More than just protection: A look behind the scenes of safe automation technology

For a long time, the maxim when it came to safety was to safe­guard machinery using strict, inflex­ible con­cepts – a method that was effec­tive, but rigid. That’s why at first glance, there appears to be no room for new tech­nolo­gies in machinery safety. Almost by def­i­n­i­tion, it is a con­ser­v­a­tive com­po­nent in con­trol and automa­tion tech­nology. Another reason is that safety, unlike hardly any other area, is shaped by laws, stan­dards and norms. These change only rarely and deter­mine what is and is not per­mitted.

How safety and innovation go together

Industry is con­stantly working to improve tech­nical approaches, processes and pro­duc­tion sequences in order to opti­mise effi­ciency and costs. Safety must address com­pa­rable chal­lenges in the field of automa­tion tech­nology.

This is not pos­sible without breaking new ground. One example is the PNOZ – Pilz, NO for “NOT-AUS” (German for E‑STOP) and Z for “zwangs­ge­führt” (pos­i­tive-guided). Launched by Pilz in 1987, it was the first safety relay to reli­ably stop machinery in the case of danger. It was smaller than the con­ven­tional cir­cuit, easier to handle and, above all, safer – as con­firmed by a cer­ti­fied type approval test. This came at a time when machinery safety was becoming increas­ingly impor­tant also from a legal per­spec­tive, but at the same time had to be imple­mented as simply as pos­sible for plant oper­a­tors.

In 1995, Pilz dared to take an even bigger step: leg­is­la­tion at the time expressly pro­hib­ited the use of elec­tronics for safety func­tions in con­trollers. Nev­er­the­less, Pilz recog­nised the poten­tial and launched the first freely pro­gram­mable safety con­troller PSS 3000 in 1995. The legal require­ments only changed fol­lowing tough nego­ti­a­tions with fed­eral min­istries and Euro­pean com­mit­tees. PSS 3000 paved the way for the IEC/EN 61508 series of stan­dards pub­lished in 2001, which still today is regarded as the basic stan­dard for func­tional safety.

“Pilz has grown in tandem with machinery safety, but machinery safety has also grown in tandem with us,” says Jürgen Kitzing, sum­marising. He and his team are respon­sible for get­ting Pilz prod­ucts approved by TÜV, BG and others. “Pilz made indus­trial his­tory,” says Berthold Heinke, looking back. Until 2018, he was Head of the Elec­tronics Com­pe­tence Centre of the German employers’ lia­bility insur­ance asso­ci­a­tion for wood­working and met­al­working (BGHM). For decades, Pilz has worked closely with employers’ lia­bility insur­ance asso­ci­a­tions and approval bodies, so that new tech­nolo­gies can be trans­lated into prac­tical, safe prod­ucts. Pilz repeat­edly presents these insti­tu­tions with tough nuts to crack. The 220 patent fam­i­lies held by Pilz, i.e. the reg­is­tered inven­tions, is evi­dence of this alone.

How safe products are developed

Designing a func­tion­ally safe product is one thing, imple­menting it is quite another. But what makes a product func­tion­ally safe in the first place?

Func­tion­ally safe means that all of a machine’s safety-related func­tions are imple­mented in such a way that any error will not lead to the loss of the safety func­tion and, as a result, an acci­dent on the machine is safely pre­vented.

To achieve this, a safety product must be able to do two things: Firstly, it must be able to react to random hard­ware errors, if a com­po­nent should fail or in the event of mechan­ical damage, for example. This is rel­a­tively easy to resolve by ensuring that the indi­vidual com­po­nents are redun­dant, i.e. dupli­cated.

On the other hand, it is also impor­tant to avoid sys­temic errors, such as errors in the hard­ware or soft­ware pro­gram­ming. This is sig­nif­i­cantly more com­plex. Take a look at the work of soft­ware devel­opers and you’ll see: the actual pro­ce­dure for pro­gram­ming safety barely dif­fers from that used for stan­dard automa­tion soft­ware. The dif­fer­ence lies in the detail: “Safety can only be achieved through clean working prac­tices, recur­ring reviews and exten­sive testing. That means a lot of effort,” explains Matthias Holzäpfel, Vice Pres­i­dent Product Devel­op­ment at Pilz, who has worked as a devel­oper at Pilz for over 20 years.

