Application Technique
Pneumatic Safety Valves Safety Function
Products: GuardLogix Controller, E-stop Button, Safety I/O Module, DM2 Pneumatic Safety Valve
Safety Rating: CAT. 3, PLd to ISO 13849-1: 2008
Topic Page
Important User Information 2
General Safety Information 3
Introduction 3
Safety Function Realization: Risk Assessment 4
Pneumatic Safety Valves Safety Function 4
Safety Function Requirements 4
Functional Safety Description 5
Bill of Material 5
Setup and Wiring 5
Configuration 7
Calculation of the Performance Level 15
Verification and Validation Plan 17
Additional Resources 20
Pneumatic Safety Valves Safety Function
Important User Information
Read this document and the documents listed in the additional resources section about installation, configuration, and
operation of this equipment before you install, configure, operate, or maintain this product. Users are required to
familiarize themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws,
and standards.
Activities including installation, adjustments, putting into service, use, assembly, disassembly, and maintenance are
required to be carried out by suitably trained personnel in accordance with applicable code of practice.
If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may
be impaired.
In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from
the use or application of this equipment.
The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and
requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or
liability for actual use based on the examples and diagrams.
No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or
software described in this manual.
Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation,
Inc., is prohibited.
Throughout this manual, when necessary, we use notes to make you aware of safety considerations.
WARNING: Identifies information about practices or circumstances that can cause an explosion in a hazardous environment, which may lead to personal
injury or death, property damage, or economic loss.
ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property damage, or economic loss.
Attentions help you identify a hazard, avoid a hazard, and recognize the consequence.
IMPORTANT
Identifies information that is critical for successful application and understanding of the product.
Labels may also be on or inside the equipment to provide specific precautions.
SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous voltage may be present.
BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may reach dangerous temperatures.
ARC FLASH HAZARD: Labels may be on or inside the equipment, for example, a motor control center, to alert people to potential Arc Flash. Arc Flash will
cause severe injury or death. Wear proper Personal Protective Equipment (PPE). Follow ALL Regulatory requirements for safe work practices and for
Personal Protective Equipment (PPE).
2 Rockwell Automation Publication SAFETY-AT128B-EN-P - July 2016
General Safety Information
Contact Rockwell Automation to learn more about our safety risk assessment services.
Pneumatic Safety Valves Safety Function
IMPORTANT
This application example is for advanced users and assumes that you are trained and experienced in safety system requirements.
Safety Distance Calculations
ATTENTION: Perform a risk assessment to make sure that all task and hazard combinations have been identified and addressed. The risk assessment can require
additional circuitry to reduce the risk to a tolerable level. Safety circuits must consider safety distance calculations, which are not part of the scope of this
document.
ATTENTION: While safety distance or access time calculations are beyond the scope of this document, compliant safety circuits must often consider a safety
distance or access time calculation.
Non-separating safeguards provide no physical barrier to prevent access to a hazard. Publications that offer guidance for
calculating compliant safety distances for safety systems that use non-separating safeguards, such as light curtains,
scanners, two-hand controls, or safety mats, include the following:
EN ISO 13855:2010 (Safety of Machinery – Positioning of safeguards with respect to the approach speeds of
parts of the human body)
EN ISO 13857:2008 (Safety of Machinery - Safety distances to prevent hazardous zones being reached by upper
and lower limbs
ANSI B11:19 2010 (Machines – Performance Criteria for Safeguarding)
Separating safeguards monitor a moveable, physical barrier that guards access to a hazard. Publications that offer
guidance for calculating compliant access times for safety systems that use separating safeguards, such as gates with limit
switches or interlocks (including SensaGuard™ switches), include the following:
EN ISO 14119:2013 (Safety of Machinery – Interlocking devices associated with guards - Principles for design
and selection)
EN ISO 13855:2010 (Safety of Machinery – Positioning of safeguards with respect to the approach speeds of
parts of the human body)
EN ISO 13857:2008 (Safety of Machinery - Safety distances to prevent hazardous zones being reached by upper
and lower limbs
ANSI B11:19 2010 (Machines – Performance Criteria for Safeguarding)
In addition, consult relevant national or local safety standards to assure compliance.
Introduction
This safety application technique explains how to wire, configure, and program a Compact GuardLogix controller and
POINT Guard I/O™ module to monitor a dual-channel E-stop device. If the E-stop is actuated, or a fault is detected in
2®
the monitoring circuit, the GuardLogix® controller de-energizes the final control device, in this case, a DM
safety valve from ROSS Controls.
pneumatic
Rockwell Automation Publication SAFETY-AT128B-EN-P - July 2016 3
Pneumatic Safety Valves Safety Function
This example uses a Compact GuardLogix controller, but is applicable to any GuardLogix controller. The Safety
Integrity Software Tool for the Evaluation of Machine Applications (SISTEMA) software calculations that are shown
later in this document must be recalculated if different products are used.
Safety Function Realization: Risk Assessment
The required performance level is the result of a risk assessment and refers to the amount of the risk reduction to be
conducted by the safety-related parts of the control system. Part of the risk reduction process is to determine the safety
functions of the machine. In this application, the performance level required (PLr) by the risk assessment is Category 3,
Performance Level d (CAT. 3, PLd), for each safety function. A safety system that achieves CAT. 3, PLd, or higher, can
be considered control reliable. Each safety product has its own rating and can be combined to create a safety function that
meets or exceeds the PLr.
From: Risk Assessment (ISO 12100)
1. Identification of safety functions
2. Specification of characteristics of each function
3. Determination of required PL (PLr) for each safety function
To: Realization and PL Evaluation
Pneumatic Safety Valves Safety Function
This application technique includes one safety function: the removal of power or energy from the hazard by actuation of
any of the emergency stop push buttons.
Safety Function Requirements
Pressing any one of the series-wired E-stop buttons stops and prevents hazardous motion by removing power to the
pneumatic safety valve. When the E-stop button is reset, the hazardous motion and power to the pneumatic safety valve
do not resume until a secondary action (the Reset button is pressed and released) occurs. Faults at the E-stop button,
wiring terminals, or safety controller are detected before the next safety demand. This emergency stop function is
complementary to any other safeguards on the machine and does not reduce the performance of other safety-related
functions.
The safety function in this application technique meets or exceeds the requirements for Category 3, Performance Level d
(CAT. 3, PLd), per ISO 13849-1 and control reliable operation per ANSI B11.19.
4 Rockwell Automation Publication SAFETY-AT128B-EN-P - July 2016
Pneumatic Safety Valves Safety Function
Functional Safety Description
Hazardous motion is interrupted or prevented by actuation of any of the emergency stop buttons (ES1, ES2, or ES3).
Each E-stop is considered a separate safety function. The E-stop buttons are connected in series to a pair of safety inputs
of a safety input module (SI1). The pneumatic safety valve is connected to a pair of safety outputs of a safety output
module (SO1). The I/O modules are connected via CIP Safety™ through an EtherNet/IP™ network to the safety
controller (SC1). The safety code in SC1 monitors the status of the E-stop buttons by using a pre-certified safety
instruction named Dual Channel Input Stop (DCS). When all conditions are satisfied, and no faults are detected on the
input modules, and a Reset button is pressed and released, a secondary certified function block called Configurable
Redundant Output (CROUT) checks the status of the final control device, a pneumatic safety valve. The safety
controller then issues an output signal to the safety output module (SO1) to switch on a pair of safety outputs to energize
the pneumatic safety valve.
Bill of Material
This application technique uses these products.
