Companies are continuously developing systems and methods for managing hazards in manufacturing systems (MS) to ensure personnel safety and minimize equipment damage. Such is critical for companies that certify safety of manufacturing systems according to accepted standards. The need for safety is typically coupled with the necessity for innovative production approaches that allow companies to deliver low cost products with short production cycles. These approaches include automotive assembly, line efficiency, life science process, improved plant performance, varied consumer goods, supply chain improvements, etc. Safety is driven by legal requirements, industry codes, voluntary efforts, etc.
One approach for tracking changes is the creation of an internal company safety procedure. Company safety audit trails are often recorded for internal revision control, insurance requirements, ensuring worker safety, etc. The company can recognize the need for recording MS configuration changes and the individuals making those changes. Such configuration changes can be recorded in various ways, e.g., sending change notice e-mails, recording changes in a notebook, engineering change notices (ECNs), etc. However, using internal safety procedures results in company unique approaches, which are typically inflexible, and require cumbersome paperwork.
Still another approach is creating a safety audit trail defined by standards, which require recording of configuration changes. For example, two such safety systems standards include International Electrotechnical Commission (IEC) standard IEC-61508 and EN954-1. Safety standards are typically developed for systems by employing expertise and lessons learned involving previous fatalities, injuries and incidents or near misses. In general, IEC-61508 and EN954-1 require safety audits, which record configuration changes to the MS throughout the system's life. Safety auditing enables a company and/or equipment manufacturer to investigate configuration changes that contribute to accidents, and to mitigate such occurrences.
IEC-61508 is a standard for electrical, electronic and programmable electronic (PE) safety related systems, specifying requirements for how PE systems are to be designed, implemented, operated and maintained to meet required safety integrity levels (SIL). SILs are defined according to the risks involved in the specific system application. SIL 1 indicates that a failure's likely outcome is a non-emergency injury to persons and/or damage to equipment requiring non-extensive repairs, for example. Likewise, SIL 2 designates that a failure is prone to result in a serious injury necessitating emergency care and/or property damage requiring modest repair. SIL 3 indicates that a failure will have an expected outcome of life-threatening injuries to persons and/or damage to property requiring extensive repairs and/or prolonged shutdown of operations. Such requirements are defined with respect to programmable electronics, e.g., embedded controllers, microprocessors, programmable logic controllers (PLCs), software, etc.
Similarly, EN954-1 applies to electro-sensitive protective equipment (ESPE) and is a European harmonized standard. The standard requires that a machine's or manufacturing system's PE safety risk be assessed and a determination made to eliminate or reduce alleged risks. The safety risk is determined by three factors: 1) severity of the injury, 2) frequency and exposure time to the hazard, 3) possibility of avoiding the hazard. For example, Category 4 (Cat 4) requires the highest level for safety performance capable of accommodating the most hazardous conditions.
A manufacturing system that can employ IEC-61508 and EN954-1 certifications is a flexible manufacturing work-cell. Work-cells are typically designed to provide enhanced productivity, minimal downtime, a wide range of manufactured products, reduced costs to consumers, etc. Many work-cells integrate robots, machine tools, material handling equipment, packaging devices, sensors, actuators, controllers, other hardware and software. Safety standards and safety audit requirements for work-cells vary by industry; however machine safety audits are often performed in order to meet strict safety standards. Many companies conduct safety audits on manufacturing systems using software that creates sophisticated reminder systems, e.g., check lists for audits, inspection sheets, maintenance records, etc. However, there is in general no guarantee, e.g., that the paperwork will be filled out properly or that a required inspection is performed.
In addition, existing highly automated and sophisticated manufacturing systems are not without deficiencies with respect to tracking commissioning, configuration changes, safety audits, etc. In particular, conventional manufacturing systems are complex in nature, including sensors, actuators, material handling equipment, machine tools, versions of software, various software configurations, multiple maintenance personnel, etc. In many manufacturing systems, the versions of software have typically changed numerous times, and multiple users have accessed the system to change the software or hardware configurations, sometimes without proper tracking and authorization.
Even when the MS requires a password to gain access, the passwords can be shared, compromised, forgotten, and the like. Similarly, if the system requires a key, access card or badge, such items can be stolen, duplicated, lost, forgotten, etc. Additionally, once a user has gained access to the MS, it is possible that the user fails to record the configuration changes made, and so if there is a safety issue it is difficult or impossible to determine the configuration of the manufacturing system at the time of the incident.
Furthermore, in environments requiring safety audits, for example, SIL 3, CAT 4 or others, it is cumbersome to provide a safety audit report, since various users of the manufacturing system fail to keep adequate records. As explained earlier, with larger MS, it becomes more difficult to establish a safety audit database and in many cases the database is untrustworthy. In other words, even if a safety audit system is in place it may have only captured a small percentage of the configuration changes made to the MS.
Moreover, employing programmable electronics can also create new hazards and/or exacerbate existing hazards. It is anticipated that fatalities, injuries, and near misses will increase as the number and complexity of programmable electronics increases with the need to remain competitive. It is critical that safety systems evolve along with programmable electronics in order to reduce safety issues. Moreover, cooperation of a user is typically required to record the configuration changes electronically using a PDA, laptop computer or computing device, and for the change record to be stored in a database. As the user makes configuration changes to the MS the user is required by the company to record those changes electronically. Again it incumbent on the user to record and changes so that an accurate safety audit trail is established. If the user fails to record the change to the system the database is incomplete.
Therefore, there is a need to overcome the aforementioned exemplary deficiencies associated with conventional systems and devices.