He can con­firm: “When it comes to safety, expe­ri­ence pays. It’s impor­tant to share this wealth of knowl­edge inter­nally.” Pilz makes sure this hap­pens with its best prac­tice teams, for example, in which the devel­opers of dif­ferent prod­ucts share their expe­ri­ences and pass on their knowl­edge of best prac­tice.

Experience is good, a lived safety culture is better

At Pilz, it is Christoph Weishaar’s job to ensure that expe­ri­ence and rou­tine do not allow care to slip. He is the Safety Man­ager and Explo­sion Pro­tec­tion Officer. “Safety is any­thing but a fore­gone con­clu­sion. Espe­cially if there are no mis­takes over very long periods of time. Then there is a risk that impor­tant mat­ters will be over­looked or that nec­es­sary mea­sures will not be taken.”

As Safety Man­ager, he is the link between the tech­nology, the legal require­ments and the oper­a­tional appli­ca­tion of the prod­ucts. For example, if a poten­tially safety-related fault occurs in the field, it trig­gers an internal analysis process that looks at the fault in its entirety. Depending on the case, this may result in the affected cus­tomers being noti­fied or even in the product being redesigned.

Just as Pilz has its prod­ucts approved, so too does it have its func­tional safety man­age­ment (FSM) audited and cer­ti­fied by TÜV SÜD. In other words, the way in which prod­ucts are devel­oped and man­u­fac­tured safely. What’s more, since 2022, Pilz’s devel­op­ment process has been proven to be not only Safe but also Secure: TÜV SÜD has tested and cer­ti­fied Pilz’s devel­op­ment processes based on the stan­dard IEC 62443–4‑1.

Once product devel­op­ment is com­pleted, but before the external approval process begins, all new Pilz prod­ucts must still undergo testing in the company’s own lab­o­ra­to­ries, including an accred­ited EMC lab­o­ra­tory for elec­tro­mag­netic com­pat­i­bility with immu­nity tests and emis­sion mea­sure­ments. Pilz has also built mechan­ical test rigs and cli­mate cham­bers to sim­u­late extreme envi­ron­mental con­di­tions such as wet, cold and heat.

The prox­imity to product devel­op­ment has the advan­tage that product fea­tures can be tested quickly and simply, and product improve­ments can be tested directly on-site in the lab­o­ra­tory. Pilz’s lab­o­ra­tory has been accred­ited to DIN ISO 17025 by the German Accred­i­ta­tion Body (DAkkS) since 2004. This proves the quality and com­pe­tence of the test lab­o­ra­tory in accor­dance with inter­na­tional stan­dards and sim­pli­fies inter­na­tional product approvals con­sid­er­ably.

The most important number: Zero

One figure clearly illus­trates just how well Pilz man­ages to com­bine tech­no­log­ical progress, func­tioning devel­op­ment processes and prac­ti­cality: zero.

“A Pilz product has never caused an acci­dent — whether in industry on presses and pack­aging machines or in railway tech­nology or amuse­ment parks,” says Christoph Weishaar with pride.

Cus­tomers can rely on the fact that the pro­tec­tion of human, envi­ron­ment and assets is guar­an­teed. Today, how­ever, safe automa­tion tech­nology has to do more. “Good safety is unob­tru­sive, it nei­ther hin­ders the oper­ator nor impairs pro­duc­tivity,” explains Arndt Christ, Vice Pres­i­dent Product Man­age­ment. “On the con­trary: prop­erly dimen­sioned safety helps to pre­vent fail­ures and reduce down­times.”

How is this achieved? “Our prod­ucts always have a spe­cific task to fulfil, for example a gate guard locking device. So the appli­ca­tion per­spec­tive plays an essen­tial role in the design of our prod­ucts,” explains Arndt Christ.

One result of this is that Pilz offers spe­cial mod­ules or ver­sions of many of its prod­ucts for use in spe­cific areas, such as pack­aging, railway or burner tech­nology. Another is that Pilz places great value on func­tion­ality and user-friend­li­ness through the open­ness of its prod­ucts, simple and fast fault diag­nos­tics, reduced engi­neering times, intu­itive oper­a­tion and pro­gram­ming, for example.

Safe automation technology as the supreme discipline in automation

Ulti­mately it’s clear: safe automa­tion tech­nology is not devel­oped from good ideas alone, but from con­sis­tent, pre­cise and respon­sible action – and the courage to break new ground. The result: product solu­tions that not only pre­vent acci­dents and sup­port users in their everyday lives, but also give cus­tomers peace of mind when it comes to safety.