Guide to Safety Relays and Safety Circuits
Think of safety relays as unique helpers in creating a safety circuit, which is vital for machine design. It’s essential to grasp the basics of how these relays work and why they’re so important for keeping operations safe.
With that said, safety often becomes a confusing matter because a lot of terminology is attached to it. All that terminology comes from the standards describing safety circuits, functional safety and thereby safety relays.
A lot of you has requested more articles about safety after reading my article about using a normally closed contact as stop button. This article is intended as an introduction to machine safety and safety circuits.
By using safety relays as examples, I will show you when you should apply safety to your machine. A safety relay is a great and simple illustration of a safety circuit and how it works. It is very important to understand that safety relays are here for a reason. And that reason is to eliminate or reduce risks.
When machine safety is applied, you will often have to build a safety circuit. Depending on the level of safety you want, you can build various safety circuits. I will show you how safety relays work and what methods are used to build a safety circuit.
Here’s an overview:
Why Use a Safety Relay?
Machines and automation can be dangerous. Even small motors have a lot of power and can easily produce dangerous situations. But not only is power a factor here. Sharp object like knifes, heavy object, noise and vibrations can also be hazards. In fact all things that can cause harm or damage to the health is a potential risk.
This means that every time you design a new machine or automation system you have to find those risks and dangerous situations. Because only then can you reduce those risks.
Machines can create serious hazards, leading to strict legal requirements. In the USA, OSHA sets these standards, while in the European Union, it’s governed by the Machine Directive. It’s all about ensuring utmost safety.
But even though you have to do it by law, finding all the risks and dangerous situations under machine design can be tricky. Let me simplify the steps you need to take in order to find and identify the risks involved in a machine. Because only when you’ve identified the risks can you take actions such as safety relays and safety devices to eliminate the risks.
Risk Assessment
Risk assessment is your first step, aiming to uncover all potential dangers linked with the machine’s operation. It’s about pinpointing and evaluating every possible hazards and hazardous situations.
Instead of just doing this risk assessment casually you can follow the ISO 12100 also called:
ISO 12100 Safety of machinery – General principles for design – Risk assessment and risk reduction
That ISO standard is made to help you with the risk assessment and thereby finding the risks. In this standard you will find a series of logic steps you can take to assess the risks. It not only makes it easier to find the risks, the standard also makes risk assessment a systematic procedure to make sure all risks are assessed.
Here’s how the logical steps of the risk assessment procedure looks like:
Risk Reduction
What the ISO 12100 standard also describes is risk reduction. It is literally the process of reducing the risks you’ve assessed. You can take one or several actions to reduce a risk until the risk is eliminated. Risk reduction is all about eliminating the risks.
The actions needed vary depending on the type of risk. One of the most effective risk reduction actions is inherently safe design. A simple example of this is getting rid of sharp edges. That will not only reduce the risk of getting cut by them, it will eliminate the risk. All that done by eliminating the source of the risk. In other words inherently safe design.
Inherently safe design is the first option in risk reduction, which means that you should always try to eliminate the risk by inherently safe design first.
Safeguarding
But sometimes inherently safe design won’t do the job. Some risks cannot be eliminated, because there’s always the chance that an operator will make a mistake. For example the hazards a moving part have can be reduced by placing one or more guards around it to prevent accidents. This is called safeguarding.
Safeguarding is the action of either preventing a person from coming in contact with the hazard, or eliminating the hazards before a person can come in contact with the hazard.
In many cases, access to the moving part would usually be required for maintenance, service and even operation. Several solutions for safeguarding are available depending on different factors. Here are some of the most common types of safeguarding:
- Guards
- Light Curtains
- Safety Mats
- 2-Hand Control
Beginning with the guards there are 3 overall types available:
- Fixed Guards
- Movable Guards
- Powered Guards
Fixed Guards
Fixed guards are either welded or fixed with screws or nuts so that opening is impossible without the use of a tool. Using fixed guards is a great solution in places where only technicians need access.
Movable Guards
The second type is movable guards. With movable guards you can open and close for access. Although this would create the risk of someone opening a guard while the moving part is in action.
Other actions needs to be taken here to fully eliminate the risk. We are talking about the health and wellbeing of people, so it is very important to eliminate the risks totally. In some way, you will have to eliminate the risk by stopping the machine when the guard is opened. As a matter of fact, that is one of the requirements for movable guides.
