Emergency Stop circuit

[lowans1]

Hi,
I got 8 normally closed emergency stop buttons wired in series and 100 amp 4 pole contactor with 230v coils for the stop circuit. They require a key switch at the D/B to reset the circuit if a emergency stop has been hit and and after it has been twisted to reset the stop button, was just looking for ideas on type of key switch and how to integrate it in to the circuit.

 

[Bobster]

Walk away from this.

This is an outdated design and does not comply with any current statutory regulations surrounding emergency stops.

An judging from the level of this question, and not knowing your background. I would say you aren't through any fault of your own competed to undertake this work.

 

[Andy-1960]

You will need to do a risk assessment firstly to establish the level of safety system required.
Then you need to design the circuit based on this assessment, this may mean a dual channel e-stops and maybe even dual contactors in series with feedback from the contactors back into the safety circuit so if one of the contactors fails (welds closed) the circuit will not reset.
You will need a safety relay (Pilz or similar).
There is some good free software that you can use called Sistema that will help establish the performance level (Pl) for the system. Pl levels range from a to e with a being the lowest level.
The keyswitch will be wired into the reset circuit of the Pilz relay.
Hope this is of help, but be careful, safety circuits can be very onerous.

 

[Pete999]

Walk away from this.

This is an outdated design and does not comply with any current statutory regulations surrounding emergency stops.

An judging from the level of this question, and not knowing your background. I would say you aren't through any fault of your own competed to undertake this work.

 

[Bobster]

Good job they don't employ me for my literacy skills eh Pete

 

[Pete999]

Good job they don't employ me for my literacy skills eh Pete

I just couldn't help it, honestly, can't wait for me to screw up,

 

[GMES]

@Pete999 I thought you might have hit rob with he spelling emoji

 

[Pete999]

@Pete999 I thought you might have hit rob with he spelling emoji

I'll only do that when it's blatant, not to Rob, mind you, you just made a spelling mistake by spelling Rob with a lower case letter. Think I may have made a rod for my own back here still never mind eh.

 

[telectrix]

i putit down to predictive text ( or as my phone predictive says, premeditated sex ).

 

[Bobster]

I just couldn't help it, honestly, can't wait for me to screw up,

Oh I know literacy has never come easy, maths however, took to that like a duck to water. It's a running joke in the office, it's a good job I've thick skin.

 

[Rocboni]

3 station push button enclosure with stop start and momentary (spring return) key switch at panel (so key needs to turned and the start button pressed at same time) Wire the emergency stops in series with the stop N/C and start N/O and key switch N/O at the panel, with the hold in from contactor wired over the start and key switch.

 

[Andy-1960]

3 station push button enclosure with stop start and momentary (spring return) key switch at panel (so key needs to turned and the start button pressed at same time) Wire the emergency stops in series with the stop N/C and start N/O and key switch N/O at the panel, with the hold in from contactor wired over the start and key switch.

You really should know this Phil....

There is a bit more to it than that I'm afraid!

 

[Darkwood]

3 station push button enclosure with stop start and momentary (spring return) key switch at panel (so key needs to turned and the start button pressed at same time) Wire the emergency stops in series with the stop N/C and start N/O and key switch N/O at the panel, with the hold in from contactor wired over the start and key switch.

You really should know this Phil....

Without knowing where and what this system is been used for then you cannot offer a solution, also given that what you suggest your answer won't comply to statutory requirements even at the minimum level, the best suggestion for the OP has already been put forward and that is to leave well alone, it's simple to make a functional system for any electrician really but it takes alot of experience and knowledge to design one that complies and covers your --- if ever the unthinkable did happen.

 

[Rocboni]

It just happens I am familiar with the situation this will be installed in, it is a college environment, where the power D/B with 100 amp contactor supplying sockets outlets, 13 16 32A, gas valves ect are controlled via the emergency stops around the workshop.

Explain how it won't comply with statutory requirements, it is not a piece of machinery, I am aware that additional stops should not be run at 230v but it will all be in the same containment system and in steel conduit, therefor it cannot be at extra low voltage.

 

[Darkwood]

It just happens I am well aware of the situation this will be installed it, it is a college environment, where the power D/B with 100 amp contactor supplying sockets outlets, 13 16 32A, gas valves ect are controlled via the emergency stops around the workshop.

Explain how it won't comply with statutory requirements, it is not a peice of machinery, I am aware that additional stops should not be run at 230v but it will all be in the same containment system and in steel conduit, therefor it cannot be at extra low voltage.

