Safety equipment for pallet circulation systems
Pallets loaded with molds, reinforcing steel and concrete weighing several tons are moving through the extensive factory building. Case of emergency, all systems must come to a complete halt within a split second. This ultra-quick response can save human lives. In this article, Unitechnik Cieplik & Poppek AG compares various safety designs to outline strengths and weaknesses of each system.
Requirements on safety equipment
A precast plant imposes demanding requirements on safety technology. Such a production line includes fully automatic work areas, such as shuttering robots and curing chambers, semi-automatic units like the concrete spreader or the turning unit, and manual work stations, for example to insert embedded parts. High loads are transported, part of them suspended.
The automatic area is usually blocked off by a solid fence. Access doors must be scanned via a safety limit switch. If such a door is opened in automatic mode, the corresponding automatic area is switched off. Care must be taken to ensure that the conveying route of the pallets also prevents any access to the automatic work area. This is where light barriers are often used.
The manual area does not require any blocking-off. The operator must allow pallet movements by pressing a button. Emergency stop buttons enable the fast turn-off of the entire line.
In semi-automatic areas, such as the turning unit, the installation of a solid fence is often impracticable. Manual and automatic work steps alternate. One option to erect a temporary “fence” is to use a light curtain. This system can be activated prior to initiating an automatic work step.
The safety systems of such a production line must meet two key requirements:
1. Short response time: In the case of machinery that is moving quickly, a split second can make the difference between life and death.
2. Reliability: An electrical or mechanical fault must not result in a failure of the safety function.
The basic principle of redundancy
To meet this requirement, safety equipment must generally be designed in a redundant layout. For example, an emergency stop button always includes two normally closed contacts. It is very unlikely that both contacts remain closed at the same time. All safety devices always analyze both signals and compare them to each other. When a deviation occurs, the safety system is no longer “safe”, which is why the unit or the entire line is switched off. Yet not only contacts and wiring are redundant – this principle is also applied to the evaluation units, which are always equipped with two relays or two processors that monitor each other. In a switch cabinet or control unit, safety components can be identified by their glaring yellow color.
Configuration of safety systems
In complex production lines, safety systems are divided into several circuits. One of them is the emergency stop circuit including large, big red emergency stop buttons fitted over the system, which can be used to turn off the entire line in the case of an emergency.
Additional safety circuits are installed for each automatic and semi-automatic area. Each of these circuits includes the safety limit switches, light barriers and light curtains that prevent access to the respective area. When one of these switching elements is used, only the relevant part of the production line will be switched off. If, for example, an operator opens the door to the shuttering robot, there is no logical reason to stop the storage and retrieval unit in front of the curing chamber.
Design with safety relays
The requirements referred to above can be met by a wide range of technical options. The “classic” design includes the use of safety relays. Most of the production lines for which Unitechnik supplied the automation systems were designed in this way. By way of example, the emergency stop circuit has the following layout: The safety contacts of the emergency stop buttons are connected in series (see Fig. 1). Since each emergency stop button has two contacts, this arrangement results in two separate channels. In an ideal setting, these channels should run through different cables. The terminal ends of these two channels are connected to a safety relay, e.g. Moeller ESR4-NO. If one or both channels are interrupted by pushing an emergency stop button, a switching contact turns off the main contactor. This turn-off response is fed back to the safety relay via an auxiliary contact. Beyond its trigger feature, the safety relay also has a monitoring function. If the safety relay detects a different response time of both channels, or if only one channel is triggered, the system cannot be switched on again. The safety relay unit itself is composed of two relays that monitor each other.
Advantages
» Low component cost
» Easy to handle for maintenance
» High degree of transparency for on-site troubleshooting.
Disadvantages
» High amount of wiring
» Lack of flexibility in terms of retrofitting safety equipment
» Lack of flexibility when it comes to modifying the layout of safety areas
» No remote maintenance access.
Design with a dedicated programmable safety controller
In contrast to the conventional safety equipment described above, emergency stop buttons and safety switches are wired through a safe field bus system, such as the Pilz SafetyBUS p system. Safe input modules are arranged in a distributed pattern for the feed of input signals – again in a two-channel arrangement. The safe, multi-channel bus system serves to transmit the signals to the programmable safety controller, for example the PSS system supplied by Pilz (see Fig. 2). At this stage, all safety functions can be freely programmed using a statement list, ladder or logic diagram. Outputs can either be located directly at the controller or arranged in a distributed pattern. The safety system is continuously monitoring itself using redundant processors and a permanent diagnostic function. Both bus system and controller are completely separated from the remaining control system components.
Safety switches or similar components are very easy to retrofit. The only component to be added to the nearest terminal box or the nearest control point is a safe local input module. Additional wiring must be installed only between the input module and the switch. There are no implications on the other wiring arrangements. Unitechnik installed several of these systems already, and has always been very satisfied with both handling and functionality.
Advantages
» Low amount of wiring
» Separate systems for safety and production line functions
» High flexibility to implement changes.
Disadvantages
» High component prices (compared to safety relays)
» More complex due to two controller systems
» Wiring of two bus systems.
Design with integrated safety controller
The conventional principle of separating safety equipment and production line controls has been overcome by the Safety Integrated System offered by Siemens. When selecting a fail-safe CPU, such as S7-400F, all safety and control functions can be integrated in one and the same PLC system. Siemens meets the safety requirements on the transmission of signals by offering the Profisafe profile. This profile makes it possible to use the ProfiBUS and Profinet systems for safety-driven functions. As a result, a single bus system can be used for both control and safety equipment (see Fig. 3). Profisafe monitors the safety-driven data interchange via the standard bus in such a way that even the highest safety requirements for the process and manufacturing industry (up to category 4 according to the EN 954-1 standard) are met without having to resort to a multi-channel arrangement. In turn, safe input modules located at the periphery of the system ensure the safe two-channel connection of safety devices.
Advantages
» Very low amount of wiring
» Easy handling and programming (single system)
» High flexibility to implement changes
» End-to-end remote access.
Disadvantage
» Very expensive CPU (about three times the amount compared to a standard CPU).
Cost efficiency:
When considering the cost of the initial precast plant installation, the conventional system including safety relays is the solution with the highest cost efficiency. The installation cost savings achieved with the other systems do not outweigh the additional costs incurred by the electrical components. The larger the systems, and the higher their complexity, the smaller this difference becomes.
A different scenario might result if plant operation and future changes were also considered. New safety systems would be easier to retrofit if bus solutions were used. Safety zones can be modified more quickly when using programmable systems.
A quick glance at industrial practice – Unitechnik has automated almost 200 precast plants in the past 20 years – reveals that changes to safety systems and zones are usually implemented only if the plant or production line is extended. These modifications generally require the installation of new conveying systems, the addition of new control stations and the erection of protective fencing. Given this situation, changes to the safety equipment will hardly be noticeable.
Conclusion
Programmable safety systems that enable the link via a field bus are very flexible but still relatively expensive. With a view to the requirements of a precast plant, the design with safety relays will usually be the more economical solution.
Wolfgang Cieplik
Address/Anschrift
Unitechnik
Cieplik & Poppek AG
Fritz-Kotz-Straße 14
51674 Wiehl/Germany
Tel.: +49 2261 987 208
Fax: +49 2261 987 510
wolfgang.cieplik@unitechnik.com
www.unitechnik.com