E-Stop circuits in machine tools

B

Thread Starter

Bill Sturm

I recently installed a CNC control panel from a systems integrator. I added a momentary E-Stop button to the machine before the panel arrived. I
found that the panel had an E-Stop relay that picked up as soon as power is on, as long as none of the buttons were latched in. I am used to
magnetically held relays that need to be enabled with a pushbutton and sealed in with one of it's own contacts. I complained, but I heard the old
line of "that's how we always do it, and nobody ever complains".

I come from a large drive systems and special machines background. E-Stops were very important. The integrator indicated that digital servos and CNC controls are so reliable that a traditional "kill all power" estop is not needed for the drives. Is a simple E-Stop string that is not magnetically held acceptable in the machine tool industry? I want to know what's
accepted in the industry before I complain next time.

Thanks,

Bill Sturm
 
A

Anthony Kerstens

Bill,

I don't know what the ANSI standard is, but the CSA standard is Z432-94. You may find it useful to have a copy of the appropriate standard around.

As for the question...

> .... The integrator indicated that digital servos and CNC
> controls are so reliable that a traditional "kill all power" estop is not
> needed for the drives. Is a simple E-Stop string that is not magnetically
> held acceptable in the machine tool industry?

After a supplier gave an answer like that, I would first get mad and find a suitable method of expressing my displeasure. I would second start shopping for another supplier.

NOTHING is so reliable that a "kill all power" estop is not needed. For the price of a safety relay (such as Pilz, Telemechanique, etc.)
I wouldn't even flinch at putting one in. These relays do two things for you:
1. They provide you additional control over when the relay gets reset, via a separate reset input.
2. They provide a higher degree of reliability with dual contacts, unlike ordinary relays that may fail (have failed, or so I've heard).

As for the supplier,
1. They should be complying with your wishes, or at least recognizing the opportunity to make some extra cash with a change-order.
2. Should be completely specifying what you get before they deliver.
3. Should be bending over backwards to make you happy.

Also, you shouldn't be using a momentary PB as an estop. A maintained PB provides an additional level of protection.

Anthony Kerstens P.Eng.
 
Bill,
Lets begin with some definitions so that we are talking the same because an E-Stop has different meanings to engineers in different industries.
According to NFPA79 section 9.5.2 there are three stop functions:
1. Category 0 - uncontrolled stop by immediate removal of power. (This is the traditional definition in my opinion.)
2. Category 1 - controlled stop with power. When stop is completed power is removed.
3. Category 2 - controlled stop with power left on. (This is the traditional STOP CYCLE.)

Furthermore this section goes on to say "Each machine shall be equipped with a Category 0 stop. Category 1 and/or Category 2 stops shall be provided where demanded by the safety and functional requirements of the machine. ....".

How you decide you stop your machine beyond category 0 will be based upon several factors:

Personnel Safety
Is there guarding on pinch points that can not be readily removed?
Is the machine surrounded by an electrically interlocked guard that prevents access while in operation?

Machine Safety
Will removing power to the machine while in operation damage it?
Will removing power to the machine create an even more dangerous condition? (Think of a vertically mounted hydraulic operated ram that doesn't have a check valve in its circuit to hold the pressure on it)
Also be aware of the Lock Out Tag Out requirements of your companies safety policy.

Another issue that arises is when automation is used to deliver/remove product from the machine. This is covered by ANSI B11.20 and their requirements for control reliability. But thats another subject.

I hope I have shed some light on this subject. If you need more please email me.

Jon Schacher
[email protected]

 
I was asked a similar question just a few days ago.

I won't go into detail about what I found but there are some pertinant points worth noting with respect to having a safe, maintainable, operable system..
1. Complete, accurate documentation of all hardware, electrical systems and software is essential.... including software source code.
2. There should be written operating instructions and safety, access and isolation procedures.
3. The differences between normal stops, emergency stops, isolation for operator
access to restricted areas and isolation for maintenance need to be understood up front and catered for in the design of hardware and software. For example, should the servos be homed for normal stops, operator access etc? Can the servos cause damage due to inertia/gravity if power is killed? Do they need brakes? What type?
etc. (Bill, there might be a reason why they don't want your ES's)
4. Positioning of emergency stops is critical.
5. Methods of interlocking guards, doors etc are critical.
6. There are some good standards available which designers and users should become familiar with: ANSI/RIA R15.06, CSA Z434, ISO 10218, JIS B8433, SAA AS 2939, UL 1740. I'm sure there are others. Other relevant standards will be referenced by
these. Select the one/s used in your part of the world.

