Fault Exclusions for Category 3

The reliability of a Electro Mechanical (EM) safety interlocks (also known as Type 2) is based on it’s proper use, wiring and implementation within an application. Category 3 requires that a single fault should not lead to the loss of a safety function but the accumulation of faults can lead to the loss of the safety function.  

Type 2 interlocks  have both an electrical and a mechanical aspect to them. They are wired electrically but they operate electrically and mechanically. To ensure Cat 3 compliance, we need to ensure that no single failure leads to a dangerous failure, which leads to designing the function with redundancy and monitoring. 

A single fault failure should be designed for both aspects of the interlock, electrically and mechanically. 

  • From an electrical perspective we can achieve redundancy by wiring the interlock electrically with dual channels back to a safety relay, safety controller or safety PLC.
  • From a mechanical perspective it is difficult to achieve redundancy without adding another interlock, as there are various; mechanical single point failures on EM interlocks that can lead them to fail dangerously. Within ISO 13849-2 we have a list of some of the mechanical failures that can be excluded on interlocks if some safety measures are implemented. This is allowed for Cat 3 but not for Cat 4 applications. If proper measures are taken against those mechanical faults, then Cat 3 / PL d can be achieved by using one interlock.

Here are some of the fault exclusions that should be considered when designing a Cat 3 circuit with a Type 2 safety interlock:  

  • If the hinging or sliding gate to which the actuator (key) is mounted gets miss-aligned, the actuator could hit the actuating system (head of interlock) of the Interlock in a position it is not designed for. This could lead to the actuating system to shear or get damaged, often leading to the interlock failing unsafely. To exclude the fault of the miss alignment of the gate, additional mechanical alignment for the gate shall be designed and constructed to withstand 2x the maximum force the gate would be subject to in its lifetime. 
  • If the hinging or sliding gate to which the actuator is mounted, starts sagging, there is a high potential for the weight of the door to get focused on the actuator and then on the actuating system of the interlock. That could lead to the actuating system getting damaged or the actuator breaking off the guard and remain stuck within the actuating system with the gate open. To exclude the sagging of the gate, additional mechanical alignment for the gate should be designed and constructed to withstand twice the maximum force the gate would be subject to in its lifetime. Period inspections of the alignment mechanism and interlock, is needed to ensure its operation  
  • If the interlock is used as an end stop for the gate, that could cause damage to the actuator and internal cam of the actuating system and could lead to a dangerous failure of the interlock. Per ISO 14119 a Type 2 interlock should not be used as a door stop, there needs to be separate stop for the gate that ensure that the gate comes to a complete stop on it and not on the interlock.  
  • Actuators of the electromechanical interlock should be mounted tightly and should require a tool  for their removal  
  • Select an EM interlock suitable for your applications, EM interlocks operates electromechanically. They are susceptible to dust, washdown, sand, metal shavings, etc.) need to be considered when selecting the interlock, as the elements make a big impact on the lifetime of the EM Interlocks actuating system. Review closely the manufacturer requirements to make sure that the interlock is suitable for your application  

In summary, Cat 3 / PL d requires that a single failure does not lead to the safety function. A Type 2 interlock can fail dangerously mechanically in various ways. Fault exclusion is required to ensure that all failure points on an interlock are guarded against and inspected regularly. See the Inspection of Machine article which goes over the inspection of risk reduction measures