Emergency Stop circuit

[Rocboni]

There are accepted standards for basic design irrespective of the safety level required, a risk assessment will also include the consequences of component failure ie 'is it fail safe' and what measure have been undertaken or what extra components have been put into the design to give the required level of fail safety, you also mention using the Start button to do 2 functions, first as just a start then also as a reset if an E-stop is operated, this would not be a good design, you should incorporate a seperate device be it a key, button or similar to reset the system usually by a deliberate action, your reset should not energise the circuit at the same time, this must be by the use of another device again be it a P/B or K/S etc, even colour coding of indicator lamps, buttons etc have guidelines, if the red stop is on the same station as an E-stop then a red button would not be permitted, some of these points are not statutory but a written agreement and risk assessment with the customer must be drawn up say if the customer wanted a non standard button colour or indicator, this may be because of existing systems say on workshop machinery follow an older code, it reduces the chance of confusion if everything is the same.

Is the fact that the stops being on a N/C circuit not fail safe enough, if anything else fails then the system won't be able to be re energised as they are all N/O?


Why shouldn't the reset energise the circuit, surely a spring return key switch with reset push button, is a deliberate action as you have to keep the key turned while pushing the reset?

There will be no emergancy stop on the same station as the stop.



Given the limited info I would as a basic have all the E-stop buttons as key release only, this way the students cannot mess about with the E-stops then quickly twist and release and then deny all knowledge, another way around this is to have an indicator system to identify the operated E-Stop...all this would be discussed on-site, I have seen so many poor designs when I worked through the schools and comments about this issues they have with them such as the one I just hi-lighted should be avoided in the design stage.

I agree, if a light was installed abouve each emergacy stop this would prevent the need to walk round 8 stops to find out which one, which regularly happens at college at the moment, however we don't really get students messing about with them.

I also ask the question why you cannot change the voltage, you are allowed to run different voltages in the same containment as long as all cables are sufficiently insulated to that of the circuit and or controls of the highest voltage.

You are right, it could be done using a 2 core insulated but it would need to be small so that each could be looped in and out the 20mm conduit, might causes more issues if a light was incorporated? Is the fact that they are at 230v an issue even if they are enclosure in metal conduit and the emergancy stops are of disaster construction?

Yes I know it is not a machine but you have to consider what may be plugged in will be energised when power is restored so there is no real relaxing away from standards that cover machinery control, it is still a safety system and by the fact it is controlling power to gas valves, possible extraction fans etc it would fall within the realms of the standards required for machinery thus the system should be design to meet it as such, even if you don't actually fall under the BS60204, you will fall under other standards and given they are all derived from the same blueprint it would most likely follow the same basic design requirements, if you have any knowledge of the BS60204-1 you will see many standards are actually repeated in the BS7671 especially that of O/L protection of motors etc... you will find this overlapping of regulations very common across the many different areas of British Standards.

The gas valves will shut off a oxy acetaline line to the booths, the extraction system should not be on the same D/B as the emergancy stops, I except that consideration should be taken to what is plugged in, hopefully this has been thought of by the design consultants!

@Rocboni.... I have colour coded your answers, this helps define your replies which can be somewhat confusing to other members when they are reading if it is all integral to a quoted message.

 

[Bobster]

Now I presumed this was an application with machinery.

Emergency stop circuits of all kinds need to be designed to EN ISO 13850. Like Darkwood has stated there's a lot more to it than it just being functional in shutting a valve.

I agree that some of it seems like menial paperwork. You need to be able to prove the reliability of the circuit, documentation proving the performance rating, for example the probability of the circuit not operating or failing to an unsafe state. Maintenance plans and a testing routine needs to be given to the end user as well as information stating which devices will need changing before the end of the required mission time.

Seems like a whole lot of overkill for something like this granted, but the HSE has been given some new sharper teeth to combat the sheer amount of people still not following these rules, an unlike BS7671 these documents are statutory.

I don't want to be on here bringing the doom an gloom, I merely want to try and educate. If i can get one person to research and find how it should be done, and this stops them hurting someone or being fined through the a** in future.

 

[Darkwood]

@Rocboni
Clearly you are savvy to more info on this job than we are and thus my replies are somewhat generalising regulations based on possibilities.

-The point about the starting of the system and the resetting of the system still stands, the 2 actions should not be done the same way, a reset of an E-Stop should be a deliberate action and it shouldn't energise the sockets and the Gas solenoids in this case, a second action should be used to do so, the reset should be an acknowledgment of the oprated device and the reason it was operated has been addressed, this then should allow you use of second stage controls ..ie the start button, there are many reasons for this of which in such basic circuit it may not be clear at first.

-Fail safe was regarding component failure, assuming you had a main contactor to drop out you have to consider the fact it may mechanically become jammed in position as it's energised most of the time, this could be a issue, has a safety relay been incorporated into the circuit and/or would it be required, having a 2channel system usually ensures faulty E-Stops etc are identified quickly.

-Is there a heightened risk of shock, are the pupils using flames near flexes or water/chemicals near electrical outlets and devices, this may warrant a different approach like running through an 1/1 isolating TX then having your standard RCD protection after..

-You mention using 2core flex, you said it was already in containment so why flex, why not standard singles which is already rated to the highest voltage, I see no reason to put insulated and sheathed cables within a containment system.

You mention a design consultant, this hasn't been mentioned before, are they just CAD people or do they have an indepth knowledge of the relevent regulations and the required risk assessments that should be written up when designing such a system?

Like I said, I am only responding to the limited info presented so I may make a few points that are not relevent here but in doing so I hope I also show that designing such a safety critical system is not just about making a functional circuit... so what happens if the main contactor/mccb fails to drop out due to mechanical failure.. is there any form of back-up on this system to ensure the requirements of E-stop operation are still met?

