Due to changes in standards and regulations, safety and automation control systems can now be integrated into a single system. Despite initial skepticism, users are now enjoying benefits far exceeding mere safety. Asish Ghosh, Associate Director of Development Consulting at ARC Consulting in Dedham, stated, "The main driving force behind this integration is more efficient cost management; MA (Manufacturing Authority) savings can be achieved through lower engineering and maintenance costs." Integrated systems significantly reduce wiring requirements, saving on wiring costs and cabinet space. Kevin Colloton, Marketing Manager at GuardLogix, a Rockwell Automation subsidiary, further explained the advantages of integrated systems, such as serving as a standardized set of common components for control and safety. This commonality extends beyond hardware. He explained, "Developers can also reduce software and service costs simultaneously, as the same software can be used throughout the plant, and operators only need to be familiar with one software system." So what do integrated safety and control systems look like? And how are they applied in practical work? Preventing Failures In an ARC report, Ghosh points out: "Integrated systems must be carefully designed and configured to reduce the risk of routine failures, as a single control failure can jeopardize safety functions." Ghosh recommends first selecting a suitable safety implementation standard, such as IEC 61511 or ANSI/ISA-840001. After the standard is selected, a risk assessment should be conducted based on it. During the analysis, the appropriate protection level should be determined according to different production operation processes. After completing the analysis and assessment, a list of qualified suppliers should be compiled based on previous evaluation results, and finally, an integrated system that can meet various specific needs is born. System developers use various methods to address safety issues and reduce the likelihood of routine failures. For example, ABB follows IEC 61508 and IEC 61511 standards and uses T-standardized hardware. For instance, this hardware prohibits downloading operations to controllers running protected programs, thus not compromising the program's safety level (SIL). Moreover, ABB's products logically separate the operation of control programs and safety programs, effectively dividing them into two independent working components. Roy, Systems Marketing Manager at ABB Ltd. Tanner said, "With this in place, without authorized human intervention, no external program, whether secure or unsecured, can perform write operations on the secure program." The developers have also implemented other safety measures to prevent accidental operation and other problems caused by sudden power outages during configuration. If such an event occurs, the system automatically enters a secure operating mode. It's important to understand that these safety standards in use are not static documents. Marc Immordino, product testing director at WAGO, said they are constantly changing, sometimes simplifying things, and sometimes hindering them. For example, the currently evolving ISO 11161 and ANSI B11.20 standards stipulate that when a production cell in one area stops working due to a problem, adjacent production areas can continue to operate normally. Currently, the definition of "area" is still somewhat vague, but a clear definition will be established in the future to ensure the implementation of the standards. Immordino stated that regarding risk assessment, ISO 13849-1 and its related rationalization standards IEC 61508 and 62061 recommend that safety functions must be assessed; it also recommends that the mean time between failures of electromechanical and mechanical equipment must be fully anticipated, although this time is largely determined by the equipment itself. The implementation of any integrated system should address the issues covered by the relevant standards, and because of the different components, different industries face different problems. End-user misoperation While these and other measures are intended to prevent accidental misoperation due to negligence, they cannot completely eliminate end-user misoperation and other common errors. These problems may occur during the initial configuration process or during subsequent changes. Therefore, during configuration, it is essential to follow the guidelines developed by the system developer and third-party organizations such as T&T. Access protection policies must also be in place. Many integrated system developers use passwords and other methods to control access. "In the production phase, we can choose from several security measures to implement to strictly control access to the controller, ensuring that only authorized personnel can access the controller." “Colloton from Rockwell Automation says. These safety measures must be implemented thoroughly. Regulations and procedures must be meticulous and appropriate; for example, passwords should not be known to many people, should not be used at the initial setting, and should not be written on notes and pasted on the controller. Finally, in the traditional concept, there must be a clear visual distinction between the control and safety environments so that operators can distinguish them at a glance. Avoiding visual confusion also avoids user errors in operating the system. Achieving the desired effect is often difficult, but the control and safety components of an integrated system can give a unified and coordinated feeling, and this coordination