Rockwell Automation External LTS Template

Safety Solutions
on Tour
Introduction to
Functional Safety
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
1
Functional Safety Agenda
1. What is Functional Safety
2. Why Modern Safety Systems
3. Key Technologies
4. Summary
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
2
Safety in the Workplace
Functional
Safety
Falling
Electric Shock
Radiation
Temperature
Noise
Crushing
Chemicals
Safety
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
3
Functional Safety Definition
• Random hardware faults, systematic design errors or
human mistakes shall not result in a malfunction of a
safety related system with the potential consequence of:
– Injury or death of humans or
– Hazards to the environment or
– Loss of equipment or production
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
4
Main Goal: Keep People Safe
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
5
What are Hazards on a Machine or Process?
• Physical
– Falling / Moving Objects
– Collisions
– Collapsing Structures
• Chemical
–
–
–
–
–
Explosion
Fire
Toxic Material Release
Wrong mix of chemicals
Radiation
• Electrical
– Flashover and Burns
– Electrocution
– Wrong Connection / Loose Connection
• Mechanical / Process
–
–
–
–
Pinch Points or Entanglement
Abrasion, Grinding, Cutting
Thermal
Pressure Releasing Effects (Bursting Vessels,
Jets of Gas or Liquids)
– Welding Torches, Gases etc.
Hazards are physical objects or chemical substances
that have the potential for causing harm to people,
property or the environment
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
6
If there are hazards ...
there must be Risk Reduction
• Functional safety is based on the concept of Risk Reduction
• A Risk Assessment is performed to quantify the hazards on a machine
• For each hazard, risk is reduced by adding layers of protection
Unprotected
Risk
Risk
Reduction #1
Design Hazard
Out of Machine
Lower
Risk
Risk
Reduction #2
Implement
Safety
Guarding
Risk
Reduction #3
Lower
Risk
Training on Safe
Operating
Procedures
Tolerable
Risk
Layers of Protection
Figure: Example of layered risk reduction
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
7
Define and Quantify Risk
Risk
Consequences
Chances
Frequency
How Bad?
How Likely?
How Often?
TEXT
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
8
Risk – Same Hazard / Different Locations
Identical process incidents pose more risk in a populated area than
in an unpopulated area
+
=
+
=
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
9
Tolerable Risk
•
Practically impossible to drive risk to zero
•
At some point we are willing to accept the amount of
risk posed
•
This point is referred to as tolerable risk
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
10
Risk Estimation
• A common way to quantify the amount of risk to be reduced is to use a Risk
Graph
Consequence of
Unwanted event
Frequency of
Possibility to avoid
Unwanted event unwanted event
Probability of
Unwanted event
Very
Small
Minor injury
Small
Relatively
High
Possible under right
circumstances
Exposure to hazard is rare
Almost Impossible
Serious injury or single death
Start
Possible under right
circumstances
Exposure to hazard is frequent
Almost Impossible
Exposure to hazard is rare
Death of several persons
Exposure to hazard is frequent
Death of many people
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
11
Risk Reduction
Most
Preferred
Design it out
Fixed enclosing guard
Monitoring
Training & supervision
Personal protective
equipment
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
Least
Preferred
12
What is the function of a Safety System?
• The Function of a safety system is to monitor and control
conditions on a machine or process that are hazardous in
themselves or, if no action were taken, may give rise to
hazardous situations
• The Safety System runs in parallel
with the Production System
– Focus of Production System is
throughput
– Focus of Safety System is protection
Control
System
Operating
Equipment
Safety
System
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
13
Safety is a System View ...
Sensors
Main Goals
(e.g. Door Interlock)
Actuator(s)
Sensors
Logic Solver
(e.g. E-Stop)
(e.g. Safety Relay or PLC)
(e.g. Motor)
Actuator(s)
(e.g. clamp)
Sensors
•
•
•
•
•
Improve Safety
Simplify LOTO
Improve MTTR
Increase Machine Availability
Improve Cost of Doing Business
(e.g. Speed Reference)
• Each hazard on a machine will consist of one or more “safety loops” that monitor and
control its supply of energy
– As determined by the risk assessment
• Each safety product must be applied as part of a whole to effectively reduce risk
– Safety is the sum of its parts and safety is only as good as its weakest link
• The complexity of the inputs (sensors) and outputs (actuators) and the flexibility of the
control will determine the type of logic solver
– Stand-alone relay, modular relay or safety PLC
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
14
Key Takeaways
• A safety system is only as effective as it’s weakest link.
– You need to consider all aspects of the system (input, control, output) and how they work
together to meet current safety standards.
• Safety is about assessing the danger presented by machine hazards and designing
solutions to reduce the possibility of a dangerous failure
– Risk reduction with a goal of eliminating the risk or reducing it within reason (tolerable risk)
• You should follow a process for developing, deploying and maintaining safety solutions
– Consider using the Safety Lifecycle as a model
• Your primary goal for safety is to protect employee health and safety while maintaining or
increasing productivity.
