Making Sense of Control Reliability – The Basics
Hard guarding alone does not ensure a safe machine operation. With access needed to perform maintenance, often times for set up or to remove a jam, how can safety be ensured? By incorporating the appropriate safety devices and integrating methods into the machine controls, the Operator can be kept away from the hazard while allowing productive safe access to the process.
Control Reliability is a complex subject and difficult to understand since regulations are relatively new. That said, multiple blogs will be utilized to get into the details, but let’s start with the basics.
Definition:
Control reliability is the capability or portion of the machine control system that prevents a hazardous condition from occurring. More specifically, control reliability is machine safeguarding, utilizing safety rated control components and related interfacing to achieve a safe state even in the event of a fault within their safety related functions.
Some of the basics include:
No single device or wiring fault can cause an unsafe condition.
Control Reliability cannot be ensured using traditional PLC’s, Safety rated controllers and devices must be integrated.
Devices and control systems need to be designed to fail in the safe condition.
Circuit redundancy of input safety devices (E-stops, gate switches, light curtains, scanners, etc…) and output controls (motor starters, hydraulic / pneumatic solenoids, etc…) is required to avoid a single point failure causing an unsafe condition.
Monitoring of the dual inputs compensates for shorts, broken wires or failed devices.
Safety Devices must comply with standards to ensure adequate diagnostic coverage, component failure rates, avoidance of common cause failures and meeting the maximum performance levels.
Devices must be designed and installed to avoid the ability to by-pass their operation.
You have likely heard of various Control Reliability Categories under the ANSI B11.19 Standard.
The basic description of each category is as follows:
CATEGORY B:
Safety related parts of a machine control systems and/or their protective equipment, as well as their components, shall be designed, constructed, selected, assembled and combined in accordance with relevant standards so that they can withstand the expected influence.
When a fault occurs, it can lead to a loss of the safety function.
Category B in itself has no special measures for safety but it forms the base for other categories.
CATEGORY 1:
Includes the requirements under Category B along with the use of well-tried safety components and safety principles.
This Category has a higher safety reliability of the safety related function. The higher the reliability of the device, the less the likelihood of a fault.
Primary increase Control Reliability through the selection of components, moving closer towards the prevention of faults.
CATEGORY 2:
Includes the requirements under Category B along with the use of well-tried safety components and safety principles.
In addition, the safety function(s) shall be checked at machine start-up and periodically by the machine control system. If a fault is detected, a safe state shall be initiated or if this is not possible a warning shall be given.
The loss of a safety function is detected by the check. The occurrence of a unknown fault can lead to the loss of safety function between the checking intervals.
Primary increases Control Reliability through the selection of components, moving closer towards the prevention of faults by the structure of the safety control system.
CATEGORY 3:
Includes the requirements under Category B along with the use of well-tried safety components and safety principles.
The system shall be designed so that a single fault in any of its parts does not lead to the loss of a safety function.
When the single fault occurs, the safety function is always performed. Some but not all faults will be detected. An accumulation of undetected faults can lead to the loss of safety function
Primary increases Control Reliability through both the selection of components and the prevention of faults by the structure of the safety control system.
CATEGORY 4:
Includes the requirements under Category B along with the use of well-tried safety components and safety principles.
The system shall be designed so that a single fault in any of its parts does not lead to the loss of safety function. The single fault is detected at or before the next demand on the safety function. If this detection is not possible then an accumulation of faults shall not lead to a loss of safety function.
When the faults occur, the safety function is always performed. The faults will be detected in time to prevent the loss of safety functions.
Primary increases Control Reliability through both the selection of components and the prevention and prediction of faults by the structure of the safety control system.
The necessary category depends upon the risk assessment (Likelihood / Consequences), the nature of the process and complexity of the device or control system. The higher the category, does not always mean it provides the best protection. The categories provide a description of the functional performance of the entire safety system including the methods and devices incorporated.
Primary Regulating Standards:
OSHA 29 CFR 1910, Subpart O – Machinery and Machine Guarding
ANSI B11.19 – Performance Standards for Safeguarding - Control Reliability
ISO 13849 – Safety of Machinery
NFPA 79 – Electrical Standard for Industrial Machinery