is sometimes one of the selling points of integrated systems. On the other hand, some settings naturally have a higher safety factor than other similar products due to their inherent characteristics. Karl Rapp, store manager of Bosch Rexroth Electronic Drives and Controls, points out that in integrated systems, the setting changes of drive parameters are not as frequent as when using programmable logic controllers, and this characteristic ensures the reliability and independence of the drive safety system, avoiding intentional or unintentional misoperation.” " Improving Efficiency " We've seen examples of how integrated safety control systems are used. Atanor SA, headquartered in Buenos Aires, is a leading global developer and manufacturer of chemical, petrochemical, polymer, and agrochemical products. It is also a major Argentine producer of hydrogen peroxide, a substance increasingly used as a bleaching agent in paper mills. Atanor recently launched trial operations at its new plant in Rio Tercero. Named AOA 2, the new plant, once fully operational, can provide over 14,000 metric tons of hydrogen peroxide annually—enough to meet Argentina's entire annual consumption. [align=center] Figure 2: With an integrated safety control system, the Argentine-owned chemical company Atanor has improved efficiency. An operator in the control room can safely switch the entire plant on and off in minutes. From: ABB[/align] While the plant facilities were still under construction, Atanor found ABB and its SIS system, certified by a third-party organization T-C, conforming to IEC 61508 and IEC 60511 standards, which integrated the actuators of the safety control system. The components of this system also met the relevant SIL requirements, including controllers, field input devices, I/O modules, and field actuators. The system comprised five operating units, each with six local and one remote monitoring screen. In addition to the operating interface, it also included interfaces for engineering, information management, and maintenance. Odel Priotti, the principal of AOA 2, AOA 1, and the notoriously strict Rio Tercero acid plant, demanded that the new system use as little manpower as possible without compromising safety. For example, he said, “An operator can fully start the entire plant in less than ten minutes, and through the safety control integration system, he can also quickly shut it down. If needed, we can stop all operations in less than five minutes.” "In the past, it would have taken at least two operators 45 minutes to shut down a factory. Another major advantage of the integrated system is its universal engineering environment, meaning that control and safety systems only require one set of engineering tools. This unified approach significantly reduces the need for engineering, training, operation, maintenance, and spare parts, and consequently reduces costs in these areas. The system is also very advantageous in terms of maintenance, whether it's the control room or the computers," Priotti added. "We can configure instruments, modify the visibility of alarms, etc., to achieve the desired effect." Components in the integrated system Component developers have also seen the benefits of integrated safety systems. In the automotive industry, Mewag Meashinenfabrik AG of Wasen, Switzerland, provides bending tools based on the shape requirements of workpieces. Mechanized elbows meet the bending requirements of different radii and complex geometries. Pipes with diameters of 150mm and below are all bent, even though they have machined end threads that can be matched with flanges, collars, or nuts. Safety level, component selection determines cost. Marc, product testing manager at Wago... Immordino points out that the decision to integrate a security system is essentially a series of interconnected questions, one of the most important being deciding which security protection mode to operate in—partly conventional operation, partly adhering to recommended standards and slightly referencing geographical knowledge. In Europe, security protection is enshrined in law, while in the United States it's more like regulations and economically derived guidelines. Immordino says that regardless of the security positioning, ensuring security always impacts cost. The probability of failure at each security integrity level is one-tenth that of the level above. The cost of implementation also increases with the security level. Security levels also take into account the location of various types of security sensors, on/off switches, light curtains, or safety pads. Because of this, Immordino says, even if all these individual parts are addressed, there's still a lot to do. It's always a good idea to reassess the system, he says, to ensure that security protection is at an appropriate level—not too high, not too low. To reduce end-user reconfiguration time, Mewag designed more suitable tool heads and then placed the machine horizontally. Besides speed, tool head changes must also be performed safely, which is one reason Mewag designed its intelligent safety system. For this system, a distributed approach is adopted, using Bosch drive units that can implement a significant number of safety functions without external hardware support. With this method, the traditional method of installing relays on the main power line or motor wires is no longer necessary. Mewag's technical manager, Samuel Gerber, points out that this seemingly distributed but actually integrated control and safety system can help multiply efficiency. He says, "The reduction in external