E-stop safety relay circuit

[thomas.dahl@web.de]

I am trying to figure out how to use an Acorn in a machine that will meet CE safety standards. I plan on building a relatively simple milling machine.

To meet the current ISO 13849/13850 requirements which are extremely well defined and cover many aspects of how to built a safe machine, there are a number of issues.

It looks like a safety relay package will be needed. I am currently looking at an Euchner MSC-CB safety controller with an additional output module. This is just the DIN rail mounted relays without E-stops, door sensors, powersupply etc. and it will probably be close to 700 USD. This unit has the benefit of being fully programmable using a USB connection. The software is very well written and straight forward to use.

I will need a contactor for both the VFD and Clearpath 75V powersupply so that the safety circuit can instantly stop all machine motion. By law this needs to be fully managed externally to the Acorn. The E-stop circuit has to be fully independent and powered by its own power supply.

If I want to have the machine be able to run 'slow' with the doors open I will need to tell the acorn that it is in 'slow' mode. I think that this is safe and acceptable to do. But I will need to demonstrate that it is safe.

My question centers around safety approvals for the Acorn. Does the controller meet any safety standards on its own? Does it have a PFHd rating?

If it does not... Then it may be impossible or even illigal to use it in Europe, even with the most well thought out safety circuits, without the machine coming to a grinding halt when the machine doors are opened. It will be a pain to have to carry out all tool setting through a Polycarbonate window.

How is anyone else addressing this issue? Have I misunderstood the regulations?

Having spent a couple of days at the EMO in Hannover this week I have had several discussions with industry professionals and now have a severe case of safety panic. Having glimsed inside the panel of a new Datron machine and seeing 9 safety valves with a million wires I am now rather concerned.

Another thing I also learnt is that the E-stop button on the PC touch screen is not allowed to be red and be labeled as an E-stop if it relies on the Acorn software to carry out an emergency stop. The theory says that if the Acorn software has 'crashed' it could ignore the E-stop and motion on the machine could still be ongoing. Weirdly, if the button was 'black' and not look like a E-stop it can be left on the screen be considered a 'machine stop' button which is not the same as an E-stop.

Help!

Best Regards Thomas

[cnckeith]

the Acorn PLC program controls such things as how a safety door switch functions. the PLC program can be edited any number of ways to achieve the desired functionality and action of all types of safety switches, light curtains etc.. here is a link to a tech bulletin describing how to add a simple door safety switch. https://www.centroidcnc.com/dealersuppo ... ds/314.pdf

in the next release of CNC12 for Acorn (v4.20) door safety Pre programmed PLC code has been added to the Acorn Wizard. so this makes things easy to add a door safety switch by using the Wizard and not having to hand edit the PLC program.

attached is a sample door interlock schematic for Acorn showing typical hookup.

the big red button on the VCP is not an E stop it is a reset button. We always recommend wiring up a Physical Estop button. please see schematic attached showing typical Estop wiring to Acorn.

[Muzzer]

Hi Thomas - are you planning on selling this machine as a business? It almost sounds as if you are in fact making a machine for your own use. If so, there is no law requiring you to meet these standards.

[thomas.dahl@web.de]

Hmm. I am a business owner and I am expecting employees to use the machine.

[thomas.dahl@web.de]

Thank you Keith for your constructive input.

I have of course already looked at the schematics you attached. I got them from the centroid web site.

The problem with LimitAll_HomeAll schematic is that it is illigal in Europe to call this an E-stop. There are many issues with the design.

1. The E-stop has to use dual NC circuits in each button in case one contact in the button fails.
2. The E-stop action has to guarantee that all dangerous motion on the machine are stopped. It is not acceptable to have the Acorn manage this function. The E-stop circuitry has to be independent and in the case of a machine using the Acorn this can only be guaranteed if a separate contactor cuts the power to the VFD and power supplies to servos etc. This has to be a circuit outside of the Acorn's control. The argument goes something like this 'if a fault in the Acorn had caused the need for an emergency stop, it cannot also be used to protect the machine user from that event'.
3. Resetting the E-stop by pulling out the 'red-button' is not an acceptable way to reset the machine as it is not known what caused the fault in the first place. There is the need for a restart sequence often with a separate 'start' button.
4. Using a VFD or Motion Controller enable signal to stop a motion is not sufficient as the reason for the E-stop activation could be a fault in the VFD or Motion Controller itself. This might cause the enable signal to be ignored and result in personal injury.

And so on..

I am sorry to be a pain, but these are important issues.

BTW: simply recommending that a separate E-stop is fitted may not be sufficient. I think you may need to actually require one to be fitted. If not fitting one makes the machine unacceptably non-safe then you need to fit it. The controller is actually making machine movements that could hurt someone. It is not intrinsically safe like the computer mouse that I have in my right hand (unless you include the risk that my child may try to eat it).

On the matter of safety doors I am not sure, but I suspect that the rules are the same. The Acorn cannot be allowed to monitor itself. The door sensor should instigate a machine state that is safe and and this might not be considered 100% guaranteed if the Acorn is the sole decision maker. This is why the Acorn needs a PFDh rating... Or to put it in simpler terms, what is the statistical and proven likelihood that it might not react predictably. This is a real written assessment and procedures exist for making this assessment.

Best Regards Thomas

[cnckeith]

Hello. the schematic I attached is just half the estop circuit the other half should fire a contactor and kill the power to the VFD and the servo drives. we've had several dealers and resellers in the past use Centroid products in Europe and pass CE standards it's completely up to the installer to meet those standards and the centroid control is fully configurable to meet those standards and it up to the installer to wire and program it as such to meet those standards. if you have any questions on how to wire or configure we'd be glad to give you guidance in that regard. . I will attach a whole system acorn schematic here shortly and that would give you a better overview of what an entire system is typically wired like..at least what we recommend for USA.

[cnckeith]

please find attached a sample entire system Acorn schematic.

[thomas.dahl@web.de]

Thank you Keith, I look forward to seeing your full schematic. The US and EU are converging on most safety related things and I think that we should all be glad.

The bright yellow safety relays are now present in most moving machinery. There are many many manufacturers such as Siemens, Pilz, Euchner etc etc. These are heavily tested and certified. They represent the easiest and safest way to meet requirements.

Many European smaller manufacturers are not yet fully compliant.. But they surely will need to be soon. The dreaded CE mark is everywhere.

[thomas.dahl@web.de]

Keith, many many thanks for sharing all of the above.

This seems to cover most of my concerns. It will take a while to fully digest, but it seems like it might do the job.

Certainly Centroid appears to have addressed the major safety issues.

The Ether1616 is a very welcome addition. I was about to use up all of the available I/O on the Acorn and this will mean that I can get to a level of control that I need. Is there a price?

Have a great weekend.

Best Regards Thomas

[thomas.dahl@web.de]

Keith, what software does centroid use when creating these schematics? Saves us having to redraw everything when following your great examples.

What other full examples (even if drafts) do you have available?

Thank you!