by Eric Cummings, Global Industry Manager-Safety, Ross Controls
Designers of compressed air systems need to consider machine exhaust valves and stopping time to meet current standards.
As automation machinery has advanced over the years, so have the methods of safeguarding personnel. Consequently, machine safety standards have evolved, and in fact, have been driven by the development of more effective ways to keep people safe while still allowing them to do their jobs. If the safeguards hindered productivity, the odds increased that the safety system would be somehow circumvented or overridden.
From a pneumatic standpoint, companies have long understood the need to remove the air pressure from the machine’s hazardous area as people partially accessed or entered the area. This was frequently done through the addition of a solenoid valve located with the air supply to the machine that included the filter, regulator, lubricator and lockout device. This lockout mechanism was frequently integrated with the solenoid exhaust to reduce the number of components required.
Using today’s safety standards, we would refer to this as a single channel exhaust valve or a category 1 device using EN 954 and ISO 13849 terminology. While this is still common, many more users and OEMs recognize that by using a higher order safety valve, they can meet all safety requirements and allow safe operator access that can meet all OSHA, ISO, ANSI, and CSA standards for production-related activities. The risk assessment requirements will help assess the pneumatic risks to find the most appropriate solutions and must include known failure modes and foreseeable misuse of the devices. Because of this, a true knowledge of the system and devices used and available is critical.
When implementing systems, designers frequently ask for valves based on the maximum air consumption requirements of the machine and the port size desired for the valve. As a general rule, components are oversized to ensure there is enough flow, should the design change through a retrofit at a later date. Frequently, this is due to trying to increase the speed of the machine as designs improve. When the exact consumption is not known, the decision is made by port size and typically based on what design had been used in the past.
What is often not discussed—but critical to the safety design—is the response time and exhaust capacity of the valve being used. The exhaust capacity will dictate how long it will take to remove the air volume in the machine (or zone), bringing the pneumatic system to a zero energy state. The more rapidly that the air is removed:
• the faster the stopping time,
• the faster an employee can access the potentially hazardous areas, and
• the closer the machine safeguards can be to those areas.
There are, of course, exceptions to this where air pressure may need to be trapped to ensure cylinders stay fixed. This will be dictated by the risk assessment process. Notwithstanding, it is the removal of the motive force that will directly affect stopping time.
The exhaust time will be based on a number of factors, including the response time of the valve itself and flow capacity. The response time of the valve is the time it takes from the time the input signal is removed until the time the internals begin to shift and the supply flow is blocked and exhaust flow occurs. This will vary from valve design to valve design and manufacturer to manufacturer. Once the exhaust begins to flow, it is a relatively linear drop in downstream pressure until the last 10% of the pressure is exhausted.
Because these two factors—response time and flow capacity—are independent of each other, both will affect the overall exhaust time. A valve with a 25-ms response time is much faster than a 50-ms response time and will start to exhaust 25 ms faster. The result is a linear line that begins at the 25 ms point and slopes upward. For a known volume, the valve will exhaust it within a certain time. However, if the exhaust flow is higher for the slower valve, it may, in fact, exhaust a known volume faster. Its line will initiate at 50 ms, but will have a greater slope. The point where these lines intersect is where the slower valve actually exhausts a volume at the same time as the valve with the faster response time. This assumes that the response times do not change over time, Chart 1.
The stopping time of a machine when a safety event occurs—such as a door being opened, light curtain passed through, or an e-stop being engaged—is based on the overall response time of the control system and the output devices. If the actuators are air operated, it is the exhaust time of the system that is critical. B11.19 6.4 requires the use of a “stopping performance monitor” if the stopping time can increase to a value where the safe distance calculation is no longer valid. In the informative section, it specifically mentions that cylinders and valves can become sticky, sluggish, or may wear—affecting the stopping times, and therefore, safe stopping distance.
This exhaust time/stop time relationship is another reason why redundant safety valves, category 3 or 4, are now frequently used for exhausting a machine, cell, or zone. Having a redundant path to exhaust—and two valves—helps ensure that there is no significant increase in the exhaust time. If one of the elements was to fail to function, the second element can perform the exhaust function. Two primary concerns exist when it comes to dual safety valves and the exhaust function. These concerns are with monitoring of the valve elements and any increase in the exhaust time due to a single element failure.