There are accepted standards for basic design irrespective of the safety level required, a risk assessment will also include the consequences of component failure ie 'is it fail safe' and what measure have been undertaken or what extra components have been put into the design to give the required level of fail safety, you also mention using the Start button to do 2 functions, first as just a start then also as a reset if an E-stop is operated, this would not be a good design, you should incorporate a seperate device be it a key, button or similar to reset the system usually by a deliberate action, your reset should not energise the circuit at the same time, this must be by the use of another device again be it a P/B or K/S etc, even colour coding of indicator lamps, buttons etc have guidelines, if the red stop is on the same station as an E-stop then a red button would not be permitted, some of these points are not statutory but a written agreement and risk assessment with the customer must be drawn up say if the customer wanted a non standard button colour or indicator, this may be because of existing systems say on workshop machinery follow an older code, it reduces the chance of confusion if everything is the same.

Given the limited info I would as a basic have all the E-stop buttons as key release only, this way the students cannot mess about with the E-stops then quickly twist and release and then deny all knowledge, another way around this is to have an indicator system to identify the operated E-Stop...all this would be discussed on-site, I have seen so many poor designs when I worked through the schools and comments about this issues they have with them such as the one I just hi-lighted should be avoided in the design stage.

I also ask the question why you cannot change the voltage, you are allowed to run different voltages in the same containment as long as all cables are sufficiently insulated to that of the circuit and or controls of the highest voltage.

Yes I know it is not a machine but you have to consider what may be plugged in will be energised when power is restored so there is no real relaxing away from standards that cover machinery control, it is still a safety system and by the fact it is controlling power to gas valves, possible extraction fans etc it would fall within the realms of the standards required for machinery thus the system should be design to meet it as such, even if you don't actually fall under the BS60204, you will fall under other standards and given they are all derived from the same blueprint it would most likely follow the same basic design requirements, if you have any knowledge of the BS60204-1 you will see many standards are actually repeated in the BS7671 especially that of O/L protection of motors etc... you will find this overlapping of regulations very common across the many different areas of British Standards.

 

[Rocboni]

There are accepted standards for basic design irrespective of the safety level required, a risk assessment will also include the consequences of component failure ie 'is it fail safe' and what measure have been undertaken or what extra components have been put into the design to give the required level of fail safety, you also mention using the Start button to do 2 functions, first as just a start then also as a reset if an E-stop is operated, this would not be a good design, you should incorporate a seperate device be it a key, button or similar to reset the system usually by a deliberate action, your reset should not energise the circuit at the same time, this must be by the use of another device again be it a P/B or K/S etc, even colour coding of indicator lamps, buttons etc have guidelines, if the red stop is on the same station as an E-stop then a red button would not be permitted, some of these points are not statutory but a written agreement and risk assessment with the customer must be drawn up say if the customer wanted a non standard button colour or indicator, this may be because of existing systems say on workshop machinery follow an older code, it reduces the chance of confusion if everything is the same.

Is the fact that the stops being on a N/C circuit not fail safe enough, if anything else fails then the system won't be able to be re energised as they are all N/O?


Why shouldn't the reset energise the circuit, surely a spring return key switch with reset push button, is a deliberate action as you have to keep the key turned while pushing the reset?

There will be no emergancy stop on the same station as the stop.



Given the limited info I would as a basic have all the E-stop buttons as key release only, this way the students cannot mess about with the E-stops then quickly twist and release and then deny all knowledge, another way around this is to have an indicator system to identify the operated E-Stop...all this would be discussed on-site, I have seen so many poor designs when I worked through the schools and comments about this issues they have with them such as the one I just hi-lighted should be avoided in the design stage.

I agree, if a light was installed abouve each emergacy stop this would prevent the need to walk round 8 stops to find out which one, which regularly happens at college at the moment, however we don't really get students messing about with them.

I also ask the question why you cannot change the voltage, you are allowed to run different voltages in the same containment as long as all cables are sufficiently insulated to that of the circuit and or controls of the highest voltage.

You are right, it could be done using a 2 core insulated but it would need to be small so that each could be looped in and out the 20mm conduit, might causes more issues if a light was incorporated? Is the fact that they are at 230v an issue even if they are enclosure in metal conduit and the emergancy stops are of disaster construction?

Yes I know it is not a machine but you have to consider what may be plugged in will be energised when power is restored so there is no real relaxing away from standards that cover machinery control, it is still a safety system and by the fact it is controlling power to gas valves, possible extraction fans etc it would fall within the realms of the standards required for machinery thus the system should be design to meet it as such, even if you don't actually fall under the BS60204, you will fall under other standards and given they are all derived from the same blueprint it would most likely follow the same basic design requirements, if you have any knowledge of the BS60204-1 you will see many standards are actually repeated in the BS7671 especially that of O/L protection of motors etc... you will find this overlapping of regulations very common across the many different areas of British Standards.

The gas valves will shut off a oxy acetaline line to the booths, the extraction system should not be on the same D/B as the emergancy stops, I except that consideration should be taken to what is plugged in, hopefully this has been thought of by the design consultants!

