“Positive-Opening” safety interlocks are electromechanical switches designed with normally-closed (N/C) electrical contacts. These contacts, upon switch actuation, are forced to open by a non-resilient mechanical drive mechanism. (Spring actuators are not considered positive-opening mechanisms). One such interlock design is shown in the picture. This approved and widely used safety switch features a two-piece construction: an electrical switching mechanism and a geometrically-unique actuator key.

The actuator key is typically mounted to a movable guard - such as an access door, protective grating, equipment hood, or plexiglass safety guard. When the guard is closed, the actuator mates with the electrical switching mechanism. Upon displacement of the movable guard, the actuator key mechanically rotates a cam mechanism - forcing the N/C electrical contacts to change state, opening the safety circuit. With actuator key removed, normally-closed (N/C) electrical contacts are mechanically forced to open. Electrical contacts can only close upon reinsertion of the unique geometric actuator key.

For machine applications with residual motion after shutdown, key actuated interlocks are available with a solenoid latch which, in conjunction with a time delay, can delay access to hazardous areas.

“Positive-mode” mounting ensures that an electromechanical safety interlock switch is positively actuated when equipment or machinery shut-down is desired.

When mounted in the "positive-mode", the non-resillient mechanical mechanism, which forces the normally-closed (N/C) contacts to open, is directly-driven by the safety guard (eg. access door, protective grating, equipment hood, plexiglass safety guard, etc). In this mounting mode, the safety guard physically forces the N/C contacts open when the guard displacement results in an unsafe condition.

Positive-mode installation is especially important when using single-piece safety interlocks. This installation mode takes full advantage of the device's "positive-break" design - using both the safety guard's mechanical displacement and the applied external force to open the N/C contacts.

When mounted in the "negative-mode", the force applied to open the normally-closed (N/C) safety circuit contacts is provided by an internal spring. In this mounting mode the N/C contacts may fail to open when the safety guard is "open" (presents an unsafe situation to the machine operator).

When mounted in the "negative-mode", single-piece safety interlock switches can be easily defeated/circumvented by the operator...often simply by taping down the switch actuator when the safety guard is open (see picture). In addition, spring-driven, normally-closed (N/C) contacts can fail to open due to sticking, contact welding, or a spring failure. Under such circumstances the operator or maintenance personnel may be exposed to an unsafe condition. Consequently, where possible, two-piece, key-actuated, tamper-resistant safety interlocks are recommended.

Conventional "position" sensors are typically designed to use a spring force to open normally-closed electrical contacts. Such designs are subject to two potential failure modes.

- Spring failure
- Inability of the spring force to overcome "stuck" or "welded" contacts When "actuated", either situation may result in an unsafe condition due to failure to open the normally-closed contacts.

Consequently, such designs are not normally certified or recognised as suitable for safety applications eg. "movable barrier devices shall prevent the initiation of the machine tool due to a single component failure of the device".

Devices which feature a “positive-break” or “positive-opening” design carry the following internationally recognised safety symbol These designs meet the international requirements established for such safety switches and interlocks.

Increasingly, manufacturers are recognising the need for and their obligation to provide safety interlocks and barrier guards which are not easily defeated by the operator or other personnel. For example, the safeguarding of machine tools specifically requires:

- Barrier guards which protect against unauthorised adjustment or circumvention
- Interlock devices which are not easily bypassed

With the growing number of product liability cases, companies are designing with devices which are difficult to defeat. To further reduce their liability exposure, firms are selecting only those devices which have been tested and certified for use in safety applications by a recognised third-party agency.

Manufacturers are encouraged to surpass safety design expectations. Occupational Health and Safety Authorities (OHSA) world wide expect companies to go beyond mere compliance. They give greater benefit to firms who have designed their products with the latest state-of-the-art devices.

Control reliability implies that the safety device or system is designed, constructed and installed such that the failure of a single component within the device or system shall not prevent normal machine stopping action from taking place.but shall prevent a successive machine cycle from being initiated.

Safety systems which are "single component failure control reliable" meet the requirements of a Category/Level 3 safety-related control system as defined by the harmonised European machinery safety standard per EN954-1.