Cat. No. Description Quantity
800FM-G611MX10 800F reset push button - metal, guarded, blue, R, metal latch mount, one normally-open contact, standard 1
800FM-MT44MX02
800F-15YSE112
2
CNAxxA21 DM2 series pneumatic safety valve – Contact ROSS Controls for proper valve sizing and a specific part number 1
DM
1768-ENBT CompactLogix™ EtherNet/IP bridge module 1
1768-L43S Compact GuardLogix processor, 2.0 MB standard memory, 0.5 MB safety memory 1
1768-PA3 Power supply, 120/240V AC Input, 3.5 A @ 24V DC 1
1769-ECR Right end cap/terminator 1
1734-AENT 24V DC Ethernet adapter 1
1734-TB Module base with removable IEC screw terminals 4
1734-IB8S POINT Guard I/O safety input module 1
1734-OB8S POINT Guard I/O safety output module 1
1783-US05T Stratix 2000™ unmanaged Ethernet switch 1
800F non-illuminated mushroom operators, twist-to-release, 40 mm (1.58 in.), round metal (type 4/13, IP66), red,
metal latch mount, 0 normally-open contacts, 2 normally-closed contacts, standard, standard pack
800F legend plate, 60 mm (2.36 in.) round, universal emergency stop, yellow with black legend text, 22.5 mm (.89
in.) opening
1
3
Setup and Wiring
For detailed information on how to install and wire, refer to the publications listed in the Additional Resources.
System Overview
The 1734-IB8S input module monitors the inputs from the E-stops, which are connected in series.
The 1734-IB8S module can source the 24V DC for all input channels to dynamically test the signal wiring for shorts to
24V DC and channel-to-channel shorts. If a fault occurs, either or both channels are set to low (0), and the controller
reacts by dropping out the pneumatic safety valve. Only after the fault is cleared and the Reset button is pressed and
released does the function block reset.
Rockwell Automation Publication SAFETY-AT128B-EN-P - July 2016 5
Pneumatic Safety Valves Safety Function
Shorts to 0V DC (and wire off) are seen as an open circuit by the 1734-IB8S input module, and the controller reacts by
dropping out the pneumatic safety valve. If the inputs remain discrepant for longer than the discrepancy time, then the
function block in the controller safety task declares a fault. Only after the fault is cleared, and the Reset button is pressed
and released, does the function block reset.
The final control device is a pneumatic safety valve that is controlled by a 1734-OB8S output module. A feedback circuit
is wired through the normally-open contact and back to an input of the 1734-IB8S module to monitor the pneumatic
safety valve for proper operation. The pneumatic safety valve cannot restart if the feedback circuit is not in the correct
state.
The maximum output current is 1 A for each output point of the 1734-OB8S module.
Primary power consumption for each solenoid is as follows:
• 15.8VA inrush
• 12.8VA holding on 50 Hz or 60 Hz
• 5.8 W on DC
The system has individual Reset buttons for resetting faults and safety outputs. The Reset buttons and the pneumatic
safety valve Ready to Run (N.O. Contacts) and Fault Indicator (N.C. Contacts) are all wired to the 1734-IB8S module
in this example. This configuration is not required for functional safety. These four inputs can be wired to a standard
input module.
6 Rockwell Automation Publication SAFETY-AT128B-EN-P - July 2016
Electrical Schematic
Pneumatic Safety Valves Safety Function
PB2
Fault Reset
PB1
Reset
DM
Pneumatic
Safety Valve
Pin 1: Common
Pin 2: Normally Closed
Pin 3: Normally Open
Pin 4: Not Used
E-stop 1
Air Supply
2
Air to System
E-stop 2
E-stop 3
Pins 1 and 3 are connected when air pressure is present and the valve is Ready to Run.
If a fault has occurred or pressure is removed from the valve inlet, pins 1 and 2 are connected.
In the event of a fault, remove power from the pilot solenoids (A and B) momentarily, and apply power to the Reset
solenoid to return the valve to Return To Run state. Wait at least 250 ms after removing power from the reset solenoid
before trying to re-energize the pilot solenoids.
Configuration
The Compact GuardLogix controller is configured by using RSLogix 5000® software, version 18 or later. You must first
create a project and add the I/O modules. Then, configure the I/O modules for the correct input and output types. A
detailed description of each step is beyond the scope of this document. Knowledge of the RSLogix™ programming
environment is assumed.
Rockwell Automation Publication SAFETY-AT128B-EN-P - July 2016 7
Loading...