- Print
- DarkLight
- PDF
Safety Assessment
Project Number | 16049 |
Client | Strides Pharama Pvt Ltd |
Date: | 14/08/2022 |
Company: | Bector Automation RML India Pvt. Ltd. |
Revision | 0 |
Introduction to General Safety:
Where appropriate, it is intended that this equipment complies by the guidelines presented in
- AS4024 - Safety of Machinery [1]
- BS EN415-7:2006 - Safety of Packaging Machinery [2]
- ISO 13849:2006 Safety-Related Parts [3]
- and/or IEC 62061 Safety of Machinery [4]
The equipment supplied is fully automatic. With the exception of conveyors, operation and maintenance staff are only required to be exposed to moving or hazardous parts when the machine has been de-energized. For this reason, from a guarding and safety perspective, the P780 Sachet Cartoning Machine will be treated as a single safety cell. The proposed guarding is illustrated in Figure.2. Red lines represent fixed guarding solutions; associated entry points (i.e., doors) will be protected using interlock switches and are shown in yellow.
1. Electrical and Control Systems
Bector Automation RML India Pvt Ltd representatives have conducted a Risk Assessment to determine the potential hazards and risks present in the proposed machinery. The panel is provided with safety for LOTO (Lock out and Tag Out). This has led to a document which systematically evaluates each area of the machine by scoring each potential hazard with a hazard rating number, whereby the highest hazard rating number is expected to present the most severe risk.
The machinery designed is intended to be a single safety cell, so the highest scoring hazard became the driving factor for the level of protection required in this safety cell. It was determined that the Hornet robot presented the highest score, for which the required performance levels (PL) for the safety functions of safety related components was identified to be PL(d).
Bector Automation RML India Pvt Ltd current solution for safeguarding the infeed involves detection of sachets using a photoelectric sensor to ensure the opening is closed. This does not meet the requirements of cat 3, or PLd. Bector Automation RML India Pvt Ltd have adopted the guidelines presented in BS EN415-7 [2] which requests a category 1 level of protection only (ISO 13849-1:1999 [5]). The current solution incorporates a SICK photoelectric sensor which cannot be used as a category 1 device as it is not a ‘well tried component’. For this reason, SIL 2 will be targeted for these devices as per IEC 62061 [5]. From a safety perspective, SIL2 is regarded higher than category 1.
2. General requirements
As mentioned previously, with the exception of conveyors, operation and maintenance staff are separated from the moving and hazardous parts of the machine by the guard structure when the machine is energized. Access to the internal parts of the machine can only be possible when the machine has been de-energized, and the machine is deemed to be in a “Safe state”. For this reason, the safety system shall be designed and implemented to serve the sole function of de-energizing all moving or hazardous equipment when a non "Safe State" is detected.
With reference to Figure.2, and the required levels of protection (SIL 2 and PL(d)), the components required to make the safety control system will be a safety controller, safety contactors, emergency stops, door switches, photoelectric sensors and a safety air service unit. The devices within the safety control system are expected to respond, and the safety system switch, to a safe state within 0.8 seconds of any potential fault detection or safety function demand. Maximum fault detection time (i.e., determining the difference between device fault or safety function actuation) should be no more than 3 seconds. These values are determined from experience with similar machinery.
Considerations during the design phase in respect to the operating environment of the machinery were made.
- The machinery due to its function and operating environment will not be subject to shocks or vibrations.
- Electromagnetic compatibility is adhered to by installation of electrical components undertaken by qualified personnel.
- The machine is designed for a non-wash down food packing environment.
- Material selection and professional design solutions have been implemented to ensure mechanical durability.
- It is expected the machine will be operating in ambient room temperature.
Correct maintenance of machinery componentry, both mechanical and electrical is outlined in the machinery manual that is supplied with the p780 Sachet Cartoning machine.
Above and beyond the manufacture certifications of the devices used, correct installation and implementation of devices must be adhered too. Fault detection should cover, but is not limited too
- Cross circuits
- Short circuits
- Open circuits
- Cross terminals
2.1 HAZOP
HAZOP, or a Hazard and Operability Study, is a systematic way to identify possible hazards in a work process. In this approach, the process is broken down into steps, and every variation in work parameters is considered for each step, to see what could go wrong. Please refer the below attachment for HAZOP Document.
2.2 Safety Controller
Note: Click on the Image for the Component Manual
A safety controller will be used to operate the safety system. The safety controller will provide an interface for all the safety control devices. If any of the devices show faults or are in an un-safe state, the safety controller will proceed to remove all energy from the machine. Manufacturer specifications make the chosen safety module suitable for the current situation in terms of the levels of protection required. Table.3 below shows the safety controller components
Table.3: Safety controller part data
Description | Part No. | Quantity | Target PL |
Safety Controller | 1734-AENTR | 1 | d |
2.3 Safety Contactors
Note: Click on the Image for the Component Manual
Safety contactors are used to isolate power to specific devices within the machine. The safety contactors work in conjunction with the safety controller, so that when an un-safe state is detected by the safety controller, the safety contactors work to isolate all relevant devices to allow the machine to reach a safe state. Below are the part details and a reliability block diagram (RBD) of the safety contactors to demonstrate the required architecture.
