Designing Safe Pneumatic Systems


Post By: Tom Rowse On: 03-04-2020 - Pneumatics - Safety


The design and construction of machinery always has two objects in mind, apart from its obvious functionality. The first is that anyone operating the machine should be protected from any accidental injury as a result of its malfunction. The second is that the machine itself should be protected from accidental damage. For these reasons, complex controls must be applied when designing safe pneumatic systems, to ensure that they comply with international standards – such as ISO:13849 for functional machine safety.

The design of any pneumatic system must always include safe stop functionality in order to halt dangerous motion. Safe stop also prevents the machinery activating unexpectedly from a resting state. Other pneumatic safety controls must include:

  • reduction of pressure and force
  • limiting temperature and speed
  • safe release of energy
  • blocking or stopping motion
  • only moving in a safe direction

Designing Safe Pneumatic Systems

The safety levels of any automated system must be assessed in accordance with these standards, beginning with the design phase. All phases of development must be considered, from the initial concept and prototype design to the actual construction and integration of the system. It must then be rigorously tested during start-up, typical operational conditions and maintenance.

When designing safe pneumatic systems, engineers must focus on events such as a sudden drop in, or loss of air pressure, and what happens to the system when the air pressure is restored. The safe venting of air pressure that occurs when there is an emergency stop must also be carefully considered. Design features that can be incorporated may include safe exhausts, safe holding units to ensure a component is locked in place in the event of any unexpected start-up, and check valves and flow controls.

Risk assessment

Risk assessment is the first stage of designing a safe pneumatic system, and must encompass all phases from electrical circuits to mechanical parts. Any potential hazards must first be identified and the risks for injury carefully assessed. Then each potential hazard must be evaluated individually and a risk estimate prepared. Designers and engineers can then use this estimate to develop appropriate safety measures that will reduce the risk to permissible levels.

Risk estimation

ISO:13849 introduced a standard for safety control circuits, by which engineers can calculate their required performance level (PL). The formula takes into account the degree of severity (S) of any potential injury, how frequently (F) the risk exposure might occur, and what level of risk reduction is possible to render the hazard safe (a-e). The resultant PL must then be adjusted to conform to PLr, which is the Performance Level Required for safe operation of the system based on the probability per hour of a dangerous failure occurring.

When the risk has been assessed and the PL identified, the degree of possible risk reduction will be established. Reducing the risk to the required level will also depend on these parameters:

  • category of control architecture
  • mean time to dangerous failure (MTTFd)
  • diagnostic coverage (DC)
  • common cause failures (CCF)

Control architecture categories (B, 1, 2, 3, & 4)

These categories classify the SRP/CS (Safety-Related Parts of a Control System), i.e. those parts that respond to safety-related input signals and generate safety-related outputs. These categories involve an assessment of fault resistance, and indicate what type of control circuit architecture must be used to achieve a particular PL.

Mean time to dangerous failure

This is distinct from MTTF, the failure of a component, and involves a calculation of the time to any failure that will endanger the safety of the machine or its operator.

Diagnostic coverage (DC)

This parameter indicates the measure of diagnostic coverage involved in the PL assessment with regard to input, output and logic circuits. The risk assessment must examine and evaluate the danger level of faults according to the context of each individual application, as different applications may produce different results. It is up to the design engineer to ensure that the specific product or component is examined in accordance with the relevant DC.

Common cause failures (CCF)

CCF is fairly self-explanatory and defines those failures that occur in different components or products as a result of a single, common event. Sample CCF situations include insufficient physical separation of signal paths on PCBs, mixing different technologies or components from different manufacturers, and resistance to environmental and electromagnetic influences.

These are some of the principal factors that must be taken into account when designing safe pneumatic systems, and which are detailed in international standard ISO:13849.







Get More From Rowse Straight To Your Inbox