Why Use a Safety PLC Instead of Safety Monitoring Relays

Look what customers are saying about our "How To" video series:

Valin's "How-To" video series on safety PLC's was very informative and saved me between 8 to 12 hours of reading tedious manuals. I was able to reference the videos as needed for clarification on questions. Going back though the videos I realized you had explained everything well, I just needed to see it once more. Very helpful!

John Peters, President
JJT Design
Hello this is Ray Marquiss, Senior Application Engineer with Valin Corporation, and this video is going to discuss why you would use a safety PLC instead of using safety monitoring relays for your machine safeguarding. Let's get started.

During this presentation we’ll discuss these reasons for using the safety PLC instead of using the safety monitoring relay:
• Safety PLC will simplify the wiring.
• Make machine maintenance easier.
• It can make troubleshooting easier.
• It gives you more flexibility in case your safety system changes.
• Integrating to the upstream master controller or machine controller is easier
• And when it comes to the end of the line, total cost of ownership. That means design, hardware, construction and operation are all going to be less expensive.

Here’s a picture of what we would consider a simple safety circuit.  There is dual channel wiring for redundancy that goes through the E-stop and the safety door interlock. You have several force-guided relays to kill power to the hazard. The hazard could be a motor or a pinch hazard or any moving part or or something that can affect the operator. There is external device monitoring wires for the force guided relays so that you can confirm the operation of those relays. You have your hazard here on the bottom with the H, and then there are some additional monitoring relays.  You have these additional monitoring relays down here that monitor the hazard and give an indication when it's safe even after you shut the power. That's in the case of something like a motor that has to run down or something along those lines.  That will monitor that movement and then give a signal back to the safety monitoring relay to let you know that it's safe.

Many safeguarding applications start out very simple. This has just a E-stop and a door interlock. So in the design phase this makes sense to have a safety monitoring relay and some force guided relays to control the hazard. But during the commissioning phase, if there's a wiring error, it might be tricky to find because these this E-stop and the safety interlock are wired in series, so it's difficult to tell if there's a wiring error with the safety interlock or what the E-stop.  Same thing for the force guided relays.  Since they’re wired in series, if one of them is working and one of them is not, it's a little more difficult to figure out where the wiring problem is. Once you overcome that hurdle and you're actually in operation, the system will work well. But during the maintenance phase, they have to do maintenance on the machine while it operates, even if it's at a lower speed that they have to do work on it or maintenance to it. And so a lot of times what you'll see is they'll take the key or have an extra key for this safety door interlock and they'll stick it in there so they can operate the machine with the safeguard disabled. Sometimes the operators of the machine will get the idea that that's a good plan is to just defeat this door interlock so that they can work more of, what they would say, more efficiently. And so that shows another weakness here is that we don't have the ability to use the safety monitoring relay to go into another mode; all we have is the safety mode.

With the safety PLC, the wiring is simplified. Each safety device is wired to an input point on the safety PLC.  Just like on a normal PLC, each input device would be wired to an input, so our safety door interlock, even though it's dual channel, it'll go to two inputs on the safety PLC and they'll be monitored as if it's one input [Actually, monitored as one device, but the inputs are evaluated individually]. Same thing for the E-stop. Then we can have each of the force guided relays, even though it doesn't show it in this graphic, we could have each force guided relay on its own output, controlled by the safety PLC.  And the green line, symbolizing the feedback from those relays, could go into Inputs on the safety PLC as well.  And then our external monitoring devices for the hazard here, those can also go back into inputs on the PLC, so each device has its own input and can be monitored independently of each other.

In addition to simplifying the wiring, with this series wiring, if there's a problem where the safety circuit is engaged and the machine won't operate, the users have to figure out is it the e-stop or the safety door interlock. This is not a big deal with just two devices. They can check those two, but I've seen where operators have maybe 10, 12 or fourteen safety door interlocks on their machine and the machine won't operate. They have to go test all of them or check all of them to see which one it is that's not letting the machine run because they are all wired in series. 

We talked earlier about the maintenance mode and how the operators are likely to do just exactly like the maintenance personnel do, and either take the key off the door and put it into the safety interlock switch, or just get an extra key and put it in there to defeat that door interlocks so they can run the machine, what they think is, better.  With the safety PLC, you can actually create a maintenance mode.  So I've added at the bottom here, a keyed switch. With that switch going into an input on the PLC, you can turn that to turn on that input and then inside the PLC program you can have it go into a safety mode which allows the machine to operate even with the door interlock opened.  With the maintenance key, the maintenance personnel can come in, put their machine in maintenance mode, operate with the door open, and get all their maintenance done, and then they turn the key back to the run mode and walk away with the key. But also when they put that key into maintenance mode, it's going to be set up so that it will only run for a certain amount of time in maintenance mode, and then it's going to go back to the run mode.

