Software Programmable Controller Advances Machine Safety

Summary

Regulators throughout the world require employers to protect workers from exposure to moving machinery and equipment parts. Whether it’s exposure to manufacturing machine pinch points, robot applications, rotating machine parts or reciprocating machine motions, workers must be protected.

Controlling machine safety begins with sensors. Today, common applications like material handling, packaging, palletizing, robotic welding and work cells use a variety of protective systems: light curtain controls, pressure-sensitive mats, safety camera sensors, safety radar sensors, distance sensors, light beam sensors and limit switches, to name a few. These safety and protection systems use a variety of both safety-rated and standard sensors such as lidar scanners, safe 3-D cameras, light curtains, door interlocks, monitor switches and pushbuttons as inputs to a functional safety relay or a safety controller for evaluation.

Safety-rated sensors don’t stand alone; they must be used in conjunction with a safety-rated evaluation unit with safe-rated outputs for control. Software-programmable safety controllers, like the new Flexi Compact Safety Controller from SICK, provides a range of benefits over traditional evaluation units, including a modular hardware platform, forward-looking technologies and end-to-end data availability.
 

EMSS and OSSD sensors

A safety relay is the typical evaluation unit for switching safety-related circuits on and off for simple electro-mechanical switch/safety switch (EMSS) sensor types. An output signal switching device (OSSD) is an electronic device used as part of the safety system of a machine. It provides a coded signal, which signals the machine to shut down when interrupted due to a safety event. It works by converting the standard direct current (dc) supply, usually 24 volts, into two pulsed and out-of-phase signals to avoid the possibility of a stray signal keeping the machine operating while actually in an unsafe condition.

An OSSD usually acts as the interface of a sensor (such as a light curtain), designed to signal a safety-related event (such as when the light curtain beam is “broken”). OSSD signals are the outputs from the protective device to a safety relay (or controller). OSSD outputs are typically semiconductor or transistor outputs, as opposed to relay or contact type outputs, and they usually have two independent channels.

“Safety-rated sensors with OSSD or EMSS output types are compatible with the Flexi Compact Safety Controller,” said Jay Johnson, market product manager III, Safety Controllers and Relays, SICK. “The controller also can provide test pulses to be used with EMSS sensors, which raises the integrity. Standard sensors (non-safety rated) can also be used with the Flexi Compact. In certain cases, using two non-safety-rated sensors can provide the same or even higher performance or safety integrity level (SIL) than a single safety-rated sensor.”
 

What does ‘safety rated’ mean?

Johnson explained the Flexi Compact functional safety controller has a performance level E(PLe) rating defined by ISO 13849, the highest available. “When designing safety systems, engineers determine the required PL based on the risk assessment for a specific application. Factors considered include severity of potential harm, exposure time and the possibility of avoiding hazards,” he said.

ISO 13849-1:2015 provides safety requirements and guidance on the principles for the design and integration of safety-related parts of control systems (SRP/CS), including the design of software. For these SRP/CS, it specifies characteristics that include the PL required for carrying out safety functions. Being a globally harmonized standard, it is accepted worldwide in designing the safety-related machine control system parts. Understanding the theory behind ISO 13849 and implementing the standard can be challenging, but doing so is critical to achieving functional safety.
 

Safety-rated evaluation

Safety controllers must fail safe—default to a safe state—to minimize injury to workers and damage to equipment in the event of a potentially harmful circumstance. “Flexi Compact uses fail-safe principles to ensure that the evaluation of sensors and the appropriate control of outputs meet defined safety standards,” explained Johnson. “For example, if a light curtain senses when a person’s hand passes into a protected zone of a machine, the safety controller must evaluate the sensor state, and within a consistent response time must disable the potential harm, such as stopping a robot from moving.”

Johnson described the safety controller as modular and flexible in system configuration. Users only need to acquire exactly what they will use. “There are choices for the main CPU unit, and expansion modules for input/output (I/O) and fieldbus communication gateways,” he said.

SICK’s free Safety Designer is used to configure and program the Flexi Compact. Users don’t need to be coders to use the intuitive graphical programming software. In addition, the safety controller has a small footprint with slim DIN-rail mountable modules, which makes installation convenient. The spring-loaded terminal blocks require no tooling to install ferruled wires. The terminal blocks are easily removed from the modules without the need for tools.

SICK offers a generous number of variants for the Flexi Compact Safety Controller. In this context, variants refer to options. For example, users can select a CPU with onboard Modbus TCP/IP communication or only use the USB programming port. Both variants have 32 I/O. Expansion I/O modules are available with eight safety-rated inputs and eight test pulses, or with eight safety inputs and eight safety outputs. “The test pulse outputs can also be configured as non-safe outputs to be used for diagnostic annunciation such as a light indicator. Up to 116 safe inputs and 100 safe outputs total are possible,” explained Johnson.