@Rocboni.... I have colour coded your answers, this helps define your replies which can be somewhat confusing to other members when they are reading if it is all integral to a quoted message.

 

[Bobster]

Now I presumed this was an application with machinery.

Emergency stop circuits of all kinds need to be designed to EN ISO 13850. Like Darkwood has stated there's a lot more to it than it just being functional in shutting a valve.

I agree that some of it seems like menial paperwork. You need to be able to prove the reliability of the circuit, documentation proving the performance rating, for example the probability of the circuit not operating or failing to an unsafe state. Maintenance plans and a testing routine needs to be given to the end user as well as information stating which devices will need changing before the end of the required mission time.

Seems like a whole lot of overkill for something like this granted, but the HSE has been given some new sharper teeth to combat the sheer amount of people still not following these rules, an unlike BS7671 these documents are statutory.

I don't want to be on here bringing the doom an gloom, I merely want to try and educate. If i can get one person to research and find how it should be done, and this stops them hurting someone or being fined through the a** in future.

 

[Darkwood]

@Rocboni
Clearly you are savvy to more info on this job than we are and thus my replies are somewhat generalising regulations based on possibilities.

-The point about the starting of the system and the resetting of the system still stands, the 2 actions should not be done the same way, a reset of an E-Stop should be a deliberate action and it shouldn't energise the sockets and the Gas solenoids in this case, a second action should be used to do so, the reset should be an acknowledgment of the oprated device and the reason it was operated has been addressed, this then should allow you use of second stage controls ..ie the start button, there are many reasons for this of which in such basic circuit it may not be clear at first.

-Fail safe was regarding component failure, assuming you had a main contactor to drop out you have to consider the fact it may mechanically become jammed in position as it's energised most of the time, this could be a issue, has a safety relay been incorporated into the circuit and/or would it be required, having a 2channel system usually ensures faulty E-Stops etc are identified quickly.

-Is there a heightened risk of shock, are the pupils using flames near flexes or water/chemicals near electrical outlets and devices, this may warrant a different approach like running through an 1/1 isolating TX then having your standard RCD protection after..

-You mention using 2core flex, you said it was already in containment so why flex, why not standard singles which is already rated to the highest voltage, I see no reason to put insulated and sheathed cables within a containment system.

You mention a design consultant, this hasn't been mentioned before, are they just CAD people or do they have an indepth knowledge of the relevent regulations and the required risk assessments that should be written up when designing such a system?

Like I said, I am only responding to the limited info presented so I may make a few points that are not relevent here but in doing so I hope I also show that designing such a safety critical system is not just about making a functional circuit... so what happens if the main contactor/mccb fails to drop out due to mechanical failure.. is there any form of back-up on this system to ensure the requirements of E-stop operation are still met?

 

[netblindpaul]

EN 13850, EN 13849-1 & -2 BS 4163 all would apply.
If this is in an education environment, then you will find it very difficult legally to deviate from the accepted CoP.
A single N/C contact is not fail safe under EN 13849/13850.
What is the PL required, the minimum level under EN 13850 is PLc.
If EN 13849/13850 applies then you are looking at PLc, and there is NO WAY to legally avoid this, unless you are willing to document every decision, risk assessment etc. etc. etc. as to why you are not complying with harmonised standards.
I really think that the OP is not adequately familiar with the relevant statute law requirements and the accepted standards & codes of practice?

 

[Rocboni]

I admit I have been a bit nieve and not as simple as I first thought (although this is how it appears to be at the college I go to). I can see how a safety relay is really required with possibly a 2 channel emergancy stop circuit, with dual contactor and feedback loop although I don't quite understand how the two contractors are integrated into the feedback loop? Do you have auxiliary contacts from the contractors wired though the reset inputs? How does the relay know if say one contactor has welded closed?

 

[Andy-1960]

Yes, an auxiliary contact from each contactor is wired to the safety relay, the relay will not reset if one of the contactors is welded.

 

[netblindpaul]

I admit I have been a bit nieve and not as simple as I first thought (although this is how it appears to be at the college I go to). I can see how a safety relay is really required with possibly a 2 channel emergancy stop circuit, with dual contactor and feedback loop although I don't quite understand how the two contractors are integrated into the feedback loop? Do you have auxiliary contacts from the contractors wired though the reset inputs? How does the relay know if say one contactor has welded closed?

So are you talking about a "work area emergency switching system" under BS4163, or an emergency stop circuit on a piece of machinery.
Either way EN 13850 applies, but, is more often than not totally misunderstood by electrical contractors installing these systems in educational establishments, and that's from experience.
Many don't even know of the existence of the CoP that they should be working to let alone have a copy of it to know how to comply!

 

[Rocboni]

This is a work area Emg stop system, hopefully the OP will make an appearance.

This is for my own benefit I am asking these questions, do all safety relays input a momentary button i.e. Take care of latching themselves or does its input have to be latched via a relay?

