Programming Safety into Your Systems
By David McCarthy, TriCore, Inc.
Whether it’s a soft drink or dairy operation, safety is a top priority in high-throughput food processes. Yet ensuring the safety of products and personnel in automated fluid manufacturing systems is not without challenges, especially since no two automated systems are alike.
The Trinity of Safety
The place to start any discussion of safety begins with an examination of what we are trying to protect. At the top of every list should always be people. This includes the people interacting with the automated equipment; the maintenance staff that takes care of the equipment; and uniquely in the food industry the people who consume the product the food plant manufactures.
Many opportunities exist in all manufacturing plants to damage equipment if not operated properly. This is especially true in many automated fluid food processing facilities. A modern control system will coordinate and operate all automated process equipment in a predictable, safe manner.
The final piece to the safety puzzle is product integrity. If bad product gets out the door, repairing your damaged reputation, as hard as that may be, could be the least of your worries. Product safety at its core is about making exactly what you intend, time and time again, the way you intended to make it. It’s not just about getting the formulation correct; it’s about making sure your final product remains intact from point of creation, through your manufacturing and packaging processes, out to the consumers.
Even though the particulars may vary greatly from plant to plant, the principles involved in creating intrinsically safe automation systems that protect people, product and equipment can be quite similar. Let’s look at some examples as to how this might work in the real world.
Find Where Your Risks are Lurking
The highest concentration of operational risks is in areas that are semi-automated, those operations that mix automated equipment operations with manual human operations. In these situations, the most important consideration is how best to prevent unsafe operations from starting in the first place. This is where the right balance of sensors and programming come together to produce the safest operations possible.
A good example from fluid food manufacturing is flow transfer plates. This is a common approach used in routing fluid ingredients, products and cleaning solutions throughout a plant. This consists of a group of pipes terminated on a metal plate on one side, with corresponding pipe openings on the other. There are U-shaped “swing” connections to connect pipe “A” to pipe “B,” to accomplish various routings through the plant. Often more than one set of connections can be made at a time. Unused openings are capped. These connections and capping are done by hand.
When fluid moves through these plates, human contact with the fluid stream could result in injury due to high temperature, pressure or other factors. As these connections and caps are manually performed by people, to safely route fluid streams through the transfer plate, it is essential for the control system to sense the connections on the plate. Before allowing a transfer to start, a safe automation system will use proximity sensors to insure the swing connections were done properly.
It is interesting to note that what protects people in this instance, also by default protects product. A safe system will use the same sensors to prevent inadvertent mixing of different products, or directing cleaning solution to a tank full of product, or a host of other catastrophes.
When people and automated equipment mix, it is always a good idea to place emergency and control stops throughout the process. An emergency stop is typically a hardwired button that will immediately deactivate outputs associated with a particular control panel. A control stop will perform similar actions across an entire area.
Special considerations need to be given to the maintenance staff that takes care of the processing equipment and automation components. Local lockouts are necessary to prevent equipment from unexpectedly activating while maintenance is being performed. There are a large variety of technical considerations that must be addressed in the electrical design of the control system to minimize the risk of injury or death due to electrical shock. Intrinsically safe systems are not just limited to the programmed operation of the system, but are designed from the system components up.
Separating the Safety Messages from the Noise
Even in completely automated systems, human response to automated safety alerts can be a concern. Fluid food plants commonly deal with heated ingredients and products, often under pressure, which, if not handled properly, can lead to issues in any one of our people, product and equipment safety categories. Process alarms associated with temperature, pressure, level and flow are common in modern automated food plants, as well as a host of operational alarms. They all come with their own unique set of challenges. One of the most common across the board is separating out actionable items from the rest.
With the advent of digital security controls and visualization systems around the mid- 80s, alarm enunciation became cheap and easy to implement. This caused an unintended consequence of having so many alarms that it became unmanageable for operations staff. Today many designers are taking a new direction, attempting to head off the issue of alarm overload at the root.
It is too easy in today’s modern automation systems to configure all sorts of alarms that serve no real purpose. A balance between well vetted alarm responses incorporated into the core functionality of the system, and elimination of un-actionable alarms, addresses some of the root causes of excessive alarming. A modern control system does more to mitigate alarm overkill on the operations staff. On operator computer workstations, only those alarms associated with the default operational area of that workstation are displayed. This reduces the amount of information a particular person needs to deal with, although it is always be possible to view any alarm if desired.
It is sometimes also helpful to provide a way to temporarily suppress nuisance alarms, provided such suppression is visible, traceable and can be done without significant risk to operational safety. A good example might be a sensor on a valve, providing independent feedback on the valve’s actual position. If a discrepancy is sensed between the actual and expected position of the actuator after allowing for valve actuation travel time, an alarm is typically generated (and fault response behavior might be initiated). Ninety percent of the time when this occurs, the fault is typically in the sensor, not the valve. Until such time that the sensor can be recalibrated, repaired or replaced, allowing the ability to suppress the alarm in a visible, traceable manner will cut down on the background chatter. This can help to bring actionable safety notices to the forefront.
One big caveat must be noted regarding alarm suppression. Masking component failure alarms likely also suppresses fault response and safety programming associated with that device. This could be of low or high potential consequence, depending on the circumstances. Such masking should always be done judiciously and only for short periods, just enough to repair or replace the faulty component. Operations and supervisory staff should always be in the loop in these circumstances, as extra care should be taken when operating a system in this manner.
Scheduling for Safety
Flexible, efficient scheduling of product runs can be a challenge in any operating food plant. For example, if you are making light-colored vanilla pudding it is often permissible to follow with a dark-colored chocolate pudding on the same equipment. This can be without a full cleaning regimen taking place in between, provided that you have not operated the equipment past its recommended run time. Reverse that production order, and residual traces of chocolate color can ruin your vanilla production run. Food processors have to deal with issues like this all the time.
Of more concern than ruining your product in the above manner, is the potential carry-over of allergenic ingredients into another product run on the same equipment. A safe automation system will help with the management of production runs to prevent cross product contaminations. Such systems force appropriate cleaning regimens between certain classes of products where required, to protect product integrity and prevent potential ingredient allergenic contamination. They can also prevent the use of product rework containing allergens in non-allergenic products.
Managing product integrity and allergenic cross contamination is a top priority for food processors. A modern automation system can assist with optimum product scheduling for maximum efficiency while mitigating cross contamination risks.
Compliance is Golden
All food processing plants deal with a myriad set of regulatory compliance issues; it is an integral part of being a food manufacturer. There is a lot to keep track of to satisfy the appropriate governing authorities that the food products produced at a manufacturing facility are safe for consumption.
If designed properly, a modern control system can help. Control systems can keep track of which ingredient lots were used in which product runs; which lots were packaged in which product stock-keeping units; and what operators did what, where and when. They are excellent at keeping track of what products were made, when they were made, and all the details of the cleaning profiles between product runs. If done properly, a well-designed control system can provide secured regulatory compliance information to make your life easier.
The Final Solution
A modern automation system can be an invaluable asset in managing the integrity of your product, and securing the safety of your people and processing equipment. If done properly, this often yields the highest operating efficiencies of your processing equipment. From preventing industrial accidents, to preventing product cross contamination and recalls, to making your product in the most efficient manner possible, putting safety first in your control systems will give a big boost to your bottom line.
David McCarthy is the president and chief executive officer at TriCore, Inc. Find more information at www.tricore.com.