Self-checking: The performing of periodic self diagnostics on a safety control circuit to ensure critical individual components are functioning properly. Faults or failures in selected components will result in system shut-down.

Redundancy: In safety applications, redundancy is the duplication of control circuits such that if one component (circuit) should fail, the other (redundant) circuit, will still be able to generate a stop signal. When coupled with a "self-checking" feature, a component failure will be automatically indicated and the system disabled until the failure is corrected/ repaired.

Single-fault tolerance: A safety circuit is considered to be single-fault tolerant if no foreseeable single fault can cause a failure which will cause the safety circuit to be ineffective.

Positive-Guidance: Positively-guided relays are designed such that no normally open (N/O) contact can close before any normally closed (N/C) contact has opened. Rugged "fail-to-safe" control modules are available that incorporate the above functions to satisfy the "control reliability" requirements of existing safety standards.

"Fail-to-safe" safety interlocks are designed such that a component failure will cause the device to attain rest in a safe condition. This term is generally applied to electronic safety interlock systems using non-mechanical presence or position sensors (such as reed, proximity switches, etc). Such devices are often designed to feature redundancy, self diagnostics and positive-guided relays.

Please note:
“Solid state devices do not have a mutually exclusive normally-open, normally-closed contact arrangement.”
“Other methods must be used to monitor the performance of these devices”.

For example, reed switches are acceptable interlock sensors in safety applications provided they feature:
- a tamper-resistant “coded magnet”, and
- a fail-to-safe control module

One such system is shown below in Figure 3. Coded magnets required to actuate the sensor make it difficult for operators or maintenance personnel to“defeat”.

The fail-to-safe control module features redundant (two) safety relays with positive-guided contacts, dual (redundant) control circuits and self diagnostics which periodically check system operation. In the event of a component failure, the controller will cause the system to fall into a "safe" state.

Note: Reed switches used without an approved fail-tosafe control module do not satisfy safety requirements. Reeds are susceptible to sticking due to power surges, shock, or vibration. Additionally, reed switches tend to fail in the permanently closed position. This failure mode cannot be cured by a fuse. To ensure reliability of a safety circuit using reed-type switches, a fail-to-safe control module/circuit is recommended.

Heightened awareness and concern for worker safety has and is, precipitating compelling reasons for such upgrades or enhancements. These are embodied in a variety of industrial safety standards and guidelines against which equipment manufacturers and users' level of responsibility and degree of liability are measured.

Several of these current and emerging standards and guidelines are available from your local Health and Safety Authority.

Proper selection and installation of safety interlocks which have been tested and certified by an independent, recognised, safety commission/agency benefits the equipment manufacturer by:

- Satisfying safety standards and guidelines against which manufacturer's responsibility, in the event of an injury, is judged
- Providing greater protection from injury for machine operators, maintenance personnel, set-up and other user personnel
- Satisfying international safety regulations a must for all equipment manufacturers who wish to export to the European Economic Community
- Reducing liability risks
- Minimising Insurance claims/costs

Proper selection and installation of such safety interlocks which have been tested and certified by an independent, recognised, safety commission/agency benefits the inplant user by:

- Providing greater protection from injury for machine operators, maintenance personnel and other employees
- Reducing liability risks
- Minimising insurance claims/costs
- Satisfying safety standards and guidelines against which employer responsibility, in the event of an injury, is measured

Various machines present different types of hazards and risks to the operator and/or maintenance personnel. Risk assessment is a systematic means of quantifying these risk levels early in the design stage in order to determine the scope of the required safety system needed to protect personnel from possible injury.

Different machines and processes have different levels of associated risk. Structured risk assessment involves evaluating four major factors. These include:

1) Severity of the potential injury
2) Frequency of exposure to the potential hazard
3) Possibility of avoiding the hazard if it occurs
4) Likelihood of occurrence if a safety interlock fails

One approach, outlined in the European Machinery Directive, provides guidelines for risk assessment based upon five defined levels of risk. These levels range from the lowest risk (Level B) in which the severity of injury is slight and/or there is relatively little likelihood of occurrence, to the highest risk (Level 4), in which the likelihood of a severe injury is relatively high.