Fluid Power Safety 101
Safety is a critical aspect to any fluid power system, not just from the basic level of keeping components plumbed properly, but also in overall levels of machine safeguarding. It is critical to evaluate the entire system, including the electrical portion, to minimize exposure to unnecessary risk. Systems are rated based on the weakest link in the control chain. a Several standards (including ISO 13849-1:2006, ANSI/ASSE Z244.1-2003 (R2008) and ANSI/PMMI B155.1-2011) define the control system as including input, sensing, and interlock devices as well as output devices such as pneumatic and hydraulic valves. a The function of a fluid control valve mimics that of an electrical-control relay and, therefore, is subject to the same rules for classifying safety integrity. Thus, properly specified machine safeguarding systems include provisions for pneumatic valves, including:
- Must be functionally redundant.
- Must be monitored for faults (including diminished performance faults, which may create the loss of redundancy), without depending on external machine controls or safety circuitry.
- Must return to a safe position in the event of a loss of pressure or other such event.
- Must be able to inhibit further operation upon detection of a fault condition until such condition is corrected.
- Should have a dedicated, specific function-reset input and should prohibit the ability to perform a reset by simply removing or re-applying pneumatic or hydraulic power.
- Must not automatically reset.
Providing control reliability with fluid power is not quite the same as with electrical controls, however. For instance, plain redundancy in a safety circuit requires the equivalent function of four valve elements, not just two. Two of the four valve elements handle the inlet function while the other two elements handle the stop function (energy release). Many self-designed systems risk having hidden, potential flaws, which can lead to unsafe conditions because they are unseen, unexpected and, therefore, excluded from design and safety reviews. A good example is the spool cross-over conditions or ghost positions of a valve, which are usually not shown on schematics. a
Two general abnormal conditions can affect valve safety. The first is similar to an electrical-control fault, such as when a relay might be stuck in the open or closed position. The second is when a valve develops diminished performance, as when a valve becomes sticky or sluggish. In such cases, the valve reaches the proper position, but slower shifting affects safe stopping distances or precise timing. The ANSI B11.19-2010 Standard mandates a monitoring system that detects these conditions for critical applications and the ANSI/PMMI B155.1-2011Standard requires diminished performance monitoring if stopping time can be affected. An easy solution is to use a self-monitoring, Category-3 or -4 valve, designed to detect both conditions. a
The use of double valves remained relatively unheard of for many years except in a few select industries, such as stamping presses, which first initiated control reliability requirements. Double valves provide dual internal functions (redundancy) so that an abnormal function of one side of the valve does not interfere with the overall normal operation. At the same time, the double valves sense abnormal operation on either side of the valve and then inhibit further operation until the problem has been corrected and the valve deliberately reset. This sensing and inhibiting function is commonly referred to as monitoring. a
Two standard air valves, whether in parallel or in series, cannot perform the same safeguarding function as does a double valve critical function. By simply incorporating two standard air valves into the circuit, no provision is made to sense the abnormal operation of one side of the valve or, even more preferable, diminished performance such as slow shifting. In addition, there is no provision for inhibiting further operation of the circuit until the valve is repaired. If one valve actuates abnormally, the second one continues to function and redundancy is lost. The circuit doesn't recognize lost redundancy nor would it halt operations as a warning that redundancy has been compromised. Then, if the second valve also actuates abnormally, there is no back up and control integrity no longer exists. a
Double valves are appropriate for pneumatic and hydraulic equipment anytime reliability is an issue. Typical applications include E-stop, two-hand-control, light curtains, safety gates, pneumatic locking devices for safety gates, hydraulic brakes, air brakes, amusement rides, hoists, elevators, pinch-point applications, or any other application where control system integrity depends on valve operation. a
Craig Cook
