Industrial machinery can pose significant hazards to workers and associated equipment—hazards associated with both the pneumatic lines themselves and the moving components they operate. Systems that minimize these hazards have been developed to comply with two ISO safety standards, EN ISO 13849 and ISO 13118:2000, which mandate the dissipation of pneumatic energy to prevent unintended startup or movement in a machine.
As manufacturers increase their focus on equipment safety, design engineers need a clear understanding of these standards and how to comply with the required safety levels. Adding a pneumatic safety exhaust valve into an air preparation system offers one simple, cost-effective way to accomplish this.
Traditionally, the air trapped in the pneumatic lines had to be exhausted from pneumatic circuits with two valves to provide redundant safety. The downsides to this approach include the need to purchase the valves and other peripherals, and the plumbing and space needed to ensure safe evacuation of the pneumatic circuit. Unfortunately, this traditional approach is also relatively slow to exhaust.
Today, a handful of manufacturers has combined this pneumatic circuit into a compact product called a safety exhaust valve. These valves quickly and reliably stop the flow of incoming air (upstream pressure) while also opening to exhaust the downstream pressure, thereby evacuating the machine. For example, the safety function can be activated when operators are reaching into hazardous areas or during an e-stop condition.
Safety exhaust valves provide fail-safe operation and ensure rapid exhaust of any pneumatic equipment on an e-stop or during a faulted condition if monitored; they are available in single-channel or two-channel (redundant) configurations. High-risk safety applications (based on a risk assessment in accordance with ISO 13849-1) employ safety exhaust valves that are integrated into a control circuit and monitored with a safety-rated device.
Internally or Externally Monitored?
Safety exhaust valves are available in two distinct styles: internally monitored and externally monitored. Internally monitored safety exhaust valves tend to be more expensive than externally monitored valves because of the cost associated with placing monitoring logic is inside the valve. Although they are easier to integrate into a system, internally monitored valves respond slower and typically deliver a shorter service life in terms of both switching cycles (B10 values) and Mean Time to Dangerous Failure (MTTFd).
This shorter service life results from using onboard electronics that give off heat, so they tend to fail earlier than mechanical components. Internal diagnostics add further complexity because they must be run each time the valve pressurizes, which results in a longer start time and, therefore, a longer cycle time.
If a machine’s internally monitored valves are not grounded, there may be further problems caused by electromagnetic interference (EMI). Just as with laptops, internally monitored valves must be shut down and restarted properly or they will lock out the machine, which makes resetting and repressurizing the machine a challenge.
Externally monitored safety exhaust valves are less expensive than internally monitored ones simply because the user programs the monitoring logic into the programmable safety device or standard programmable logic controller (PLC) via a function block. This reduces the internal complexity of the product, making the valves easier to integrate and restart; it also provides a higher B10 value for longer service life.
The disadvantage is the necessity of doing the monitoring logic programming and taking control, but the payoff is greater functionality and longer life, which many engineers feel far outweigh the work of programming.
The purpose of monitoring is to ensure that faults are not present in the control circuit (such as a wiring short) and that the safety exhaust valve is operating correctly. Monitoring a safety product requires a safety-rated device and a means of programming. This can be accomplished in several ways. The safest (but more costly) way to do this is to use a safe PLC that is fully programmable and offers independent processors to manage the two (redundant) channels of monitoring (Fig. 1).
1. Monitoring with a fully programmable PLC with independent processors.
Those needing a less expensive alternative can opt for a programmable safety relay that still supports achieving the highest safety level of Category 4, PL e (Fig. 2).
2. Monitoring with programmable safety relay.
A redundant control circuit with the lowest cost can be built using a standard PLC and a safety relay (Fig. 3). Although this allows for safe monitoring, it will not meet the Category 4 criteria; the maximum rating achievable would be Category 3, PL d.
3. Monitoring with a standard PLC and a safety relay.
Valve integration is critical because a safety valve rated for Category 4 and a safety device rated for Category 4 will not always produce a Category 4 safe solution. The secret to achieving the desired Category and Performance Level is in the design of the safety exhaust valve and its MTTFd, the diagnostic coverage of the control system, and the proper integration and wiring of the monitoring and control system.
Several important questions should be considered when specifying a safety exhaust valve:
How quickly will the safety valve exhaust in a faulted condition? Take the time to understand the worst-case scenario; when a safety valve is in faulted condition, standard exhaust flow rates (assuming normal stop) do not apply. A valve failure can restrict exhaust flow.
What’s the valve’s B10 value? The valve’s B10 value is its life expectancy in switching cycles and is based on B10 testing (the point at which 10% of a sample lot has failed). It’s an important consideration when determining the MTTFd. The higher the quality of the components is, the longer the B10 life of the machine into which they are built will be.
How fast will the safety valve exhaust in a faulted condition? The faster the machine can stop, the closer to the machine guards, light curtains, or other presence-sensing devices can be installed. Faulted condition is the worst-case scenario that controls engineers should always work within sizing. A faster exhaust means a smaller machine footprint, saving you space and money.
A series-parallel flow design for safety exhaust valves (Fig. 4) incorporates the best of both series and parallel arrangements to maximize safety. Essentially, the two valve elements are arranged in such a way that air from inlet to outlet must go through both valves in series (as illustrated in red), but the flow path from outlet to exhaust is in parallel (as illustrated in orange).
The cross-flow technology ensures that both valve elements (redundant design) must shift to supply air downstream, and if either valve element were to be out of position with the other, the downstream air will be dumped to exhaust in parallel. This arrangement allows higher exhaust flow capability and ensures very low residual pressure during a fault, eliminating the danger of residual energy making its way into the machine.
4. Series-parallel flow design safety exhaust valves.
How is the valve monitored? To achieve the highest level of diagnostic coverage, it’s critical to employ all the best aspects of safety circuit architecture—redundancy (dual channel circuits) and monitoring to detect faults or failures in control systems and check for short circuit faults. The monitoring portion of the safety system must check to see if both sides of the valve are shifting together every time.
For example, in the new P33 valve from Parker Hannifin (Fig. 5), this is done by monitoring the condition of pressure-operated sensors in the valve. These sensors are hardwired into the controls and “monitored” by the external control system. This is generally done with most versions of safety relays and safety PLCs that can also perform pulse test monitoring.
These types of safety relays and safety PLCs make for very reliable systems with high diagnostic coverage—especially, short circuit faults in dual channel systems. The use of sophisticated controls and monitoring ensures sensors are not bypassed and the valve is functional.
5. Parker Hannifin’s P33 safety exhaust valve, designed for external monitoring, incorporates series-parallel technology for high flows and fast exhausting response with minimal residual pressure in the fault condition. A B10d of 20,000,000 cycles ensures long life. It is compatible with most brands of controls and can be used with a safety relay, programmable safety relay, or high-end safety PLC.
What is the valve’s cycle time? The objective is to pressurize the machine quickly and exhaust it even faster. A faster exhaust means a smaller machine footprint, which can save both space and money. Look at the rated time in (ms) for both on and off. The exception to this rule is the addition of a soft start, which is always recommended for ease on. Consider at what point the soft start will open to full flow based on the input pressure, then factor that into the cycle time calculations.
If the risk assessment requires a safety rating of PL c or higher for the pneumatic system, a redundant safety exhaust valve offers a simple-to-implement and cost-effective way to attain the required safety level. Take the time necessary to find a safe exhaust valve that has been designed to fit well into both mid- and high-level safety circuits to ensure the machine is properly protected.
Linda Caron is global product manager, Factory Automation at Parker Hannifin’s Pneumatic Div., Richland, Mich.