You're asking a critical question about safety system design, and the answer hinges on the potential consequences of a failure and the required Performance Level (PL) or Safety Integrity Level (SIL). Here's a breakdown to help you decide

The Short Answer: No, the locking signal doesn't necessarily have to come from a safety output, BUT there are significant considerations.

The Long Answer: Factors to Consider and Why it's Complicated1. Risk Assessment is Key



What is the hazard? What happens if the gate unlocks unexpectedly? Is there immediate danger (crushing, cutting, etc.)? How severe could the injury be? How frequently do people access the area behind the gate? More frequent access increases the chance of something going wrong while the gate is unlocked. What's the likelihood of a failure? How reliable is the solenoid lock? How reliable is the PLC output?2. Required Performance Level (PL) or Safety Integrity Level (SIL)

Based on your risk assessment, you'll need to determine the appropriate PL (a-e) or SIL (1-3) for the safety function of the gate. Higher levels demand more robust and reliable designs. Your safety relay should be rated for a specific PL or SIL.3.

Arguments Against Using a Standard PLC Output for Locking



Single Point of Failure

A failure in the PLC output (e.g., output stuck ON) would prevent the gate from unlocking, potentially trapping someone. More critically, it could falsely signal the gate is locked when it is not, compromising the safety function.

Unintended Actuation

A programming error in the PLC could unintentionally activate the locking solenoid.

No Redundancy/Diagnostics

Standard PLC outputs generally lack the diagnostic capabilities and redundancy required for higher PL/SIL applications. Safety outputs often have built-in diagnostics and diverse redundancy.

Circumventing Safety

You could design a non-safe locking control loop, but you must then provide additional means to ensure the locking is verified and the safety system is not bypassed. The OSSD's could provide this, but this introduces complexity4.

Arguments For Using a Standard PLC Output for Locking (Under Specific Conditions)



Low Risk

If the risk assessment determines the potential consequences of an unlocked gate are minimal (e.g., simply interrupting a less-hazardous process), a standard PLC output might be acceptable. Extreme Caution.



Robust Monitoring & Diagnostics

This is crucial! You

must implement robust monitoring using the safety relay and OSSD outputs to detect failures in the locking system. This monitoring needs to be comprehensive. Examples:

Proximity/Position Sensors

Use additional sensors (independent of the solenoid's internal feedback, if any) to verify the actual physical position of the locking mechanism.

Solenoid Current Monitoring

Monitor the current drawn by the solenoid. If the current is not as expected (e.g., zero when it should be on, or excessively high), trigger a fault and prevent the machine from starting.

Timing Monitoring

Measure the time it takes for the gate to lock/unlock. If it takes too long, trigger a fault.

Fail-Safe Design

Consider a "fail-safe" design where a loss of power to the solenoid unlocks the gate. This way, a failure in the power supply or PLC output automatically releases the gate. However, carefully consider if this creates a greater hazard. (e.g. you want the gate to remain locked in case of a machine power fault)

Clear Logic and Documentation

The PLC code controlling the locking and the safety system logic must be very clearly documented, reviewed, and tested.5.

The OSSD Outputs and Safety Relay's Role

The OSSD outputs from the safety relay provide the monitoring and shutdown functionality. They confirm the gate is in the correct state (usually closed and locked). If the OSSD signals are not as expected (e.g., gate opens unexpectedly), the safety relay will remove power to the machine, preventing a hazardous situation. The OSSD signals need to be tied to physical position sensors and be 100% accurate.

Example Scenario and Design Considerations

Let's say the gate protects access to a robot cell.

High Risk

Unlocking the gate while the robot is running could lead to serious injury or death.

High PL/SIL Required

PL e or SIL 3 might be necessary.In this scenario, strongly consider using a safety-rated output to control the solenoid lock. If you absolutely must use a standard PLC output, the monitoring system needs to be extremely robust:

Dual Proximity Sensors

Use two independent proximity sensors on the locking mechanism to verify its position. Wire these sensors to the OSSD inputs.

Solenoid Current Monitoring

Monitor the solenoid current and trigger a fault if it's not within the expected range.

Redundant Gate Position Sensors

Independent of the locking status, ensure the OSSD also monitors the position of the gate panel itself to ensure it is in the closed position.

Recommendation



Default to Safety Outputs

Unless the risk is demonstrably low and the cost of a safety output is prohibitive, use a safety-rated output from the safety relay or a dedicated safety PLC to control the locking solenoid. This is the safest and most robust approach.

Consult a Safety Expert

Engage a qualified safety professional to perform a thorough risk assessment and help you design a system that meets the required PL/SIL. They can provide guidance specific to your application and local regulations.

Document Everything

Thoroughly document your risk assessment, design decisions, and testing procedures.

In summary: While technically possible to use a standard PLC output, it's generally not recommended unless the risk is very low and you implement a comprehensive monitoring system with multiple layers of redundancy. Prioritize safety and consult with experts. Remember to always prioritize the safety of personnel over cost savings. Flag for review