Machine Safety

Functional Safety for Machines and Processes

As part of Machinery Directive 2006/42/EC, all manufacturers must assess the risk posed by their products so that people who come into contact with the machine are protected. However, the Machinery Directive does not apply solely in the EU. It is also used in other countries in the European Single Market. Local standards often make reference to European safety standards, which are listed in the Machinery Directive as harmonized standards.

The risk posed by the machine must be reduced to a reasonable residual level. To this end, the manufacturer carries out a three-stage risk assessment. The risk must be reduced through design measures, by applying technical safeguards and by providing user information such as manuals. 

Classifying risks into performance levels

In order to assess which technical safeguards are appropriate to the risk in question, manufacturers are guided by parameters that indicate the probability that safety-related components will fail. These parameters are called performance levels (PL).  First, the manufacturer determines the required performance level (PLr) of a safety function. After designing a safety control to implement this function, the manufacturer determines the actual performance level. At the end of the process, PL and PLr must be the same. Broadly speaking, there are three types of safety controls. 

HMI, central I/O system, connected safety relays with connected safety functions

Conventional safety technology with safety relays is very wiring-intensive in large applications, but is understood all over the world.

Three Concepts of Machine Safety

Relay technology

Conventional safety technology uses safety relays. The safety logic is mapped using hard-wired contacts. The relays ensure, for example, that a drive cannot be started as long as a safety light curtain is connected. These installations are relatively inexpensive and can be understood around the world. No software is used. However, in larger and more complex safety installations, the relay technology becomes confusing. Finding and diagnosing errors is a very time-consuming process. It is not possible to self-test the system. 

Central safety wiring with safety controllers

From a certain level of complexity onward, it becomes more advantageous to implement safety applications with safety controllers. In controllers or safety controls, programs can be written that—in simple terms—link actions to conditions and Boolean operators (AND, OR, NOT, XOR). The wiring for these applications is simpler than in relay technology, but safety signals must be routed to the central controller in the control cabinet, which is costly and time-consuming.

HMI, central I/O system with connected safety controller, to which safety functions and contactors are coupled

Safety controllers are usually installed in the central control cabinet

The advantage of the safety controllers is that safety programs can be copied and used multiple times for similar machines. Enhancements to safety functions are relatively easy. In addition, the safety applications can be displayed graphically via the HMI. Information and signals can therefore be transferred from the controller to the PLC and from the PLC to the controller.

Decentralized Safety Concepts

HMI, Ethernet-based PLC with three connected IP67 safety modules, each connected to a conventional IP67 I/O module

Decentralized I/O modules can control the safety applications autonomously for testing. Later, in live operation, a central safety control can take over.

Decentralized wiring – central control

Safety signals can also be collected directly in the field via IP67 I/O modules and brought to a safety control system via safety fieldbus or a secure Ethernet protocol. The safety functions are then controlled centrally, which may mean that longer response times need to be taken into account when calculating the bus cycle times and for concatenated messages. These in turn require greater distances between the protective equipment and the sources of danger.

Decentralized wiring – decentralized control

Safety I/O modules from individual manufacturers can also control the safety functions directly on the module in the field. These consistently decentralized safety solutions allow users to avoid any potential problems caused by long cycle times. Commissioning is also made easier by the fact that individual machine parts or modules can be tested offline. 

Icons for safety functions, connected to safety I/O modules

Decentralized safety modules that control safety applications avoid long cycle times, which makes the design process easier

Both decentralized solutions offer efficient wiring with standard connectors. The information that is communicated to higher-level controllers facilitates commissioning and diagnostics for the applications.

Icon modularity

Decentralized safety for consistent modularization

The hybrid TBPN safety I/O modules for PROFIsafe and TBIP for CIP safety offer the advantage of having their own autonomous safety controller on board, which is used to pre-program and test the safety functions offline. This makes it easier to reproduce safety applications and considerably accelerates the commissioning process. In live operation, a central safety control system can control the application via safety Ethernet. 

Passive safety 

Decentralized safety can also be designed as passive. This only ensures that the voltage of actuators is safely switched off in critical situations (or in the event of an emergency). For this purpose, the I/O groups provide consistent galvanic separation between the sensor voltage (V1) and actuator voltage (V2). Turck offers the TBSB safety box, which safely switches off the V2 voltage of downstream modules. All Turck I/O components—including the IP67 IO-Link master—separate V1 and V2. Passive safety concepts are relatively inexpensive and still offer all the advantages of decentralized architectures. 

Icon for low costs

Multiprotocol safety controller for central installations

For central installations, Turck offers the SC10, SC26 and XS26 safety controllers from Banner Engineering. All three devices can be used as device/slave in PROFINET, Modbus TCP or Ethernet/IP networks. This means that users can always use the same safety application, regardless of the market for which a plant or machine is intended. 

The SC10 controller features the serial ISD safety protocol. ISD allows chains of up to 32 devices to be connected as slaves. The ISD protocol is modulated to a voltage of 24 V. Information about switching states and diagnostics of the safety sensors can be accessed via the controller.

XS26 controller easy to expand

Another advantage of central safety controllers is that they are easy to expand. If all inputs and/or outputs on the controller are occupied, the number of connections on the XS26 can be easily extended by supplementary modules. Up to eight elements can be added as an input, output, OSSD or relay module.

Intuitive software enables drag-and-drop safety programming

The free software for the Banner safety controllers provides a simple graphical interface for configuring and simulating safety applications and various export options for documentation. The programs can be copied and transferred to other controllers via USB sticks. 

Screenshot of a safety controller software

The safety controller software from Banner Engineering enables safety programming without program code

Safety Products

Follow these links to find your Safety product in our product database