Operation of Machine
2. Safety Assessment
Project Number
Client
Company:
Revision
16832
Bector Automation RML India Pvt. Ltd.
0
IDMC
Introduction to General Safety:
Where appropriate, it is intended that this equipment complies by the guidelines presented in
-
AS4024 - Safety of Machinery [1]
-
BS EN415-7:2006 - Safety of Packaging Machinery [2]
-
ISO 13849:2006 Safety-Related Parts [3]
-
and/or IEC 62061 Safety of Machinery [4]
The supplied machine for IDMC- Semi-Automatic case packer Butter Carton system integrating servo motion control and pneumatic systems. The machine is designed for controlled and efficient product handling and packing operations in a dairy product manufacturing environment.
Operation and maintenance personnel may only access moving or hazardous parts when the machine is in a safe and de-energized condition. Therefore, from a guarding and safety perspective, the machine is designed to provide controlled operator access while ensuring personnel protection during operation and intervention.
The guarding concept consists of fixed guarding around the hazardous areas of the machine, with access provided through one interlocked guard door. This guard door is positioned to allow safe access for maintenance and troubleshooting activities.
In addition to physical guarding, the machine is equipped with essential safety systems including one interlocked guard door, safety PLC, and one emergency stop (E-stop) circuit. Opening the guard door or pressing the emergency stop will bring the machine to a safe, de-energized state.
This ensures maximum protection of personnel during operation and intervention. During normal production, access to hazardous zones is restricted, thereby maintaining complete segregation between operators and moving machine components.
The proposed guarding layout is illustrated below: red lines represent fixed guarding solutions, while associated entry points (i.e., doors) are protected using interlock switches and are shown in blue.
Figure 2: Guarding Arrangement
1. Electrical and Control Systems
Bector Automation RML Engineering India Pvt. Ltd. representatives have conducted a detailed and systematic Risk Assessment to identify, analyze, and mitigate potential hazards associated with the machine. The assessment has been carried out in line with internationally recognized safety practices and guidelines.
The electrical control panel is equipped with Lock Out / Tag Out (LOTO) provisions to ensure safe and complete isolation of all energy sources during maintenance and servicing activities. This includes electrical, pneumatic, and mechanical energy, thereby preventing any unintended machine start-up.
The risk assessment document systematically evaluates each section of the machine by assigning a Hazard Rating Number (HRN) to every identified hazard. This rating is derived based on the severity of injury, frequency and duration of exposure, and probability of occurrence. Hazards with higher HRN values represent more critical risks and are prioritized for implementation of appropriate risk reduction measures.
Appropriate safeguards such as fixed guarding, interlocked access doors, emergency stop systems, safety-rated control circuits, and procedural controls have been implemented to minimize risks. These measures ensure that all identified hazards are reduced to an acceptable level, providing a safe and reliable working environment for operators and maintenance personnel.
2. General requirements
As mentioned previously, with the exception of conveyors, operation and maintenance staff are separated from the moving and hazardous parts of the machine by the guard structure when the machine is energized. Access to the internal parts of the machine can only be possible when the machine has been de-energized, and the machine is deemed to be in a “Safe state”. For this reason, the safety system shall be designed and implemented to serve the sole function of de-energizing all moving or hazardous equipment when a non "Safe State" is detected.
With reference to Figure.2, and the required levels of protection (SIL 2 and PL(d)), the components required to make the safety control system will be a safety controller, safety contactors, emergency stops, door switches, photoelectric sensors and a safety air service unit. The devices within the safety control system are expected to respond, and the safety system switch, to a safe state within 0.8 seconds of any potential fault detection or safety function demand. Maximum fault detection time (i.e., determining the difference between device fault or safety function actuation) should be no more than 3 seconds. These values are determined from experience with similar machinery.
Considerations during the design phase in respect to the operating environment of the machinery were made.
-
The machinery due to its function and operating environment will not be subject to shocks or vibrations.
-
Electromagnetic compatibility is adhered to by installation of electrical components undertaken by qualified personnel.
-
The machine is designed for a non-wash down food packing environment.
-
Material selection and professional design solutions have been implemented to ensure mechanical durability.
-
It is expected the machine will be operating in ambient room temperature.
Correct maintenance of machinery componentry, both mechanical and electrical is outlined in the machinery manual that is supplied with the Stride.
Above and beyond the manufacture certifications of the devices used, correct installation and implementation of devices must be adhered too. Fault detection should cover, but is not limited too
-
Cross circuits
-
Short circuits
-
Open circuits
-
Cross terminals
2.1 HAZOP (Risk Assessment)
HAZOP, or a Hazard and Operability Study, is a systematic way to identify possible hazards in a work process. In this approach, the process is broken down into steps, and every variation in work parameters is considered for each step, to see what could go wrong. Please refer the below attachment for HAZOP Document.