Vince

Some PS's:
1. I shouldn't have to look at a machine that uses PC software to make a system safe for access.
2. If you do have a machine custom built try to find a supplier who isn't on the other side of the world.
 
E
Hi Bill,

I completely agree with you, and here's a little "ammo" to back you up....

Regardless of "what's accepted in the industry", NFPA 79 Section 9.6.3 titled "Emergency Stop" specifically states, among other things, that "Reset shall not initiate a restart"

I disagree with your use of momentary E-stop pushbuttons. As far as I'm concerned, only maintained buttons should be used. IOW, you won't find any momentary ones on MY machines.... But I don't think there's any standards that require it

Hope this helps,

- Eric Nelson
[email protected]
Controls/Software
Packaging Associates Automation Inc. [email protected]
Rockaway, NJ, USA
 
S

Sam Robinson

I'm curious as to why you don't like momentary e-stop PB's. A correctly designed interlocking e-stop circuit using momentary PB's is real safe. I
used to maintain several tube mills that were over 400' in length that had around 20 e-stops on each mill. The maintained e-stop PB's were a
nightmare for the operators trying to figure out why the mill wouldn't start. The operators on each mill were in constant radio contact with each other at all times for safety reasons.

Sam Robinson
[email protected]
Industry Products Co.
500 Statler Rd.
Piqua, Oh 45356
937-778-0585
 
R
I would check with the local government safety board and the local electrical inspectors. I would never call a stop button an E-stop if it was
not directly wired to the coil circuit of the relay. If it is just a PLC input you might call it a process stop but not an Emergency Stop.
 
S

Scott McLean

> 'I recently installed a CNC control panel from a systems integrator. I added a momentary E-Stop button to the machine before the panel arrived.'

Bill, it is my experience that a momentary e-stop button is generally frowned upon. It should be a maintained 2 position push-pull unit or a 3 position maintained pull-to-reset where the reset contact is used to reset a safety monitoring relay. The monitoring relay should control redundant (2) force-driven safety contactors with the power for the servos wired through them in series.

> 'I complained, but I heard the old line of "that's how we always do it, and nobody ever complains".'

Bill, tell that to a risk manager and he will tell you the many ways in which to combat a silly statement such as that. The extra few hundred dollars spent up front for safety is cheap insurance. Scrap tooling is useless and lawsuits resulting from injuries or death are costly.

> 'I come from a large drive systems and special machines background. E-Stops were very important. The integrator indicated that digital servos and CNC controls are so reliable that a traditional "kill all power" estop is not needed for the drives.'

It is my understanding that a 'software' emergency stop is unreliable. Sounds like that integrator may have had bottom line on the brain. With the exception of some VFD's, power can be cycled off most hardware during an e-stop without incident. I highly recommend it.

Regards, Scott McLean

Electrical Designer, ITW/United Silicone
[email protected]
 
A

Anthony Kerstens

The CSA code doesn't require a maintained contact PB, but pulling out the e-stop requires a deliberate action on the part of the operator. Also, if the e-stop circuit uses an ordinary relay simply wired (ugh, yuck) then anyone could
potentially restart the machine without even knowing or bothering to look for a reason why the machine stopped.

Regarding knowing which PB is pressed in, I typically use a red illuminated mushroom PB where an NO auxiliary contact powers the light. I have no problems with knowing where an e-stop PB has been pushed. Alternatively, that same NO contact could be brought to a PLC input for HMI annunciation.

Anthony Kerstens P.Eng.
 
Sam:

You should check the local ordinances. Depending on the application and the locale, latching E-stops might be required.

I know I prefer latching E-stops. Normally, I only need to use one when a large pipe carrying boiling water has broken, or an electrical short has caused an explosion, an engine has caught fire or is throwing shrapnel.

Everyone misses something, sooner or later, and you often don't find it until the worst possible time. An emergency stop should be for just that,
emergencies, and should override all subsequent logic to shut the system down. Whether you're trying to save a machine, or people's lives, when you push the red button, everything should come to a halt as quickly as possible.

