Copyright © 2006 Rockwell Automation, Inc. All rights reserved. 1 Safety Solutions on Tour Introduction to Functional Safety

2 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Functional Safety Agenda 1. What is Functional Safety 2. Why Modern Safety Systems 3. Key Technologies 4. Summary

3 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Safety in the Workplace Safety Noise Temperature Electric Shock Functional Safety Radiation Crushing Falling Chemicals

4 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Functional Safety Definition Random hardware faults, systematic design errors or human mistakes shall not result in a malfunction of a safety related system with the potential consequence of: –Injury or death of humans or –Hazards to the environment or –Loss of equipment or production

5 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Main Goal: Keep People Safe

6 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. What are Hazards on a Machine or Process? Physical –Falling / Moving Objects –Collisions –Collapsing Structures Mechanical / Process – –Pinch Points or Entanglement – –Abrasion, Grinding, Cutting – –Thermal – –Pressure Releasing Effects (Bursting Vessels, Jets of Gas or Liquids) – –Welding Torches, Gases etc. Electrical – –Flashover and Burns – –Electrocution – –Wrong Connection / Loose Connection Chemical – –Explosion – –Fire – –Toxic Material Release – –Wrong mix of chemicals – –Radiation Hazards are physical objects or chemical substances that have the potential for causing harm to people, property or the environment

7 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. If there are hazards... there must be Risk Reduction Functional safety is based on the concept of Risk Reduction A Risk Assessment is performed to quantify the hazards on a machine For each hazard, risk is reduced by adding layers of protection Design Hazard Out of Machine Implement Safety Guarding Training on Safe Operating Procedures Unprotected Risk Reduction #1 Risk Reduction #2 Risk Reduction #3 Tolerable Risk Layers of Protection Figure: Example of layered risk reduction Lower Risk Lower Risk

8 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Define and Quantify Risk Risk TEXT Consequences How Bad? How Likely? Chances How Often? Frequency

9 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Risk – Same Hazard / Different Locations Identical process incidents pose more risk in a populated area than in an unpopulated area + + = =

10 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Tolerable Risk Practically impossible to drive risk to zero At some point we are willing to accept the amount of risk posed This point is referred to as tolerable risk

11 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Risk Estimation A common way to quantify the amount of risk to be reduced is to use a Risk Graph Start Minor injury Serious injury or single death Death of several persons Death of many people Exposure to hazard is rare Exposure to hazard is frequent Exposure to hazard is rare Exposure to hazard is frequent Probability of Unwanted event Possible under right circumstances Possible under right circumstances Almost Impossible Consequence of Unwanted event Frequency of Unwanted event Possibility to avoid unwanted event Relatively High Small Very Small IncreasedRisk

12 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Risk Reduction Design it out Fixed enclosing guard Monitoring Personal protective equipment Training & supervision Most Preferred Least Preferred

13 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. What is the function of a Safety System? The Function of a safety system is to monitor and control conditions on a machine or process that are hazardous in themselves or, if no action were taken, may give rise to hazardous situations The Safety System runs in parallel with the Production System –Focus of Production System is throughput –Focus of Safety System is protection Control System Control System Safety System Safety System Operating Equipment Operating Equipment

14 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Safety is a System View... Each hazard on a machine will consist of one or more “safety loops” that monitor and control its supply of energy –As determined by the risk assessment Each safety product must be applied as part of a whole to effectively reduce risk –Safety is the sum of its parts and safety is only as good as its weakest link The complexity of the inputs (sensors) and outputs (actuators) and the flexibility of the control will determine the type of logic solver –Stand-alone relay, modular relay or safety PLC Logic Solver (e.g. Safety Relay or PLC) Actuator(s) (e.g. Motor) Sensors (e.g. Door Interlock) Sensors (e.g. E-Stop) Sensors (e.g. Speed Reference) Actuator(s) (e.g. clamp) Main Goals Improve Safety Simplify LOTO Improve MTTR Increase Machine Availability Improve Cost of Doing Business

15 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Who is responsible for safety? N.A. standards put the responsibility of safety on End-User but OEM’s have skin in the game. –OEM’s are being driven by End User safety specifications to supply specific levels of Safety. –OEM’s are also being driven by litigation and are becoming liable to supply a safe machine. In EMEA the responsibility is on the OEM to integrate safety into the machine design OEM’s supplying equipment into EMEA must comply to the standards in order to sell their machinery. (Look for OEM’s exporting equipment to Europe!) The standards are law and enforced through legislation vs. litigation. Everyone is Responsible for Safety! Everyone must be knowledgeable of appropriate standards and Risk Assessment methods.

