Safety is often near the top of the list of reasons for preferring
cobots over traditional industrial robots. Safe motion
technology provides the foundation for cobot safety, but there
is far more to safely deploying cobots than that. I will list
below some of the things I consider when designing automation
systems that will have people around them. This list is not
comprehensive and just a starting point.
History - Historically,
the Occupational Health and Safety Administration (OSHA) required power
to be removed before personnel could access hazardous areas.
The workspace of an industrial robot was considered to be a
hazardous area, so power had to be removed from the robot's
motors before personnel could enter the workspace. This drove
safety solutions for industrial robots to fencing. In the early 2000's, OSHA began
accepting petitions from companies with solutions based on
redundant, fail-safe designs that were so safe as to be
considered statistically equivalent to removing power. Today's
cobots fall into that category. It is possible, but by no
means guaranteed, to design automation solutions where people
can safely share a workspace with cobots, without requiring
that power be removed from the cobots' motors.
Manufacturer's
Instructions - If you are going to do anything except
"plug&play" with your cobots (for example,
integrate door interlocks,
laser curtains, etc.), you must follow standards for
safety critical components. To do this you will need to follow
the instructions that come in the user manuals for the
equipment you buy.
For example, a laser curtain will be safety-rated when you buy
it. The user manual for the laser curtain will tell you not to
connect it to anything that is not safety-rated. Do not
connect that safety curtain to a standard relay, especially
not a standard solid-state relay. The laser curtain must be
connected to a safety relay. Similarly, door interlock sensors
need to be safety-rated (not standard switches and especially
not normally open, momentary contact switches) that may need to be
monitored. Follow the
manufacturer's instructions and DO NOT IMPROVISE.
Industry Standards - Most of the literature around
cobot safety you will find online references the EN ISO 10218 standard parts 1 & 2
(safety requirements for "traditional" industrial
robots) and the ISO/TS 15066 specification (safety
requirements for collaborative industrial robots) If you are
considering cobots for your factory, someone in your
organization should master these standards before you deploy
them. If there are machine tools on the factory floor, then
the ANSI B11.19 Safeguarding criteria will be important.
Will your system have an emergency stop functionality (besides the
functionality that comes with the cobots and the other machines)? If so, then the NFPA 79 Electrical Standard for Industrial Machinery
will likely apply.
The standards discussed
above are quite detailed. In the bigger picture, what
standards apply to the industry where the cobot will be
deployed? In the military &
aerospace industry (mil-aero), AS9100 is often considered the
industry standard. In the oil and gas industry,
American Petroleum Institute Q1 standards may apply. Almost
everyone follows ISO9001. These are sometimes called
"process" standards. They have processes that are written down and audited for compliance. What ever you do with
the safety for your cobot system, it should get into these processes
so it is properly documented and audited. For example, consider
putting EStop testing in your processes. Specifically how
often you test depends on the application, but getting it into your
documented processes increases the odds that it will happen.
If you are an employer, then compliance with OSHA requirements
is mandatory. Generally, when deploying cobots, be mindful of
the standards in the industry where the cobots are being
deployed, not just the standards around cobot safety.
Emergency Stops (EStops) -
It is quite possible that the cobot application you are
designing will include emergency stop functionality. NFPA 79 Electrical Standard for Industrial Machinery
provides guidance around emergency stops. Suffice to say that
you should only use an emergency stop switch that is
fail-safe, and designed
to be used as an emergency stop switch. As a second step in the
design of your emergency stop system (the first was the hazard
analysis), write down a list of everything that should happen when
someone hits the emergency stop. If that list has one item, "cut
power," then you may want to think a bit more about the
question. If you remove power from everything, could it make an
entrapment situation worse? Maybe you should bleed-off
compressed air that is holding clamps closed? Will there be a
load in the air that could fall when you cut power? Will it be
safe to leave that load in the air without power? Generally, what will happen to stored energy if you cut power to the system? If you
are going to design an emergency stop, do some research on how
to do it right. Of course, an emergency stop must itself be
connected in a fail-safe manner. For example, the system can't
keep operating as if nothing happend if the connector from the EStop switch falls
off its termination on the back of the Power Distribution Unit
(PDU).
Safety Rated Components -
Safety rated components provide guaranteed (to a reasonable
degree of statistical certainty) performance. For example, a
safety-rated, force-guided relay uses mechanical components to
force a contact open even if the relay is "welded"
shut electrically. Safety-rated components often include
monitoring to verify the component is operating as intended.
For example, a safety-rated relay will typically have a
monitoring connection to verify the relay opens when it is
commanded to do so. Monitoring functionality can be used to
prevent components from "failing silently." Safety
rated components MUST be connected to other safety-rated
components. For example, DO NOT connect a door interlock
switch
to a standard relay. Door interlock switches get connected to
safety relays. Generally, any relay that is required for the
safe operation of a machine needs to be a safety relay.
Software - If you are writing software to go
with your cobots, then you should review IEC 61508, “Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.”
This has been tailored to specific industries including automotive, machinery, nuclear power, process and
rail. Review the appropriate tailored standard if you work in
one of these industries. IEC 61508 calls out numerous software
engineering principles and processes that may apply, depending
on the application. As discussed, it is hard to think
of a situation where a system with a cobot wouldn't be
considered a safety-related system. Some aspects of safety are
designed into cobots, but if you are writing software, you
should follow the documentation, design, review, etc.
standards for developing safety-related software to the degree
appropriate for your industry and application.
Machine Guarding - It is also
quite possible your cobot safety application will require guarding. ANSI B11.19
Performance Requirements for Safeguarding provides guidance in
the design, construction, installation, operation and maintenance of the safeguarding (e.g., guards, safeguarding devices, awareness devices, safeguarding methods and safe work procedures) used to eliminate or control hazards to individuals associated with machine tools.
Some machines the cobot interacts with, such as CNC machines
with doors, may have built-in guards. Others, for example a
machine that seals plastic with a heated element, may not come
with guarding, but will require it when integrated with a
cobot and human working together.
Safe Motion Technology
- Cobots and people can work safely and concurrently in the
same workspace because of "safe motion" technology.
I prefer to call it "guaranteed motion" because it
is the way the cobot moves (or doesn't move) that is
guaranteed, not the safety of the automation system. As it
says in the manual for the Universal Instruments UR5, "The robot is partly completed machinery."
It is up to the people deploying the cobot to ensure the
entire application is safe.
Risk Assessment - All
cobot deployments should create and maintain a risk assessment
prior to deployment. This should be documented and archived
according to standard procedure. ISO 13849-1 provides
guidance for assessing the severity of risk. Hazards that may
be found in cobot deployments include: striking, ejecting, pinching, pushing, trapping, crushing & cutting.
Most cobot applications will be capable of seriously hurting
or killing a person. The safety systems need to be designed
accordingly.
Fencing - The ability
to work without fencing is often cited as one of the primary
benefits of cobots. While this may be true, fencing does
provide benefits not available with electronic safety
measures. For example, if a work piece can be ejected or
thrown from a work cell, then there needs to be a physical
barrier between that work piece and the people around the work
cell. Fences can also be used to guard many machines. Removing
the fencing may well create a multitude of individual,
point-of-operation guarding requirements.
|