An Introduction to Functional Safety Systems
May 17, 2022
In this latest installment of Allied’s Ask the Expert Series, Noah Greene, a product marketing specialist at Phoenix Contact, provides an introduction to functional safety systems. He addresses how functional safety differs from safety of the intended functionality (SOTIF), introduces the three core components of functional safety systems, shares three key characteristics of effective functional safety systems and introduces Phoenix Contact’s PSRmodular configurable safety system.
Hi, Noah. How did you come to work in machine safety and process safety, and what do you find most interesting about this segment of the electronics industry?
I graduated high school in 2016 and secured a position as a mechatronics technician apprentice at Phoenix Contact. That four-year apprenticeship program provided me with 8,000 hours of education and on-the-job training focused on three key manufacturing processes: automation and control, test and measurement, and safety. During my training, I learned how to operate manufacturing equipment and machinery, how to monitor and analyze equipment performance and how to optimize machine performance for efficient production. I worked with machine builders and manufacturing engineers to better understand machine enhancements, improvements and development processes, and I helped more experienced mechatronics technicians troubleshoot, maintain and repair automatic and semi-automatic equipment, including mechanical and pneumatic systems, PLCs and PC-based control systems. I also learned how to identify controller and I/O faults, diagnose specific causes, identify defective parts, debug control programs and restore system functionality in a timely manner, as well as how to program a PLC and design test systems for DIN rail assemblies.
Due to the rotating nature of the apprenticeship program, I got to experience the safety segment from both a technician’s and an operator’s perspective, which was interesting. On the technician side, safety measures are sometimes viewed as a hindrance or an afterthought — something that adds steps and gets in the way of efficient processes. While on the operator side, safety measures are viewed as essential elements for effectively protecting operators, equipment and machines from harm, as well as for maintaining productivity. I really liked the idea of problem solving in terms of both keeping personnel and equipment safe and proactively responding to technicians’ concerns to shift their perspective. So, when a product marketing position opened in the safety department, I leapt at and landed the opportunity.
What is unique about functional safety equipment?
Understanding how functional safety equipment differs from more traditional safety equipment also has to do with the different perspectives that technicians and operators often approach safety from. Technicians on the production floor largely experience safety in terms of emergency stops, light curtains, hand switches, safety doors, safety mats and other solutions designed to protect people from potential hazards caused by systems without a fault. This type of safety equipment falls under the safety of the intended functionality (SOTIF) umbrella and includes safety measures that automatically stop machines from running when someone enters a hazardous area designated for machine operation, such as within the extent of a robotic arm’s range. Functional safety, on the other hand, has more to do with advanced safety functions. Although functional safety equipment can be used to monitor classic safety functions, like emergency stop signals, safety door locks, light grids and safety shut-off mats, its real benefit lies in monitoring motor speed, direction and downtime and supporting secure analog value monitoring. In addition, while functional safety equipment is widely used on factory floors — and especially in machine building applications — it is also used in oil and gas processing, green energy production and even automotive applications.
To be more specific, functional safety equipment is a component of machine control systems and is designed to automatically prevent dangerous failures caused by faults in the system, or even unintended use or misuse, and to automatically control them when they occur.
As such, functional safety equipment relies on the proper operation of safety-related control systems and other risk reduction measures and is closely related to process safety equipment, which manages the integrity of operating systems and processes that handle hazardous materials and energy. But functional safety measures are mandatory per IEC 61508, while most process safety guidelines are based on Energy Institute guidance rather than a mandate.
You mentioned automatic operation as a defining feature of functional safety equipment. Do you think that the demand for functional safety equipment is increasing as more manufacturers embrace smart factories equipped with advanced automation, connectivity and data exchange technologies?