 

[Darkwood]

@Rocboni
Safety relays come in a variety of forms with many allowing compliance of the varying safety level of differing systems depending on how you wire them, the usual method to reset a safety relay is a momentary closing of a monitored N/O loop, depending on other criteria that the relay is monitoring it won't reset until certain conditions are satisfied.

 

[netblindpaul]

For a work area switching system, the buttons and control system must comply with EN 13850 as this is required by BS 4163, this means red mushroom head trigger action latching on a yellow background, circuit to PLc, with an analysis & design against EN 13849-1 to ensure that PLc is adequate, then verification to EN 13849-2 to prove that the implementation is correct.
The emergency stop buttons feed straight into the safety relay.
PLc is basically suitable actuators, dual channel with a safety relay monitoring the stop buttons, you also must take into account fault masking, and, then this must operate a suitable actuator, for example a power contactor to disconnect the supply.
This power contactor must be proven as suitable under EN 13849-1, potentially it will require a redundant partner in series, only the analysis can show what is required.

 

[Rocboni]

I see that some relays the start and reset are the same input.

Could you have a key and reset button latching a relay with contacts in series with a start button to take care of the deliberate action?

So if a Emg stop Is pushed to restart you have to twist the key and push reset to acknowledge activation then push start?


I presume all the Emg stops are wired in two loops when it's dual channel, the stop at the key station would be wired like a Emg stop but just a flush red button?

 

[Rocboni]

What would delatch the relay?

 

[netblindpaul]

I see that some relays the start and reset are the same input.
You mean some safety relays? The start/reset commend to them can be the same, they can't re-start a machine on their own, they are not allowed to.
Could you have a key and reset button latching a relay with contacts in series with a start button to take care of the deliberate action?
Not sure what you mean. You would have to have a key to comply with BS4163, this could be reset of the e-stop, or start, and the other action could, be a push button. Probably thinking about this in EN 13849 language the reset should be a blue pb, with the re-energise being the momentary key operation.

So if a Emg stop Is pushed to restart you have to twist the key and push reset to acknowledge activation then push start?
This depends on the design, blue is required as the reset under EN 60204-1 which is also called by BS 4163. So blue to reset, momentary, resets the safety relay, to allow re-energising the supply system, then momentary operation of the key switch to re-energise the supply.

I presume all the Emg stops are wired in two loops when it's dual channel, the stop at the key station would be wired like a Emg stop but just a flush red button?
Allowing for the effects of fault masking then yes. the stops would all be wired in series. However, this depends on the analysis under EN 13849 as to what the requirements for the mitigation of fault masking are. There are basically two channels in series in parallel, yes.
The stop at the single start location could be just a red button, but it could not be flush it must be proud. However, if it has the same action as the emergency stop buttons, then it must be an emergency stop button. If you implement a normal stop action at the start location, then you would also have to provide an emergency stop at the location in the event that the stop did not function, the normal stop could bypass the safety relays, but, if it had any influence on the safety circuit/function then it would fall under the same requirements.

 

[netblindpaul]

What would delatch the relay?

Delatch what relay?

 

[Rocboni]

As far as I can see ther is only one input to reset, when you say you have one button to reset and another button to re energise how do achieve this, is the reenergising circuit not wired as part of the safety relay circuit?

You just output contacts of the safety relay like a stop button in a latching stop/ start circuit?

So if you did have a blue reset, green button and key switch to start (held at same time), red to switch off say at the end of the day? You would need to have a Emg stop at this location

Sorry just trying to learn!

 

[netblindpaul]

Resetting the safety relay (e-stop circuit) must only allow re-start, not implement re-start.
The start function is not a safety function.
The stop/e-stop MUST override the start function.

Not sure what you mean by the way you are looking at the outputs of the safety relay.

Why would you have 3 devices to start?
Blue to reset, yes.
Green to start not acceptable under BS4163, key switch required, key switch can be used as a start under other standards. Both must be momentary.

A conventional stop button would not be part of the safety function, so, if there was an incident requiring e-stop and witnessed at the start location then an e-stop would be required.

These things are not the sort of thing that you can "get" over internet forums, you need to get the standards and study them, then get mentored really.
There are various commercial machinery safety courses, mine was the CMSE validated by TUV Nord.

Please don't "play" with this stuff, because people die in and around machinery and there was a recent case where a machine designer has I think done time, if not certainly been found guilty of manslaughter because his design was negligent.

What makes it worse is the actions of one of the parties involved resulted in the death of a family member, they basically burned to death, or suffered a heart attack due to the temperatures when they were trapped inside an oven.
So just like the guys pictured hugging on top of the burning wind turbine with no means of escape, he knew that he was going to die, and was just sat/stood there waiting to die.
Horrible, so just realise that machinery safety is not something to take lightly.