Non-emergency machinery stops can be avoided with the arrival of a “failover” safety concept for use with ABB’s safety programmable logic controller (PLC). The concept distinguishes between a real safety reaction to a hazard – when the machine must stop – and those that trip the machine during non-critical events. As such, the full spectrum of automated processes including factory assembly lines, hoist applications and transportation centers like airports and harbours can avoid significant, unnecessary downtime costs.
Non-critical events that should not stop operations, but can cause temporary interruptions, include EMI / EMC disturbances, communication and under voltage errors. The AC500-S Safety PLC can differentiate between these and a real hazard, which when triggered by a safety device, should result in a safe stop.
Improvements in productivity and availability are calculated based on the anticipated frequency of these temporary errors together with the average duration of downtime due to such events.
“According to several surveys, one minute of production line downtime costs an average of $20,000,” explained Yauheni Veryha, product manager of AC500-S Safety PLC at ABB. “If we assume that the average downtime and recovery, due to a safety device malfunction, takes 15 minutes, then the implementation of the failover concept can save $300,000 per year. If we take into account the required design time to implement the failover concept in the production facility, the customer could still be saving $200,000 in the first year and $300,000 every year afterwards.”
Traditionally, sensors or switches inform a safety control device about the presence of humans. The machine is then stopped, its speed reduced or the space of movement for robots or automatic guided vehicles (AGVs) is restricted. If communication to a safety sensor fails, or the device itself fails, a machine safe stop is usually initiated by the safety PLC. This will occur even though the sensor’s fault is only temporary and there is no real risk to human operators or nearby equipment. This leads to costly, unnecessary machine stops.
For example, an AGV can run normally with a safely limited speed setting within a safe zone. However, if an obstacle or human is detected in this zone, it stops immediately. Such stops could also be caused by temporary failures of the AGV’s safety sensors through electromagnetic interference, short power supply drops, network traffic overload or wireless drop-outs. Without the use of failover concept there is no differentiation between such temporary failures and more permanent ones causing unnecessary machine downtime and resulting in huge, yet avoidable, financial losses.
The failover concept provides an alternative to a direct safe stop. It is based on the concept that the transient failure of a safety device does not always need a safe stop, but can be temporarily and safely bridged by the re-configuration of the safety program’s logic execution and reaction to safety events - without compromising on the safety integrity level.
For instance, if the factory floor area that is protected by the AGV’s safety laser scanner using the AC500-S Safety PLC experiences a communication error, it will not necessarily trigger a safe stop. If redundant devices, such as a remote safety camera controlled by the central safety control station, are covering the same area, a safety stop will only be triggered if a real hazard is detected by this camera.
Safety network protocols like PROFIsafe support the recognition of communication errors and device faults. This provides the ability to distinguish between temporary communication errors and device faults, as implemented in AC500-S Safety PLC.
“ABB’s AC500-S Safety PLC helps companies with complex machine safety applications minimize costs while providing maximum reliability, efficiency and flexibility. This safety PLC protects people, machines and processes, the environment and investments,” says Veryha.