If you have an interest in robot safety of industrial robots, you don’t have to search far to find videos of industrial robots flawlessly stopping upon collision with various obstacles – this could be anything from people to water bottles or balloons. The common message is along the lines of “see how safe our robot is”. While these videos can be somewhat entertaining, they don’t quite encapsulate the entirety of robot safety.
Why is simply considering the sensitivity of a safety function insufficient to assess the level of safety provided?
The Dual Aspects of Robot Safety
I want to focus here on two aspects of robot safety:
Sensitivity. The amount of force it will take to get the robot to stop. For simplicity we can think of this as a force measurable in newtons (actually measuring this force is not a trivial matter as it depends on several factors including the speed of motion, but let’s ignore that for now).
Reliability. This is the likelihood that the function stopping the robot works as it should. The typical measure for this is the Probability of Dangerous Failure per Hour (PFHd). This is a well-established term which originates in the functional safety standards (ISO 13849-1 and IEC 61508 series) and describes the risk that a safety function fails in a potentially dangerous way.
So, while our balloon-bumping robot does illustrate sensitivity, it fails to address the crucial aspect of reliability. The robot performed safely in that instance, but can we trust it to do so tomorrow or the day after?
The Dynamics of Sensitivity and Reliability
So, if you cannot simply look at a video in order to figure out “how safe a robot is” (I put that in inverted commas, as robots on their own really can’t be considered safe or not, this can only be determined for the final application) what should you then consider?
The reality is that both sensitivity and reliability play a critical role in safety:
Sensitivity can almost be simplified to a binary variable. A robot is either sensitive enough for the application or it isn’t. A robot stopping at a feather’s touch is not necessarily safer than one halting at a water bottle’s touch, as long as both actions don’t inflict harm. The ‘safe’ sensitivity level for a robot application needs to be determined as part of doing the risk assessment. ISO/TS 15066 provides guidance on acceptable force levels.
Reliability, quantified by the PFHd value, on the other hand, should ideally be as low as possible. For most applications of industrial robots, the PFHd for the safety functions must be less than 10-6 failures/hour, this is equivalent to PLd in the terminology of ISO 13849-1 or SIL 2 in IEC 61508 terms. Please note that the requirement for a PFHd of less than 10-6 failures/hour is actually for the entire safety function, so in case some external safety equipment is needed you will need a robot with a PFHd value which is good enough for the entire application to stay below 10-6 failures/hour even when you factor in the PFHd of the external safety equipment. The PFHd values for the various safety functions for the robot and possible external equipment can be found in the product documentation.
Can High Sensitivity Be A Disadvantage?
Interestingly, while high sensitivity is often touted as a benefit, it can sometimes compromise safety. As this claim is not completely intuitive, I would like to spend a little bit of time elaborating.
Imagine two different robots which in all regards are identical (same payload, reach, PFHd values etc.), except for the sensitivity of the force limiting safety functions. Where one robot has a sensitivity of 1N and the other has a sensitivity of 50N. The question is which one is safer in a real world application?
If we consider the values in ISO/TS 15066 we can see that both robots are sufficiently sensitive to stay within the guidelines (please bear with me that I’m grossly oversimplifying things here, but the point remains valid). And if we assume that the PFHd values for both robots are below the 10-6 failures/hour threshold the immediate conclusion is that both robots are sufficiently safe.
However, the ultra-sensitive robot may face an issue of ‘nuisance stops’ caused by minor disturbances like a loose cable or an accidental touch. Nuisance stops in itself isn’t really a safety problem, the problem is how it affects the behavior of the people around the robot. Nuisance stops are really annoying for the user of the robot (for good reason, they kill productivity), so they can be a sufficient source of motivation for someone to try to bypass or disable the safety function altogether.
Generally speaking, a well-designed safety function should strike a balance – it should be sensitive enough to ensure safety but not so sensitive that it encourages workers to circumvent it. The very best safety functions are the ones which keep you safe, without you ever noticing.
So next time you come across a video showcasing a robot’s safety function, remember, there’s more to the story. Safety requires thoughtful consideration and understanding. It’s not about the robot stopping at the mere touch of a balloon; it’s about ensuring that the robot consistently and reliably performs safely in its operational environment.
Editor’s Note: This article was syndicated, with permission, from Universal Robots’ blog.
Leave a Reply
You must be logged in to post a comment.