In this post, we will be talking about some of the configurable safety systems available for the largest US companies. Each company I have been a part of seeks safety systems capable of meeting regulatory safety guidelines. This important to keep the employees safe and productive.
Configuration and Verification
It is important to the overall safety of the system that verification is completed, documented and verified at regular intervals. This prevents accidental or intentional changes that would be detrimental to the safety of workers using the system.
Fanuc DCS – Once configured it is possible to generate a safety signature that can be put into the module configuration properties. This means that if the signature in the robot changes (does not match what was previously set up), the PLC will stop communicating with that robot. In order to recover, the programmer must put the new hexadecimal signature in the safety module to re-establish communication.
Motoman FSU – Once configured, the system will generate a signature for each individual safety type (joint limit, range limit, etc). There currently (JUL2018) is no current overall signature for the entire safety system, that can be cross-checked by the PLC. Currently, al verification of the safety integrity must be done manually by verifying that current signatures match original in the robot systems. This can be done through backups to retrieve the files.
Every major robot manufacturer should have some form of EthernetIP® Safe or ProfiNet® Safe that controls the Safety Inputs and Outputs. This is generally done with the robot as a safety module that the PLC communicates with and monitors the status of to confirm safe condition. These systems MUST include a modeled tool with parts in order to be safe and effective.
Fanuc DCS – Allows for the use of monitoring of individual zones through Joint monitoring and Cartesian position monitoring. Safety Inputs can be used to enable or disable other zones. This can be used for speed limiting or zero speed monitoring for collaborative applications.
Motoman FSU – The same zone and joint monitoring can be achieved. The ability to enable and disable zones with safety rated inputs is also achievable. The limiting factor of the Motoman FSU is that the processor can only handle a certain number of zones before running out of memory. 6 Rectangular safe in zones is the current maximum as of the DX200.
The key takeaway, I think is a third-party validation of safety systems. This system is only as safe as it is designed to be and with the constantly evolving requirements of robotic systems it is important to make the systems as hard as possible to be overridden. Test pulsing of safety rated inputs is important to preventing maintenance to jump safety circuits. A company not involved in the installation or production of the parts should conduct the validation to ensure that the safety of the system is being tested thoroughly and without bias to the safety standard (SIL3 or SIL4).