After carefully reviewing previous posts, we have extensive experience in safety design. In the past, we collaborated with Pilz, who informed us that driving an expansion relay (with K1 & K2) from a single safety output, with feedback into the safety PLC, would achieve Category 3. However, most Rockwell literature suggests that using a single output to a single safety contactor only achieves Cat 2, without showing feedback of the contactor to a safety input. This has sparked debate in our office as we have been unable to find any documentation supporting a Category 3 rating for this circuit. Is this subject open to interpretation or is there solid evidence available? In automotive systems, most are Category 3 (PLd) at best. The Rockwell L80 Safety Partner is essential for reaching PLe, but the importance of a system relies on its weakest rated device/circuit. Nevertheless, customers prefer the safety partner despite the PLd rating. I invite a general discussion and welcome feedback with any reference materials to share. Thank you for your contributions!Chris.
When it comes to safety functions, having only one point of failure at Cat 2 or below can compromise the system. If multiple force-guided contactors are controlled by a single output and that output fails in the ON position, the safety function is lost when a demand is placed on the system. However, using two outputs to drive multiple contactors provides redundancy, so if one output fails ON, the safety function remains intact, achieving a Cat 3 level of safety.
The effectiveness of the safety output in a safety PLC may be contingent on its redundancy and monitoring capabilities. If the output is equipped with internal redundancies and monitoring features, then it may be deemed satisfactory.
When it comes to standard outputs, they can pose a single point of failure. Safety outputs, on the other hand, are inherently redundant, making them suitable for SIL3/PLe systems, whether they are controlling contactors or devices directly. Siemens offers both PP and PM failsafe outputs, with PP breaking the output twice before the signal can return anywhere, while PM breaks the output once at the output and once at the return, requiring it to be returned to the module. PM has the advantage of being able to detect cross circuit errors, offering an additional layer of safety compared to PP. Siemens manuals also suggest the option of driving 2 relays/contactors from a single failsafe output, leveraging the built-in redundancy of the safe output and the redundant nature of having 2 contactors. This setup can ensure an added layer of safety and reliability.
Achieving SIL 3 certification requires more than just a single safety output connected to a contactor with feedback. While a safety output monitors the channel's output status and a safety input monitors the feedback input status, the safety PLC and safety IO modules play a crucial role in ensuring safety integrity. Proper coding, such as ensuring a safe state before energizing and using feedback signals, is essential for achieving SIL 2 compliance. However, a simple short to 24VDC or a bridged contact on the output wire to a single contactor can compromise the system's safety. While a safety output and input provide some integrity, they are not a foolproof solution to prevent a single point of failure. Without redundant measures to cut power from a device, SIL 3 certification cannot be attained in its strictest sense. Manufacturers may claim their single-channel relay is SIL 3 rated due to included diagnostics, similar to a properly wired single-channel Rockwell input/output. However, as demonstrated by potential single failure points, the overall system may not meet the SIL 3 criteria. It is important to note that SIL ratings are based on probability and failure rates, which is why literature may not explicitly mention the need for redundancy to achieve SIL 3 certification.
Machinery safety standards, such as ISO 13849-1 and AS4024.1503, establish important guidelines for Category Architecture and PL/SIL levels. In the realm of machine safety, it is crucial to distinguish between Category and PL/SIL standards. There appears to be some confusion surrounding this distinction, as some systems classified as PLd are also Category 3, utilizing a dual channel architecture. It is worth noting that achieving PLd is also possible with Category 2, a single channel architecture, given that MTTF and DC meet certain criteria. Clarity on these concepts is essential to ensure the safety and effectiveness of machine operations.
This is certainly an intriguing discussion, Chris. Your point about the weakest rated device/circuit determining overall importance in systems really stands out. In my experience with Rockwell systems, interpretation can indeed vary, especially regarding achieving Category 3 (PLd). Without going into specifics, I've found PLC feedback to be quite crucial for maintaining safety ratings, perhaps even more so than using a single output to a single safety contactor. Perhaps these discrepancies in interpretations are why customers often favor the safety partner. I’ll try and dig up some reference materials from my past projects that may help shed more light on this.
Hey Chris, interesting points there! In my experience, a majority of Rockwell's safety circuits I've worked with are indeed rated for Cat 2, but achieving Cat 3 relies heavily on the integration of safety input and feedback. I think industry standards like ISO 13849 might hold more definitive clues. I remember reading somewhere that feedback to the safety PLC might in fact enhance the system's ability to shut down promptly in case of a single fault, thereby potentially improving the performance level. I'll be sure to dig around for more concrete resources and get back to you. Keep the discussion rolling, it's a great brain exercise!
Hi Chris, I think your question is an interesting one and it indeed stimulates a much-needed discussion about safety ratings. From my experience, reaching category 3 or even 4 often takes more than just a single safety device or feedback circuit, it's usually a combination of devices and safety measures where each contributes to the overall safety function. For the specific case you mention, I'd recommend reaching out directly to Rockwell or Pilz for definitive guidance as there's generally no one-size-fits-all answer - every system is unique and must be evaluated as a whole for its safety rating. Also, it's worth mentioning that while we strive to achieve the highest safety categories, the focus should be on overall system safety and reliability. To answer your question directly, no it isn't just open for interpretation, there are regulations and compliance to adhere, however it's up to us as engineers to apply them correctly to the systems we design.
Hi Chris, it's interesting you brought this up. From my understanding, assigning safety categories isn't purely subjective. The EN ISO 13849-1 provides a framework for classification, and this standard is internationally recognized. As you've rightly pointed out, it's not just the design but also the reliability of components involved that determine the PL. Cat 3 circuit's defining characteristic is that it provides a certain level of fault tolerance - if a single fault occurs, the system can still function safely. I'd recommend revisiting this normative document or consulting with an expert who is well-versed in these standards to resolve your confusion. I can also share some useful reference materials if you'd like. Cheers!
✅ Work Order Management
✅ Asset Tracking
✅ Preventive Maintenance
✅ Inspection Report
We have received your information. We will share Schedule Demo details on your Mail Id.
Answer: Answer: Category 3 indicates a higher level of safety integrity compared to Category 2. Category 3 typically requires redundancy and diagnostic coverage to meet the necessary safety performance levels.
Answer: Answer: The discussion highlights differing viewpoints, with Rockwell literature suggesting that using a single output to a single safety contactor may only achieve Category 2. Further clarification or evidence may be needed to confirm the Category 3 rating for this circuit.
Answer: Answer: Feedback from safety devices to safety inputs plays a crucial role in achieving higher safety categories like Category 3. It ensures that the safety system can detect faults and maintain the required safety integrity level.
Answer: Answer: The Rockwell L80 Safety Partner is mentioned as essential for reaching PLe, a higher safety level. However, it is noted that the overall safety of a system is determined by its weakest rated device or circuit, highlighting the importance of assessing the entire safety system for compliance.
Join hundreds of satisfied customers who have transformed their maintenance processes.
Sign up today and start optimizing your workflow.