16 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Who enforces safety? Federal Regulations National Consensus Standards — — ANSI - standards published by American National Standards Institute – – National Fire Protection Association – –NFPA 79 (Elect/ Std Machinery) – –NFPA 70 (National Electric Code)

17 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Key Takeaways A safety system is only as effective as it’s weakest link. –You need to consider all aspects of the system (input, control, output) and how they work together to meet current safety standards. Safety is about assessing the danger presented by machine hazards and designing solutions to reduce the possibility of a dangerous failure –Risk reduction with a goal of eliminating the risk or reducing it within reason (tolerable risk) You should follow a process for developing, deploying and maintaining safety solutions –Consider using the Safety Lifecycle as a model Your primary goal for safety is to protect employee health and safety while maintaining or increasing productivity. The Government (OSHA, NFPA,Other) is not responsible for safety systems... You are! The government will only enforce regulations.

Copyright © 2006 Rockwell Automation, Inc. All rights reserved. 18 Questions so far What is Safety 2. Modern Safety Systems 3. Key Technologies 4. Summary    

19 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Why Safety? Is Safety New? - NO Is Safety Important? - YES Who is Responsible? - EVERYONE Are Safety and Productivity initiatives ever at odds? Are Safety Systems or Procedures Ever Bypassed? Are people ever injured in manufacturing machinery accidents? Goals: Integrated Controls Solutions that are safer AND more productive BY DESIGN. Safety Thinking is Evolving

20 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Safety - Continuous Changes New Manufacturing Processes New Design Processes New Operating Procedures New Standards and Specifications New Safety Technologies New System Design Philosophies Safety Specifications and Technologies Evolving

21 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Challenging Conventions Consumer Safety Culture – Expectations of populace – just look at cars! Manufacturing Safety Culture –Safety makes things STOP, not GO –Safety costs $$$!! –Safety by luck - “We are safe” (repeat 1000 times) –Changes introduce risks  NOTHING HAPPENS –Typical approach is REACTIVE An injury results in the application of a few “widgets” Incomplete, high variation, inconsistent – not good! Manufacturers exposed to increased liability Safety is not an Accident

22 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Safety Drivers Global Standardization and Specification Costs of non-compliance –Insurance, OSHA violations, employee turnover, workers comp., litigation, etc. “Soft” measure for Wall St. –Turnover, “Best Place to Work,” Insurance costs, Injury Rates Rallying point for labor organization Safety has a Broad Reach

23 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Where is Your Company? Reactive or Proactive? Safety philosophy driven from top down –Safety credo, specifications, etc. Safety driven from the bottom up –Safety addressed on a case-by-case basis (injury by injury!) Are formal Risk Assessments being performed? Is safety Designed In or Added On ? What is Your Company Culture?

24 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Modern Safety Thinking It’s a Culture; It’s a Process; It’s a design Philosophy It is a combination of people systems (procedures) and technologies (components, circuits) It is a systematic approach – Not a component approach!!! –Machine Safety is like an anchor chain – only as strong as the weakest link. It is a lifecycle – from system concept, through Risk Assessment, Design, Build, Start-Up, Validation, Operations and Decommissioning Safety Specifications drive the Safety Lifecycle

25 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Safety – the Bigger Picture Safety Impacts: –Floor space/Footprint via performance (Safe Distance) Big money!! –Direct Labor Content and Operator Efficiencies HUGE money!! –Ergonomics –Productivity (System Design considerations) –Insurance Costs, Cost of Doing Business –Employee Morale, Company Goodwill, Labor Relations Safety is Good Business!

26 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Safety – Do we have a Problem? Are Safety Procedures Ever Bypassed? –Do People take the “Short Cut” to expedite maintenance procedures? –Is LOTO (Lock Out Tag Out) always followed? Are Safety Systems or Technologies ever Bypassed? –Are people using a “Cheater Key”? –Note: Some systems are so poorly designed and integrated that maintenance people are forced to bypass the safety system just to get their jobs done! Safety must be Easy and Intuitive ? ?

27 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Safety System Design Concepts Passive System Design –Ensures the easy way is the safe way Configurable System Design –Ensures the necessary functionality to accommodate maintenance procedures without bypassing the safety system. –This approach will help to limit exposure to hazards while expediting maintenance procedures and reducing MTTR. Lockable Safety Systems Easy, Intuitive and Secure

28 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Safety Application - Perimeter Guarding Example Application of safety technology based upon the Risk Assessment. –Cross functional team including Operators, Skilled Trades, Engineers, etc. System is configured to control and manage exposure to the hazards within the work cell. –Gate Box approach –Trapped key approach Passive System Function Lockable May provide “Point of Operation” control via “Enable” pendant. Passive, Configurable, Lockable

29 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Improved Productivity via Safety System Design OK Down Machine Stops Maintenance Arrives Fault Identified LOTO Repair Performed Machine Unlocked Repair Tested Machine back in Auto Production Resumes MTTR = 12 minutes OK Typical Downtime Event

