Making Automation Safe or Automating Safety?

This is the question in many automation engineers’ minds. It is not arguable that a highly automated plant floor process produces higher productivity, improved quality and lower operational costs, but if human safety risks are not mitigated well in advance, serious downtime costs could be incurred not to mention human injury or death. With increasing islands of automation throughout the automotive plant floor, so is the complexity of the manufacturing process and therefore, safety needs to be an integral part of the entire process.

In the past, due to high costs of implementation and no clear understanding of the direct correlation between production safety with quality and productivity, automakers and machine builders employed only limited safety systems in critical areas.

Machine safety was primarily a group of “safety relays” to protect working personnel from injury or death. Safety relays have been and continue to be used in many applications and in many parts of the automotive world. Given the many complexities of hard-wiring ‘logic’ into these relays, it would typically take very large panels to implement a ‘fail-safe’ sequence. The next major hurdle was the large runs of hard wiring from point to point to the PLC and also to the safety relays. And, if that was not enough, if any logic had to be changed due to line changes or process variations, the hard-wiring had to be redone.

In recent years, safety standards have changed in Europe and North America to help facilitate the proliferation of safety systems down to all levels of manufacturing. This has primarily been due to safety-rated controller devices sitting on a separate bus network and eventually to Intelligent Safety Networks (or ISNs) which reside side by side with the control networks or sometimes are simply an “overlay” on the same control system.

The global standardisation and harmonisation (though each country has some variances) has paved the way for the development of ISNs such as ProfiSAFE, DeviceNet Safe and ASi Safety at Work. These are redundant fail-safe extensions of existing device level networks such as Profibus, DeviceNet and AS-i. There are safety extensions of other networks also including SafetyBus p. While SafetyBus p is also a safety network, the similarities end there. With SafetyBus p, the system must operate as a separate safety network using a dedicated safety PLC. Though this is a far improvement over hard wired safety relay-logic, the real benefit is the ability to integrate the safety network architecture on the same CPU as the control system running the machine or plant.

This allows the ability to integrate data traffic from all the safety devices such as safety mats, interlocks, cable-pull switches, safety light curtains, e-stops and others with standard devices such as proximity sensors, photoelectric and limit switches and others on the same network (ISN) using a single safety PLC.

Automakers such as GM, BMW, Daimler-Chrysler, VW-Audi along with machine suppliers such as KUKA, Durr and others who were some of the early adopters were quick to realise that the deployment of ISNs can positively affect their profitability not to mention the total cost of ownership (TCO), return on assets (ROA) and overall equipment efficiencies (OEE). Each realised it in varying degrees and in various adaptations but the benefits were becoming increasingly ‘tangible’. Automakers were interested in reducing unscheduled “downtimes” and improvements in productivity while machine suppliers benefited from reduced programming time, wiring and commissioning and debug times. Some examples of actual savings:

• KUKA estimates labour savings of at least 30% while installation time was reduced by 25%
• In several Paint Shop expansions, BMW measured installation savings terms of weeks with little or no disruption to regular production
• Opel in several installations realised not only instant savings but tremendous flexibility to adapt and migrate from existing systems. This alone was realised in 100s of hours of hard-wired changed that were avoided with software programming
• Durr systems experienced commissioning and start-up time reduce from about 2 weeks to 36 hours

ISNs available today in the market meet the highest Safety Integrated Levels (SIL). This is the SIL3 level approved by the International safety standards. That means that the probability of a dangerous failure is 1 in 100 million per hour. What this means is that the user can diagnose problems more intelligently which helps reduce downtime and improved uptime. ISNs offer some ‘built-in’ benefits:

• Return a machine process to the safe-mode almost immediately (within 5-10ms) if any of the preset conditions are violated or defeated
• Significant improvement in diagnostic information with the ability to pin-point the exact fault mode and location
• Systematic machine maintenance to prevent unscheduled downtime
• Adherence to safety standards and compliance to improve Operational Excellence (OpX) and safety
• Offer significant flexibility than conventional hard-wired safety logic systems to shutdown individual zones in a cell while leaving other parts of the plant or machine operational
• Embedded protocol allows proliferation from sensors to motion control