• The Government (OSHA, NFPA,Other) is not responsible for safety systems ... You are!
The government will only enforce regulations.
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
17
Questions so far...
 1. What is Safety
 2. Modern Safety Systems
3. Key Technologies
4. Summary
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
18
Why Safety?
•
•
•
•
•
•
Is Safety New? - NO
Is Safety Important? - YES
Who is Responsible? - EVERYONE
Are Safety and Productivity initiatives ever at odds?
Are Safety Systems or Procedures Ever Bypassed?
Are people ever injured in manufacturing machinery
accidents?
• Goals: Integrated Controls Solutions that are
safer AND more productive BY DESIGN.
Safety Thinking is Evolving
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
19
Safety - Continuous Changes
•
•
•
•
New Manufacturing Processes
New Design Processes
New Operating Procedures
New Standards and
Specifications
• New Safety Technologies
• New System Design
Philosophies
Safety Specifications and
Technologies Evolving
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
20
Challenging Conventions
• Consumer Safety Culture –
Expectations of populace – just look at cars!
• Manufacturing Safety Culture
–
–
–
–
–
Safety makes things STOP, not GO
Safety costs $$$!!
Safety by luck - “We are safe” (repeat 1000 times)
Changes introduce risks  NOTHING HAPPENS
Typical approach is REACTIVE
• An injury results in the application of a few
“widgets”
• Incomplete, high variation, inconsistent – not good!
• Manufacturers exposed to increased liability
Safety is not an Accident
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
21
Safety Drivers
• Global Standardization and
Specification
• Costs of non-compliance
– Insurance, OSHA violations, employee
turnover, workers comp., litigation, etc.
• “Soft” measure for Wall St.
– Turnover, “Best Place to Work,”
Insurance costs, Injury Rates
• Rallying point for labor
organization
Safety has a Broad Reach
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
22
Where is Your Company?
• Reactive or Proactive?
• Safety philosophy driven from top
down
– Safety credo, specifications, etc.
• Safety driven from the bottom up
– Safety addressed on a case-by-case basis
(injury by injury!)
• Are formal Risk Assessments being
performed?
• Is safety Designed In or Added On?
What is Your Company Culture?
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
23
Modern Safety Thinking
• It’s a Culture; It’s a Process; It’s a design
Philosophy
• It is a combination of people systems
(procedures) and technologies (components,
circuits)
• It is a systematic approach – Not a
component approach!!!
– Machine Safety is like an anchor chain – only as
strong as the weakest link.
• It is a lifecycle – from system concept,
through Risk Assessment, Design, Build,
Start-Up, Validation, Operations and
Decommissioning
Safety Specifications drive the Safety Lifecycle
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
24
Safety – the Bigger Picture
• Safety Impacts:
– Floor space/Footprint via performance (Safe Distance)
• Big money!!
– Direct Labor Content and Operator Efficiencies
• HUGE money!!
– Ergonomics
– Productivity (System Design considerations)
– Insurance Costs, Cost of Doing Business
– Employee Morale, Company Goodwill, Labor Relations
Safety is Good Business!
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
25
Safety – Do we have a Problem?
• Are Safety Procedures Ever Bypassed?
– Do People take the “Short Cut” to expedite maintenance procedures?
– Is LOTO (Lock Out Tag Out) always followed?
• Are Safety Systems or Technologies ever Bypassed?
– Are people using a “Cheater Key”?
– Note: Some systems are so poorly designed and integrated that maintenance
people are forced to bypass the safety system just to get their jobs done!
?
?
Safety must be Easy and Intuitive
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
26
Safety System Design Concepts
• Passive System Design
– Ensures the easy way is the safe way
• Configurable System Design
– Ensures the necessary functionality to
accommodate maintenance procedures without
bypassing the safety system.
– This approach will help to limit exposure to
hazards while expediting maintenance procedures
and reducing MTTR.
• Lockable Safety Systems
Easy, Intuitive and Secure
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
27
Safety Application - Perimeter Guarding Example
• Application of safety technology based upon the Risk Assessment.
– Cross functional team including Operators, Skilled Trades, Engineers, etc.
• System is configured to control and manage exposure to the
hazards within the work cell.
– Gate Box approach
– Trapped key approach
• Passive System Function
• Lockable
• May provide “Point of
Operation” control via
“Enable” pendant.
Passive, Configurable, Lockable
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
28
Improved Productivity via Safety System Design
Typical Downtime Event
OK
OK
Down
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
Production Resumes
Machine back in Auto
Repair Tested
Machine Unlocked
Repair Performed
LOTO
Fault Identified
Maintenance Arrives
Machine Stops
MTTR = 12 minutes
29
Improved Productivity via Safety System Design
• If the safety system design meets
target safety level, the safety
system may be used in lieu of
LOTO, reducing MTTR
by ~3 minutes.
