Q&A: Integrated Safety & Control [TECH TIP]

  • Post category:TECH TIPS
  • Reading time:5 mins read

1. What are the basic components of an integrated control and safety (ICS) system?

There are four basic components of an ICS. (1) The safety input, e.g., an E-Stop button or a light curtain. (2) The safety network that ensures the safety message gets back to the controller. (3) The controller, typically a Programmable Logic Controller (PLC). And (4) typically a device that may need to act in response to safety messages, typically a robot or drive. In the case of a PROFINET network, the safety messages are transported via PROFIsafe. They are merely PROFINET messages but with some extra data to guarantee safety messages get from a sender to a receiver.

2. What are the key differences between a safety network and a safety-by-wire solution?

The principal difference between a safety network and hard-wired safety are the cost savings provided by the large reduction in needed hardware. Safety-by-wire solutions require many wires being ‘homerun’ from the field to a cabinet. Terminal strips and marshalling racks are then often needed. Finally, the solution is implemented via many relays to perform safety mechanisms. In safety networks however, a single wire is employed, fewer, if any, terminal blocks or marshalling racks are needed, and instead of performing safety via relays, the safety is done in logic, in other words, in a PLC.

3. What kind of risk assessment is done to ensure safety and process elements can coexist efficiently and safely?

The coexistence of safety and automation components has already been well established for more than 20 years. Using PROFIsafe together with PROFINET, for example, has been tested and certified by to achieve up to SIL-3 or PL e safety ratings. Their coexistence is already tried-and-tested with millions of nodes installed worldwide. So any risk assessment that needs to be done should be focused solely on what protections are needed for a given environment or application. The ‘how’ is already well established: networked functional safety is well known and widely used. The ’what’ needs to be determined on a case-by-case basis, namely what are the risks, and what safety-level is required.

4. Is there a benefit to more tightly integrating safety and standard I/O in single modules (blocks, drives or valve banks)?

Significant cost savings can be found when integrating safety and standard I/O. Associated hardware costs can sometimes be cut in half. This is because dedicated hardware for the safety network is no longer needed. Or in the case of drives, a dedicated safety input is no longer needed: the same network carrying the automation messages is the same that carries the safety messages.

5. Has the technology and innovations in automation outpaced the evolution of safety technology? Are they getting closer, or farther apart?

Modern safety networks employ the same technology as automation networks – namely because they are the exact same network! This was the key driver behind performing networked functional safety, versus hard wiring. Instead of building a dedicated, complex safety network, just use the same network as the automation technology. This has been performing well for over 20 years, so the technology is well established at this point and any advances in automation networking technology are automatically available in the safety network.

6. How might time-sensitive networking (TSN) affect the adoption of ICS systems?

Time Sensitive Networking should have no bearing on a modern safety network. Functional safety protocols like PROFIsafe employ a technique known as the ‘black channel principle’. This means, all PROFIsafe cares about is ensuring safety messages get from one end of the network to the other. The underlying transport or physical layers are unimportant. The only thing that matters is that the safety message sent by the light curtain is received by the PLC, for example. This could mean over copper wires, fiber-optic cables, even wireless. And since TSN sits at ISO/OSI Layer 2, it’s transparent to the PROFIsafe messages it’s carrying.

7. How much does combining safety and control depend on open machine-to-machine communication? Are some customers bound by equipment that doesn’t use open protocols?

Until recently, machine-to-machine functional safety communication has been the ‘missing link’ in any modern safety network. This was because no single vendor-agnostic standard existed. Any solution was highly customized or proprietary. That all changed when the OPC UA Safety Core Specification was released in 2020. OPC UA Safety is truly independent of the safety protocol employed from a machine’s controller downwards – at the field level. We, as PROFIBUS & PROFINET International (PI), promote this standard, particularly since its principles are based on the tried-and-tested PROFIsafe technology. But OPC UA Safety takes things a step further to make M2M safety even better with features like dynamic addressing. Traditionally, safety nodes’ addresses are static, as this helps support data authenticity. But in a world where Automated Mobile Robots (AMRs) are becoming more prevalent, dynamic addressing is required. An example would be safety-related communication between e.g., a stationary machine, and an AMR who has arrived just-in-time to complete a task before moving along.


Excerpts from this Q&A appeared in Control Design magazine.