It should be a positive halt, and shouldn't be affected by a latch that someone forgot to put in a rung of logic. Explosions, fires and chemical
spills are no time to discover that someone has to stand there with his finger on the button to shut things down. You need to be able to hit the
E-stop as you run for the door, and count on it shutting things down. I prefer a contact that interrupts power to the machinery.

In the tube mills you described above, I think the reason the E-stops were a nightmare is because they were misused, or overused. It sounds like they were using them far more often than they should have, and should have had a momentary stop button at each station, in addition to the latching switches with the mushroom heads. A true emergency shutdown will
require a bit of time to get things repaired and restarted.

I hope this helps. Good luck. :)

Paul Baker
 
J

Jeff Eggenberger

The reason for using maintained contacts in "safety" or e-stop circuits is quite simply, if a wire comes loose and falls off the terminal or other connection (most frequent of any other electrical problems) then the safety of the equipment is maintained. If the wire falls off using a momentary contact, then there is no way of knowing, until someone is hurt, or equipment is damaged. If the operators can't tell which e-stop was used, then you should have some positive indication of which one, not compromise safety.

There is no such thing as a natural-born pilot. Chuck Yeager

Jeff Eggenberger
 
B
Excuse me???

The reason we use normally closed contacts is the reason you stated, it has nothing to do with maintained or momentary contacts.

I personally prefer maintained estop pushbuttons so that if one is tripped it is easier to find which one tripped when there are a number of them on a line. I also feed a contact back to the PLC and make it illuminated in the tripped position so that it can be found easier in cases where there are multiple estops spread around a machine. I feel the illuminated pushbutton is also a good indicator to the operator.

I do not like the old style estop circuits that allowed a restart just by pulling out the tripped pushbutton. With safety relays a seperate restart pb is required, which i prefer anyway. While I think the safety relay thing is a bit overdone (since as best I can tell there has never been an injury related to a failed relay in an estop circuit), its the law now and we generally have a duty to follow the law.

Bob Peterson
 
S
There appears to be a little confusion betweem momentary and latching. On the tube mills there were maintained e-stop PB's that latched safety
relays on in the control panel. When one of the e-stop PB's was pushed the safety relay would drop out. To reset the e-stop cricuit the e-stop PB
would have to be pulled out and a reset button pressed to bring the safety relay back on. All of this was hardwired and had nothing to do with a PLC. Other machines we had in the shop had simular e-stop circuits in them but they used momentary e-stop PB's and this made the operators life a lot easier. There were still latching safety relays and reset buttons but you didn't have to go around and look for any pushed in e-stop buttons if the machine wouldn't start.


Sam Robinson
[email protected]
Industry Products Co.
500 Statler Rd.
Piqua, Oh 45356
937-778-0585
 
E
Hi Sam,

I'm not sure "who" you are responding to, since you gave no reference to the original message, but I'll respond anyway.....

I don't like momentary E-stops specifically for the reason you describe. First of all, an "Emergency Stop" pushbutton should only be used for it's intended purpose...an EMERGENCY! It sounds like the operators were just using them as convenient ways of stopping the process. There should be "Cycle Stop" pushbuttons (or something to that effect) located throughout the machine for this use. Why were there so many E-stops on the machine? Probably because it needed them!

I know that if I were an operator on that mill, I would not want to be in an emergency situation that required the machine to stop and NOT be able to be restarted (maybe because my HAND was caught!?!?). In your scenario, I would have to keep the E-stop pressed with my free hand (hopefully I have one!). And I don't care that I'm in "radio contact" with the guy at the start button.... Uh oh, now I have to let go of that E-stop button to use the radio!

Some of our customers (that realize the difference between Stop and Emergency Stop) actually require key-release E-stops. This does not create a "nightmare" for them, because hopefully they'll never have to use them! (though the circuit SHOULD be tested on a regular basis)

Remember, safety should A-L-W-A-Y-S come before convenience!

Regards,

- Eric Nelson
[email protected]
Controls/Software
Packaging Associates Automation Inc. [email protected]
Rockaway, NJ, USA
 
J

Jeff Eggenberger

Yes, I agree, The Maintained contact Palm E-Stop pushbuttons do function the best! What the maintained contacts do is prevent someone in a remote location from resetting the machine until you pull the button back out. Also, pulling the button back out should NOT reset the machine! Also the maintained contacts makes it easier to wire in a light that shows which button is pressed on a long process (a lighted button can help, but sometimes a beacon is more visible). I have ordered and replaced many momentary contact pushbuttons for the above reasons. You can never be too safe!!

