Emergency Stop (E-Stop) Wiring Options - Dual Channel

estop relays like a 440r-S12R2 will have a dual channel with pulse testing (so a short to 24v or faulty contact won't allow it to work when it shouldn't).

you would run your estop circuit starting at the relay itself, then run the 2 channels through the 2 NO contacts on the Estop and back to the relay. Then reset can be done with any NO contact on a reset button.

View attachment 62806


Shouldn't the E-stop contacts be NC?
 
Shouldn't the E-stop contacts be NC?

Estop contacts are NC. when you press it, they open and stay open until pulled or twisted to release.


The contacts on the safety relay are mostly NO and some NC, because you'll end up powering a second Safety contactor (listed as K1/K2 in the diagram). with it. that contactor would have 3 phase power out to a motor contactor set or whatever else required 3 phase power cutoff, and those contacts will have a red safety auxiliary contact with NC contacts on it (Shown as K1 and K2 coming into the feedback for the reset circuit on S34), to ensure that the contacts aren't stuck closed before resetting. The safety contacts themselves should be mechanically linked internally, so if one malfunctions, the rest won't operate on their own.
 
Your proposed use of the e-stop button serves only as an on/off switch. A true e-stop circuit requires a reset function. Pilz is the world leader in safety relays etc. Check their website. Another consideration is to perform a risk assessment. The use of a safety function implies some risk to an operator. A risk assessment will determine the level of safety required.
 
Estop contacts are NC. when you press it, they open and stay open until pulled or twisted to release.


The contacts on the safety relay are mostly NO and some NC, because you'll end up powering a second Safety contactor (listed as K1/K2 in the diagram). with it. that contactor would have 3 phase power out to a motor contactor set or whatever else required 3 phase power cutoff, and those contacts will have a red safety auxiliary contact with NC contacts on it (Shown as K1 and K2 coming into the feedback for the reset circuit on S34), to ensure that the contacts aren't stuck closed before resetting. The safety contacts themselves should be mechanically linked internally, so if one malfunctions, the rest won't operate on their own.


Your reply said "then run the 2 channels through the 2 NO contacts on the Estop" that's why I said aren't e-stop contacts NC - guessing it was a typo in your post...


The motor in my proposed system is single phase, 240V AC, so I'm guessing I won't need a second contactor since it's not 3-phase
 
Your reply said "then run the 2 channels through the 2 NO contacts on the Estop" that's why I said aren't e-stop contacts NC - guessing it was a typo in your post...


The motor in my proposed system is single phase, 240V AC, so I'm guessing I won't need a second contactor since it's not 3-phase

you're right, meant to put NC.


But you'll need a motor starter for the motor itself, the safety relay isn't a rated motor starter. it's only meant to drive other safety relays. like the 700s-CF series relays.


it sounds like you may need to look more at basic circuit control designs, and reading the manuals for the things you're proposing to use. The initial proposal of running a motor from estop contacts is a pretty bad idea when it comes to the industrial world. You may have seen something like that when it comes to a table saw, or home type appliances where the "Estop" is actually just a retained stop paddle or button which is capable of tranferring the motor load over it's contacts without an interposing relay in the circuit. you're getting close to the right track, but if I were you, I wouldn't take on building a safety circuit and claiming that it's "safe" until you know for sure what you're doing.

also, at least here in the US. for insurance and other reasons, unless someone is specifically trained to do so, they can't just decide how safe something needs to be without a safety evaluation to determine the SIL level it needs to be at. For my company, we hire in the OEM who have those certifications to evaluate a machine and determine what level of safety it requires, then we just build out the circuit to the specs and wire/program according to the standards. Without the safety rating, we can't and won't claim that a machine is actually safe to use other than removing all power and having the company who owns the machine go through and create a safety profile for it to determine what hazards it has and need to be removed... That's pretty much all up to the end user at that point.
 
Last edited:
you're right, meant to put NC.