Functional safety equipment factors into predictive maintenance in a big way, and predictive maintenance is a defining feature of automated facilities equipped with robust IIoT networks and remote monitoring capabilities. In automated facilities, more machines are operated by programs than by people, so remote monitoring capabilities and in-depth diagnostics are critical. When connected to IIoT networks, functional safety equipment can support both local and remote monitoring, communicating faults via standard protocols including PROFINET and Ethernet/IP and enabling facility operators to identify common faults and implement effective solutions.
Which devices would you define as the requisite building blocks of functional safety equipment?
The three core components of functional safety systems are inputs, including door switches, level sensors and safety mats; logic, including safety controllers and relays; and outputs, including motor starters and standard digital outputs that control things like pneumatic solenoid valves. If any one of these three components isn’t safe, then you don’t have a safe system.
For instance, inputs need to provide maximum protection against manipulation and the highest level of safety in accordance with EN ISO 13849 and EN ISO 14119. Safety logic devices need to ensure safe operation because they monitor inputs and outputs, detect errors and control the operation of functional safety equipment ranging from simple, single-function solutions like emergency stop safety relays to distributed control systems that support entire automated facilities. And motor starters need to ensure safe operation because they control machine function. As such, hybrid motor starters with a level three safety integrity level rating (SIL 3) are prevalent in functional safety systems. SIL 3 hybrid motor starters enable the streamlined integration of emergency stop circuitry for three-phase motors up to five horsepower, which eliminates the need for a redundant contactor and the associated interlocking wiring, along with those additional potential points of failure, and can reduce space requirements and wiring time by up to 75%.
When people think about machine safety, they often think about protecting operators and equipment from harm. But effective machine safety also results in increased productivity, uptime and profitability. So, what seemingly good intentions aimed at improving machine safety can inadvertently result in limiting machines’ production flexibility and how can facility managers avoid them?
If you want to design a safety system that effectively protects personnel and equipment from harm and maximizes productivity, uptime and profitability, you have to use SIL-rated or performance level (PLe) parts. Using simple relays for safety functions can kind of serve the same purpose, but simple relays don’t provide the same reliability and predictability as safety relays. They can provide some cost savings, but at the expense of safety certainty and, as I mentioned before, if any one element of your safety system isn’t safe, then you don’t have a safe system.
Safety relays have two force-guided contacts that are mechanically linked and designed to always switch together and within a certain amount of time. Any deviation from this standard operation indicates a fault in the system and will cause the system to come to a safe stop. You don’t get that functionality out of a standard relay. So, while simple relays can save some money on the front end, they can result in unplanned downtime and decreased productivity and profitability on the back end. Plus, simple relays with coils and contacts aren’t compatible with the high-level communications protocols, control systems, gateways and IIoT networks increasingly used for advanced diagnostics and remote monitoring and control. And while the simplest safety systems may not have a real need for diagnostic data, larger machines that make products to go to market need safety control systems capable of capturing data points that indicate how well the machine is running — such as productivity, uptime and how often it stops for various reasons — and allow manufacturers to adjust the unit price and lead-time accordingly.
Configurable, user-friendly solutions are also key to creating safe, productive and profitable safety systems. Selecting components that are challenging or time-consuming to install and can’t be easily and economically reconfigured to support modified or expanded production lines can end up increasing downtime and operating costs as well.
What are the top three key characteristics of effective functional safety solutions?
The top three characteristics of effective functional safety solutions are high scalability, simple handling and detailed diagnostics. Highly scalable functional safety solutions are extensively adaptable, which allows customers to quickly, easily and economically retool or expand as needed using off-the-shelf products readily available through distribution to create semi-custom solutions optimized for virtually any application. Modular, configurable functional safety equipment makes it quick, easy and intuitive to add more safety doors, safety mats and motor starters to the system and get them online, minimizing installation costs and hours, or even days, of lost production time.
Modular, scalable solutions also facilitate simple handling, enabling proper installation without expert installers and reducing installation time, machine downtime and the costs associated with each. In addition, hardware and software solutions that make it quick and easy for people to understand the installation and implementation processes actively encourage installers to complete both processes rather than install and activate to the minimum requirements and deal with the rest later — a not uncommon scenario that mitigates safety efficacy from the very outset.
