In the iterative process of safety control system design, the first step is to determine the safety functions of the equipment. A single piece of equipment may have multiple safety functions used to reduce risk.
What are security features?
A safety function ( SF ) is a machine function whose failure would immediately increase the risk. It is a function that reduces the risk posed by a specific hazard to an acceptable level by taking measures (including control techniques).
Taking a palletizing machine as an example, common safety functions include safety door interlocking and safety light curtain functions. Taking an AGV as another example, common safety functions include safety scanners and safety speed monitoring. Therefore, different types of equipment may have different safety functions. Determining the safety functions of equipment can refer to the relevant Class C standards or be based on risk assessment and engineering practice.
Safety features and related standards
After determining the safety functions to be performed by the safety control system, it is necessary to specify the characteristics required for each safety function. Table 1 lists the reference standards corresponding to some frequently used safety functions.
Standards of typical machine safety functions and certain characteristics
In defining safety features, it is often necessary to develop safety requirements specifications, which need to consider factors including, but not limited to, the following:
Safety functions are intended to enable or prevent machine actions.
Frequency of operation of safety functions
Operational characteristics, including operation mode, response time, etc.
Taking CNC machine tools as an example, the required specifications stipulate that the safety door should be opened every fifteen minutes under normal operating mode. When the safety door is opened and the safety interlock function is triggered, the STO ( Safe Torque Off ) of the servos controlling the spindle and feed axes needs to be disconnected.
Two methods to easily determine performance level
After specifying the safety functions, it is necessary to determine the required performance level, which is one of the important steps affecting the design of the safety control system.
What is a performance level?
Performance Level ( PL ) is a discrete level used to specify the performance of a safety control system under expected conditions. As shown in Table 2 , there are 5 performance levels , from the lowest PL=a to the highest PL=e , each corresponding to a specific range of hourly hazardous failure probabilities.
Performance Grade ( PL )
Method 1 : Refer to Category C standards
Category C standards typically specify the required performance level for safety control systems that perform safety functions. For example, in robot integration, referring to GB 11291.2/EN ISO 10218-2 , the required performance level for the safety control system is PLd . The safety door interlock function in a robot workstation is usually executed by a safety control system (or safety-related components of the control system) consisting of safety interlock switches, safety controllers, and robot safety enablers. This system needs to meet performance level PLd .
Method 2 : Refer to Appendix A of GB/T 16855.1
If no Class C standard is available for reference, it is recommended to determine the required performance level using Appendix A of GB/T 16855.1 . As shown in Figure 1 , the required performance level should be determined based on three risk parameters : S , F , and P. Taking a simple manual loading and unloading assembly machine as an example, S1 , F2 , and P2 can typically be selected as risk parameters. Referring to Figure 1 , for the safety control system performing the safety light curtain function, the required performance level requirement is determined to be PLr=c .
Risk map used to determine safety function PLr
Risk parameters:
S — Severity of injury;
S1 — Minor (usually reversible damage);
S2 — Serious (usually irreversible injury or death);
F — Frequency and / or duration of exposure to hazard ;
F1 – Rare – Infrequent and / or with short exposure time;
F2 — Frequent , continuous, and / or long exposure time;
P — to avoid danger or limit the possibility of harm;
P1 — Possibly under specific conditions;
P2 — almost impossible.
It should be noted that this is a conventional method that assumes the probability of a hazardous event occurring in the worst-case scenario. The estimation results obtained using this method may differ from the requirements of the Class C standard. Where a Class C standard is applicable , PLr shall adhere to the requirements of the Class C standard.
After understanding the iterative process of safety control system design and the basic knowledge of safety functions and performance levels, we can proceed with the specific design of the safety control system.