Here’s a quote from the standard describing risk reduction in machines, ISO 12100:
6.3.3.2.3 Requirements for movable guardsMovable guards which provide protection against hazards generated by moving transmission parts shalla) as far as possible when open remain fixed to the machinery or other structure (generally by means of hinges or guides), andb) be interlocking (with guard locking when necessary) (see ISO 14119).
Take note of the last part stating that you should use interlocking guards. Interlocking simply means that it will prevent a start up while open. The interlocking function can be implemented with the use of interlock switches to detect when a guard is open.
Interlock switches can be constructed in various ways. Here are some typical examples of interlock switches for movable guards:
All of the switches has their purpose. Some of them are used as hinge style safety switches, mounted on the hinge to detect when the guard is open. Some of them are safety position switches, and can be used for sliding guards as an example. Safety switches are also available with a magnet actuator.
Powered Guards
They all work the same way. Except for one special type of safety switch, which brings me to the last type of guards: powered guards.
Sometimes your machine doesn’t have time enough to stop before the operator can open the guard and get access the hazard. A large robot arm or a big motor with a big load will take some amount of time to stop. Also when brakes are applied. That’s where hazards can arise, even though a safety switch with interlock is in use.
A solution to this could be the powered guard or lockable guard. The powered guard is a movable guard, but with a safety switch that can lock the guard. In that way, you can lock the guard until you are sure that the movement has stopped and the hazard is gone.
Inside the locking safety switches are a solenoid. You can usually get two types of locking safety switches. One where the solenoid is energized to lock the switch and one where the solenoid is used to unlock the switch.
Safety-Related Parts of Control Systems
How do safety relays fit into safeguarding? Let’s delve into their role within the safety-related components of control systems to understand their significance.
When you want to use safeguarding with interlocks there are some requirements to the control system. Because the way you eventually are going to implement the interlock, is by using safety switches (and other safety devices that I’ll describe later here) in your electrical control system. A safety-related part of a control system is when you are using safeguarding in an electrical control system to eliminate a risk.
The main focus, when building a safety-related control system or just a safety system is to make sure the system is fail safe. This means that you should understand what happens when one or more of the parts in a safety system fails.
Control Categories
Before you start building your safety system you have to classify it. The reason for this is simply, that there is always the possibility of the system failing. If the operator opens a guard and the interlock doesn’t stop the machine, the safety system has failed to eliminate the risk.
Therefore, you have to analyze the risks involved in the system failing.
When the safety system is failing, you still want the machine to be safe and without any risks. There’s a standard available, describing the process of analyzing safety-related parts of control systems:
ISO 13849-1 Safety of Machinery – Safety-Related Parts of Control Systems
This standard will remind many people of the five control categories. In the standard you will be presented to five different categories of control systems. By analyzing the severity if injury, exposure time to the hazard and the possibility of avoiding the hazard you can put a control system into one of these categories.
I won’t go into much detail about those five categories for now. Machinery Safety 101 has written a great series of articles about interlock architectures and the five control categories.
You might ask what this standard has to do with safety relays. The reason for this is that, first of all when using category 1 you have to use “well-tried components and well-tried safety principles”. Again, Machinery Safety 101 has some very good material about this.
A safety relay is in other words a well-tried components, and that’s why you should use to build your safety system.
On the other hand, a PLC for example is not a well-tried component. So when you are building an automation system or a machine you cannot use a PLC for the safety related parts of the machine.
Because of diagnostic capabilities in category 2-4 it is not required to use well-tried components in those categories.
How does a Safety Relay Work?
Now that you know why you should use safety relays, it is time to take a closer look at how they work. Safety relays are available in many different variations and for different purposes, and understanding how they work will help you choose the right one for your project.
Safety relays are not just well-tried components. They are made to fill out the requirements for safety-related parts of control systems. When you look in the data sheet for a safety relay you will find that it can be used up to a certain safety level.
For example, a safety relay rated to category 3 means that you can use it in your safety-related parts of your control system up to category 3. You can use a safety relay of that type in category B, 1 and 2 circuits too.
To meet the requirements for the different safety categories a safety relay can use different techniques. Some of them are used to allow the safety relay to become a well-tried component for safety-related parts of your control system, while others are used to help you meet the requirements for the different categories.