Table.4: Safety contactor part data
Description | Part No. | Quantity | Target PL |
Schneider Safety Contactors | LC1D18BD | 1 | d |
2.4 Emergency Stops
Emergency stops are located in the most practical places around the machine. Practical places are often driven by such factors as
- At control points (i.e., below the Operator panel)
- In areas to ensure that no matter where an operation staff may be located, they can easily get to an emergency stop position
- Near any potentially hazardous points
Direct guidelines are also used to place emergency stops such as that specified in BS EN 415 [2]. For example, these are relating to distances from conveyor guard tunnel openings and distances between emergency stops. The safety function of the emergency stop is to divert the safety system to an unsafe state when activated and in turn completely de-energise all machinery. Below are the part details and a reliability block diagram of the emergency stops to demonstrate the required architecture.
Table.5: Emergency stops part data
Description | Part No. | Quantity | Target PL |
Schneider E-Stop | ZBE-102N | 4 | d |
2.5 Door Switches
Click on the Image for the Component Manual
Doors are designed to restrict access into all areas where there is potential for contact with moving machinery. Access to these areas should only be allowed when the motion has stopped. All equipment is energized via the safety circuit; therefore, the safety function of the door switches is to identify access to these areas is possible by turning the safety system to a non-safe state which in turn de-energizes all machinery. Below are the part details and a reliability block diagram of the door switches to demonstrate the required architecture.
Table.6: Door switch part data
Description | Part No. | Quantity | PL |
Safety Door Switch | i10-E0354 | 10 | d |
2.6 Photoelectric sensors
Click on the Image for the Component Manual
The opening at the case blank in feed is guarded by the case blanks. The photoelectric sensor detects the case blanks are in position. If the case blanks are not detected by the sensor, the machine is regarded as being in an unsafe state which is signaled to the safety controller. The reliability block diagram illustrates the architecture of this set-up.
Description | Part No. |
Photoelectric sensors | GTB6-P4231 |
Table.7: Photoelectric sensor part data
2.7 Safety Monitored Air Service Unit
A number of the moving parts within the machinery supplied are pneumatically operated. Actuation of these pneumatic devices are electrical, however the energy associated with the mechanical movements is pneumatic. As mentioned previously, to ensure complete de-energizing of the equipment, all pneumatic devices must have their energy removed. A safety monitored dump valve is expected to achieve this if signaled to do so by the safety controller. Below are the part details and a reliability block diagram of the safety dump valve to demonstrate the required architecture.
Description | Part No. | Quantity | PL |
Pressure Switch with Filter | AC40-X5X1853 | 1 | d |
Table.8: Air service unit part data
2.8 Safe Torque Off
The Main Drive mechanism within the machine is operated by servo motor for speed and precision control. In this p780 Sachet Cartoning Machine, a Kinetix 5500 drive is used to control the operation of this motor.
The Kinetix 5500 drives have a “Safe Torque Off” feature which is able to internally, and with sufficient reliability, isolate the connected servo motor in the event a “not safe state” is detected by the safety controller. The Safe Torque Off feature of these drives has a safety rating of PLd, Cat 3, SIL 2 [8]. While the response time of this feature is less than 12 μs , it only provides a means to isolate the power to the motor; it does not ensure the motor has come to rest.
3. Validation
Upon completion of the design and manufacture of this equipment, the design of the safety related parts of the control system shall be validated by a third party in accordance with AS 4024 [1], ISO 13849 [3] and/or IEC 62061 [4]. This document will form the basis for the validation by identifying the safety functions affecting the machinery supplied by Bector Automation RML India Pvt Ltd.
4. Conclusion
Strides Pharma Pvt. Ltd. is a manufacturer of products. Bector Automation RML India Pvt Ltd has been tasked to provide an automated solution that will replace the current manual case packing on their Packing Line. The proposed solution is an adjustable rml p780 Case Packer to suit a number of packaging formats.
The scope of the project required a number of safety standards be adhered to, in particular AS4024 [1], BS EN415 [2], ISO 13849 [3] and IEC 62061 [6]. The machine is designed to be fully automatic; therefore, where permanent guarding is not practical, control systems are used to safeguard operation staff from any identified hazards (Appendix.1). The degree of safeguarding for this control system was determined to be PLd by systematic analysis using the Risk Analysis assessment with the exception of the case in feed which is to be designed in accordance with BS EN 415 [2] and have a SIL2 level of protection. The safety system implemented will serve the sole function of de-energizing all conveyor motors, servo motors, pneumatic cylinders in the event of an un-safe state. Because the machinery is fully automatic, the unsafe state is when operation staff can be exposed to any moving parts. It is required that the safety control system be validated upon completion of design, manufacture and assembly. Validation will be carried out internally by a person independent of the design of the safety systems.
5. References
[1] Standards Australia Committee, 2006, AS 4024.1 2006 Safety Of Machinery
[2] European Committee For Standardization, BS EN 415-7:2006 +A1 2008 Safety Of Packaging Machines
[3] ISO 13849:2006 Safety Of Machinery – Safety-related parts of control systems
[4] IEC 62061 Safety of machinery - Functional safety of safety-related electrical, electronic and programmable electronic control systems
[5] ISO 13849:1999 Safety Of Machinery – Safety-related parts of control systems