This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Close

Meeting fault masking standards using trapped keys

02 December 2014

The phenomenon of fault masking (unintended resetting) when connecting multiple volt-free contacts in series into a safety monitoring device is now covered in EN ISO 14119. Rob Lewis describes the options that are available to prevent fault masking.

Four locks mechanically linked to a single force break switch with dual, normally closed contacts. These contacts cannot be closed until all keys are returned to the unit, and it is impossible to remove a key without breaking the contacts
Four locks mechanically linked to a single force break switch with dual, normally closed contacts. These contacts cannot be closed until all keys are returned to the unit, and it is impossible to remove a key without breaking the contacts

In simple terms, if gate switches are wired in series, then it is still possible to reset the safety circuit even after a short circuit has occurred on one part of the circuit, as one of the other gate switches can still open both circuits allowing the fault to be cleared from the safety relay/PLC.

The effect is so pronounced that for a system with more than one frequently opened guard, the level of Diagnostic Coverage (DC) falls to zero, resulting in a performance level (PL) reduction to a maximum of PLc. To prevent this reduction in PL, there are three solutions:

- Do not use series wiring (daisy chain wiring); instead use a safety relay for every interlock.
- Use interlocks that incorporate built-in diagnostics or network diagnostics.
- Use a trapped key interlock system that can open multiple doors from just one switch.

The first two of these options come with quite a cost impact, so how can a trapped key configuration overcome the issue?

The trapped key option
The principle of using trapped keys to open multiple doors is shown in the illustration. In this example, four locks are mechanically linked to a single force break switch with dual, normally closed, contacts. These contacts cannot be closed until all keys are returned to the unit and, in reverse, it is impossible to remove a single key without breaking the contacts.

Once the keys are released they go to the four door locks. Only with the key in the door lock can you open the door and, with the door open, the key is trapped in the lock (and so unable to return to the switch unit). As there is only one set of safety contacts, there is no risk of fault masking and only one set of safety I/O is required to cover the whole cell.

Another benefit of this system is that the switch can be mounted wherever it is most convenient to do so (not necessarily at the door), allowing the unit to be mounted at the main control panel, significantly reducing wiring costs. 

In my opinion, a trapped key interlock system is ideal in meeting fault masking standards set out in EN ISO 14119. It has advantages over using safety relays, or incorporating built-in diagnostics, in that it saves on the number of safety I/O required and results in large savings in wiring costs. 

Fortress Interlocks has been at the forefront of safety interlocking for over forty years. The company's mGard range is the only trapped key product with TUV approval to PLe.

Rob Lewis is managing director of Fortress Interlocks


Contact Details and Archive...

Print this page | E-mail this page

Minitec