The cost aspect

We have moved from hard-wired safety relays to safety controls where a dedicated PLC was used to monitor safety systems to an Integrated Safety PLC which performed dual functions of control and safety on a single architecture. Though the costs of a typical Integrated Safety PLC is about 25-30% higher over a comparable standard PLC, real time experiences shared by integrators and end user implementers claim that the net hardware costs of an Integrated Safety PLC is about 10% of the whole project. This, according to machine builders and automakers alike, is outweighed by the reduction in design, flexibility in expansion/change, commissioning, considerable wiring and installation time savings, predictive maintenance, reduced downtime and most of all improved workplace safety which ultimately leads to significant productivity gains. And that goes to the bottom line!

What next

The next evolution is the migration of safety to Ethernet based networks. Both Profinet and Ethernet/IP have released protocol and application layer standards to implement. This will further improve productivity gains while also providing other benefits. Of course, the increased use of ISNs also increases the need for:

• Upfront engineering
• Careful planning of components and operating systems to ensure interoperability and system integrity
• Migration paths for legacy systems already in place
• Compliance to local standards as machine builders and auto makers truly operate globally

The drive from GM, DCX, BMW and others for emerging communication, control and safety technologies continue to reduce safety-related control system costs while providing faster deterministic response times of around 10ms; while still maintaining network communications for diagnostic and data reporting schemes. Companies such as Woodhead are currently working on decentralised and distributed safety I/O bus network modules that will enable standard PLCs to safely control decentralised safety-rated outputs, directly without a safety PLC or controller.

Other advancements resulting in significant savings come in the harmonisation of Power, Control and Safety on a single “cable”. Add to this the migration of “wireless” devices on the factory floor in the next 3-5 years will further reduce the need for conventional high copper-based wiring. Though there are installation and implementation challenges, the use of integrated Fiber and Power over Ethernet (PoE) adaptations for discrete devices, are major driving forces that can provide solutions.

So why are companies like GM and others insisting on ISNs by 2009? 
For GM, the ROI of replacing traditional hard wired safety systems is significant. They expect and have realised in some cases:

• Reduced hard-wiring by as much as 50% and long cable runs through plug and play cordsets, thereby also reducing costly wiring errors
• Reduce operators in safety operations as much as 75%
• Significantly less plant space with smaller cabinets and hardware
• Flexible architecture allowing the Automaker to reconfigure or implement multiple safety control strategies
• Monitoring safety and non-safety devices while recording diagnostic information to include device parameters, preventative maintenance data and other error conditions allowing quick problem isolation and resolution
• Remote maintenance tracking and monitoring without interrupting the communication backplane (security risk) through the advent of Ethernet based ISNs
• Selectively shut down sections or entire portions of a machine or cell based on the complexity or simplicity of the error condition; Present error conditions can further be altered easily and quickly through the use of software sequence as opposed to time consuming hard-wired logic needed in safety relay implementations

So let’s try to answer the original question now. Do we make automation safer or automate safety?

The answer is we are doing both and must do both. Automation is here to stay for reasons obvious to all of us. And in order to reap the benefits of automation, we must never lose sight of the fact that if every safely designed machine and well trained operators prevent at least one accident or human error, the added costs for the safety equipment will pay for itself many times over and increase overall employee morale and productivity.

In closing, in our quest for making automation safer for humans, we are seeing the convergence of yet another adaptation of automation. Safety is itself being automated to further prevent human error and ensure compliance while increasing plant efficiency, repeatability of productivity gains and overall operational excellence. The true magic of automation!

Keywords: Automating Safety, Safety Standards, Intelligent Safety Networks (ISNs, DeviceNet Safe, ProfiSAFE, KUKA, Equipment efficiences, Safety Integrated Levels (SIL)