Safety Relay vs. Normal Relay
A common question that arises is: why not just use a normal relay instead of a safety relay? Let’s explore the distinctions that make safety relays indispensable.
I mean, why do we have to control with safety relays functions that we could just as well control with normal relays that are often cheaper? To answer this question you need to know what the differences between a normal relay and a safety relay are. In other words, you need to know what makes a safety relay so special.
But before we go into the functions of safety relays let us have a look at the safety categories again.
Safety Categories and Relays
You can only use normal relays in safety category B. In that category, when a fault occurs, it can lead to a loss of the safety function. But in the other categories you may not use a normal relay since you’ll have to use well-tried safety components and since when a fault occurs it cannot lead to a loss of the safety function. From Category 1 and up you will have to use well-tried components.
This means that for the first two categories you can actually use normal relays and contactors for safety functions, since a malfunction disabling the protective function is allowed. But from there on you have to not only think about the safety circuit under normal circumstances but also when components fail.
Let’s begin with Category 2, as this is the first one where you have to check for losses of safety functions.
It’s here where the use of a safety relay comes in handy! Because you could build a safety circuit just by using normal relays and contactors, but since this quickly can become complicated and involve several components we want to use safety relays. In fact, safety relays were developed for this reason. PILZ designed and made the first safety relays and they are called PNOZ. They have developed a lot since. Many of them now are also programmable.
But how do you check if the safety functions are actually working?
The answer is a monitoring safety relay.
Monitoring Safety Relay
There are several ways a safety relay can monitor the safety circuit to detect any losses in the safety functions. But before moving into the technical part of how they actually do it, let me just start out by explaining the principle behind the monitoring safety relay.
The reason we use a monitoring safety relay is… safety!
I’m gonna say it again. We need to check for losses in safety functions. This is extremely important, since we want to safety to work even in a system that fails.
The monitoring safety relay monitors the safety function and thereby checks for losses. That is why, in most cases, it makes sense to use a safety relay. It can meet all the requirements for the functionality of safety circuits.
Fault Detection
Basically there are four types of faults safety relays can detect:
- Wire break
- Faulty contactor
- Faulty safety actuator
- Timing
You can find other types of faults, but these make up the majority. At least the method used to detect these faults is the same for the first three. It is done with small pulses.
A safety relay detects wire breaks and faulty contactors/actuators by sending out electrical pulses through the wiring. By measuring flow of current the safety relay checks for welded contact sets and wire breaks.
This is all done with timing. Timing is the other fault detection method safety relays use. A good example of this is the redundancy in contact sets in a safety actuator. This principle is explained in the video below using a magnetic safety switch.
Auto reset is not allowed if the two contact sets in the switch doesn’t close within a short time interval.
OSSD
You will often find safety relays with OSSD’s or Output Signal Switching Devices. This is not without reason. OSSD’s are perfectly suited for a safety circuit. I will not go into detail about why, because Instrumentation Control already published a great article about it.
Internal Diagnostics
What goes on inside of the safety relay is of course also part of the safety circuit. As important as it is to monitor the external components, as important is it to monitor the internal components in the safety relay.
Many safety relays has internal diagnostics which includes monitoring of faults in internal relays etc.
Hey, Peter!
I read your post with interest, but I have to point out an important error. At one point you say, “You might ask what this standard has to do with safety relays. The reason for this is that, no matter what category you classify your control system to be in, you have to use “well-tried components and well-tried safety principles”.”
All of the architectural categories in IOS 13849-1 begin with Category B, which amounts to the correct selection of components for the circuit conditions, i.e., the voltage and currents the components are likely to see in normal operation. Each succeeding Category definition begins with “the requirements of Category B shall be met…”
In Category B, neither well-tried components nor well-tried safety principles are required. Well-tried components are required in Category 1 since in order to increase the reliability of single-channel architecture without adding diagnostics requires higher reliability components. Categories 2 through 4 are all based on Category B, plus well-tried safety principles. The diagnostic capability added in each of these architectures compensates for the use of less reliable components. You can use well-tried components in Categories 2-4, but they are not required.
Hi Dough,
Thank you very much for pointing out that mistake. What a bad place to make an error, just before linking to one of your posts which I’m really fond of!
I’m not sure why I wrote that, but I’ve corrected the error. I will read and revise the whole article again as soon as possible.