I can't think of any machines that I service where pulling the e-stop will reset the machine, and if I found one, I would change it. Sounds dangerous to me!

For those unfamiliar with 3 wire control. Typically the main power control on/off (after the main disconnect) and the e-stop circuit are the same. When you e-stop the machine, you drop out the Control Relay Master (CRM). This relay connects power for all input/output from relay logic or PLC control. This stops any machine movement after e-stopping the machine. However for
safety, should you need to service or inspect the machine, do NOT count on this! Lock out all power sources using approved power lock out procedures.
Electric, Pneumatic, Fluid, and Gravity.


There is no such thing as a natural-born pilot. Chuck Yeager

Jeff Eggenberger
 
A

Anthony Kerstens

>..... There were still latching safety relays and reset buttons but you
> didn't have to go around and look for any pushed in e-stop buttons if the
> machine wouldn't start.


Whoa! So somebody could get hurt and press the e-stop PB, and potentially __no-body__ would go looking to see what happended?????

That is, an operator could hit the reset PB, the e-stop circuit would reset, and yet the operator is not forced to walk-around to see what happened????


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This calls for a sad, sad true story, at an unnamed steel mill....


This facility was not very safety concious. People got away from lock-out procedures and (unwisely) relied on e-stop PB's when working on equipment.

One day, a maintenance mechanic goes to work on the flying shear at the end of the mill. He pressed the e-stop instead of locking out. An operator comes along, resets the e-stop and starts the line without doing so much as walk-around. Steel starts coming down the mill, the unseen mechanic gets clocked in the head and falls into the croppings pit. His charred remains
are discovered 8 hours later when the crain operator cleans out the pit.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

There are several things wrong here, including the absence of instituted lock-out procedures, and the fact that nobody knew this guy was missing
until his wife phoned the plant looking for him. For all she knew, he could have taken a double shift and didn't phone home.

What is important (to this discussion) is that the operators have the responsiblity to operate the machine in a safe manner, and we have a
responsibility to give the operators the required tools (including safety systems and lock-out procedures/devices).

It doesn't matter that the operator complains about having to look for the e-stop button, or that production supervisors complain about the time lost looking for a button. Operators _should_ be going out of their way to find that button and investigate why it was pressed.

Having e-stop PB's as maintained contacts provide an extra layer of protection, and ensures that operators will do their bit.


Anthony Kerstens P.Eng.
 
S
Anthony Kerstens P.Eng said:
> "Having e-stop PB's as maintained contacts provide an extra layer of
> protection, and ensures that operators will do their bit."


How many layers do you need? I saw one machine that when you pressed an e-stop PB it took a key to reset the button. There has to be a practical
limit somewhere. At some point in time you have to take responsibility for your own safety. The leading cause of death in car accidents is head injuries. I bet you don't wear a helmet when you drive a car.

Sam Robinson
[email protected]
Industry Products Co.
500 Statler Rd.
Piqua, Oh 45356
937-778-0585
 
From a managerial point of view, not an engineering or automation one, the fact is that until the ease and ability for workers to sue for large damage claims over minor injuries is controlled (if, in fact, we decide that is
desirable), you can expect more of this. It is NEVER the fault of the employee. It is always the employer's fault, partially, even if the
employer proves that the employee was at fault, or in error.

That's the way too many lawyers, judges and juries have seen it to think yourself immune.

Walt Boyes
 
A

Anthony Kerstens

Not to mention penalties imposed by law.

In Ontario, any person in contravention of the health and safety act, or failing to comply with an order, may be fined up to CDN$25,000 or be sentenced to a prison term up to one year. Corporations convicted of offenses can have fines up to CDN$500,000 levied against them.

Supervisors should be screaming for maintained e-stop contacts, and all the latest safety gadgets.

Anthony Kerstens P.Eng.
 
An earlier response indicated their negative position re: depending upon E-STOP PLC code that wouldn't unlatch due to programmer oversight...

I didn't notice any mention re: OSHA (or in our case, MIOSHA)... According to these regs, I believe implementing E-STOP via a PLC is in clear violation (unless, of course, the PLC is safety rated for which there may be an allowance, in which case the comment about a programming oversight is appropriate). But even given a safety rated PLC, I don't think I will drop the hardwired power ckt interruption; surely it is safest.

 
Top