Contact US

Log In

Come Join Us!

Are you an
Engineering professional?
Join Eng-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Eng-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Looking for advice on a validation procedure for E-Stop buttons tied to a safety PLC.

Looking for advice on a validation procedure for E-Stop buttons tied to a safety PLC.

Looking for advice on a validation procedure for E-Stop buttons tied to a safety PLC.

Hello, I am working on a small to medium-sized automation system, and I am currently writing the commissioning procedures, particularly ones related to functional safety. I am somewhat new to it.

The procedure I have written out is based on some examples I found while searching the internet, and that I have done in the past. Basically:
1. Verify the system starts and cycles normally.
2. Press the E-Stop button.
3. (In my case, the system will already be stopped when the button is pressed, as it is not healthy to E-Stop it repeatedly) Verify that the system cannot be started.
4. Verify that the UI shows an E-Stop state.
5. Release the button.
6. Verify that the system cannot be restarted.
7. Press the reset button.
8. Clear faults, verify that the system can be restarted.

We are using a safety PLC with an AS-i network, so it is somewhat of a black box in terms of E-Stop logical chain. For example, I don't really know if the right bits have been set, or maybe the PLC just issued a soft stop but never pulled the motor contactors. Or maybe it is being done in standard logic. Maybe that is all overthinking it?

My questions are:
1. Does this basically just come down to reviewing and documenting PLC code? Is it typical to keep track of program hashes to make sure you've got the right program (or whatever Siemens uses as a checksum)?
2. Is it typical to take a multimeter to check that the contactor coils are deenergized?
3. Is passing the purely function test typically considered sufficient.

I often see a lot of answers pointing back to the risk analysis, but I feel like the RA is never detailed enough to give specific answers like that. Our system is not especially dangerous, our systems are designed to PLd.

Thank you for reading my long post!

RE: Looking for advice on a validation procedure for E-Stop buttons tied to a safety PLC.

It is normal to make sure the right things are happening in the right way. Robot teach pendants should report "external emergency-stop" or some such wording, servo drives should report "safe torque off", pneumatic valves or manifolds should report that their solenoid power is switched off, etc., and all of this depends on what types of devices you have in the system and what information you have available from them.

A purely observational function test may or may not be sufficient depending on what's in the system. If all you're looking at is that (let's say) a motor is stopping, you don't know whether that's because the drive went into "safe torque off" as commanded by the safety system (correct), or someone just removed a non-safety-rated enable or run signal through non-safety-rated logic or software (normally incorrect if the system design and risk assessment demands higher integrity).

Safety PLCs generally have a safety signature, or checksum, or configuration report, and the logic can generally be locked and password-protected, and of course with a backup copy somewhere. Just make sure there's a plan for what happens when something blows up at 3 AM some day. But, the only recent project I've had that involved ASi involved ripping the ASi out and upgrading that part of the system to CIP ethernet which the rest of that system uses.

RE: Looking for advice on a validation procedure for E-Stop buttons tied to a safety PLC.

Normally when I make a safety control in safety circuit or demand one from a supplier I check the drawings so it dubbel channel and that there is feedback on what breaks up the power.
That the hardware setup in the safety PLC on the I/O cards are setup correctly with short circuit monitoring etc.
And that the right blocks are used.
Every channel is checked separately, the only thing I do not check is the short circuit monitoring because I assume this is done by the product manufacturer on a new safety product.
In principal I check every singel fault that can arise in the system and that the right reset is used for the correct circuit, and that the feedback signals are functioning and correct.

A machine that is constructed in a way that you think you might break it if you use the emergency stopp would not meet the requirements here in Europe.

“Logic will get you from A to Z; imagination will get you everywhere.“
Albert Einstein

RE: Looking for advice on a validation procedure for E-Stop buttons tied to a safety PLC.

Items 3 and 4 seem problematic

3) You cannot prove that the system got stopped by E-stop if it was already stopped
4) Not only should you know that E-stop was activated, you should prove that it did what it was supposed to do, i.e., motors and actuators stopped.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! https://www.youtube.com/watch?v=BKorP55Aqvg
FAQ731-376: Eng-Tips.com Forum Policies forum1529: Translation Assistance for Engineers Entire Forum list http://www.eng-tips.com/forumlist.cfm

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Eng-Tips Forums free from inappropriate posts.
The Eng-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Eng-Tips forums is a member-only feature.

Click Here to join Eng-Tips and talk with other members! Already a Member? Login


Low-Volume Rapid Injection Molding With 3D Printed Molds
Learn methods and guidelines for using stereolithography (SLA) 3D printed molds in the injection molding process to lower costs and lead time. Discover how this hybrid manufacturing process enables on-demand mold fabrication to quickly produce small batches of thermoplastic parts. Download Now
Design for Additive Manufacturing (DfAM)
Examine how the principles of DfAM upend many of the long-standing rules around manufacturability - allowing engineers and designers to place a part’s function at the center of their design considerations. Download Now
Taking Control of Engineering Documents
This ebook covers tips for creating and managing workflows, security best practices and protection of intellectual property, Cloud vs. on-premise software solutions, CAD file management, compliance, and more. Download Now

Close Box

Join Eng-Tips® Today!

Join your peers on the Internet's largest technical engineering professional community.
It's easy to join and it's free.

Here's Why Members Love Eng-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close