monitoring and measurement systems means savings in wiring and space within the control cabinet." "This system also has significant advantages in other aspects. In a special operating mode, the tool can run at a slower, safer speed. When switching from normal mode to the special operating mode, the machine drives in the safe zone automatically stop, allowing operators to safely enter those areas. It is this quick stopping action within the integrated environment, along with the readily compatible toolheads, that creates a huge advantage. Gerber says, 'This advancement means a significant reduction in output time.'" "Similarly, its safety features are also remarkable. Errors in equipment movement are detected within 2 milliseconds, limiting the erroneous movement distance to within 2 millimeters. In contrast, when operators in protected areas rely on human judgment and verification to detect faults, the erroneous movement distance can be much, much longer, potentially reaching hundreds of millimeters. Software-based safety..." Another example from automation systems is Kuka Toledo Productions Operation LLC (KTPO), which transformed Siemens Energy Automation into an integration of automation and control systems. KTPO, a subsidiary of Kuka, manufactures and develops systems for automated car body production lines and also supplies car bodies to DaimlerChrysler. To become a leading supplier, KTPO needed to design a system that was safer than the hardwiring approach used in each production unit. [align=center] Figure 3: Control upgrades required on the converter; 3M decided to use a safety control integrated system. From: Rockwell Automation.[/align] Traditional hard-wired safety systems for automated machine propulsion use robust barriers, emergency stop buttons, safety door converters, safety mats, light curtains, redundant relays, and excessive wiring – an expensive and outdated configuration. Kuka, working at Siemens, adopted an integrated approach, placing safety and standard machine controls on a single fieldbus. This virtually eliminated relays, saving control panel space and other hardware, and also reducing engineering, troubleshooting, and wiring costs. The safety control system also integrates a module with a modified three-phase busbar on the power lines, reducing overall unit distance by 20%. By porting hardware-based safety systems to software-based systems, Kuka obtains common safety code that can be converted and ported from one system to another, reducing system commissioning time. Rod Brown, an engineer at Kuka, said, "We'll be able to build a system very quickly, and the commissioning process will be surprisingly simple." This approach saves tens of thousands of dollars on the initial installation alone. These savings come partly from reduced wiring requirements and other components. Kuka engineers stated that the new method reduced costs by 85% in relays, local input/output interfaces, terminal areas, and cable connections. This reduction was made possible by point-level diagnostics at all critical standard and safety I/O interfaces. The same method can be used at bus-level fault points. Using diagnostic repeaters, information on the fieldbus is displayed on the HMI. To aid troubleshooting, the system can locate faults on communication cables with an error of no more than one foot. In this mechanism, the Siemens processor handles ordinary machine functions and can also detect and control all safety devices. A universal programming environment uses a ladder-like language for process control and safety functions. Operation is simple. 3M has tape manufacturers in London, Ontario, and Canada, producing over 40 types of tapes. An adhesive is used for repair and lining, and machines accurately cut the required width at one-eighth of the tape's length. When the machines faced 3M's stringent high-quality standards, the control system's sensitivity was insufficient because these systems were outdated. Tracy Harvey, a senior electrical engineer at 3M Canada, said: "These outdated control systems we see are some of 30 or 40 years old. If one component fails, the entire machine will be out of service for weeks or even months. Another problem is that these old control systems are difficult to comply with new safety codes." [align=center] Figure 4: A pipe bending machine from Mewag Meashinenfabrik is used in automated industries to connect with intelligent servo drives that provide safety functions in a discrete manner. [/align] Faced with the urgent need for control upgrades, 3M decided to introduce a control and safety integrated system from Rockwell Automation to solve the problem. Integrating the two systems meant that data characters would be shared, and command execution would be simplified. Long-term contact with Rockwell Automation products played a key role in making this decision. This plan requires upgrading one converter, and then the others will be upgraded gradually. Harvey reports that the initial installation work is progressing smoothly without any product issues, and he expects the new control system (using upgraded drives to operate the machines) to improve productivity. He also specifically points out that excellent torque control has reduced unnecessary power output by engineers, and this improvement is being carefully studied and refined in preparation for upgrading other machines. These examples, and others, illustrate that integrated control and safety systems have been successfully applied, playing a role far more significant than simply ensuring safety in a wide range of industrial sectors.