The present invention relates to a safety controller and a method for controlling an automated installation which comprises a plurality of sensors and a plurality of actuators.
A safety controller in terms of the present invention is an apparatus or an arrangement, which receives input signals provided by sensors and produces output signals therefrom by means of logic combinations and sometimes further signal or data processing steps. The output signals can be supplied to actuators, which then effect specific actions or reactions in the environment on the basis of the input signals.
A preferred area of application for safety controllers of this kind is the monitoring of emergency-off pushbuttons, two-hand controllers, guard doors or light grids in the field of machine safety. Such sensors are used for safeguarding a machine, for example, which presents a hazard to humans or material goods during operation. When the guard door is opened or when the emergency off pushbutton is operated, a respective signal is produced which is supplied to the safety controller as an input signal. In response thereto, the safety controller then uses an actuator, for example, to shut down that part of the machine which is presenting the hazard.
In contrast to a “normal” controller, a characteristic of a safety controller is that the safety controller always ensures a safe state of the installation or machine presenting the hazard even if a malfunction occurs in it or in a device connected to it. Extremely high demands are therefore made of safety controllers in terms of their own fail safety, which results in considerable complexity for development and manufacture.
Usually, safety controllers require particular approval by competent supervisory authorities, such as by the professional associations or the TÜV in Germany, before they are used. In this case, the safety controller must observe prescribed safety standards as set down, by way of example, in the European Standard EN 954-1 or in comparable standards, such as Standard IEC 6158 or Standard EN ISO 13849-1. Subsequently, a safety controller is therefore understood to mean a device or an arrangement which at least complies with safety category 3 of the cited European Standard EN 954-1.
A programmable safety controller allows a user to individually define the logic combinations and any further signal or data processing steps according to his needs using a piece of software that is typically called the user program. This results in a great deal of flexibility in comparison with earlier solutions, in which the logic combinations were defined by selected hard-wiring of various safety devices. By way of example, a user program can be written using a commercially available personal computer (PC) and using appropriate set-up software programs.
Besides actual detection of a malfunction and triggering appropriate countermeasures used to transfer the controlled machine or installation to a safe state, it is also important to provide the user of the controlled machine or installation or another person with information about a malfunction that has occurred. Therefore, it is desirable to display a diagnosis report which represents the malfunction on a display unit. Heretofore, a displayed diagnosis report is dependent only on the malfunction that has been ascertained by an appropriate diagnosis unit. Detection of a malfunction corresponds to the ascertainment of which of a plurality of system states for a safety controller is present at a defined instant of time.