Functional safety and its application to automated industrial cobots
Whereas industrial robot systems were traditionally separated from humans to safeguard against injury, HRC necessitates a workspace that is shared between robot and human operator. This article examines how safety relevant standards and traditional concepts of safety control are being adapted to meet the requirements of HRC systems.
Overview of safety standards hierarchy and framework
CE marking for a product signifies conformity with the relevant EU directive, which for Industrial robots is the EU Machinery Directive 2006/42/EC. This directive defines the essential health and safety requirements (EHSRs) for machines traded in the single European market and is supported by a hierarchy of harmonised standards as illustrated in table 1, where the key standards that relate to industrial robots are listed. Type C standards, where published in the Official EU Journal, take priority and, when a machine satisfies the objectives of the relevant harmonised standard, then “presumption of conformity” applies.
Standards developments related to HRC
The key international C-type standards covering Industrial Robots, EN ISO 10218-1 and EN ISO 10218-2, were revised in 2016. These provide updated safety guidance covering HRC applications detailing four techniques for collaborative operation (Table 2). However, despite listing some general safety requirements for collaborative robots, market feedback was that the standard did not provide enough engineering guidance.
To address this, ISO/TS 15066 was released to supplement the requirements of EN ISO 10218 1 / 2 by providing hard data, such as a list of maximum force and pressure levels for each part of the human body. This data can be used to establish a set of force/pressure thresholds that the robot should not exceed and is intended to guide robot design and integration. ISO/TS 15066 also provides maximum allowable robot power speed design criteria and a deeper explanation of collaboration techniques to aid in the categorisation of a system as collaborative.
EN ISO 10218 -1/2 make appropriate reference to B-type standards when defining safety standards for HRC systems. One example is the safety-rated monitored stop, IEC 60204-1, that defines 3 categories of stop:
Category 0: stopping by immediate removal of power to the machine actuators (i.e. an uncontrolled stop)
Category 1: a controlled stop with power available to the machine actuators to achieve the stop and then removal of power when the stop is achieved
Category 2: a controlled stop with power left available to the machine actuators.
ISO 13850 however limits the selection of stop category to Category 0 or 1 and excludes Category 2
SRP/CS architecture
Meeting the safety-rated monitored stop function requires the implementation of a safety control system as shown in figure 1. It will contain at least one material part, or Safety Related Part of Control System (SRP/CS), and possibly some software. Two standards, EN ISO 13849-1 and IEC 62061, can be used to define control system requirements.
Both standards give guidance on using risk assessment to define the required Performance Level, (PL) – EN 13849-1 – or Safety Integrity Level, (SIL) – EN 62061. EN ISO 13849-1 also defines architectural categories (B, 1 – 4) which state the required behaviour of an SRP/CS in respect to items such as its resistance to faults. It should be noted that designers of safety systems can choose to follow either standard but, once the choice has been made, the standard must be followed in its entirety – “mixing and matching” of the two standards is not possible.
The performance level of the overall control system is dependent upon the performance levels of the individual SRP/CSs and guidance for calculating the overall performance level is given in EN ISO 13849-1. EN ISO 13849-1 specifies that, as a general requirement, safety-related control systems for robots shall meet performance level d, with architecture category 3 – or SIL 2.
Choice of performance level is therefore important. Conformance is ultimately simplified when all of the selected SRP/CSs are off-the-shelf components with performance levels included in their data sheets. When designing a safety control system where one of more of the components does not have a performance level, or is designed using discrete methods, then the above standards give guidelines on how to ascertain the performance levels.
Example of SRP/CS for safety stop with sample components
As illustrated in figure 1 there are three main stages to a safety control system – input, logic and output. A wide range of input devices can be used for control systems including opto-electronic sensors such as light curtains or scanners. These are capable of detecting the physical distance between a human operator and the robot’s area of operation, providing an output signal when safety conditions are breached. Torque or force sensors attached to the robot’s joints or actuator can also be used to detect when resistance to the robot’s movement exceeds a certain force, (e.g. when in contact with an operator).
The logic function of the control system reacts to the conditions indicated by the input device and generates an output based on the logic programmed into it. This functionality can be performed by a range of devices, from relays to programmable logic controllers (PLCs), such as the modular and configurable PNOZmulti range of controllers from PILZ (Figure 2). These devices are software programmable and have a PL rating of e (SIL of 3) making them suitable for inclusion in robot safety control systems.
Output devices in a safety control system include contactors, motor starters, valves, and other devices that can control motors and other equipment that effects motion in the system in some manner. Omron’s G9SA Safety Relay Series (figure 3) are designed specifically for safety applications and come with a PL rating of e (SIL 3), making them suitable for use in safety-stop applications.
Conclusion
HRC systems have evolved rapidly in recent years while the various standards governing industrial robots are currently lagging behind the technology. EN ISO/TS 15066 has been released to provide more detailed information and guidance to support manufacturers seeking to achieve conformance with the EU Machinery directive.
Control systems play a key role in the implementation of HRC safety systems, such as safety-rated monitored stop and performance levels, and must be met to ensure conformance. However, many of the solutions necessary to comply with these standards, such as sensors, controllers and output devices, already exist. By selecting SRP/CSs with appropriate Performance Levels designers can simplify the development process while easing the certification of their products.
About the author:
Steve Herd is Head of Customer Proposition and Product Management at Distrelec Group – www.distrelec.com
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