But you'll need a motor starter for the motor itself, the safety relay isn't a rated motor starter. it's only meant to drive other safety relays. like the 700s-CF series relays.


it sounds like you may need to look more at basic circuit control designs, and reading the manuals for the things you're proposing to use. The initial proposal of running a motor from estop contacts is a pretty bad idea when it comes to the industrial world. You may have seen something like that when it comes to a table saw, or home type appliances where the "Estop" is actually just a retained stop paddle or button which is capable of tranferring the motor load over it's contacts without an interposing relay in the circuit. you're getting close to the right track, but if I were you, I wouldn't take on building a safety circuit and claiming that it's "safe" until you know for sure what you're doing.

also, at least here in the US. for insurance and other reasons, unless someone is specifically trained to do so, they can't just decide how safe something needs to be without a safety evaluation to determine the SIL level it needs to be at. For my company, we hire in the OEM who have those certifications to evaluate a machine and determine what level of safety it requires, then we just build out the circuit to the specs and wire/program according to the standards. Without the safety rating, we can't and won't claim that a machine is actually safe to use other than removing all power and having the company who owns the machine go through and create a safety profile for it to determine what hazards it has and need to be removed... That's pretty much all up to the end user at that point.


You're 100% right, my previous experience is in software, not circuit/hardware design. The only reason I'm looking at it is because the client has no one else to and asked if I could, it's for a basic system and will be isolated with no people around it when in use. So I'm happy to come up with a design but I will insist that a hardware design engineer verifies/approves it. Though personally, I'm also keen to learn this side of things as it's pretty important and helps with my job too. When I do have a final schematic, what's the best way to verify it myself, 2nd opinions on here? this seems to be the most helpful source I have :)
 
Last edited:
I'm glad somebody over the pond agrees with me in not killing everything.
One company I worked for used to buy many machines from the US, well built mechanically, panels, well not what most would accept in UK, one of the most anoying things was killing the power to the PLC & HMI, yet they put in alarms for Safety tripped ? etc.
It caused major issues, we had PV600's fail at an alarming rate, PLC cards, & even 2 processors, this turned out to be mainly due to RW hardware not withstanding too many power outages, on an e-stop, the complete panel was powered down, I modified it to only kill the relevant outputs, an extra main contactor fitted for the drives & so on, never had another HMI go down or PLC card.
 
Why do you need the Estop - would the mains isolator not suffice?


That's currently how the system is wired, no e-stop and motor wired through a 240v relay with 24v control voltage from PLC.


I guess the idea behind the e-stop is to provide safety shut off during the rare occasions someone is there while the system is on (maintenance, troubleshooting, etc - i know for those tasks system should be off but...)
 
I guess the idea behind the e-stop is to provide safety shut off during the rare occasions someone is there while the system is on (maintenance, troubleshooting, etc - i know for those tasks system should be off but...)

"I guess...."??? Don't ever guess.

You need to start with a risk assessment, there is a procedure to follow for designing a safety function.

If it goes wrong, you will and every man and his dog that even looked at it will be hauled across the coals if someone is injured.
 
"I guess...."??? Don't ever guess.

You need to start with a risk assessment, there is a procedure to follow for designing a safety function.

If it goes wrong, you will and every man and his dog that even looked at it will be hauled across the coals if someone is injured.


I plan to do a risk assessment but my experience is within software so I would design it but then ask the client to verify the design by a qualified hardware/electrical design engineer, I will state this in documentation that I'll ask the client to sign in order to remove any risk/liability assigned to me
 
Sweet Jesus, NO NO NO NO NO :mad: BAD BAD BAD

Then all kinds of unintended things can happen, and you have no wait good wait to tell the operator or any connected systems what is going on.

Apparently you guys dont work on a lot of equipment that come from the Europe and like I said they (the OP) needs to check with the standards over there, most of the German equipment the estop drops the control power (that needs to be reset) and the control power powers up the PLC and the whole panel, not say I like it that way and I have had to reverse a few systems and install UPS's but that is there standard

My point is that regardless how its done over here they need to do what is done over there, one thing I hate is having one machine in a plant that is noting like any others or a bunch of them and they are all different

So my question to the OP, how are the other machines done in the plant? do it that way if possible
 
It all depends on what equipment it is feeding, for example a pump that pumps water that is sealed is a lower risk than a robot, A robot would almost certainly have a guarding system that removes power from any equipment that could expose personell to a risk of death or injury, that is why there are different catagories of saftey systems.
The OP needs to do a risk assesment of the equipment & depending on the risk rating use a level of safety at or above the catorgory.
A simple pump pumping a none corrosive or harmful substance would probably only need a simple safety circuit, however, in the UK, the pump will need an isolator with lock off within a metre or two of the pump even if the pump circuit has a e-stop system, Not read the regs lately as I'm now retired, but it used to have statements "where practicable" & "Engineer risks out" or something like that, so for example, there may be occasions where electronic or mechanical means of protection are only part of the safety design, in such cases or for example entering a vessel, measures & training need to be in place to protect the workforce.
 
sorry, the ellipsis can mean different things to different people.

