What are the attributes of an emergency stop pushbutton?

Electromechanical Switches
,
1

The emergency stop pushbutton is a common user interface for industrial control and automation equipment. The robust device is “mashed” in an emergency to place a machine or process into a safe state. The large red device with yellow accents such as the Schneider Electric XB5AS8444 shown in Figure 1 is easy to identify.

This engineering brief will explore the physical and electrical attributes of the emergency stop pushbutton and provide a brief exploration of how this critical safety device is integrated into a larger system. The emergency stop pushbutton’s attributes are defined in terms of visibility, redundancy, and continuous monitoring with routine testing and inspection as vital considerations.

image
image975×731 63 KB

Figure 1 Image of the Schneider Harmony XB5AS8444 emergency stop pushbutton. The 22 mm latching mechanism is to the left with the twin normally closed switches to the right.

Tech Tip: The emergency stop pushbutton features normally closed contacts. This is a critical requirement as it allows continuous monitoring of the switch contacts. A broken wire or a short circuit fault may be detected thereby shutting down the defective machinery. A normally open switch would be inappropriate as there is no way to tell the difference between an open switch and a broken wire.

Physical attributes of the emergency stop pushbutton

There is no time to think in an emergency.

This single thought is incorporated into design of the emergency stop pushbutton and associated equipment. The head of the emergency stop device is red. It is also physically larger than the other control panel switches. The size and color make the switch easy to locate in an emergency.
The switch features an internal latch mechanism. Once pushed, the emergency stop pushbutton remains in the off position. From a human factors perspective, the switch is easy to activate but hard to reset. Stated another way, the emergency stop state is entered with a single push action. However, most switches such as the featured Schneider Harmony device require two actions including a twist and then a pull to release the mechanical latch.

Tech Tip: Machine design encompasses the electrical functions as well as human factors considerations. Electrically, the switch has a straightforward function of removing all sources of energy thereby eliminating the immediate hazard. However, care must be taken to prevent unanticipated restarts when the machine is reset. This is one of the reasons latched pushbutton start-stop controllers are prevalent as opposed to the dangerous selector switch control. It is preferable to add a layer of protection by implementing a separate start or reset pushbutton that must be activated after the emergency stop is released. In the mind of the operator, the emergency stop function is independent of the machine start operation.

Figure 2: Image of the assembled Schneider Harmony XB5AS8444 emergency stop pushbutton. Observe that there are two normally closed switch contact blocks.
Figure 2: Image of the assembled Schneider Harmony XB5AS8444 emergency stop pushbutton. Observe that there are two normally closed switch contact blocks.975×426 41.3 KB

Figure 2: Image of the assembled Schneider Harmony XB5AS8444 emergency stop pushbutton. Observe that there are two normally closed switch contact blocks.

Tech Tip: Routine testing and inspection of the emergency stop is just as important as visibility, continuous monitoring, and redundancy. This protects against physical failure of the switch body or damaged / loose contact blocks.

Electrical connections

Figure 2 shows the assembled emergency stop pushbutton. Observe that the switch is configured and sold with two normally closed ZBE-102 switch contact blocks. This fact implies that redundancy is an important consideration for the emergency stop switch.

Safety Relay

A complete discussion of industrial control and automation safety system is beyond the scope of this article. However, a brief description of the representative Schneider Electric SBAC14AC safety relay as shown in Figure 3 is warranted.

With regards to the emergency stop switch, the safety relay will continuously monitor both emergency contacts switch blocks. Failures such as a broken wire or a short circuit will immediately be recognized. The safety relay will then shut down the associated equipment removing the safety hazard.

The Tip: The safety relay is typically implemented as an independent safety mechanism. Here the term independent is best interpreted as hard-wired logic independent of a Programmable Logic Controller (PLC). This is an important consideration as it implies that the safety functions are largely independent of software. The situation becomes more complex when specially designed safety PLCs are used. The designer must take great care to separate the control and the safety aspects for safe and orderly shutdown of equipment.

