How Using a Programmable Safety Rated Controller for

How Using a Programmable Safety Rated Controller for
Emergency Stops can Increase the Life of Your Machine
Emergency stops of machinery can shorten the life of key components from accelerated wear.
How the machine stops and the type of safety controls used can increase the life of your
machine.
How do you stop your car as you approach a red light? Is it a gentle release of the gas pedal so
it can coast or slamming on the brakes at the last minute, or somewhere in between?
Now, how do you stop your machine? Is it with a machine stop button that allows it to coast to a
stop or with a safety device that immediately “slams on the brakes”?
With both methods, each way of stopping has a useful and practical purpose. When most
people are aware they will need to stop, they like to glide to a stop since it allows the
passengers to have a more enjoyable ride, it saves gas, and it reduces the amount of times you
need to replace the car’s brake pads. At the same time there are events that suddenly happen
to cause you to react so the car stops as soon as possible.
The same is true with machines.
Three types of machine stops
A normal stop allows the machine to glide to a smooth stop at the end of a step or sequence.
In most cases this will be done by a signal sent to the machine to let it know it should finish its
task. The signal can be sent by the operator, usually with a black pushbutton.
For times when an operator notices something is wrong and needs to deliberately stop the
machine in the quickest and safest way possible, an emergency stop is used. This is done with
a red mushroom shape device with a yellow background or a yellow rope pull device using red
rope.
The operator may not be aware of the hazard. A protective (safety) stop uses a control
system to monitor access to the hazardous area and it actuates the stop. There are so many
options available, including (but not limited to) light curtains, non-contact switches, safety mats,
bumpers and edges, area scanners, and mechanical switches. Their outputs are connected to
safety controllers with standalone functionality or industrial networks such as Safety over
EtherNet/IP, Safety over DeviceNet and Safety over EtherCAT.
Requirements
In the United States, the primary emergency stop requirements are found in the NFPA 79: 2015
Edition (Electrical Standard for Industrial Machinery). The Canadian standards refer to NFPA
79:2015. ISO 13850:2006 (Safety of Machinery – Emergency stop function – Principles for
design) covers international standards.
Specific requirements just for emergency stops include:
a.) be continuously operable (functional) and readily accessible
b.) red with yellow background
c.) positioned so readily available and capable of non-hazardous actuation by the
operator and others who may need to actuate it
d.) positive mechanical action, direct opening (NC contacts)
e.) (be either) stop category 0 stopping by means of immediate removal of power to the
machine actuator(s) OR Mechanical disconnection (declutching) between the
hazardous elements and their machine actuator(s), and if necessary, braking
The robotics standard, ANSI RIA 15.06-2012, section 5.3.8 states the system shall:
a.) have a protective stop and independent emergency stop
b.) lead to a protective stop when entering the safeguarded space in automatic mode
c.) have manually initiated emergency stop function.
Machines require at least one category 0 emergency stop, which is the immediate removal of
power.
The risk assessment may show that for some processes the removal of power creates more
hazards, so category 1 emergency stop may be suitable for additional emergency stop buttons
or pull cords. This is a controlled stop before the power is removed.
If the process is such that more hazards are created when the power is removed and it cannot
be designed out of the system, careful consideration should be applied before using a category
2 emergency stop, a controlled stop with the power still available.
Applying Safety Controls
Every machine needs to have an
emergency stop. However the machine
does not need to have immediate stops
with protective devices. The only way
they can stop differently is if the
controls are separated.
Typical servo drives are rated for over 1
million breaking operations. Omron G5
servo system (R88D-KN!-ECT servo
drive and R88M-K servomotor) is rated
for 10 million normal breaking stops.
Page 2 of 5 Depending on the load, motor size, and speed, always stopping the machine with emergency
stop immediacy, the number of braking stops could be greatly reduced before the disk in the
mechanical brake is worn out.
With relays it is difficult to separate the stopping method since they are hard-wired and share
the output(s). However, when it comes to a programmable safety rated controller, such as the
Omron G9SP or NX Safety CPU, the logic can be separated so a signal can be sent to the
machine during the activation of a protective stop device and give the machine a chance to stop
on its own before the safety system “slams on the brakes” to stop the machine.
Omron NX Safety Programming Example
By using the predefined function blocks already available in Sysmac Studio, separating the
emergency and protective stops can be done with just a few extra steps and still meet the
required safety standards.
This example is with an interlocking switch and a single emergency stop. The G5 servo and
MX2 frequency inverter are using the R88A cable so it has direct connection to the STO (Safe
Torque Off) feature. (Note: The emergency stop function block is not shown in this example.
The emergency stop output is represented by the variable E_STOP_Val.)
For the output of the protective stop device, send a signal to the NJ machine automation
controller so it knows to start a controlled stop. (If multiple protective stop devices are used, use
the function block to AND them before this step.)
Use the SF_TON function block and set PT to 1 ms. (t#1ms) This delays the system start-up
time when the reset value is true, so keep it short (i.e., when the restart button is used).