 

[netblindpaul]

EN 13850, EN 13849-1 & -2 BS 4163 all would apply.
If this is in an education environment, then you will find it very difficult legally to deviate from the accepted CoP.
A single N/C contact is not fail safe under EN 13849/13850.
What is the PL required, the minimum level under EN 13850 is PLc.
If EN 13849/13850 applies then you are looking at PLc, and there is NO WAY to legally avoid this, unless you are willing to document every decision, risk assessment etc. etc. etc. as to why you are not complying with harmonised standards.
I really think that the OP is not adequately familiar with the relevant statute law requirements and the accepted standards & codes of practice?

 

[Rocboni]

I admit I have been a bit nieve and not as simple as I first thought (although this is how it appears to be at the college I go to). I can see how a safety relay is really required with possibly a 2 channel emergancy stop circuit, with dual contactor and feedback loop although I don't quite understand how the two contractors are integrated into the feedback loop? Do you have auxiliary contacts from the contractors wired though the reset inputs? How does the relay know if say one contactor has welded closed?

 

[Andy-1960]

Yes, an auxiliary contact from each contactor is wired to the safety relay, the relay will not reset if one of the contactors is welded.

 

[netblindpaul]

I admit I have been a bit nieve and not as simple as I first thought (although this is how it appears to be at the college I go to). I can see how a safety relay is really required with possibly a 2 channel emergancy stop circuit, with dual contactor and feedback loop although I don't quite understand how the two contractors are integrated into the feedback loop? Do you have auxiliary contacts from the contractors wired though the reset inputs? How does the relay know if say one contactor has welded closed?

So are you talking about a "work area emergency switching system" under BS4163, or an emergency stop circuit on a piece of machinery.
Either way EN 13850 applies, but, is more often than not totally misunderstood by electrical contractors installing these systems in educational establishments, and that's from experience.
Many don't even know of the existence of the CoP that they should be working to let alone have a copy of it to know how to comply!

 

[Rocboni]

This is a work area Emg stop system, hopefully the OP will make an appearance.

This is for my own benefit I am asking these questions, do all safety relays input a momentary button i.e. Take care of latching themselves or does its input have to be latched via a relay?

 

[Darkwood]

@Rocboni
Safety relays come in a variety of forms with many allowing compliance of the varying safety level of differing systems depending on how you wire them, the usual method to reset a safety relay is a momentary closing of a monitored N/O loop, depending on other criteria that the relay is monitoring it won't reset until certain conditions are satisfied.

 

[netblindpaul]

For a work area switching system, the buttons and control system must comply with EN 13850 as this is required by BS 4163, this means red mushroom head trigger action latching on a yellow background, circuit to PLc, with an analysis & design against EN 13849-1 to ensure that PLc is adequate, then verification to EN 13849-2 to prove that the implementation is correct.
The emergency stop buttons feed straight into the safety relay.
PLc is basically suitable actuators, dual channel with a safety relay monitoring the stop buttons, you also must take into account fault masking, and, then this must operate a suitable actuator, for example a power contactor to disconnect the supply.
This power contactor must be proven as suitable under EN 13849-1, potentially it will require a redundant partner in series, only the analysis can show what is required.

 

[Rocboni]

I see that some relays the start and reset are the same input.

Could you have a key and reset button latching a relay with contacts in series with a start button to take care of the deliberate action?

So if a Emg stop Is pushed to restart you have to twist the key and push reset to acknowledge activation then push start?


I presume all the Emg stops are wired in two loops when it's dual channel, the stop at the key station would be wired like a Emg stop but just a flush red button?

 

[Rocboni]

What would delatch the relay?

 

[netblindpaul]

I see that some relays the start and reset are the same input.
You mean some safety relays? The start/reset commend to them can be the same, they can't re-start a machine on their own, they are not allowed to.
Could you have a key and reset button latching a relay with contacts in series with a start button to take care of the deliberate action?
Not sure what you mean. You would have to have a key to comply with BS4163, this could be reset of the e-stop, or start, and the other action could, be a push button. Probably thinking about this in EN 13849 language the reset should be a blue pb, with the re-energise being the momentary key operation.

So if a Emg stop Is pushed to restart you have to twist the key and push reset to acknowledge activation then push start?
This depends on the design, blue is required as the reset under EN 60204-1 which is also called by BS 4163. So blue to reset, momentary, resets the safety relay, to allow re-energising the supply system, then momentary operation of the key switch to re-energise the supply.

I presume all the Emg stops are wired in two loops when it's dual channel, the stop at the key station would be wired like a Emg stop but just a flush red button?
Allowing for the effects of fault masking then yes. the stops would all be wired in series. However, this depends on the analysis under EN 13849 as to what the requirements for the mitigation of fault masking are. There are basically two channels in series in parallel, yes.
The stop at the single start location could be just a red button, but it could not be flush it must be proud. However, if it has the same action as the emergency stop buttons, then it must be an emergency stop button. If you implement a normal stop action at the start location, then you would also have to provide an emergency stop at the location in the event that the stop did not function, the normal stop could bypass the safety relays, but, if it had any influence on the safety circuit/function then it would fall under the same requirements.

 

[netblindpaul]

What would delatch the relay?

Delatch what relay?

 

[Rocboni]

As far as I can see ther is only one input to reset, when you say you have one button to reset and another button to re energise how do achieve this, is the reenergising circuit not wired as part of the safety relay circuit?

You just output contacts of the safety relay like a stop button in a latching stop/ start circuit?

So if you did have a blue reset, green button and key switch to start (held at same time), red to switch off say at the end of the day? You would need to have a Emg stop at this location

Sorry just trying to learn!