First PLC program. Please check for Safety

[JCBIII 0]

Hey folks.  IF anyone here has just a second, I have a very simple PLC program, but it's the first one I have ever done and I want to make sure its "done right" ...or at least that I have the right idea even if I need to change things. I basically watched Automation Directs Videos for 2 days and then wrote this.   The program simply uses a start button to  start a drum that fires 3 air cylinders in a sequence. the complete bit resets the drum.  

 The question is have is with the e-stop circuit.  To follow OSHA guidelines of "denergizing the device"  when the e-stop is pressed, what i have done a #1, connected the main air dump valve in series with the e stop switch (non plc controlled in other words)      and In the PLC i put in 5 or 6 E stop rungs, that reset the control bits, and reset the air cylinder coils.   I did all this in the main program, I'm not sure if that's the correct place or if I should of done an interrupt or something.  (deactivating the cylinders wont cause anything to drop or anything)

Anyway looking forward to your input always trying to learn. 

oh one other question.  Should I also wire the 24v to my  air solenoids through the e-stop as well or is logic good enough?

Insert Press.ckp

Edited 21 Jun 2023 by JCBIII

[Joe E. 259]

I don't have that software installed, so I haven't looked at your program, and the usual caveats apply....

Your thorough risk assessment performed by a qualified person will dictate the level of control/redundancy you need. But...in general...if energy has to be removed in an e-stop condition, then it has to be hard wired and using a safety monitoring relay of some kind. If there is a potential for injury that's bad enough (consult the standards and/or an expert), you'll need safety-rated redundancy as well. Unless you're using a properly rated safety PLC, all of the safety functions need to be independent of the PLC. In other words, no part of making the personnel safe can depend on the PLC in any way. The PLC can protect itself, the product, and the machine, but not people (unless it's a properly rated safety PLC).
Your safety devices need to remove/block the actual hazardous energy, too. So, if you have pneumatic actuators, you need your safety system to control the compressed air, not just the electrical power to the directional valve coils.

Of course, if your system doesn't have any risk to people, then you can do everything in the PLC and it's up to you how you protect the machine from itself. If you have cylinders, though, I would be shocked if your risk assessment says there's no risk to people.

[JCBIII 0]

39 minutes ago, Joe E. said:

I don't have that software installed, so I haven't looked at your program, and the usual caveats apply....

Your thorough risk assessment performed by a qualified person will dictate the level of control/redundancy you need. But...in general...if energy has to be removed in an e-stop condition, then it has to be hard wired and using a safety monitoring relay of some kind. If there is a potential for injury that's bad enough (consult the standards and/or an expert), you'll need safety-rated redundancy as well. Unless you're using a properly rated safety PLC, all of the safety functions need to be independent of the PLC. In other words, no part of making the personnel safe can depend on the PLC in any way. The PLC can protect itself, the product, and the machine, but not people (unless it's a properly rated safety PLC).
Your safety devices need to remove/block the actual hazardous energy, too. So, if you have pneumatic actuators, you need your safety system to control the compressed air, not just the electrical power to the directional valve coils.

Of course, if your system doesn't have any risk to people, then you can do everything in the PLC and it's up to you how you protect the machine from itself. If you have cylinders, though, I would be shocked if your risk assessment says there's no risk to people.

roger that. Sounds Like Ive basically got it right then. The E-Stop dumps air pressure, and there is no high voltage to worry about anywhere. So the logic resets the plc to a safe re-start condition basically.  I have a 5 amp e-switch so Im going to go ahead and run all 24v power through it (with the exception of the plc itself)  That'll take care of both power and air.

[Joe E. 259]

Don't forget to think about failure modes. What if the e-stop button sticks? What if its contact block falls off? What if the dump valve sticks? Etc.?

If someone could get hurt, the system almost certainly needs redundant devices and circuits.

[BobLfoot 302]

I know the link I am giving you is written for a UK/EU audience but the ANSI and ISO standards are working hard to harmonize with each other.

https://www.eaton.com/gb/en-gb/markets/machine-building/service-and-support-machine-building-moem-service-eaton/blogs/performance-level.html#:~:text=According%20to%20EN%20ISO%2013849,reliability%20of%20a%20safety%20feature.

As was said earlier, Know your required Performance Level based on a thorough Risk Assessment, choose your construction category based on Performance Level, select your components and build your system and then validate your build.

And don't forget to specify the maintenance activities and intervals.  No safety device is any good if it fails to operate due to poor maintenance.

[panic mode 246]

using safety PLC does not mean that end result is safe. it only means that it is capable of applications requiring safety - if used correctly. ultimately it is still up to programmer to configure and program it correctly. without software one cannot check your program. you may considering printing or exporting it into a PDF form so anyone can offer feedback. 

even for EStops, it is not enough to put them in series with something. safety standards have various criteria that need to be met and this is determined through evaluation process (aka Risk Assesment).