Share
Industrial Technology - Linked-in Industrial Technology - Twitter Industrial Technology - News Feed
Latest Issue
Diary and Events

Advanced Engineering 2019

NEC, Birmingham(B40 1NT)

30/10/2019 - 31/10/2019

The UK's largest annual advanced manufacturing trade show, Advanced Engineering is your opportunity to (more)

Smart Factory Expo

Exhibition Centre Liverpool (L3 4FP)

13/11/2019 - 14/11/2019

Europe's best digital manufacturing show: bigger and better for 2019 Built around eight tech-focused (more)

EN ISO 14119:2013 - new standard for guard interlocking devices

EN ISO 14119:2013 - new standard for guard interlocking devices

EN ISO 14119:2013 has been harmonised to the Machinery Directive 2006/42/EC and supersedes EN 1088. David Collier, CMSE, of Pilz highlights the main changes to be aware of.

Compared with its predecessor, EN ISO 14119 considers additional technologies which were not available when EN 1088 was first published, including a whole range of interlocking devices such as non-contact devices, uncoded and coded, inductive, magnetic, capacitive, ultrasonic, optic and RFID. These new points are particularly significant with regard to protection against guard manipulation, also known as defeating of guards.

A coded actuator is defined as one which is specially designed to actuate a certain position switch. Levels of coding to prevent defeat are defined as:
* Low level (for which 1 to 9 variations in code are available). This covers magnetic reed switch types and re-teachable RFID types.
* Medium level (for which 10 to 1000 variations in code are available). This covers trapped-key systems and some limited RFID systems.
* High level (for which more than 1000 variations are available). This covers uniquely coded RFID systems.

The type of guard locking is expanded in EN ISO 14119 from power-to-lock or power-to-release, to include bistable locks for which power can be applied to lock and release a solenoid guard switch. It also considers the circumstances under which the use of electromagnetic locks (just the use of electromagnetic force without a tongue) is permissible for machine safety. This takes into account the distance to the hazard, the stopping time in the event of power loss, monitoring the holding force, providing clear indication when forced entry has been attempted.

Section 7 of EN ISO 14119 covers defeating of interlocking devices, and various measures are described to realise these requirements. The implication is that it is increasingly the designer's responsibility to ensure that interlocked guards cannot be defeated, which, in turn, requires the designer to understand how the machine will be used at every stage of its life (production, maintenance, setting, cleaning and so on).

When it comes to the use of fault exclusions, this has long been covered in EN 62061, ISO/TR 23849 and now also in EN ISO 13849-2. A limitation to PLd for fault exclusions is in EN ISO 14119. In other words, to achieve PLe, the use of at least two devices is mandatory; it is one reason why more non-contact devices are now being used for PLe, since they have no single mechanical point of failure.

 Interestingly, though, the locking function, although dependent upon a single mechanical channel (the tongue) is allowed to perform up to PLe with the proviso that it is defined as locking up to a maximum stated extraction force, which the manufacturer, not the user, can demonstrate through repeatable, certifiable tests.

Some interlocked guards are not opened often, so forced testing by manual functional opening and closing at regular intervals is required to check for possible accumulated faults. EN ISO 14119 specifies for PLe a monthly test and for PLd a 12 monthly test. This is important, even in dual-channel systems, because faults can only be revealed by placing a demand on the guards. It is recommended that the control system of a machine demands these tests at the required intervals. The control system should monitor the tests and stop the machine if the test is omitted or fails.

Historically the practise of series-wiring safety switches arose because it saved money on cabling and safety relays, and because such dual-channel wiring translated to Category of 3 of the now-withdrawn standard EN 954-1. Category 3 lives on in the standard EN ISO 13849-1, in which clause 6.2.6 requires that for Category 3 to apply, specific conditions must be met including: a single fault must not lead to a loss of the safety function, that an accumulation of undetected faults can lead to the loss of the safety function, and importantly as an addition over and above EN 954-1's requirements that at least 60% of faults have to be detected in a diagnosis mechanism (DC = low).

The ability of a system to detect 60% of dangerous faults can be impacted by fault masking, which can dramatically reduce the Diagnostic Coverage and, consequently, the Performance Level. It was expected that fault masking would be covered in detail within EN ISO 14119 and it is - to a point. But the real detail of how many devices can be serially connected is the subject of a forthcoming technical report. This is currently under committee review, with an expectation that it will be available quite soon as ISO/TR 24119. In simple terms, if we have more than one frequently opened guard (once per hour) the level of Diagnostic Coverage falls to zero, which in EN ISO 13849-1 results in a maximum PL c.

It remains to be seen exactly what ISO/PDTR 24119 has to say about the maximum PL achievable when several infrequently operated guards are connected, but it is very likely to be PL d where careful analysis is possible, otherwise it is more likely to be PL c. It is definitely not possible to achieve PL e with more than one guard switch connected in series, at least not when using volt-free based interlock switch technology.

There are three industrially available options for overcoming fault masking and complying with the requirements of ISO14119:2013:

1. Individual wiring: Do not connect interlocked guard switches in series - or at least limit the number of guard switches wired in series when they use volt-free contact technology; wire the switches individually to separate safety relays or individual inputs on safety controllers, or zone small groups together.

2. Self-monitoring interlocking devices: Use devices that are not based on volt-free contact technology; rather, use switches with self-monitoring transistorised outputs (known as OSSDs) - for example, non-contact RFID switches, which can detect faults within themselves. These switches can be connected in series and maintain the highest levels of diagnostics to achieve PL e.

3. Safe distributed I/O systems: Interlocking devices (and other devices such as light curtains, emergency stops and two-hand controls) can be safely distributed across the machine using a failsafe network. Effectively the network addresses devices connected in a chain around a machine and can distinguish between all inputs. They can also test for faults (for example, through the use of test pulses).

In conclusion, EN ISO 14119:2013 provides machine builders and users with much wider scope to use a broader range of technologies when interlocking guards. It also places more responsibility on the machine designer to prevent foreseeable, deliberate bypassing of guards, and it will change the way in which guard interlocking devices are connected across machines.

Download pdf

Latest news about Safety products

Additional Information
Text styles