Emergency Stop Circuit Scenario

3 posts in this topic

I have a project that I'm doing the automation for and wanted to throw my scenario out there to see if anyone could offer some advice/suggestions:

The project involves multiple smart MCCs, meaning each motor's MCC bucket has a motor management controller.  These controllers are all connected to my PLC via Modbus...so I have no hard-wired outputs for motor control.   There are multiple e-stop stations throughout the plant, that are wired back to my PLC panel(s), however, the customer did not account for a hard-wired e-stop circuit and expects me to use the PLC for an emergency stop.  Even though in a recent call to my local MSHA office, I was told that they have no regulations for a full plant e-stop just individual machine e-stops, it's my company's policy (and my personal policy) that we NEVER program in a PLC-controlled e-stop.  There is way too much risk and liability involved in this.

First off, I know the PLC-controlled e-stop situation has been discussed multiple times before.  Can anyone direct me to any legal literature or guidelines that explain the dangers behind this?  My customer isn't buying the "it's my company's policy" thing, and I'm being pressured by my GM (who knows nothing about the automation side of our business) on why we have this policy in the first place.  I would like to be able to give them all some official document backing my stance so they'll get off my back.

Secondly, does anyone have any suggestions on any possible way for me to do an approved e-stop circuit in this situation?  The customer has pulled back the wires from every remote e-stop station to my PLC.  I'm ignorant when it comes to safety controllers and safety relays.  Can I wire the e-stops through a safety controller or relay and communicate that back to my PLC in some way?  Is that permissible?  Short of killing power to the PLC during an e-stop, I don't know what I can do on my end.  I've told my customer that the e-stop circuit needs to be wired through each motor bucket and showed them on the MCC schematics where the manufacturer accounted for a customer-supplied e-stop, but they didn't like to hear that and would like another solution.

Any help would be greatly appreciated! 

Share this post

Link to post
Share on other sites

Well, I feel like there are a few types of responses to this. I cannot say that I am "all knowing" about safety. I also have no experience with MCCs. However, I will say that safety circuits need to be discussed more and that we, as a community, REALLY need to start discussing safety circuits that are completely digitalized. I think your question is great and very relevant.  

From the experience that I do have, this is what I can say. One of the responses that you might get will mention a risk assessment. Maybe you can get lucky and a machine risk assessment that will tell you that a safety circuit with redundancy and pulse tests, etc is not required. If that is the case then I do not see why you wouldn't be able to just use the PLC.

Another way of looking at it is to check if it possible to replace the PLC with a safety rated version of it. This might solve your problem.  

I just did a quick google search and Siemens mentions safely controlling motors through their MCC. I'm not sure if the PROFIsafe layer can run on a Modbus protocol but if it can, you might already have what you need.


Share this post

Link to post
Share on other sites

First off, with any machine design, a safety audit should be completed by the machine designer to verify that the design has met the safety guidelines.  A robotics application will be different than a tire press machine which will be different than a conveyor line, as far as safety requirements go.  Depending on your location and customer, you may be required to adhere to a safety design guideline.

I was skeptical, also, of a networked safety circuit design (as opposed to a typical hardwired safety circuit design).  Rockwell/Allen-Bradley has a robust safety controller solution (a typical PLC processor with a safety PLC processor) that dovetails really well with A-B servo controllers and VFDs.  Press any networked E-stop and the safety controller will drop out the safety circuit and disable all networked servos and VFDs to remove potentially hazardous stored energy.

A "non-hardwired" safety circuit takes the decision making of the hardwired circuit (contacts & safety contactors) and puts this decision making in a controller.  The options are short...hardwired or safety controller.

Allen-Bradley has a decent safety controller design guide http://literature.rockwellautomation.com/idc/groups/literature/documents/rm/1756-rm099_-en-p.pdf

You may want to pursue researching what safety controller options are available for the MCC manufacturer the customer is going with.  These MCC buckets will need to be networked into the master safety controller to enable or disable motion power.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now