Integrated safety continues to develop more potent solutions, driven by this year's deadline for complying with European safety standards which make it a requirement to calculate the performance level achieved by each safety function in a system.

But the equally important

Integrated Safety Moves Beyond Outlier Status_B

Impact of Safety Standards

"The biggest dynamic for safety systems continues to be standards development with EN/ISO 13849 becoming mandatory this year," says Tim Roback, manager of marketing - Safety Systems for Rockwell Automation. "That standard is fundamentally changing the way the industrial market thinks about safety. It is driving different behavior for the automation supplier, the machine builder and the end user."

EN 954-1 "Safety of Machinery" is a prescriptive standard that explains how to set up a safety system in terms of required component features and wiring configuration. However, EN/ISO 13849, which is scheduled to replace EN 954-1 at the end of this year, includes a reliability component associated with the determination of safety levels. Every component in the safety system consumes a certain amount of the safety budget needed to achieve a required safety level, and also affects the overall reliability of the system.

Machine builders now have a greater burden to calculate the Performance Level (PL) achieved by each safety function. By following this standard, it's possible that if the system is complicated enough, a user can select all Performance Level e- (PLe) rated products and not be able to achieve an overall PLe rating for the system. The reason is because individual components may consume varying amounts of the overall safety budget, and the reliability impact associated with the safety components is cumulative.

"Now you have to be more knowledgeable regarding the design of your safety system and the parameters which affect the Performance Level calculations," says Roback. "Additionally you need to access safety data associated with each component within a safety system."

Understanding these reliability aspects is challenging safety product providers to make sure that data is readily available and up-to-date. Increasingly, the safety market is introducing safety calculators to simplify the calculation process. Some calculators are developed by safety product providers, while others are developed by independent safety agencies and are free to use. Regardless of the calculator used, a critical requirement for the machine builder is that the libraries contain the safety data relevant for the components they intend to use in their systems.

Machine builders who need to comply with EN/ISO 13849-1 will be forced to reevaluate their existing safety systems. Roback says that when they do that, they're also going to learn some things about what they actually need in terms of risk reduction and mitigation.

"I think they'll find that, in some cases, maybe they don't need as much risk mitigation as they originally thought," says Roback. "It's also going to require some flexibility to implement exactly the level of safety they need. The macro trend we see coming is an industry that is becoming more intelligent consumers of safety, and helping drive optimized safety solutions."

One Network, One Controller

An important ongoing trend with networked safety is the combination of failsafe operation and motion control in one controller. In the past, automated systems had a separate controller for motion and another controller for safety, but now all of these functions are often available in a single controller on one network.

With the move to networ

Integrated Safety Moves Beyond Outlier Status_C

"The main impetus behind putting safety on a network is to increase productivity," says John D'Silva, marketing manager - Safety Integrated for Siemens Industry Inc. "The level of diagnostics that is available, for example, has a direct impact on reducing downtime."

"Now with safety networks, a large amount of safety data can be passed over the network in a failsafe way. This facilitates designing complex safety systems and architectures that are easy to implement," says D'Silva.

Another key trend picking up speed is wireless safety. In automotive and aerospace assembly operations, plus warehouses, distribution centers or material handling applications, there is an incentive when it is difficult and expensive to do all of the wiring required to integrate the safety systems. Wireless is the perfect fit for applications because there is a desire to get rid of the wires. And the technology is easier and faster to implement, and uses a minimal amount of floor and cabinet space.

An added feature of wireless safety is mobile safety panels. Estops can be implemented on these panels because the location of the HMI panel has long played a central role in the diagnostic process. To determine the source of a problem, the operator often needed to go physically to the HMI. What the mobile safety panel does, using the wireless connection, is provide the operator with a safety panel in their hands. With the ability to walk around the machine and view diagnostic screens, using switching zone controls to view different parts of the process, the operator can control multiple machines with safety included.

"Wireless is at the cutting-edge of technology for safety systems," says D'Silva. "The feedback we get from customers is that it saves so much in terms of cable and cabling costs. It is great technology for OEMs because normally they would set up a system, test it out, take it apart and then ship it wherever it needed to go. Wireless makes it easier to build and ship systems and helps them with installation and commissioning of systems."

The mobile safety panel is an addition for a complete safety system with a PLC and a safety I/O. Now, the user has a wireless operator panel in their hand and can walk around and make changes from machine to machine.

Wireless safety is quickly moving into automotive and aerospace applications, especially for assembly lines. With final assembly in aerospace, for example, there are long lines for final assembly with a front section, back section and midsection all moving together. People are working on the plane as it moves very slowly. Imagine doing that with wires all around with the different front, mid and back sections of the plane turning nearly 360 degrees.

