Question: Is it allowed to use an HMI for reset and start of a machine?
Answer: We recommend to use a separate pushbutton for the reset of a machine, and avoid using an HMI for this. For the start function it is OK to use an HMI. The reasoning behind this is explained below.
The standard EN ISO 13849 states in 5.2.2 Manual reset function
“If indicated by the risk assessment, this cancellation of the stop command shall be confirmed by a manual, separate and deliberate action (manual reset).
The manual reset function shall:
- Be provided through a separate and manually operated device within the SRP/CS;
- Only be achieved if all safety functions and safeguards are operative;
- Not initiate motion or hazardous situation by itself;
- Be by deliberate action;
- Enable the control system for accepting a separate start command;
- Only be accepted by disengaging the actuator from its energized (on) position.
The performance level of safety-related parts performing the manual reset function shall be selected so that the inclusion of the manual reset function does not diminish the safety required of the relevant safety function.
The reset actuator shall be situated outside the danger zone and in a safe position from which there is good visibility for checking that no person is within the danger zone.”
The requirements on a reset function to be provided through a separate device indicates that an HMI is not allowed, since the HMI can have a lot of other functions as well. There is also a requirement to have good visibility of the danger zone when performing the reset, which is not always true for HMI’s. Hence we recommend to use a separate push-button for the reset function.
The requirements of the reset function not diminishing the performance level of the safety function should be handled by triggering on the release of the reset button (falling flank), which can also be seen in the requirement to only accept reset by disengaging the actuator from its energized position. We also recommend to monitor the length of the positive signal from the reset button, to ensure that it is long enough not to just be a glitch, and short enough not to be stuck. In Pluto Safety PLC these requirements are met using the ready-made function blocks with Reset.
In order to make an exception and use an HMI for the manual reset function, the HMI must be placed so that it provides the operator with good visibility of the danger zone, and the reset signal should be handled by a function block in Pluto Safety PLC.
The European Machinery Directive 2006/42/EC states in 1.2.3 Start
“It must be possible to start machinery only by voluntary actuation of a control device provided for the purpose.”
An HMI can be seen as a device provided for the purpose of starting a machine, although it is not the only purpose. But since the Machinery Directive does not require it to be a separate device, it is OK to use an HMI for start.