Safety Encoders: Using Encoders in Functional Safety Design
There was a time safety only resided in discrete components such as relays, door interlocks, and light curtains. With the proliferation of automation in the factory environment, safety has evolved to a system-level process and is attracting increasing attention in machine automation.
Not only does functional safety enhance worker safety and reduce risk, but through functions like Safe Limited Speed (SLS), Safe Direction (SDI), and Safe Limited Increment (SLI), functional safety can increase throughput, reduce downtime, and speed maintenance. Key equipment for functional safety includes safety-enabled drives to control motor operation, safety PLCs that gather feedback and communicate with the drive, and safety-enabled sensors like safety rated encoders that provide feedback to the drive and/or PLC.
What is a Safety Encoder
The safety encoder makes it possible for the other components to monitor the speed, direction, and position of the motor and/or load and provide feedback if conditions meet a predefined unsafe state. Although the safety controller and/or safety-enabled drive control the process, they are limited without feedback from a safety-rated encoder. Strictly speaking, a safety-rated encoder is certified to the appropriate safety standard; for example, the ACURO AD37 encoder protocol is certified to IEC 61508, SIL3 and ISO 13849, Cat. 3 PLe. Practically speaking, a safety encoder includes:
- Safe mechanical interface: Typically oversized or redundant, e.g. the use of a key-way and a locking collar
- Onboard sensors to monitor other equipment: temperature sensor to evaluate motor windings
- Dual sensing mechanisms to prevent common-cause failure: a digital absolute optical sensor and an incremental analog optical sensor
- Two separate channels to route that data through the encoder: one channel to transmit absolute digital data and the second channel to transmit incremental analog data and diagnostic data from on high for board sensors
- A safety-rated electrical interface to transmit data from the slave encoder to the master (drive or PLC)
- A safety-rated communications protocol
- Onboard diagnostics/self test
It is important to remember that safety level of the system is only as good as its least-reliable element. Linking a SIL3 encoder to components that have lower safety ratings will not result in a SIL3 system. Dynapar offers SIL2 PLd and SIL3 PLe rated encoders for functional safety
Functional Safety Standards
Although the individual functional-safety standards specify performance for components, functional safety is implemented in the operation of the equipment. A safe machine is defined as one that operates within parameters that ensure safe operation. Any time the equipment, control logic, and or operators attempt to operate the machine outside of those parameters, the safety components should prevent further action and place the equipment in a known safe state.
The key functional safety standards are:
- IEC EN 61508 Parts 1 to 3: Core functional safety standard, applied widely to all types of safety critical electrical/electronic/programmable systems (E/E/PS) and to systems with a safety function incorporating E/E/PS. Defines the Safety Integrity Level (SIL) safety rating framework.
- IEC 61800-5-2: Adjustable speed electrical power drive systems, safety requirements, functional. Defines safety-rated drive functions such as SLS, SDI, and SLI.
- IEC 62061: Safety of machinery, functional safety of safety-related E/E/PS; based on EN 61508.
- ISO 13849-1, -2: Safety of machinery, safety-related parts of control systems. A non-technology dependent standard for control system safety of machinery. It defines the Performance Level (PL) safety rating framework.