Safety Reset over Ethernet?

No personal experience, but Siemens Mobile Panels can have integrated safety functions, i.e. a physical E-Stop button.
simatic-hmi-mobile-panels.jpg

Notice there is no physical reset button, so I guess it must be a function of the HMI.
Maybe one of the programmable buttons outside the touch screen are assigned to the reset function.

Btw, this is a resurrected thread.
 
Hey Jesper :) . Those Siemens mobile panels are really cool :).
There is no reason that a reset button could not be at at a separate station in this situation, or the reset is provided by the two step process using a safety PLC and ACK_OP function I linked to before.

I have some friends who work at siemens that I can contact for proper detailed information on the actual legalities of it all if interested.
I will post here once I have it. Watch this space :)
 
thoese will be relying on profisafe rather than profinet to control the reset button

I agree with some of the comments on reset buttons needing to be local, but the reset button is often on the main panel, which could be 10's of meters from the machine... Especially now we have remote IO.

But I think the standard that dictates this is the machine Standard IEC62061
 
EN 13849-1 has this to say about the reset button:
5.2.2 Manual reset function

The following applies in addition to the requirements of Table 8.
After a stop command has been initiated by a safeguard, the stop condition shall be maintained until safe conditions for restarting exist.

The re-establishment of the safety function by resetting of the safeguard cancels the stop command. If indicated by the risk assessment, this cancellation of the stop command shall be confirmed by a manual, separate and deliberate action (manual reset).

The manual reset function shall
— be provided through a separate and manually operated device within the SRP/CS,
— only be achieved if all safety functions and safeguards are operative,
— not initiate motion or a hazardous situation by itself,
— be by deliberate action,
— enable the control system for accepting a separate start command,
— only be accepted by disengaging the actuator from its energized (on) position.

The performance level of safety-related parts providing the manual reset function shall be selected so that the inclusion of the manual reset function does not diminish the safety required of the relevant safety function.

The reset actuator shall be situated outside the danger zone and in a safe position from which there is good visibility for checking that no person is within the danger zone.

Where the visibility of the danger zone is not complete, a special reset procedure is required.

NOTE One solution is the use of a second reset actuator. The reset function is initiated within the danger zone by the first actuator in combination with a second reset actuator located outside the danger zone (near the safeguard). This reset procedure needs to be realized within a limited time before the control system accepts a separate start command
Click to expand...
The bit about "good visibility for checking that no person is within the danger zone" is problematic IMO.
IMO almost every machine has blind spots that cannot be viewed from the reset button. But I have never seen anything like what is described under the "special reset procedure".
And if you use classical safety relays, I know of no such relay that can accept the input from several buttons with timed logic between the buttons.
The only practical solution I have seen is that you take a walk-around the machine before you activate the reset button.

Normally, when you read the standards and use logical thinking and try to think what is the intention, it usually makes a lot of sense.
But this is one where I think to myself that the author has mindlessly written a requirement without giving it a real thought about how it is supposed to be achieved.

The above is just me thoughts that should not be taken as serious safety advice .. !
 
We constantly argue here at our plant about what a 'manual, separate, and deliberate' action means. Some guys are ok with the reset from an HMI to save on wiring and an extra push button. Some guys (myself included) prefer a separate hardwired push button independent of the HMI. We never got consensus on this so we have two separate 'standards' in our plant.
 
common sense when you hit the reset if the estop is still set , the reset should have no effect. So if the plc hits it 50k x and it does not reset the estop then i think your estop is good to go.
 
Jim3846 said:
common sense when you hit the reset if the estop is still set , the reset should have no effect. So if the plc hits it 50k x and it does not reset the estop then i think your estop is good to go.
Click to expand...


The problem(s) with this are:
1. Not all the mushroom head red buttons on all the machines are latching E-stops, quite a few are simply momentary big red buttons


2. I have seen operators pull, or twist, the E-stop back off immediately after pushing it to stop the machine, so they don't have to walk back over there to release it after they take care of the problem.


It all falls back on there has to be a reset button that needs to be pressed where the person pressing it can visually see the area is safe to resume operation.


There was one factory that took this so seriously that they had ONE designated person that was the only one that could reset an E-stop after it was triggered, and he wasn't the controls engineer or electrician - a member of the safety committee.
 
kckku said:
We constantly argue here at our plant about what a 'manual, separate, and deliberate' action means. Some guys are ok with the reset from an HMI to save on wiring and an extra push button. Some guys (myself included) prefer a separate hardwired push button independent of the HMI. We never got consensus on this so we have two separate 'standards' in our plant.
Click to expand...

They both do the same thing though. Whether is a actual PB or from the HMI, it still either activates an input to the Safety Relay be it wired or comms.

The Safety Relay manages the edges on the reset bit.
 
janner_10 said:
.... or from the HMI, ...
Click to expand...


The problem with this, as linked to in the ABB page earlier, is that a lot of HMI's and most PLC's now can be remote accessed and someone that does not have a clear view of the safety conditions around the equipment could remotely trigger the reset - exactly what the OP asked about.


EDIT: Don't think that you as the programmer will be the only one accessing it remotely. If the HMI has a webpage or phone app version (IE - C-More) then the foreman or production manager could go there, say that machine has to be running and reset and start it not knowing the operator is changing steel coils and guiding the steel through the feeder at the time while the press is E-Stopped. (Just a quick example out of thousands possible)
 
Last edited:

Similar Topics

G
safety Reset OSF
Hi guys! I know we should use a OSF to the safety reset PB on the PLC logic, but.. wondering, is there any standard ANSI, ISO or any from rockwell...
Replies
3
Views
611
Bit_Bucket_07
Bit_Bucket_07
A
Reset Safety zone
Suppose you have a safety zone with as actuators in the zone : a failsafe pneumatic pressure release valve with safety feedback, drives on...
Replies
6
Views
2,223
JesperMP
JesperMP
K
Safety circuit auto/manual reset
Hypothetically we have a machine with safety door switch and a E-Stop. The operator places the work piece into the machine, the door is closed and...
2
Replies
20
Views
7,295
BryanG
B
A
AB 440R-H23176m MSR210P Safety Relay - Reset Issues
Good afternoon, I'm having issues resetting my safety relay. Sometimes it resets, other times it does not. We end up cycling power and hoping it...
Replies
9
Views
3,815
alive15
A
T
Safety Relay Reset Button
I have to install a reset button for a safety relay. Should it be a flush non illuminated PB or an extended head PB with guard or without guard...
Replies
2
Views
1,965
nonuke
nonuke
Back
Top Bottom