Also note here that if your machine safeguarding system changes, for instance, you realize that you need to have another E-stop in another part of the machine or you need another door interlock, or you want to add a light curtain at a certain place, once you decide to make that change, you're going to have to change your wiring in order to accommodate that.  For instance, if you have another E-stop, you might have to wire in series. If you had another light curtain, you might have to wire it into an auxiliary relay, or you're going to get more monitoring relays for those devices.  When you start adding more monitoring relays, your wiring it's more complex, and you're going to add cost. With the safety PLC if you want to add that light curtain, basically, you'll just take the output of that light curtain and your wire it into the safety PLC, and then you change the program.  So we haven't had to add any components except for the safety component, the light curtain. On top of that, you can use the safety PLC to create safety zones, and these safety zones make the machine more efficient by allowing certain parts of the machine to operate even though the safeguards in another part of the machine are enabled.  So, for instance, if someone opened the guard door on this machine. And the program was written in such a way that it had zones in it, they could open the guard door on one part of the machine, but the part that's being protected by this light curtain would continue to operate. 

At the same time if they reach through the light curtain, that would make put this part of the machine into a safe state, but the part that is protected by the safety interlock would keep going. When you're building the machine, it's important for the main controller to know what's going on with the safety circuit on your machine, but the main PLC or main controller cannot be a part of that safety circuit. In other words, you can't just have an input go to a normal PLC for an E-stop, and then when the operator pushes that E-stop, the normal PLC tells the machine to go into a safe state. You need to have the main PLC understand or know about what's going on with your safety devices, but it cannot control the safety devices, so what you normally do is you'll buy interlock switches or E-stop switches or devices with more contacts on them and you'll use those auxiliary Contacts or the extra contacts to go in parallel from the safety device to the safety relay and also to the PLC.  So, for instance here if we just look at one of these switches, this red line is the line that's used to take both of these guard doors or guard door switches into the safety PLC [not PLC. Safety relay} and they’re wired in series. You can see there's a lot of contacts on here, so another set of contacts would also be wired into the safety relay to provide redundancy, but then in addition to those you have to take contacts and wire them into the PLC so that the PLC knows that the guard door is open. If you don't do this and you open the guard door, the safety circuit’s going to prevent certain things from operating.  Maybe it's going to stop a motor. But if the control PLC doesn't know about it, then the machine or the machine program might operate erratically. These additional contacts, and in some cases even additional devices, will add cost and complexity to the system.

If we look at how you do this with the safety PLC. In this case we have a small safety PLC and then a machine control PLC, and we can do it a couple of ways.  With the safety PLC in addition to the safety IO on there we can add non-safety IO.  We can mimic safety inputs and safety outputs and turn those on and off on this additional IO which is non safety and have that IO connected to the PLC. That's similar to the method that you saw in the previous slide.  In addition to having that capability, we also have the capability of having the safety PLC communicate to the master PLC or the control PLC over an industrial network, like Ethercat or Ethernet/IP. Or we can do it over serial. This way you save on having the additional wiring an additional hardware to have the IO communicate the status of the safety PLC. Using one of our industrial networks, it allows you to do to get that information from the safety PLC over basically one cable.

If you look at a simple cost comparison of using a safety PLC versus safety monitoring relays, when you have very few devices like 1 device or two devices, the safety PLC is a bit more expensive than doing it with a safety monitoring relay. However, once you get to 3 devices, in my experience, it has been that the safety PLC becomes just about the same price as doing it with a safety monitoring relay and discrete devices. Anything over three, and the cost savings goes in favor of the safety PLC.  When you consider the flexibility that's offered and the ease of troubleshooting so that the machine is going to operate more efficiently, then it really falls in favor of the safety PLC.

So a quick summary of what we just saw. The safety PLC can simplify your wiring, make machine maintenance easier, improve your shop troubleshooting, and save time. Provide configuration flexibility. Create some safety zones to help productivity. Ease the burden of integration with the machine controller and reduce the total cost-and the total cost is the design, the hardware, the construction, and the operation.
I hope you found this useful. If you have any questions, please see the number above and you can call us at Valin, and will be happy to help.

If you have any questions or are just looking for some help, we're happy to discuss your application with you.  Reach out to us at (855) 737-4716 or or fillout our online form.