As part of the ongoing movement to make the industrial world a safer place, networked (or bus-based) safety systems may finally be getting the respect they deserve. An evolution of sorts is occurring as global safety standardization takes hold and the functional safety approach is taught, specified and implemented by more and more companies. That is helping safety networks become not just feasible, but more and more desirable—particularly in North America.
“Penetration of safety networks in North America is low, but growing quickly,” says Tom Knauer, vice president of marketing for machine automation supplier Omron STI, Fremont, Calif. (www.sti.com). “This is driven by broader acceptance of European standards and/or consolidation of standards on a global basis, along with the need for North American machine builders to deliver machines with safety to European customers.” From his perspective, the top applications where safety networks are used are packaging, control, machine tools, robots, general machinery and electronics.
John D’Silva, spokesman for the factory automation division of Siemens Industry Inc. in Norcross, Ga. (www.totallyintegratedautomation.com) says in North America more than 50 percent of Siemens customers are using safety networks—primarily ProfiSafe and ASI Safe—and “the percentage is rapidly growing. The percentage of safety network users in Europe is considerably larger, as safety is a necessity as per their regulations.” He says the top three industries using safety networks are automotive, food and beverage, and material handling.
In the discrete manufacturing arena, the advantages of safety networks are many, says Joey Stubbs, North American representative for the EtherCat Technology Group (www.ethercat.org) in Nuremberg, Germany. “OEMs and machine builders that use a bus-based, or more specifically, a fieldbus-based safety system such as EtherCat’s Functional Safety over EtherCat (FSoE), benefit from a dramatic simplification of machine wiring, since the safety system communication is ‘piggybacked’ on the already installed fieldbus as well as other advantages.”
D’Silva notes that the benefits of safety networks include the following: larger numbers of safety devices such as failsafe motor starters and safety drives can be put on the network; more and better diagnostics that provide a direct and positive impact on reducing downtime; a large amount of safety data can be passed over the network in a failsafe way; and better support for wireless safety, including mobile HMI panels with E-stop functionality.
Perceived disadvantages of safety networks typically have to do with resistance to change, the time to learn new tools or “fundamental misunderstandings of how functional safety systems work, behave and communicate,” Stubbs says. “Once the users become aware of and understand configurable functional safety and its clear advantages, it usually becomes a ‘pull’ rather than a ‘push’ to implementation.”
Knauer said recent talks with Omron’s North American sales channel and customers about safety networks revealed that “approximately 10 percent of our customers are using safety networks today, and around 25 percent plan to use them within three years. Customers cited their top needs and/or reasons for interest in a safety network were cost reduction, easier troubleshooting, integration with non-safety, better diagnostics, modularity/flexibility and reduced wiring. Knauer said the most commonly mentioned networks were (in rough order of preference) EtherNet/IP Safety, DeviceNet Safety, EtherCat Safety, ASISafe and ProfiSafe.
Machine safety standards
It’s often the machine builders more than end users in discrete manufacturing industries who are affected first by the global move toward functional safety and the evolution of safety networks. Global safety standardization efforts attempt to harmonize U.S., European and Asian safety standards under the rubric of functional safety.
EN ISO 13849-1, maintained by CENELEC (European Committee for Electrotechnical Standardization) is the most important standard for regulating the basic principles and performance required of a safety control system for machines and devices. Although the ultimate responsibility for machine safety has rested with the end user, that responsibility shifted to machinery OEMs as of January 1, 2012. That is the date when machine builders and integrators must use EN ISO 13849-1:2008 to prove presumption of conformity with the European Union’s Machinery Directive; the previously-used machine safety standards EN 954-1:1996 and EN ISO 13849-1:1999 can longer be used for this purpose.
Functional safety depends on a system’s or machine’s ability to operate correctly in response to its inputs, and it marks a transition from a qualitative approach of applying safety to a probabilistic approach. The latest version of ISO 13849-1 combines the deterministic features of EN 954-1’s categories with the probabilistic and systematic design consideration of IEC 62061 (promulgated by the International Electrotechnical Commission) to create a functional safety standard.
Dr. Thomas Sebastiany, chairman of the technical commission and member of the managing board of the AS-International Association (www.as-interface.net) in Gelnhausen, Germany says, “European users had more than two years to prepare for ISO 13849, which is now a truly global standard, and we consider it a huge step in the right direction: Machine builders have to consider only one set of rules. This is a real breakthrough for component suppliers like Pepprl+Fuchs too. With ISO 13849 being adopted in all geographic regions, product development will be simplified, faster and ultimately less costly.”
AS-Interface Safety at Work is a serial safety network based on the open, multivendor AS-Interface specification. “Generally speaking, the AS-Interface community believes that Ethernet is going to be the number one upper-level communication platform connecting PLCs to PLCs and PLCs to data management systems. This is clearly demonstrated by looking at the sales figures for AS-Interface solutions running as part of an Ethernet backbone compared to those running under a DeviceNet infrastructure,” Sebastiany says.
Kevin Colloton, safety technology manager for Rockwell Automation (www.rockwellautomation.com), Milwaukee, says the majority of Rockwell’s customers use unmodified EtherNet/IP, ControlNet and DeviceNet automation networks for their safety communications. These networks support Common Industrial Protocol (CIP), an application protocol for industrial networking that is independent of the physical network. “CIP Safety allows safety devices to coexist with standard control devices on the same CIP network with or without a programmable safety controller. It also helps ensure the integrity of the safety control loop and helps guarantee that it will not be affected by standard control devices,” he explains.
Process industry safety
Process industry users can have a very different approach to safety networked systems—and very different standards driving them—but the global move toward functional safety has had an effect as well.