I agree with what you said and just elaborated a little bit.
Yeah, to me ellipsis has evolved to mean either dramatic pause, or sarcasm/being flippant.

You used it in its traditional purpose which isn't very common anymore. It's all good.

also, at least here in the US. for insurance and other reasons, unless someone is specifically trained to do so, they can't just decide how safe something needs to be without a safety evaluation to determine the SIL level it needs to be at. For my company, we hire in the OEM who have those certifications to evaluate a machine and determine what level of safety it requires, then we just build out the circuit to the specs and wire/program according to the standards. Without the safety rating, we can't and won't claim that a machine is actually safe to use other than removing all power and having the company who owns the machine go through and create a safety profile for it to determine what hazards it has and need to be removed... That's pretty much all up to the end user at that point.
This is a good thing to keep in mind.

We have very basic E-Stop circuits for our machines but no risk assessment was done first. The original design engineer just did the very barest minimum to make an E-Stop electrically function. I have at least added dual contacts and air to out AODD pumps is killed with the master valve and the control valves both closing. (no reset function though, I did those when I did automation equipment for automotive)

Our Machines pump and distribute chemicals but nothing truly terrible is used by end users. There is no immediate injury. as long as you get right over to a Eye Wash / Shower station and get your self all washed off no real harm is done.

Though to cover out own butts we should probably put it in writing that safety assessments are the customer responsibility.

I'm glad somebody over the pond agrees with me in not killing everything.
One company I worked for used to buy many machines from the US, well built mechanically, panels, well not what most would accept in UK, one of the most anoying things was killing the power to the PLC & HMI, yet they put in alarms for Safety tripped ? etc.
See I an a US engineer have seen someone kill the PLC or HMI in industrial equipment.

My Moron predecessor partially did something like this when he killed the Sensor input power with the e-stop which was also profiled a signal to the PLC that the E-Stop was pressed.... Like WTF. why even have that NO contact if it doesn't actually have power when it is needed?

The only time I have seen the controller killed is in Commercial/consumer grade mass produced stuff. Like my home CNC router table controller is like this. I have just never taken the time to modify it.

"I guess...."??? Don't ever guess.

You need to start with a risk assessment, there is a procedure to follow for designing a safety function.

If it goes wrong, you will and every man and his dog that even looked at it will be hauled across the coals if someone is injured.
I mean this is not practical for small projects. I have never learned enough about risk assessments to do a full proper one but they are not a minor task. Best you can do is take an educated guess on the dangers and then do more than is the minimum. If in doubt go over board.

Apparently you guys dont work on a lot of equipment that come from the Europe and like I said they (the OP) needs to check with the standards over there, most of the German equipment the estop drops the control power (that needs to be reset) and the control power powers up the PLC and the whole panel, not say I like it that way and I have had to reverse a few systems and install UPS's but that is there standard
Really??????? this is nuts to me. I figured only the Chinese and lazy Americans do this. What kind of equipment is this?
 
Last edited:
The E-stop would be for controlling a system that is housed within a steel, locked container unit, inside the container would be the PLC, motor and a few sensors. Hence the likelihood of anything happening while it's closed and locked is very low. However the likelihood rises if the container is opened and the system is running as there will be a running motor within very close proximity with no/not much guarding around it. So the E-stop will be located inside the container and would really only be used by maintenance guys/engineers who go inside the container.
 

Similar Topics

Hello, I have plc Schneider TM241CE40T with the hmi HMIS5T. Do you have idea how to disable a button after an emergency stop to vijeo designer ...
Replies
5
Views
1,380
Dear colleagues I am learning to program siemens plc. I have a problem with how to solve the problem with a power outage and emergency STOP...
Replies
3
Views
1,674
Hi, We have a machine that we wan't to restart after power on if the emergency stop is OK. But if the emergency stop is tripped with the button...
Replies
21
Views
6,350
I'm working on a project that has e-stop pull cords around the full length of a conveyor system which is about 750 feet long and it has 16 e-stop...
Replies
16
Views
7,893
Hi all, The Emergency Stop button is connected to the security relay etc and cuts the machine power. My question is not about the safety circuit...
Replies
9
Views
2,677
Back
Top Bottom