“If status and/or diagnostic communications are required,” Johnson added, “fieldbus gateways are available including EtherCAT, CANopen and PROFINET. These have a handy thin-film transistor (TFT) LCD interface for easy setup to the network. The Modbus port on the CPUC200 can be used for communication with EtherNet/IP.”

Configuring the Flexi Compact safety controller

Free and available to download from the SICK website, Safety Designer configuration software is a multilingual Windows-based tool that uses an intuitive drag-and-drop principal for both traditional programmers and for engineers and technicians who don’t specialize in coding, according to Johnson. “This environment is used for hardware configuration, network definition and routing, logic programming and simulation testing,” he explained. “In addition, Safety Designer creates a bill of materials and wiring plan based on the configuration entered.”

Safety Designer assembles a safety check sum for each verified deployment that can be used to ensure the program’s integrity is maintained, which is extremely critical to safety projects. A built-in data recorder allows users to track signal timing and events for help during the programming phase and during runtime for troubleshooting.

Implementing a safety network

Systems integrators and machine builders have many choices for data communications so a safety controller must be both robust and network-flexible. The Flexi Compact Safety Controller includes SICK’s Safety-over-EtherCAT backplane bus for efficient data exchange. “Functional safety over EtherCAT (FSoE) is an extension of the EtherCAT fieldbus that uses a ‘black channel’ approach to integrating safe and non-safe data in a single communication system,” Johnson explained. “This results in a great architecture for passing data between the CPU and various modules in the system. Using the black channel design makes it straightforward to create interfaces with other real-time networks because it’s fast, flexible and reliable.”

Flexi Compact also features data communication using common fieldbus systems. Fieldbus prevalence depends greatly on geographical region and on the industry. “In North America, EtherNet/IP is the most common network for factory automation,” Johnson said. “CANopen dominates the mobile robot space; logistics is a mix of all fieldbuses. If the system will be used in Europe, the odds of it being PROFINET or EtherCAT are strong in factories, but mobile machines are consistent with CANopen.”

SICK’s Flexi Loop system provides fast production startup, increased machine availability and the extended functionality of a safe series connection. The network enables users to increase productivity and efficiency throughout the machine lifecycle. “Flexi Loop implements a propriety safe network that allows users to cascade up to 32 safety sensors and yet consume only a single pair of safe inputs on the controller and achieve the highest PLe rating.” Johnson explained. “The sensors can be a mix of OSSD and EMSS types and can be from SICK or any other supplier. The beauty is that the individual status of each sensor can be read by Flexi Compact and used to notify the machine operator exactly which device opened the string.”

Johnson added that the capability to read and control non-safe I/O to each node on the network is also available. “For example, if you have an E-stop/reset button station and you want to illuminate that reset button to indicate to the operator a reset is needed, the light can be controlled through Flexi Loop,” he said.

Adding sensors into an existing E-stop string is also possible. In addition, Flexi Loop can be evaluated by a single safety relay like the SICK ReLy LOOP100, according to Johnson. “No controller or programming is needed, and you can still see which switch in the cascade tripped by adding the DIAG node, which gives a visual LED status for each sensor in the loop,” he said.

Flexi Loop can simplify programming and setup for machine builders. “Cable quantity and management are greatly reduced, saving cost in both materials and labor,” said Johnson. “In addition, controller input is limited to a single pair, therefore expense and space are reduced.”

Johnson also explained that by using Safety Designer software, the individual status of each sensor can be read and easily annunciated locally at the controller with discrete I/O or routed over a fieldbus network. “Safety Designer also has extensive diagnostic and historical event features that help during commissioning and troubleshooting, resulting in higher production time,” he said.
 

Looking ahead

As previously mentioned, extended functions such as safe series connection with Flexi Loop increase productivity and efficiency throughout the machine lifecycle. “Change is inevitable, and we will certainly see new technologies in safety going forward,” Johnson said. “One area in particular is communications where proprietary networks will be released to the public, and new safety-rated networks will enter the market.

"Flexi Compact’s architecture is based on future-proof elements that allow inclusion of new technology to be added to the family allowing upgrades and evolution for many years to come. The benefit for our customer is peace of mind that they can standardize on SICK now and in the future.”

Flexi Compact Safety Controller features and benefits

Features:

• Software-programmable safety controller with modular hardware platform.
• High performance Safety over EtherCAT backplane bus.
• User-friendly housing in a slim design.
• Intuitive Safety Designer configuration software.
• Data communication in common fieldbus systems.
• Safe series connection with Flexi Loop.

Benefits

• Usability is optimized by time-saving planning of the safety application and easy commissioning.
• Efficiency is increased because it enables higher productivity thanks to fast production startup, short response times and comprehensive diagnostic options for efficient machine and system operation.
• Guaranteed future-proof because of flexible solutions with modular hardware, forward-looking technologies and end-to-end data availability.