First, monitoring of the valve elements must be conducted to ensure they both function properly. This monitoring is now a measured requirement with the ISO 13849 standard referred to as diagnostic coverage. Simply put, diagnostic coverage measures the percentage of potential dangerous faults that will be detected by the monitoring system. ISO 13849 is very specific that a redundant exhaust system without monitoring has a diagnostic coverage of zero. In some redundant systems, it is possible for one element to completely fail and it remain undetected, thereby reducing the safety exhaust system to a single channel category 1 device. This monitoring should have a timing function as well, to ensure that both elements are shifting within an appropriate time frame to avoid a potential increase in shift time and stop time.
The second concern is that there will be some sort of increase in the exhaust time should one of the elements malfunction. This increase is not specified in any standard. The closest any standards get to addressing this would be the OSHA 1910.117 Mechanical Power Press standard. First instituted in 1972, dual valves were required for the clutch brake operation, due to the inherent dangerous nature of the machines. 1910.217(b)(7)(xi) specifically states “The control of air-clutch machines shall be designed to prevent a significant increase in the normal stopping time due to a failure within the operating value mechanism, and to inhibit further operation if such failure does occur.” Because of this, it is uncommon to see manufacturers of dual valves simply publish charts showing the normal exhaust time. They will either publish the two faulted-exhaust times (should either internal element fail to function) or show a worst-case faulted exhaust time.
This faulted exhaust time will vary significantly, depending on the internal valve design and which element faults. For example, if two exhaust valves are used in series, the air supply to the first valve flows through to the second valve and then downstream. Consequently, when exhausting, most of the air is exhausted through the second valve, provided they both shift simultaneously. If the first valve were to stick open, all of the air would exhaust through the second valve, which is very similar to the normal valve operation. Should the second valve stick in the open position, all of the air would need to pass through the second valve on its way to exhaust through the first valve. This would cause some internal flow restrictions and increase the exhaust time of the system, Chart 2.
Another common design is to have a series supply and parallel exhaust path, where the exhaust flow rate is significantly greater than the supply flow rate. This parallel exhaust design causes air to flow through both exhausts nearly equally during every cycling function of the valve. The failure of one valve element to shift will cause the air to only exhaust through one path but the increase in exhaust capability will be limited to 25-30%, depending on the manufacturer, Chart 3.
A final consideration is making sure that any downstream obstructions to exhaust do not overtly affect the safety function and exhaust time. This could include other control or soft start valves or filter or regulator units. Regulators and filters should be located prior to the safety exhaust valve and any downstream regulators should have built-in bypass checks, so that the exhaust is unimpeded. Downstream valves should either exhaust the downstream air or provide a free flow back to the safety exhaust valve. Any valves that can block downstream air from exhausting must be thoroughly considered during the risk assessment.
If a soft start device is used downstream or integrated into the safety exhaust valve, there must be a clear understanding of the soft start function with relation to the exhaust function. A 2/2 soft start allows air to flow through a small bypass flow path until pressure is built up downstream and the valve opens fully. However, when exhausting, the valve will allow flow back through it until a certain preset point is reached—at which time the valve will close and the remaining downstream pressure must be exhausted through the same small bypass flow path. This increases the exhaust time of the system. Using a 3/2 soft start will ensure that all air is either exhausted through the soft start valve itself, or if it malfunctions, back through the exhaust safety function.
If the soft start is integrated into the safety exhaust valve, the faulted exhaust times may significantly increase depending upon the internal design and worst-case fault scenario. The manufacturer’s literature should be consulted and this knowledge used when designing the pneumatic safety exhaust system.
The previous ways of designing pneumatic systems were simply based upon the maximum air-flow requirements of the system. Simply knowing the size and flow rate requirements was enough. Today’s designs must include the use of a risk assessment and consider not only the supply requirements, but the exhaust requirements of the safety system design as a whole. Response times and flow rates are critical to this knowledge and these designs may include the potential use of higher-level safety devices. It is crucial to understand the known potential failure modes of the devices and their effects on the entire safety system. Someone’s life may depend upon it.
Ross Controls
www.rosscontrols.com
Leave a Reply