30 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Improved Productivity via Safety System Design If the safety system design meets target safety level, the safety system may be used in lieu of LOTO, reducing MTTR by ~3 minutes. Manufacturer’s value of 1 minute of production = $12K Average downtime events per plant per year = 3000 Value of safety solution due to improved productivity (via reduced MTTR) = $12K X 3 X 3000 = $108M/yr Safety = Productivity = Profitability

31 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Summary Safety is a shared responsibility – we are all stakeholders! Every manufacturer must provide for a safe work environment. Well designed systems improve both Safety and Productivity. Safety is a System Solution – not just components. –Integrated into the control, information and people systems Safety is Specification Based. Leverage Internal and External application knowledge and expertise –Maintenance, Engineering, Operations, Suppliers Single source full service safety supplier can help with comprehensive safety solutions.

Copyright © 2006 Rockwell Automation, Inc. All rights reserved. 32 Questions so far What is Safety 2. Modern Safety Systems 3. Key Technologies 4. Summary      

33 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. What Makes a Product Safe? Important Concept “What makes a product safe is that it is designed using safety principles and complies with recognized safety standards” What are the principles common in products designed for safety? –The Three D’s of Safety – Duality, Diversity, Diagnostics –All safety products are designed using a combination of the Three D’s –The Three D’s are used so the system will react properly when a fault occurs (e.g. turn off outputs)

34 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. The “Three D’s” of Safety Duality (Also known as Redundancy) –If one thing fails, there is another thing that can bring the system to a safe state –In parallel for Inputs or in series for Outputs Diversity –Protects against two things failing in exactly the same way at the same time –Example: Using one NO and one NC set of contacts –Example: Using both a high and a low input channel to a safety device Diagnostics –Safety products spend much of their time performing self-diagnostics –If a problem is detected, the system will go to its “safe state” and will not allow the system to be restarted until the problem is fixed –Example: A safety PLC has a significantly higher degree of self-diagnostic versus a standard PLC (> 90% vs. ≈ 50%) D D D Two of the three methods mentioned above must be implemented to achieve Category 4 / SIL 3

35 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Processor Structure of Standard PLC Input Module Standard PLC Output Module

36 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. CPU Structure of Safety PLC / 1oo2D Safety PLC Output Module Input Module Can you find the Three D’s??? Duality Diagnostics Diversity

37 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Structure of a Safety Relay System Can you find the Three D’s??? DiversityDualityDiagnostics

38 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. What Makes Safety Components Safe? Direct Driven Contacts –Actuating force drives contacts open (breaks welds). –These are the type of contacts that are in Safety Interlock Switches. –Does not rely on a spring to open contacts such as a Limit switch. Mechanically Linked –Linked means that if one contact welds, all contacts stay closed – for monitoring! –These types of contacts are found in Safety Contactors and relays to detect faults. Redundant Contacts –Redundant contacts act as a back-up to each other in case a contact were to fail. This provides a higher degree of reliability –Example: Two normally closed, (1) N.O. and (1) N.C., or (2) PNP outputs Tamper Resistance –Features designed into safety components inherently make the device more safe. –EXAMPLE: Coded magnetic safety switches Welded contact isforcedopen when actuator is removed Symbol Found on Front of Contactor Symbol Found on Switch

39 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. System Architectures 1oo1 System 1oo2 System 1oo3 System 2oo2 System 2oo3 System

40 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. How do I Know a Product is Safe? All safety rated products are developed to meet specific standards for safety –EN (Safety Categories) –IEC (Safety Integrity Levels for Programmable Safety Systems) –EN 1088 (Safety Interlocks) Most safety rated products are certified by professional 3 rd party organizations to demonstrate compliance to specific safety standards –Examples of third party certification organizations include TUV Rheinland, TUV Nord and BG

Copyright © 2006 Rockwell Automation, Inc. All rights reserved. 41 Questions so far What is Safety 2. Modern Safety Systems 3. Key Technologies 4. Summary        

42 Copyright © 2006 Rockwell Automation, Inc. All rights reserved. Let’s take a quiz False True All True 1) Implementing a safety system will cause reduced production? 2) Safety systems are complex and require a specially certified Engineer 3) The first step in the safety lifecycle is to identify risks 4) The main goal of implementing a safety solution is to increase productivity 5) When identifying risks, you must consider the consequences, chances and frequency 6) The best engineering method for risk reduction is to deploy a safety control system 7) Who is responsible for safety? 8) One way a safety system can improve productivity is by reducing the duration of a down time event. 9) The 3 D’s of a safety product are: Duality, Diversity and Diagnostics 10) Rockwell Automation has the broadest offering of safety solutions

Copyright © 2006 Rockwell Automation, Inc. All rights reserved. 43 Questions ?? 1. What is Safety 2. Modern Safety Systems 3. Key Technologies 4. Summary        