Last edit: 10/05/2023
THE DOUBT:
Should the Reset button in a machinery be handled by a safety module, or can it be one of several inputs to the Automation PLC?
The question can be rewritten in a more correct language by asking if the Reset is a Safety Function.
CONSIDERATIONS: The answer is that, in several applications, the reset is a Safety Function and therefore it cannot be routed through the Automation PLC. Where is that written? It is stated in EN ISO 13849-1: 2015.
Chapter 5.2 lists some typical Safety Functions, the most important of which is the Safety-Related Stop (5.2.1).
The next example is about:
5.2.2 Manual reset Function
The following applies in addition to the requirements of table 8.
After a stop command has been initiated by a safeguard, the stop condition shall be maintained until safe conditions for restarting exists.
The re-establishment of the safety function by resetting of the safeguard cancels the stop command.
If indicated by the risk assessment, this cancellation of the stop command shall be confirmed by a manual separate and deiberate action (manual reset).
A situation whereby the risk assessment may indicate that the Reset is a Safety Function is when there is a safeguarded area with a risk of Whole Body Access.
A safeguarded robot area is a typical case.
In order to reduce the risk, the reset button must meet a few conditions, among which:
– From its position, outside the safeguarded area, there is full visibility that nobody is inside
– It is implemented as a Safety Function
The risk of a person being trapped inside the area can be reduced with other methods: for example, with the use of personal keys the operator has to keep with himself.
The reset of the working area of a machine tool, since there is no risk of being trapped inside the safeguarded area, is not required. If the manufacturer decides to install it anyway, it can be handled as a normal control function, and therefore the signal can be routed to the Automation PLC. In this case it is not a safety function!
Since you now understand the Reset can be a safety function, you wonder what should be its safety level. The new edition of ISO 13849-1:2021 clarifies that aspect in a note:
NOTE 1: It is not always necessary that the manual reset function has the same PLr as the associated safety function.
CONCLUSION:
When you build your control panel, always ask the colleague who did the risk assessment if the reset buttons have to be routed to a Safety PLC and never give for granted that it is not necessary
Finally, we point out that in IEC 62046 in paragraph 5.6 there is the following note:
Resetting a restart interlock of an ESPE application is always a safety-related function. Measures shall be provided to reduce the probability of the restart interlock being reset by a transient or steady-state fault condition. Such measures can in clude, for example, requiring both a rising and falling edge signal within a defined time (e.g. between 150 ms and 4 s) from a manually actuated reset device.