Page 3 of 5 Add the SF_TOF function block. The absolute minimum communication time and stopping time
from the signal on the device to the G5 servo is 6.5 ms (when activated for safety).
Recommended value is 10 ms; 20 ms is really safe. Note: 1 ms + 9 ms = 10 ms
Use the AND function block to allow immediate stopping from the category 0 emergency stop.
The output from the AND goes into the S_OutControl input of the EDM function block.
Good Design Practices
When adding any type of delay, remember to include the additional time to the safe distance
calculation. If no more space exists to extend the safety zone, a common solution is to use a
guard interlocking switch like the Omron D4SL-N.
One advantage of using the Omron G5 servo drive or MX2 inverter is the built-in STO
functionality. It has a faster response time than using the traditional force guided relays for the
EDM (External Device Monitoring) since it has one less connection.
Emergency stop pushbuttons should only be tested twice a year, the number of times Omron
recommends manually testing safety devices. The only other use should be the activation by an
operator during an emergency situation.
For small systems, turning off the power via a breaker box may be a suitable substitution for an
emergency stop pushbutton. The breaker box must be located by the machine and easy to
activate.
Only the power for the hazardous portion of the machine needs to be stopped by an emergency
or protective stop. Power to PLC’s, safety controllers, sensors HMIs and any other nonhazardous motion device could be on a separate circuit and remain on.
Using the dynamic braking settings may affect the machine’s stopping time.
Page 4 of 5 According to the ANSI RIA 15.06-2012, section 5.6.4, stop control device(s) shall be placed
near each start control device.
When using a time delay, the length of time for the motion to stop may be dependent on the age
of the machine, condition of contacts, speed, load, and motor size, etc.
Emergency stops are not safeguarding devices.
Omron offers a range of emergency stop and access detection devices, and safety controllers to
achieve the emergency stop results required for the situation. Safety controllers include
standalone G9SX safety monitoring relay and G9SP programmable safety controller, and
networked NX-Safety controllers. Emergency stopping is supported by servo systems and
inverters with built-in safe torque off (STO) functions.
Summary
Allowing the machine to coast to a stop can reduce the wear on the mechanical brake’s disk,
increasing the life of the machine and reducing long-term cost of ownership. Using a
programmable standalone safety controller or networked programmable safety controller allows
the emergency and protective stops to be separated so the system can still meet the safety
standard requirements. While the delay may increase the safeguarded space due to the safe
distance calculation, the actual increased time may be minimized by the use of the safe motion
STO features.
Page 5 of 5 OMRON AUTOMATION AND SAFETY • THE AMERICAS HEADQUARTERS • Chicago, IL USA • 847.843.7900 • 800.556.6766 • www.omron247.com
OMRON CANADA, INC. • HEAD OFFICE
Toronto, ON, Canada • 416.286.6465 • 866.986.6766 • www.omron247.com
OMRON ARGENTINA • SALES OFFICE
Cono Sur • 54.11.4783.5300
OMRON ELECTRONICS DE MEXICO • HEAD OFFICE
México DF • 52.55.59.01.43.00 • 01-800-226-6766 • mela@omron.com
OMRON CHILE • SALES OFFICE
Santiago • 56.9.9917.3920
OMRON ELECTRONICS DE MEXICO • SALES OFFICE
Apodaca, N.L. • 52.81.11.56.99.20 • 01-800-226-6766 • mela@omron.com
OTHER OMRON LATIN AMERICA SALES
54.11.4783.5300
OMRON ELETRÔNICA DO BRASIL LTDA • HEAD OFFICE
São Paulo, SP, Brasil • 55.11.2101.6300 • www.omron.com.br
OMRON EUROPE B.V. • Wegalaan 67-69, NL-2132 JD, Hoofddorp, The Netherlands. • +31 (0) 23 568 13 00 • www.industrial.omron.eu
Authorized Distributor:
Automation Control Systems
• Machine Automation Controllers (MAC) • Programmable Controllers (PLC)
• Operator interfaces (HMI) • Distributed I/O • Software
Drives & Motion Controls
• Servo & AC Drives • Motion Controllers & Encoders
Temperature & Process Controllers
• Single and Multi-loop Controllers
Sensors & Vision
• Proximity Sensors • Photoelectric Sensors • Fiber-Optic Sensors
• Amplified Photomicrosensors • Measurement Sensors
• Ultrasonic Sensors • Vision Sensors
Industrial Components
• RFID/Code Readers • Relays • Pushbuttons & Indicators
• Limit and Basic Switches • Timers • Counters • Metering Devices
• Power Supplies
Safety
• Laser Scanners • Safety Mats • Edges and Bumpers • Programmable Safety
Controllers • Light Curtains • Safety Relays • Safety Interlock Switches
TN-ESTOP-CONTROLLER_FEATARTICLE
03/15
Note: Specifications are subject to change.
Printed on recycled paper.
© 2015 Omron Electronics LLC
Printed in U.S.A.