ProMach: Performance, Packaged Performance, Packaged

End of Line Packaging

Expect Innovation

Answering the question: What does “Category 3 Safety” mean?

As more and more companies start to look at automation in their production lines, worker or operator safety is an important part of the decision-making process.  If you are new to automation, trying to gain an understanding of what is included with a standard machine may not be easy.  At a very high level, Category 3 refers to a design principle used by the engineering teams. It means that the machines are designed to not only check for faults but also have redundant circuits for all safety functions.

Category 3 Safety
Cat III safety circuit with safety controller, using two channel control outputs through the e-stops back to separate safety inputs on the controller, for the guard doors we use test outputs through 2 channels back to separate safety inputs into the safety controller.

Taking a step back, how is this different from Category B, 1 or even 2 design criteria?  In Category B and 1, the designs are dependent upon the reliability of the system or circuit components.  In other words, if the system is under normal conditions, the components reliability should equate to the reliability of the overall system.  However, in the case of a component failure or system failure, it means that the failure could also affect the safety function.

Category 2 design criteria on the other hand, requires detection of faults at regular intervals.  As the machine powers up and other pre-determined intervals after that, there is a scan to see if any component failures exist.  The challenge of course, is that if there is a failure or fault in between scans, there could be a fault or failure that affects the safety function.  In other words, safety functions are again at risk in between scans for failure.  This type of design criteria does consider that components will fail, and it looks to detect the failures before unsafe operating conditions happen.

Category 3 builds upon the principles in Category 2 with the monitoring or scanning for faults, but it adds redundancy as well.  The machine is designed to have 2 circuits to maintain the safety functions.  This means that if there is a fault on one circuit there is a secondary circuit to ensure that the safety function remains operational until the fault can be detected.  For the safety circuit to fail completely, the machine would have to have faults on both circuits in between scans.

In practice this means for every door switch, E-Stop, and safety switch are designed in such a way that if there is a fault on circuit, there is a redundant circuit to ensure that safety function will always work when needed.  This design principle also extends to motion or air elements. They too have redundant circuits to ensure that if an operator activates a safety function that it does not fail due to a circuit fault.