"Now put a wireless system in and think of what it does for you," says D'Silva. "It changes the entire outlook of the plant in relationship to flexibility and cost effectiveness."

Networked Safety Trends

"The original driver for the safety network was to minimize wiring compared to hardwired systems in the past that required longer runs of wiring. But once you add a network, a more significant driver is access to status or diagnostic information," says Chuck Lukasik, director of the CC-Link Partner Assn.

"If a safety switch or pull chain causes the system to shut down, now it's far easier to find out more information than in the past where components were individually wired. In general, safety networks are really driven by two areas: cost reduction and ease of troubleshooting."

Going a step further, a safety system generally has a lot more going on than the actual safety inputs and other outputs that have to be controlled. Other devices such as indicator lights and devices might feed parts to a robot, for example, but aren't considered part of the safety system.

Increasingly, networks such as CC-Link Safety are able to have these devices on the same network including safety I/O devices as well as non-safety I/Os, so that the controller can perform those additional functions in addition to the safety functions.

"It seems like more people have a desire to incorporate non-safe devices on the same network as the safe devices," says Lukasik. "The reporting aspect is also growing significantly with intelligent devices providing more internal diagnostics."

Later this year, Lukasik says that CC-Link IE Field, which is the industrial Ethernet version of CC-Link, will be adding safety functionality to become the next-generation safety network within the CC-Link family. The current version of CC-Link Safety is an RS485-based network, which is not Ethernet-based technology. This new safety network will operate at gigabit speed on Ethernet, and allow safety devices and non-safety devices on the same network.

"Like CC-Link IE Field, the safety version will feature a standard Ethernet physical layer," says John Wozniak, P.E., automation networking specialist for the CC-Link Partner Assn. "One of the differentiators is the gigabit speed of CC-Link IE Field compared to other networks that typically operate at 100 megabit. As time goes on, the demand for faster networks just keeps marching on."

Another key differentiator is no requirement for the use of additional physical layer hardware such as switches in order to achieve absolute determinism. EtherNet/IP or Profinet networks, for example, typically require use of managed switches for every field device, which adds more hardware to the total system and increases setup complexity.

With CC-Link IE Field devices, such as an I/O block or an HMI, each one has two RJ45 ports. So future devices compatible with the new IE Field Safety will have a specific ASIC built into the device. Connecting additional devices is done in a daisy chain fashion rather than requiring additional network hardware such as Ethernet switches.

Importance of Integrated Diagnostics

"One of the biggest advantages with integrated safety is the integrated diagnostic functionality. In the past, machine and safety controls used to be separate from each other," says Stephan Stricker, product manager for B&R Industrial Automation. "Machine builders were used to working with additional inputs for diagnostics, if they wanted to find out that somebody had pressed an E-stop button, etc. Now, more and more customers are realizing the value of the integrated diagnostics within their safety system because it brings added benefits to the machine."

Stricker says a key trend is that OEMs are starting to rethink their safety automation strategy when they design machines. For them, safety is not a requirement anym

Integrated Safety Moves Beyond Outlier Status_A

"If a person steps into a machine's safety zone, there usually is a neutral area before the person reaches into the really dangerous zone," says Stricker. "In this case the machine can slow down, once the person is in the neutral area, or at least decelerate more slowly rather than come to a complete full stop that would happen in a real emergency situation. That's a huge benefit because these machines require a lot of effort to start them back up from a full stop."

The major issue is not just production downtime, but the effort and manual time required to restart the machine. In most cases, stopping one part of the machine line is affecting the whole production process. With a bottling machine, all of the production in front of the line would also have to stop. It's a whole chain that comes to a complete stop and then needs to be restarted again. Stricker says that these kinds of situations can now be avoided with programmable safety.

One interesting development from B&R Industrial Automation is the ability to change the safety system set-up on-the-fly using an approved certification procedure. In the past, an engineer would need to be available to manually update a machine because an end user couldn't change the safety software on a running machine. "Now we have a software and technology procedure that allows this for customers, and enables them to use a lot of different machine options," says Stricker.

If a machine has different sections that can be assembled or disassembled on a weekly or monthly basis a consistent safety solution can become difficult. The traditional way would be to see each section as an individual safety part. Integrated safety allows you to have one single safety controller that adjusts the safety configuration according to the hardware that is connected. With certified function blocks this can be done through the operator interface. The safety controller will automatically make sure that the connected hardware has the correct safety setup.