Protecting people, machines, animals, and property is the primary objective of safety-related pneumatics systems and components. For all production machinery, standards and regulations define measures to prevent accidents through safe machine design. This guide covers key topics in the implementation of relevant directives and standards for safety-related pneumatics using examples, circuit diagrams, and products. Use our know-how from practice! Our experts can offer advice on all matters relating to the implementation of safe machines.
Your advantages with AVENTICS
The European Machinery Directive 2006/42/EC on machine engineering aims to ensure a common safety level for new machines distributed and operated in the member states. It governs safety and occupational health requirements for design and engineering. The CE mark indicates that the manufacturer has achieved an adequate level of protection.
Harmonized standards from the European standards organizations provide additional assistance to machine operators and manufacturers, since they enhance compliance with the Machinery Directive through what is called “presumption of conformity”. This principle, however, only applies to the legal requirements that the harmonized standards actually cover. Almost all laws mandate a risk assessment to analyze and assess risks and finally implement risk reduction measures
The risk assessment process provides the basis for machine safety (see figure on pages 6, 7). The machine manufacturer starts with a risk analysis, minimizes identified risks, and finally determines whether an adequate level of safety is present. If the answer is negative, risk reduction measures must be implemented and quantified in terms of effectiveness.
Let’s take a look at some basic terms defined in ISO 12100, which provides a general description of the risk assessment process:
Hazards: Potential sources of harm
Hazardous situation: Situation in which a person is exposed to at least one hazard. The resulting harm can be immediate or occur over time.
Risk: Results from a hazard and is assessed by combining the likelihood of the occurrence of harm and the severity of consequence.
The risk analysis as the basis of the evaluation and the determination of the measures
The actual risk analysis starts with defining the limits of a machine when considering all phases of its lifecycle. Once all hazards have been identified, the risk of each hazard must be estimated. In addition to spatial limits and the overall duration of use, operating limits are a prime focus. Proper use is analyzed, including all operating modes and different intervention options, as well as reasonably foreseeable misuse.
For risk analysis, it is necessary to consider the entire machine lifecycle, from transport to installation, commissioning and cleaning, disassembly and, finally, disposal.
Performance level as a measurement for risk assessment
Risk reduction measures are derived based on the severity of possible injury, the frequency of the hazard, and the probability of its occurrence. Performance level is a technical target: it conveys the effort required to reduce risk at a machine. The target must be met as a minimum requirement. Every safety function has a required safety level. This is described by the required performance level, PLr for short, which is defined based on the following criteria from ISO 13849-1:
During a risk analysis, should you conclude that risk reduction is required, you will need to adopt corresponding preventive measures to achieve an adequate safety level. The best solution is an inherently safe design. Instructional measures such as user information harbor the risk of non-compliance and are thus only permissible as supplement once all technical options to improve safety have been exhausted. Technical measures present an additional route.
Preventive technical measures
If a machine’s safety depends on a properly functioning control, this can be termed “functional safety”. The “active” parts of the control are the main focus, i.e. components that detect a dangerous situation (signal recording, “I” = input), derive suitable reactions (evaluation, “L” = logic), and implement reliable measures (execution, “O” = output). The term “control” thus refers to the entire signal processing system.
“Safety-related parts of control systems” are not necessarily “safety components” as defined by the Machinery Directive. SRP/CS (Safety Related Parts of a Control System) can, however, be such safety components, e.g. two-hand controls or logic units with safety function. Actuators (cylinders), energy supply (e.g. pressure supply or maintenance units) and connections are not directly factored into dangerous failure rates.
ISO 13849 is the generic standard for safety components in controls.
To support machine and systems manufacturers, we offer individualized consulting based on our long-term experience. Here you will find circuit examples and parts from our product portfolio.
Scope of ISO 13849 for pneumatic controls
For fluid power systems, the valve area is an especially critical control component in terms of safety. More specifically: valves that control potentially hazardous movements or system states. Required safety functions can usually be achieved by other linked controls with the appropriate valve versions or even by additional mechanical solutions such as holding devices or brakes. Drive elements as well as energy conversion and transfer components in fluid power systems are usually beyond the scope of the standard. In pneumatic systems, components must be protected against hazards associated with energy changes. Moreover, the maintenance unit used to process compressed air must be safely connected to the valve area. To reliably control possible energy changes, an exhaust valve is often used in conjunction with a pressure switch.