Detailed diagnostics are another critical characteristic of functional safety solutions. Comprehensive and easy-to-understand diagnostics allow engineers and production managers to monitor and evaluate safety systems in real-time, take action to correct faults or optimize performance while minimizing any equipment downtime and track the efficacy of their actions. They also support remote monitoring and control, which is key for automated production facilities.
What unique value does Phoenix Contact’s PSRmodular configurable safety system provide compared to competing solutions?
Phoenix Contact’s PSRmodular family is super flexible and, as such, ideal for implementing functional safety in applications with up to 160 I/Os and safety ratings up to PL e or SIL 3. The base modules can function as standalone solutions in simple systems since they have their own local I/O. In systems like these, with just a few safety inputs, e-stops and light curtains, a single PSRmodular base module is all it would take to link your core components — inputs, logic and outputs — and achieve functional safety.
To accommodate more complex systems with more e-stops, light curtains and motors, the PSRmodular family offers an extensive range of expansion modules that are quick and easy to install, clicking right into the system to provide an economical approach to custom solutions. These analog, motion and extension modules use backplane connectors to communicate with the base module, which eliminates wiring processes, further simplifies installation, saves time and money and increases reliability. They are also available with push-in terminals instead of screw terminals, and the push-in versions allow users to simply shove the wire into the terminal to make a connection — no tools or installation experience required.
PSRmodular expansion modules are super skinny as well, just 22.5mm wide, which saves a bunch of space in the cabinet and is especially convenient for systems with a variety of safety functions. Another advantage is that they’re quick and easy to configure using Phoenix Contact’s free, downloadable PSRmodular software. The software is based on pre-configured TÜV-certified function blocks that eliminate programming language requirements in favor of straightforward, graphical selections that allow users to implement safety logic programs with intuitive drag-and-drop actions. The software also allows users to simulate the entire system without operating the system’s hardware and access detailed diagnostics to validate system safety. In addition, when paired with gateways, the PSRmodular safety system supports bidirectional communication using all common bus protocols.
The PSRmodular safety system currently offers two configurable base modules — the PSR-M-B1 and the PSR-M-B2 — available with push-in terminals or screw contacts and an extensive range of safety extension modules. The PSR-M-B1 base module has eight safe inputs and two safe outputs both comprised of redundant pairs that automatically switch together and cannot be split apart. The PSR-M-B2 base module features eight safe inputs and two safe outputs, but it allows users to split the redundant outputs into four individual outputs. It also supports twice as many expansions as the PSR-M-B1, and offers analog safety modules, more internal memory and more function blocks, which makes it ideal for use in more complex systems.
Available safety extension modules include a range of simple input modules, as well as speed, zero-speed and direction of sine-cosine, HTL and TTL motor encoders and a range of specialized modules for safety mats and light curtains. The analog modules are rated for 0–10V and 4–20mA, which is standard for analog signals.
Do you have any final thoughts or advice to share about functional safety equipment?
Safety doesn’t have to be an afterthought or to feel like a hindrance. You can optimize equipment for both safety and efficiency, and you don’t have to compromise on one to get the other. And speaking of compromise, cutting safety corners can cut off fingers — or worse. So, if you’re trying to cut costs, consider scalable, modular safety solutions that are easy to install and offer detailed diagnostics. Although these solutions may cost a bit more upfront, with safety relays commanding a slightly higher price than simple relays for instance, they can save you a lot of money on the back end by reducing installation time and machine downtime, enabling predictive maintenance for improved uptime and production efficiency and seamlessly scaling to support new functionalities or facility expansions. Remember: If any single element of your safety system isn’t proven safe, then you don’t have a safe system.
https://www.alliedelec.com/expert/an-introduction-to-functional-safety-systems/