Several years have already passed since EN ISO 13849-1 and IEC 62061 have replaced the obsolete EN 954-1 as the technical standards concerning the safety of control systems. Yet, are they being thoroughly applied in all the technological fields, including that of vacuum furnaces?
In the meanwhile, safety PLCs (Programmable Logic Controller) are increasingly replacing common safety relays in many non-trivial applications. But are they really useful? Why should a safety PLC be installed on your furnace? I perfectly understand that you may have doubts on this point, thus I am offering you 5 reasons because a safety PLC should be installed on your next vacuum furnace.
1. Emergency stop is not the only safety function
If you open the electrical cabinet of a not so recent vacuum furnace, you will find that the emergency stop is likely to be the only feature that is managed strictly according to EN ISO 13849-1 and IEC 62061 standards.
While this would be normal for a very simple machine whose only risk is caused by a moving part that must be stopped either by opening a protection or pressing the E-STOP button, this is not a case for a vacuum furnace with pressurized gas quenching, where temperature and pressure have important safety implications.
Until recently, a few hardwired safeties (if any) added externally to the functional controller were the state of the art. However, they do not meet the newer standards for several reasons, such as poor diagnostic coverage (for instance in case of short circuit) or limited redundancy (since the functional controller cannot be considered in the evaluation of the safety function).
But even assuming that more safety functions should be implemented according to the latest standards, what more has a safety PLC to offer compared to traditional safety relays?
2. Safety PLCs can elaborate analog signals
Temperature and pressure are essentially analog entities. While the newest safety PLCs can be equipped with input boards to read and then elaborate a wide variety of analog signals (like those coming from TCs, Pt100 or many other transducers), safety relays can essentially process only digital information (like a button or a limit switch).
But which is the advantage compared to using pressure and temperature switches to provide digital signals to the safety relays?
3. Analog signals provide better diagnostic coverage
A basic safety practice is to use redundancy to increase the safety level, for instance, using two temperature switches instead of only one. However, if you don’t check the two switches at least against each other, sooner or later the first will fail without being noticed, then the second might also fail and the safety function might be lost. But if the switchover point is set at a temperature that should never be reached under normal circumstances, how can you check that the two sensors are switching consistently when they are not even switching at all?
If someone is telling you that you should simply periodically remove the temperature switch and have it calibrated, they are perfectly right. However, I would be curious to see in the maintenance log when was it the last time that they did this for the over-temperature switches installed on the vessels of their furnaces.
Even if the switchover point is actually crossed (in normal operation or in a diagnostic procedure), still, how can you tell that the two switches are switching consistently? For limit switches, this is usually checked using a time window, but this cannot be safely applied to temperature or pressure switches, since both of them are not likely to switch at exactly the same time, and the delay is related to the difference of switchover point only by the rate of change of the measure, which is generally unknown.
This is exactly where the possibility to safely elaborate analog values comes into play: if you have two temperature measures, you can compare them all the time, even when you are not close to the switchover point. If one sensor breaks, you will recognize it immediately as soon as the two readings differ more than an allowed tolerance.
If the switchover point is crossed during normal operation, even the combination of one analog signal with one digital signal can be an interesting possibility, since this would provide diversity and help prevent common cause failures.
But does a safety PLC provide any more advantage besides this? Of course it does! Let’s see now 2 more reasons because a safety PLC should be installed to minimize faults in your vacuum furnace.
Did you like this article up to here?
Before you continue, follow us on our LinkedIn page pressing the button here below!
In this way, we'll be able to keep you updated on most advanced technologies for heat treatments not only with our posts, but also with the best articles that we collect around the web.
4. Safety PLCs can implement more complex logics
There are specific applications where the safety functions are not simply depending on the actual state of one or more sensors, but also on a specific sequence of operations. For instance, in a furnace using hydrogen as process atmosphere, you will need to know for sure that an inert gas purge has been safely completed before admitting hydrogen or before venting after using hydrogen.
This indeed has been the kind of application in which safety PLCs have spread faster, and are already installed on the hydrogen furnaces of nearly all the major manufacturers. But that’s not all...
5. Safety PLCs can significantly reduce tampering risks
I’m quite sure that sooner of later you have been through a situation where you have seen a furnace stuck due to a sensor which failed or needed calibration. Possibly, the customer was pressing to get his load out of the furnace, and some smart service engineer bypassed the faulty safety sensor to get it done. Nevertheless, I hope you didn’t see the case when the smart engineer was then called to another urgent task and the next cycle was started with the safety sensor still bypassed!
As manufacturers, we have the responsibility, not only to use reliable components to minimize faults and to provide ease-of-use to avoid the need to bypass any safety, but also to prevent or detect that a safety function has been altered as far as technically possible. Does a safety PLC help to do so?
Of course it does! First of all, with a safety PLC, all the safety logic is securely embedded inside the controller itself. While a hardwired safety logic can be altered by anyone having a screwdriver, to modify the logic in a safety PLC you need not only a specific software, but also a password set by the manufacturer for the single furnace.
The security level can be further increased combining the safety PLC with smart sensors, which apply a time shift to the triggered signal coming from the PLC or that generate the trigger themselves. In this way, a smart safety sensor cannot be bypassed with a short circuit, unlike traditional sensors which rely simply on dry contacts.
You might say that somebody might still force a contactor by pressing it with a screw driver, and in this case you would unfortunately be right. No matter how powerful it can be, there is still something that a safety PLC cannot do!
So, have you already installed a safety PLC on your vacuum furnace?
Do you like this blog?
For us your opinion matters, so we would be very pleased if you could write a review about us or our blog.