Example: Maintenance unit 0Z usually comprises:
The structures of most fluid power system controls are designed to comply with the categories 1, 3, or 4. Because category B already requires compliance with the relevant standards and basic safety principles, fluid power system controls in the categories B and 1 do not differ substantially in terms of their control structures, but instead in the higher reliability of relevant safety-related valves.
The basic valve position depressurizes the system. Redundant safe exhaust is guaranteed via two exhaust pathways:
Cylinder extension and retraction is only possible with the combined actuation of 1V1 and 2V1. The safety-related switching position is achieved by removing the electrical control signal. Failure of one of the valves does not jeopardize the safety function.
Basic and well-tried safety principles are met for all relevant components. The directional valves comply with the quiescent current principle and have sufficient positive overlap. The nonreturn valves must be engineered to assume an open state, even with failure, to safely exhaust the cylinder chambers. The switching valve function of 1V1 and 2V1 is periodically checked by querying the cylinder position switches 1S1 and 1S2 and the pressure switch 2S1.
A block diagram is created from the circuit diagram.
Numerous electrical and pneumatic connection options make the AV system a strong performer that easily adapts to the demands of safetyrelated pneumatic controls. The valve system plays the long game with a service life that tops 150 million cycles without maintenance or failure in safety-related controls.
The consistent modular design offers additional functions at your fingertips and is impressively systematic. This comfortable approach simplifies your project planning for machine safety. As a result, the family concept pays off directly: you can meet even the most demanding of requirements with ease, giving you a crucial competitive edge.
Though the product is not a complete safety device in itself, it can be used as part of an overall solution.
Galvanic isolation between the logic voltage (UL) and actuator voltage (UA) in the bus coupler; this achieves a safe separation of other functions in the application. Consistent use of standardized and commercially available M12 connectors throughout the system.
AV series valves have an extremely long service life of over 150 million cycles. Good leakage values plus easy maintenance minimizes the risk of failure. Pilot air can be controlled internally or externally: should a problem occur, the valves switch to a defined safe state. The valves comply with basic and proven principles in safety-related controls
The electrical supply plate supplies actuator voltage to the valves. This enables independent voltage zones with any number of valves. Safety functions thus remain separate from other functions. In addition, the supply plate makes it possible to use separate cables for logic and actuators, thus reducing the potential for error.
The pressure supply plate enables mutually independent pressure zones for customized pressure supply to different safety circuits and ensures adequate, rapid system exhaust. Optional: Module for monitoring the switch-off voltage threshold of the valves
The electrical valve control module for direct actuation of 2 valves in AV03 and AV05 valve systems. The valve control module can be integrated at the right end of D-Sub or fieldbus valve systems. The two following valve positions are controlled via the M12 connection. No electrical connection to the previous base plates exists. It is possible to use multiple valve control plates.
Safe control of compressed air in the working lines for safe working pressures and controlled cylinder movement. Many safety functions can thus be supplemented by reducing pressure and force.
In case of emergency stop, cylinder chambers may remain under pressure. To perform maintenance, release trapped personnel, or correct workpiece positioning, the cylinder chambers must be exhausted to change the cylinder piston position. The solution: targeted system exhaust to disable the cylinder without application of energy. Integrating the module in valve systems reduces sensitivity to actuator movements, while considerably minimizing installation space for the cylinder compared to conventional components.
The shut-off module serves to separate actuators from the pneumatic supply, e.g. for maintenance purposes.
The pressure sensor module processes four pneumatic inputs (pressure) from a pneumatic control and converts the pneumatic pressure into digital information of the serial transmission system for processing in the machine control. The module provides diagnostic capabilities via LED and supply voltage monitoring. All necessary functions are integrated; the module is also protected against manipulation. It safely monitors system pressures and provides reliable, fast information about the pressure conditions in all relevant modes of operation.