• Manufacturer’s value of 1 minute
of production = $12K
• Average downtime events
per plant per year = 3000
• Value of safety solution due to
improved productivity
(via reduced MTTR) =
$12K X 3 X 3000 = $108M/yr
Safety = Productivity = Profitability
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
30
Summary
• Safety is a shared responsibility – we are all stakeholders!
• Every manufacturer must provide for a safe work environment.
• Well designed systems improve both
Safety and Productivity.
• Safety is a System Solution –
not just components.
– Integrated into the control, information
and people systems
• Safety is Specification Based.
• Leverage Internal and External
application knowledge and expertise
– Maintenance, Engineering, Operations, Suppliers
• Single source full service safety supplier can help with
comprehensive safety solutions.
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
31
Questions so far...
 1. What is Safety
 2. Modern Safety Systems
3. Key Technologies

4. Summary
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
32
What Makes a Product Safe?
• Important Concept
“What makes a product safe is that it is designed using safety principles
and complies with recognized safety standards”
• What are the principles common in products designed for safety?
– The Three D’s of Safety – Duality, Diversity, Diagnostics
– All safety products are designed using a combination of the Three D’s
– The Three D’s are used so the system will react properly when a fault occurs (e.g.
turn off outputs)
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
33
The “Three D’s” of Safety
• Duality (Also known as Redundancy)
– If one thing fails, there is another thing that can bring the system to a safe state
– In parallel for Inputs or in series for Outputs
• Diversity
– Protects against two things failing in exactly the same way at the same time
– Example: Using one NO and one NC set of contacts
– Example: Using both a high and a low input channel to a safety device
• Diagnostics
– Safety products spend much of their time performing self-diagnostics
– If a problem is detected, the system will go to its “safe state”
and will not allow the system to be restarted until the problem is fixed
– Example: A safety PLC has a significantly higher degree of
self-diagnostic versus a standard PLC (> 90% vs. ≈ 50%)
Two of the three methods mentioned above must be
implemented to achieve
Category 4 / SIL 3
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
D
D
D
34
Processor Structure of Standard PLC
Standard PLC
Input Module
Output Module
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
35
CPU Structure of Safety PLC / 1oo2D
Safety PLC
Duality
Input Module
Diagnostics
Output Module
Diversity
Can you find the Three D’s???
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
36
Structure of a Safety Relay System
Diagnostics
Diversity
Duality
Can you find the
Three D’s???
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
37
What Makes Safety Components Safe?
• Direct Driven Contacts
– Actuating force drives contacts open (breaks welds).
– These are the type of contacts that are in Safety Interlock Switches.
– Does not rely on a spring to open contacts such as a Limit switch.
• Mechanically Linked
Welded contact isforced open
when actuator is removed
Symbol
Found on
Switch
– Linked means that if one contact welds, all contacts stay closed – for
monitoring!
– These types of contacts are found in Safety Contactors and relays to
detect faults.
• Redundant Contacts
– Redundant contacts act as a back-up to each other in case a contact
were to fail. This provides a higher degree of reliability
– Example: Two normally closed, (1) N.O. and (1) N.C., or (2) PNP outputs
Symbol
Found on
Front of
Contactor
• Tamper Resistance
– Features designed into safety components inherently make the device
more safe.
– EXAMPLE: Coded magnetic safety switches
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
38
How do I Know a Product is Safe?
• All safety rated products are developed to meet specific standards for safety
– EN 954-1 (Safety Categories)
– IEC 61508 (Safety Integrity Levels for Programmable Safety Systems)
– EN 1088 (Safety Interlocks)
• Most safety rated products are certified by professional 3rd party organizations to
demonstrate compliance to specific safety standards
– Examples of third party certification organizations include TUV Rheinland, TUV Nord and BG
www.tuv.com
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
40
Questions so far...
 1. What is Safety
 2. Modern Safety Systems
 3. Key Technologies
 4. Summary
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
41
Let’s take a quiz
1) Implementing a safety system will cause reduced production?
2) Safety systems are complex and require a specially certified Engineer
3) The first step in the safety lifecycle is to identify risks
4) The main goal of implementing a safety solution is to increase productivity
False
False
True
False
5) When identifying risks, you must consider the consequences, chances and
frequency
6) The best engineering method for risk reduction is to deploy a safety control
system
7) Who is responsible for safety?
True
8) One way a safety system can improve productivity is by reducing the
duration of a down time event.
9) The 3 D’s of a safety product are: Duality, Diversity and Diagnostics
True
10) Rockwell Automation has the broadest offering of safety solutions
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
False
All
True
True
42
Questions ??




1. What is Safety
2. Modern Safety Systems
3. Key Technologies
4. Summary
Copyright © 2006 Rockwell Automation, Inc. All rights reserved.
43