before the machine can be restarted.
A two-hand control system depends heavily on the integrity of its control and monitoring system to detect any faults, so it is important that this aspect is designed to the correct specification. Performance of the two-hand safety system is characterized into Types by ISO 13851 (EN 574) as shown and they are related to the Categories from ISO 13849-1. The types most commonly used for machinery safety are IIIB and IIIC. Table 4.1 shows the relationship of the types to the categories of safety performance.
| Requirements | Types | ||||
| I | II | III | |||
| A | B | C | |||
| Synchronous actuation | X | X | X | ||
| Use of Category 1 (from ISO 13849-1) |
X | X | |||
| Use of Category 3 (from ISO 13849-1) |
X | X | |||
| Use of Category 4 (from ISO 13849-1) |
X | ||||
| Table 3: Two-Hand Control Types and Categories | |||||
The physical design spacing should prevent improper operation (e.g., by hand and elbow). This can be accomplished by distance or shields as the examples shown in Figure 82.
|
| Figure 82: Separation of Two hand Controls |
The machine should not go from one cycle to another without the releasing and pressing of both buttons. This prevents the possibility of both buttons being blocked, leaving the machine running continuously. Releasing of either button must cause the machine to stop.
The use of two-hand control should be considered with caution as it usually leaves some form of risk exposed. The two-hand control only protects the person using them. The protected operator must be able to observe all access to the hazard, as other personnel may not be protected.
ISO 13851 (EN574) provides additional guidance on two-hand control.
Enabling Devices
Enabling devices are controls that allow an operator to enter a hazard area with the hazard running only while the operator is holding the enabling device in the actuated position. Enabling devices use either two-position or three position types of switches. Two position types are off when the actuator is not operated, and are on when the actuator is operated. Three position switches are off when not actuated (position 1), on when held in the center position (position 2) and off when the actuator is operated past the mid position (position 3). In addition, when returning from position 3 to 1, the output circuit must not close when passing through position 2. This concept is shown in Figure 83.
|
| Figure 83: Three-Position Enabling Switch Operation |
Enabling devices must be used in conjunction with other safety related function. A typical example is placing the motion is a controlled slow mode. Once in slow mode, an operator can enter the hazard area holding the enabling device.
When using an enabling device, a signal must indicate that the enabling device is active.