2.2 Safety Contactors
Note: Click on the Image for the Component Manual
Safety contactors are used to isolate power to specific devices within the machine. The safety contactors work in conjunction with the safety controller, so that when an un-safe state is detected by the safety controller, the safety contactors work to isolate all relevant devices to allow the machine to reach a safe state. Below are the part details and a reliability block diagram (RBD) of the safety contactors to demonstrate the required architecture.
Figure.5: Safety contactor RBD
Table.1: Safety contactor part data
Description
Part No.
Quantity
Target PL
Schneider Safety Contactors
LC1D18BD
1
d
2.3 Safety Door
Doors are designed to restrict access into all areas where there is potential for contact with moving machinery. Access to these areas should only be allowed when the motion has stopped. All equipment is energized via the safety circuit; therefore, the safety function of the door switches is to identify access to these areas is possible by turning the safety system to a non-safe state which in turn de-energizes all machinery. Below are the part details and a reliability block diagram of the door switches to demonstrate the required architecture.
Description
Part No.
Quantity
PL
Safety Door Switch
RE13-SAC
1
d
Table.2: Safety Door Switch part data
Click on the Image for the Component Manual
2.4 Safety Controller
The machine safety interlock system is controlled through Allen-Bradley Guardmaster 440C-CR30-22BBB configurable safety relay. This controller is suitable for monitoring emergency stop, guard door interlock and other machine safety inputs. The controller is designed for applications up to PLe / Category 4 as per ISO 13849-1 and SIL CL3 as per IEC 62061, subject to correct wiring, configuration, validation and use of suitable safety devices.
Description
Part No.
Quantity
PL
Safety Controller
440c-cr30-22bbb
1
d
Table.3: Safety Controller
2.5 Safety Monitored Air Service Unit
A number of the moving parts within the machinery supplied are pneumatically operated. Actuation of these pneumatic devices are electrical, however the energy associated with the mechanical movements is pneumatic. As mentioned previously, to ensure complete de-energizing of the equipment, all pneumatic devices must have their energy removed. A safety monitored dump valve is expected to achieve this if signaled to do so by the safety controller. Below are the part details and a reliability block diagram of the safety dump valve to demonstrate the required architecture.
Figure.: Air service unit RBD
Description
Part No.
Quantity
PL
Pressure Switch with Filter
MS4-LFR-1/4-D7-C-R-M-AS
1
d
Table.4: Air service unit part data
2.6 Emergency Stop
Emergency stops are located in the most practical places around the machine. Practical places are often driven by such factors as
-
At control points (i.e., below the Operator panel)
-
In areas to ensure that no matter where an operation staff may be located, they can easily get to an emergency stop position
Direct guidelines are also used to place emergency stops such as that specified in BS EN 415 [2]. For example, these are relating to distances from conveyor guard tunnel openings and distances between emergency stops. The safety function of the emergency stop is to divert the safety system to an unsafe state when activated and in turn completely de-energise all machinery. Below are the part details and a reliability block diagram of the emergency stops to demonstrate the required architecture.
Note: Click on the Image for the Component Manual
Table.8: Emergency stops part data
Description
Part No.
Quantity
Sick E-Stop
6036148
1
Table.5: Emergency Stop
3. Validation
Upon completion of the design and manufacture of this equipment, the design of the safety related parts of the control system shall be validated by a third party in accordance with AS 4024 [1], ISO 13849 [3] and/or IEC 62061 [4]. This document will form the basis for the validation by identifying the safety functions affecting the machinery supplied by Bector Automation RML India Pvt Ltd
4. Conclusion
Strides Pharma is a pharmaceutical manufacturer. Bector Automation RML Engineering India Pvt. Ltd. has been assigned to provide an automated solution to replace manual case packing on the packaging line.
The proposed solution is an adjustable Top Load Case Packer (Machine 2 – 16913) designed to handle multiple packaging formats efficiently, reducing manual intervention and improving productivity.
The scope of the project required a number of safety standards be adhered to, in particular AS4024 [1], BS EN415 [2], ISO 13849 [3] and IEC 62061 [6]. The machine is designed to be fully automatic; therefore, where permanent guarding is not practical, control systems are used to safeguard operation staff from any identified hazards (Appendix.1). The degree of safeguarding for this control system was determined to be PLd by systematic analysis using the Risk Analysis assessment with the exception of the case in feed which is to be designed in accordance with BS EN 415 [2] and have a SIL2 level of protection. The safety system implemented will serve the sole function of de-energizing all conveyor motors, servo motors, pneumatic cylinders in the event of an un-safe state. Because the machinery is fully automatic, the unsafe state is when operation staff can be exposed to any moving parts. It is required that the safety control system be validated upon completion of design, manufacture and assembly. Validation will be carried out internally by a person independent of the design of the safety systems.
5. References
[1] European Committee For Standardization, BS EN 415-7:2006 +A1 2008 Safety Of Packaging Machines
[2] ISO 13849:2006 Safety Of Machinery – Safety-related parts of control systems
[3] IEC 62061 Safety of machinery - Functional safety of safety-related electrical, electronic and programmable electronic control systems
[4] ISO 13849:1999 Safety Of Machinery – Safety-related parts of control systems