Safety switch with guard locking
Interlocking device (ISO 14119:2013, § 3.1) – Mechanical, electrical or other type of device, the purpose of which is to prevent the operation of hazardous machine functions under specified conditions (generally as long as a guard is not closed).
The reference standard is EN 14119. The standard emphasizes the fact that the interlock function and the lock function are two separate safety functions, with PLR that can also be different. Often the safety level required for the interlock function is lower than that required for the interlock function.
As an example, we will analyse the protection of a machine’s dangerous movement through a perimeter protection gate by carrying out a risk analysis (simplified) according to EN 13849.
A tree type graph of decisions (see « Tree type graph of decisions for Plr value determination if (P) probability of a dangerous event occurring can be judged low« ) is used to find the contribution to risk reduction that must be
provided by the safety related function, leading to univocal identification of PLr. If more than one safety-related function are identified, PLr shall be identified for each of them.
Interlock safety related function
- When the gate opens, the dangerous movement must be stopped and remain still.
- Referring to the graph above, In case of accident, we assume that:
- The injury that can be generated is irreversible, S2
- Frequency exposure to hazard is continuous (Machine always in run), F2
- Possibility of limiting the damage is low and the risk is unavoidable in case of unexpected start of the machinery, P2.
Than, the required Performance Level (PLr) of the interlock safety function must be PLe.
Lock safety related function
We have also to consider the machinery inertia. The safety distance (calculated according to EN 13855) is greater than the distance between the gate and the dangerous area. In this case, it is possible to open the gate and reach the machinery still in motion. For this reason, it is advisable to use a lock device that locks the gate safely, preventing entry until the machinery is moving.
Therefore, safety systems able to perform this function must be used. For example:
- Safety speed monitoring able to check the stand still of the moving parts before allowing the gate or guard opening
- Authorize opening only after a delay following a stop command.
Therefore we have a new safety function, the gate or guard lock
Always using the previous page graph, we analyze the risks even for the lock function. Let’s assume that:
- The injury that can be generated is irreversible, S2
- Frequency exposure to hazard is rare (entry into dangerous zone is rare), F1
- Possibility of limiting the damage is high and the risk is avoidable, P1. This for two reasons:
- The operator can see the dangerous movement of the machinery (humane behavior) and decide to not entry
- Very reliable systems to control the movement of the machine are used (Safety speed monitor, Safety PLC….)
Than, the required Performance Level (PL r) of the lock safety function must be PLc.
Safety levels
In this type of device, a single failure resulting in the loss of the safety function. Typically mechanical breakage of the actuator tongue or some other part of the mechanical connection. Therefore, a single mechanical failure can compromise the safety of the gate or guard or can it may cause a transmission error. The contacts transmit an incorrect signal about the state of closure or opening of the gate or guard.
The lock interlock safety function of these devices is (in general) of category Cat. 1:
- There is no redundancy, therefore Cat. 4 and Cat. 3 must be excluded. The single fault resulting in the loss of the safety function
- Cat. 2 is impractical because it is impossible to test the functioning of the mechanical retention
- Cat. 1 can only be reached thanks to the reliability of the components (high MTTFd)
- From ISO 13849-1 – Table 5, we can see that the safety levels PLc and PLd correspond to Cat. 1.
How to increase the safety level of the interlock function?
To increase the safety level of this function there are several alternatives:
- Redundancy, i.e. duplicating the interlocking device (electromechanical)
- Again to obtain redundancy, we can combine the electromechanical device with a more refined technology sensor, for example an RFID sensor, to be used as an interlocking device.
- Fault exclusion, i.e. carry out a detailed analysis of all dangerous failures and take measures to exclude all cases in which they can occur. With this method, using only one device, it is possible to reach Cat. 3 / PLd (PLe does not plan to use the fault exclusion). It is a complex activity that must be carried out according to EN 13849-1 / 2 and justified in all its aspects.
Let’s summarize these concepts now with an example based on ReeR products.
- Safelock Safety switch with guard locking and electromagnetic lock
- Magnus RFID Contactless RFID sensor with OSSD outputs used as interlock sensor
- Magnus Contactless magnetic Reed sensor with 2 N.O. contacts used as interlock sensor
- Safety realys (SR E4, SR ONE)
- MOSAIC Safety controller
Lock function Category / Safety level | Interlock function | Coding | Devices |
Up to Cat. 1 / PLc (Note) | Up to Cat. 1 / PLc | Low | Safelock + PLd safety interfaces for emergency stop buttons and safety switches SR E4 or 1 Mosaic input |
Up to Cat. 1 / PLc (Note) | Up to Cat. 3 / PLd | Low | Safelock + PLd safety interfaces for emergency stop buttons and safety switches SR E4 or 2 Mosaic inputs + Fault exclusion (note) |
Up to Cat. 1 / PLc (Note) | Up to Cat. 4 / PLe | High | Safelock + Magnus + 2 PLe safety interfaces for emergency stop buttons and safety switches SR E4 or 4 Mosaic inputs |
Up to Cat. 1 / PLc (Note) | Up to Cat. 4 / PLe | High | Safelock + Magnus RFID + Safety relay SR ONE or 2 Mosaic inputs (only for Magnus) |
Up to Cat. 4 / PLe | Up to Cat. 3 / PLd | Low | 2 Safelock + PLd safety interfaces for emergency stop buttons and safety switches SR E4 or 2 + 1 Mosaic inputs (FBK needed) |
Up to Cat. 4 / PLe | Up to Cat. 4 / PLe | Low | 2 Safelock + 2 PLe safety interfaces for emergency stop buttons and safety switches SR E4 or 4 + 2 Mosaic inputs (FBK needed) |
(Note) Cat. 3 / PLd can be reached through fault exclusion. The exclusion of faults is allowed according to point 7.3 of EN ISO 13849-1 of which an extract is reported.