Machine safety

Basic Machine Safety for Fluid Power: Part 3 of 6

This is the third of a six-part series providing an overview for pneumatic and hydraulic safety control systems of machinery.

Click here for Part 1

Part 2

Australia’s Standard AS4024.1 2006 for safeguarding of machinery contains strict guidelines for fluid power system designers, including guidelines for fault consideration and exclusion. This edition has been adopted European and Internationally-based (ISO) safety and design standards with some modifications to meet Australia’s tough safety practices and regulations.

To provide an example, faults listed for consideration for directional control valves (DCVs) in the generic tables of part 1502 include change of switching times, valve sticking, spontaneous change, leakage, and bursting. If applying to a typical solenoid operated directional control valve, you would find that no fault exclusion is provided for the first fault consideration, being change of switching times. Therefore, possible causes for change of switching time such as contamination, silting, wear etc should be considered as well as the effect on the safety function.

A delay in switching time in a typical solenoid-operated directional-control valve could lead to an extended stopping time for a machine. This has effect on the safe distance between the dangerous part of the machinery and accessible guarding—especially where light curtains are applied. Depending on several parameters outlined in AS4024, a vertical finger-protection light curtain can be mounted no closer than 200 mm to the dangerous parts if the machine has an overall stop time of 100 ms. However, increasing the stop time to just 300 ms increases the safe distance requirement to approximately 500 mm, now requiring a second horizontal light curtain to prevent non-detection of an operator between the vertical curtain and hazard.

What does all this safe distance jargon have to do with fluid power safety? A lot! It is a good demonstration of how change in a valve switching time can mean an operator could potentially breach a light guard and have their hand or limb exposed to a hazard before the safe state has been achieved. It is also a good example of where fluid power and electrical safety control systems need to work together and how the validation of the design can identify aspects that have been omitted.

When considering change of switching time, designers should consider what the valve stop time needs to be in a fault condition and can it be monitored. Interfacing electrically monitored dual safety valves can provide the best level of safety integrity where solenoid valve switch times need to be monitored for consistency and must be minimal. They empower the electrical engineer to configure the safety monitoring system to detect if either one of the safety valves takes longer than the predetermined safe time to close on every cycle and prevent further valve operation until the fault is rectified. Of course, a quality fluid supply with appropriate filtering and a regular maintenance program is also essential for general fluid power control reliability.

To demonstrate use of well tried safety principles required for categories 1 to 4 control systems, an electrical monitoring function requires positive mechanically linked contacts with positive mode operation and no undefined states. The functionality and potential failure mode orientation of a standard inductive sensor is not recognized as a well-tried safety principle and therefore should not be used for monitoring of a safety-related valve.

Validation should be carried out by persons who are independent of the design of the safety-related parts, but does not necessarily mean that a third-party test is required. Competent personnel should be used in each part of the validation for mechanical, pneumatic, hydraulic, and electrical systems.

Because design guidelines can sometimes be shortcut at installation, validation of safety control system designs does not remove the need for thorough final testing. Functional testing of a safety control system should always be carried out, inclusive of ensuring its ability to detect faults as required.

It should make sense not to exclude a fault if it is reasonably foreseeable that it could occur within the specific design or environment it is being applied to.

This material was submitted by Murray Hodges, director of Fluidsentry Pty Ltd., Carrom Downs, Victoria, Australia. Subsequent installments will be published in future issues and posted to our website.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish