Today is...
Sunday, April 30, 2017
The Automation Safety Community Forum.
E-Stop Regulation: Hardwired vs. PLC Controlled
Is there a law or regulation that clearly states that you are not allowed to use a PLC to execute a E-stop procedure?

In a standard liquid processing application (a few pumps and valves), are you allowed to use standard PLC logic to execute a E-Stop procedure?

Is there a law or regulation stating that you have to use hardwired logic or an approved safety PLC/relay to execute this procedure?

Any advice or direction on this matter would be appreciated.

By Bob Peterson on 15 January, 2016 - 12:59 pm

I would suggest this. The first thing that has to be done is a risk assessment. That will tell you what level of safety is required.

My opinion is that very few of the applications you describe need an actual emergency stop.

I think this thread will give you some useful information

http://control.com/thread/1427995430#1427995430

Gerald Beaudoin

Typically, if the equipment can be run in hand at the starter or vfd, then the e stop needs to be hardwired. If it runs only automatically, then the plc can e stop it.

By James Ingraham on 18 January, 2016 - 11:11 am

> Typically, if the equipment can be run in hand at the starter or
> vfd, then the e stop needs to be hardwired. If it runs only
> automatically, then the plc can e stop it.

I vehemently disagree with this assessment. A system is not safe just because I removed the hand function. Whether or not a PLC is sufficient to handle emergency stop is a question of the hazards, not of how many buttons the operator has access to.

-James Ingraham
Sage Automation, Inc.

By James Ingraham on 18 January, 2016 - 11:02 am
1 out of 1 members thought this post was helpful...

"...are you allowed to use standard PLC logic to execute a E-Stop procedure?"

Short version: No.

Longer version: Maybe. For the equipment I work with, there is a procedure called a risk assessment. This is defined in ISO 14121-1 and called out in ISO/EN 13849. These are standards covering machinery, so they don't necessarily apply to a system with pumps and valves. There are, however, similar standards, including things like SIL. If your risk assessment shows that the hazards are low enough, simple PLC control could be sufficient.

There are PLCs and other programmable controllers that are safety rated. For example, the S7 PLCs from Siemens have an option of a safety-rated controller, and Allen-Bradley has the GuardLogix version of the ControlLogix processor. There are also dedicated programmable controllers, such as Banner's SC26 or Sick's FlexiSoft. Note that these still must be used properly to meet safety guidelines.

"Is there a law or regulation stating that you have to use hardwired logic or an approved safety PLC/relay to execute this procedure?"

Quite a few, actually, and they vary by region, application, and other factors. There is not, however, one easy place to look. The aforementioned ISO/EN 13849 is an example. Annex B to the ANSI/RIA R15.06-2012 lists 20 different safety standards that apply to industrial robots. There is no easy answer to your question. You didn't even specify what country you're in. The US and Europe share a lot of the standards, but even then there are discrepancies. Really, an expert in the country and application would have to point you to the relevant standards. At the bottom of page 2 of this PDF, 4 relevant standards are listed that relate to E-Stop. None of them are the ones I've already mentioned.
http://literature.rockwellautomation.com/idc/groups/literature/documents/wp/800-wp008_-en-p.pdf

"Any advice or direction on this matter would be appreciated."

Safety is a very difficult area to give advice on. Aside from the legal liability that I might incur if I recommend something to you, safety is complicated. If you're pumping radioactive waste, the system has completely different safety requirements than if you're pumping potable water. Water fountains don't normally have an e-stop, but a hydraulic lift does. Even hard-wiring your e-stop string isn't necessarily sufficient. You may need redundant input channels and / or redundant safe-off states. There are too many variables to give a reasonable answer.

Back to the short version. If your application is simple enough, you might as well hard-wire it. If your application is so complex you feel it needs to be implemented in software, get a safety-rated controller. Either way, do a risk assessment and decide how you will minimize those risks. Then choose components that are rated for handling that level of risk.

-James Ingraham
Sage Automation, Inc.