Click the little blue text to follow!
Last week, during a safety assessment at an automation factory, I witnessed their equipment experiencing an inexplicable shutdown. The manager looked worried and said, “This is the third time this month, and each shutdown costs us over a hundred thousand.” Where is the problem? After inspection, I found that their PLC program did not consider safety risks during specific state transitions. Today, I will discuss how to use Sequential Function Charts (SFC) for risk assessment to help you avoid such “pits”.
1
What is a Sequential Function Chart?
A Sequential Function Chart (SFC) is one of the five programming languages for PLCs, particularly suitable for describing control processes with clear steps. It consists of Steps, Transitions, and Actions, essentially drawing a “behavior roadmap” of the system. The greatest advantage of SFC is its ability to visually present the flow of system states, making complex control logic clear at a glance. For example, the entire process of a filling machine from startup, detection, filling to stopping can be represented by an SFC like a clear roadmap, where each step and transition condition is easy to understand.
2
Basic Ideas of Risk Assessment
Risk assessment is essentially about identifying “where problems might occur and how severe they could be.” Traditional methods involve listing and scoring, but for complex control systems, this is too abstract. Using SFC for risk assessment is like taking an “X-ray” of the system, revealing problems that are otherwise hidden. The basic steps are: identify hazardous states → analyze state transition conditions → assess failure impacts → determine safety measures.
sfc
SFC Risk Assessment Practical Guide
The first step is to organize the system into an SFC diagram. This is like drawing a subway line map, where each station represents a system state, and the lines represent transition conditions. For example, a simple stirring system SFC might include key states like “standby → feeding → stirring → discharging → standby.” When drawing, remember to be comprehensive and not miss any possible states and transition paths.
Next, identify hazardous states. Not all states carry risks, but every state transition is a potential trigger point for accidents. For instance, in a stirring system, if the “feeding valve opens” and the “discharge valve opens” can occur simultaneously, it could lead to material leakage. I have seen this issue in a chemical plant— their feed valve and discharge valve were not interlocked, resulting in a mishap where both valves opened simultaneously, causing several tons of corrosive liquid to flow away.
Next, analyze the reliability of transition conditions. Each transition between states is like a switch in a circuit, and we need to ask, “Will this switch fail? What are the consequences of failure?” For critical transitions, redundancy design must be employed. I remember a project on an automated production line where we designed dual-channel monitoring for the emergency stop button to ensure that pressing it would definitely lead the system to a safe state.
My debugging experience: Check each transition condition in the PLC program and ask yourself, “If the sensor fails or there is signal interference, what will happen to this transition?” This simple question can help you identify 80% of potential risks.
3
Case Study Analysis
Last year, I conducted a safety assessment for an automatic door production line and discovered a typical problem. Their press SFC program had states like “start → rise → press → return → stop.” It seemed fine, but I found that the transition from “press” to “return” relied solely on one sensor. In safety-critical systems, single-point failures can lead to catastrophic consequences. I recommended they modify it to require confirmation from two sensors and add a timeout protection state. After implementation, the safety of the equipment significantly improved, and there have been no further operational mishaps since.
4
Common Problems and Solutions
Beginners often encounter the problem of “incomplete analysis” in SFC risk assessments. It is recommended to use the HAZOP method to systematically consider deviations for each parameter. Another common mistake is overlooking “implicit states,” such as undefined states the system may enter after a power outage and restart. The solution is to clearly define the initial state and handling steps after a power interruption in the SFC.
Another practical tip is to conduct “reverse analysis”— not only ask “how can the system fail,” but also ask “what conditions must be met for such an accident to occur.” This way of thinking is commonly used in information security and is equally applicable to industrial control systems.
5
Practical Recommendations
If you are a beginner in PLC programming, it is recommended to start practicing SFC risk assessment with simple systems. You can use the workflow of your rice cooker as a practice— draw the SFC diagram from plugging in, selecting a mode, heating to keeping warm, and then think about the potential risks of each state. Once you master this way of thinking, try analyzing more complex industrial systems.
Remember, safety is not a one-time task but a continuous activity throughout the system’s lifecycle. Using SFC, a visual method for risk assessment, can help us identify and resolve most safety hazards during the design phase, saving companies a lot of “firefighting” time and costs. If you’re interested, we can discuss how to combine fault tree analysis next time to further enhance the depth of risk assessment.