According to a spokesman for Honeywell Process Solutions (www.honeywellprocess.com) in Phoenix, Ariz., “Major global [process industry] companies have already been using functional safety for years; these companies have clear philosophies and safety procedures in regard to the implementation and usage of certified safety solutions. With the changing and more stringent American standards in the United States, we see a larger adoption of functional safety and certified safety products in other fields of application, such as burner management systems, fire and gas and others.”
Click here for a brief look at safety protocols and the industrial networks they are associated with.
There are two primary standards for safety related systems in process industries: IEC 61508, which has seven parts and covers functional safety of electrical, electronic and programmable systems, and IEC 61511, which has three parts and covers functional safety of safety instrumented systems (SISs). IEC 61508 covers manufacturers and suppliers of devices, while IEC 61511 covers safety instrumented system designers, integrators and users. Products certified to these standards gain a safety integrity level (SIL) rating. SIL is often used as a synonym for functional safety.
Safety Integrated Systems
The IEC 61511 standard applies only to the functioning of the individual devices used in safety instrumented systems, and the SISs themselves are subject to additional standards. Triconex SISs from Invensys Operations Management (iom.invensys.com) in Plano, Texas, for example, are periodically enhanced to comply to the latest process safety standards, as well device safety standards, according to Al Fung, product marketing manager.
In the process industries, the safety networks are traditionally proprietary, and often separate from control networks. Triconex safety shutdown and critical control systems link multiple safety networks within a closed and dedicated peer-to-peer safety network. “Peer-to-peer safety networks provide a more secure way to exchange interlock signals and critical data between safety systems and at a lower cost than hard wiring,” says Fung. “For critical applications that require continuous monitoring, we continue to recommend [safety] network segregation. This also avoids network overload, which can cause degradation in data transfer speeds typically found in bussed network topology.”
Similarly, the Honeywell philosophy is based on operational integration, yet segregated hardware. “With regards to I/O safety buses, we have the same philosophy in that we would recommend dedicated safety buses rather than sharing non-safety related control devices and safety devices on the same bus.”
Safety networks can use general-purpose (non-proprietary) safety protocols like ProfiSafe and Foundation Fieldbus-SIS as well. FF-SIS is a new protocol that was successfully prototyped in 2007 by Honeywell and other distributed control system and instrumentation vendors. Fieldbus Foundation (www.fieldbus.org) administers FF-SIS, which is a device-level safety standard.
Larry O’Brien, Fieldbus Foundation global marketing manager, says user interest in FF-SIS “was strong from the likes of Saudi Aramco and others, but the recession of 2008 slowed product development to a crawl. Now, in 2011, development is ramping back up and I expect that by the end of the year you’ll see the first products come available.”
The smart SIS from Emerson Process Systems (www.emersonprocess.com) in Austin, Tex. takes advantage of the company’s PlantWeb technologies, including intelligent field devices, predictive diagnostics and digital communications. Emerson says its systems offer “easy IEC61511 compliance” through, among other things, TÜV certification for use in SIL 1, 2, and 3 applications and TÜV certified safety function blocks that simplify safety-logic development.
And what role do standards and certifications play in the adoption of safety networks? Mike Miller, FS TÜV expert, global safety market development, Rockwell Automation, says, “The role of standards varies throughout the world, but compliance is important everywhere. The ability to demonstrate due diligence in safety system design is important from a legal and employee-morale perspective. Compliance with safety standards can also make safety system designs more straightforward.”
TÜV Rheinland Group (www.tuv.com), based in Berlin, Germany is a global certification organization that documents the safety and quality of products, systems and services. The main task of its Automation, Software and Information technology
(ASI) business unit is the testing of electrical and electronically enabled equipment that is used in safety-related applications. Additional activities for functional safety include:
- Certification of Functional Safety Management Systems for manufacturer, system integrator, end user according to the requirements of IEC 61508 / IEC 61511.
- Certification of Functional Safety Experts and Engineers according to the TÜV Functional Safety Program.
- Support regarding understanding and interpretation of Functional Safety requirements.
- Certification of Safety Instrumented Systems in the process and machinery industry.
Underwriters Laboratories (UL) based in Northbrook, Ill. is a global standards organization that does IEC 61511 certification (www.ul.com/functionalsafety). It offers component or product certification in accordance with the principle functional safety standard IEC 61508, making sure that this is suitable for applications in accordance with IEC 61511. It can also evaluate and certify a complete safety instrumented function.
Emerson Process Management used the Technical Research Institute of Sweden (SP, www.sp.se/en), another standards group, for its certification of the Rosemount 5400 Series of 2-wire, non-contacting radar level transmitters. The transmitters were evaluated in accordance with IEC 61508 and now come with the required Failure Modes, Effects and Diagnostic Analysis (FMEDA) report. This FMEDA report, for example, with Safe Failure Fraction (SFF) over 80%, shows SIL 1 suitability with a HFT (Hardware Fault Tolerance) of 0 or SIL 2 suitability with a HFT of 1 or with proven-in-use demonstration according to IEC 61511 (type B subsystem).
A number of other vendors offer safety assessment services and online tools. For machine builders, Siemens provides a free Safety Evaluation Tool for the IEC 62061 and ISO 13849-1 standards. This TÜV-tested online tool supports “the fast and reliable assessment of your machine’s safety functions. As a result, you are provided with a standard-compliant report, which can be integrated in the documentation as a proof of safety.” Siemens applications engineers and a “Safety Core Team” provide guidance to customers with their safety applications.
No matter where you are in the world, resources and advice on implementing safety networked systems are available.