Multiple safety functions must be performed in most industrial machine and process automation applications, and in these instances, there are many benefits to using a single modular integrated safety controller instead of multiple safety relays.
These controllers provide a high level of fail-safe operation for applications where personnel and machinery require protection. They typically consist of a master unit configured with PC-based programming software. Some master units can be standalone, with a typical controller having eight inputs and two to four independent, programmable dual-channel or single-channel outputs. To add I/O, expansion units can be connected to the master unit using a safety-rated bus or digital communication link.
Expandable Safety
The benefits of using a safety controller start when comparing it to the cost and effort of integrating two or more safety relays. In many cases, a safety controller costs about the same as two to three safety relays and eliminates the integration effort.
Some safety controllers are standalone, but most can be expanded with modules to add significant capabilities (Figure 1). With the proper modules specified, safety controllers can support over 100 inputs, 30 or more safety outputs, and dozens of status outputs. Expansion modules typically include inputs with diagnostics, such as those for encoder and proximity signals; safety outputs with diagnostics; status outputs (signaling only), force-guided safety relay outputs, and connectivity to a variety of fieldbuses.
While some safety relays may include a fieldbus option for monitoring, expansion units in safety controllers permit connection of the master unit to most of the commonly used industrial fieldbus systems. This enables diagnostics, I/O point monitoring and safety output status to be digitally communicated to automation controllers using EtherNet/IP, Modbus TCP, EtherCAT, Profinet, Profibus, CANopen, DeviceNet, CC-Link, Modbus RTU and other protocols.
While this diagnostic information (input and output status) is not suitable for use as a safety output, the status of a safety input or output provides useful information to the automation system and its operator interface, without the need for discrete wiring between the automation and safety controller.
The fieldbus capabilities of safety controllers can save a significant amount of wiring by eliminating the discrete status signals (status outputs) often connected to an automation controller. The fault monitoring capabilities built in to the safety controller can also save on wiring. If any point fails, the safety controller will failsafe and can be programmed to only shut down certain parts of the overall safety system. Cross-fault detection is also built in to some safety controllers, eliminating the possibility of the safety inputs shorting together and causing a single point failure.
There are many sensors and functions used in a safety system to protect persons and machines, and the ability to handle a wide range of safety functions is another benefit of a safety controller. It’s a single, flexible and expandable device for monitoring and controlling many different types of safety devices. This includes optoelectronic sensors such as safety light curtains, laser scanners, magnetic door switches, speed sensors and encoders, two-hand control buttons, mechanical switches found in emergency stop pushbuttons, guard door safety switches, trapped key interlock switches, safety mats and more.
Programmable Safety Benefits
Whether it is used for managing all the safety functions of a single machine or in an entire plant, the programmable features in a safety controller can scan multiple safety sensor inputs to create multi-zone and multi-function safety systems. The software in these safety controllers can be used to create complex safety functionality using logical safety blocks such as safety guard lock, muting, timer and counter.
The software allows configuring, programming, simulation and monitoring of the safety system using a simple and intuitive graphical interface (Figure 2). The application safety software is used to configure logic diagrams of the connections between the master unit and the expansion modules, as well as the safety sensor inputs and safety and status outputs. This configuration is performed offline on a PC and downloaded to the master unit.
Some safety controller programming uses ladder logic and predefined function blocks. Other controllers are programmed by creating function block diagrams using a graphical drag-and-drop interface. Editing block I/O and function block operators, and connecting terminals between blocks, is done by simply selecting objects or terminals and dragging each to make graphical connections.
A completed safety program must be validated and tested. Some controllers provide rules-based guidance and safety reports to help define the system and programming, which helps with validation. After validating and downloading the program to the safety controller, and connecting all the safety devices in the field, the system must be tested to verify correct operation.
As with any safety system, testing is performed by the programmer, engineer or technician according to a test plan that defines how to force the change of status of each safety device connected to the controller, and then checking that the status of the outputs change as expected. This test must be performed for each safety component in both its on- and off-state.
When selected and configured correctly, a safety controller is often the best solution, particularly as complexity and the required number of safety relays increases. Care must be taken when configuring and testing the controller, but programming software provides a number of functions to aid in the performance of these tasks.
Larry Reynolds is the product engineer for sensor and safety products at AutomationDirect. He has more than 30 years of experience with machine sensor and safety devices used in packaging, assembly, material handling and process control applications. Prior to joining AutomationDirect in 2014, he was a system integrator and project manager for many years, working for various firms. Larry holds a PMP certification and a Functional Safety Engineer Certificate (TÜV Rheinland #15983/ 18, Machinery).