Figure 3: The Schneider Electric SBAC14AC safety relay provides continuous monitoring of the redundant emergency stop switch contacts.
Figure 3: The Schneider Electric SBAC14AC safety relay provides continuous monitoring of the redundant emergency stop switch contacts.975×975 65.5 KB

Figure 3: The Schneider Electric SBAC14AC safety relay provides continuous monitoring of the redundant emergency stop switch contacts.

Conclusion

The emergency switch is one part of a larger safety system. The switch itself is described in terms of visibility and redundancy. The integrity of the system is increased when the safety system monitors the redundant contacts. Finally, no system is 100% safe without routine testing and inspection.

We would like to hear from you. Please leave your comments and suggestions in the space below. Also, be sure to test your knowledge by answering the questions and critical thinking exercises that appear at the end of this note.

Best wishes,

APDahlen

Return to the Industrial Control and Automation Index.

About this author

Aaron Dahlen, LCDR USCG (Ret.), serves as an application engineer at DigiKey. He has a unique electronics and automation foundation built over a 27-year military career as a technician and engineer which was further enhanced by 12 years of teaching (partially interwoven with military experience). With an MSEE degree from Minnesota State University, Mankato, Dahlen has taught in an ABET-accredited EE program, served as the program coordinator for an EET program, and taught component-level repair to military electronics technicians. Dahlen has returned to his Northern Minnesota home and thoroughly enjoys researching and writing educational articles about electronics and automation.

Highlighted Experience

Dahlen is an active contributor to the DigiKey TechForum. At the time of this writing, he has created over 150 unique posts and provided an additional 500 forum posts. Dahlen shares his insights on a wide variety of topics including microcontrollers, FPGA programming in Verilog, and a large body of work on industrial controls. You can find Dahlen’s related industrial articles at Industrial Control and Automation Index.

Connect with Aaron Dahlen on LinkedIn.

Questions

The following questions will help reinforce the content of the article.

  1. Why is a normally closed switch contact used for the emergency stop assembly.

  2. Why are two normally closed switches used for the emergency stop assembly.

  3. True / False: A normally closed switch contact should be used for all signals to stop a machine.

  4. True / False: A normally open contact should be used for all signals to start a machine.

  5. Provide an explanation for the previous two True / False questions. Hint: What could go wrong?

  6. Describe the machine’s response when one of the normally closed contact blocks physically falls out of the emergency stop switch assembly.

  7. Explain the importance of each emergency switch attributes:
    A) Visibility
    B) Continuous monitoring
    C) Redundant
    D) Regular testing

  8. What is the purpose of a safety relay when used in conjunction with an emergency stop switch.

  9. Describe the symptoms of an intermittently loose wire associated with an emergency stop. Assume that a safety relay is used.

  10. Why is it dangerous for a machine to automatically restart when the emergency start’s latch is reset?

  11. Describe at least two redundant features of a safety relay.

  12. Why do some emergency stop switches have a physical lock and key?

Critical thinking questions

These critical thinking questions expand the article’s content allowing you to develop a big picture understanding the material and its relationship to adjacent topics. They are often open ended, require research, and are best answered in essay form.

  1. Suppose the physical latching mechanism inside an emergency stop switch is broken. How should the machine respond?

  2. Research and summarize the ISO 13850, IEC 60204-1, and NEMA ICS 1.1 codes as they relate to the emergency stop switch.

  3. All things considered, why is it desirable to construct simple emergency stop circuitry?

  4. Research the concept of the “Master Control Relay.” Is this a reasonable safety mechanism? For full credit address the necessity of continuous monitoring and redundancy.

  5. Research and then describe the similarities of the “safety PLC” to the safety relay.

  6. What machine and human factors are considered when conducting a Safety Integrity Level (SIL) risk assessment?

1 Like