When a serious safety incident at a major UK heavy industrial processing facility triggered a full reassessment of plant-wide protection, Safety Systems Technology (SST) was appointed to redesign the safety-related control system across the site. Working closely with long-standing partner SICK Sensor Intelligence, SST delivered one of the UK’s largest wide-area safety networks, using SICK Flexi Soft to daisy-chain field devices via Flexi Line and create a facility-wide integrated safety system.
Client Background
The facility processes long, continuous lengths of welded steel profile. Extended conveyor systems separate machinery groupings across significant distances and the kinetic mass of moving sections makes stopping behaviour a critical safety variable.
Historically, safety functions were implemented at equipment level. Pull-cord devices ran along conveyors and individual machines incorporated local stop circuits. Each was compliant in isolation, but no unified safety architecture existed.
Following the incident, SST was contracted to carry out a full review of the facility’s safety-related control system in the context of the appropriate regulatory framework:
- Provision and Use of Work Equipment Regulations (PUWER) 1998, Regulation 16 emergency stop controls, and Regulation 18 control systems, requiring emergency stop controls to bring dangerous movement to a safe condition as quickly as reasonably practicable.
- BS EN ISO 13849-1, safety-related parts of control systems.
- BS EN ISO 13849-2, validation of safety-related parts of control systems.
- BS EN 60204-1, electrical equipment of machines, including Stop Category definitions.
- The requirement was simple to state but complex to deliver: provide a verified means of bringing the entire facility to a safe state without delay, regardless of where a hazardous event originated.
The Compliance Challenge
The existing arrangement meant emergency stops were confined to local zones, with independent reset logic, no coordinated plant-wide stop function and limited system-level diagnostics. Compliance in this type of environment depends not only on the presence of individual devices, but on the integrity of the architecture connecting them.
While the requirement resembled a plant-wide emergency stop specification, it in fact required redesigning the safety-related parts of the control system across a geographically distributed production environment, without halting production during the process.
Objective
The redesigned system needed to:
- Achieve Performance Level e under BS EN ISO 13849-1, reflecting the severity, exposure frequency and possibility of avoidance identified during risk assessment.
- Apply Stop Category 0 and Category 1 behaviour, as defined in BS EN 60204-1, on a function-by-function basis according to hazard type and machine behaviour.
- Define each safety function within a structured Safety Requirements Specification (SRS).
- Validate the completed architecture in line with BS EN ISO 13849-2 principles.
- Provide a facility-wide stop capability with coordinated, verified reset logic.
SST’s Engineering Methodology
SST’s role extended beyond hardware selection. Existing risk assessments were reviewed and refined to define each safety function clearly, with required Performance Levels as specified in BS EN ISO 13849-1 determined based on severity, exposure frequency and possibility of avoidance.
Stop category selection was assessed function by function. Uncontrolled stops (Category 0) and controlled stops with power maintained until standstill (Category 1) were applied according to hazard type and machine behaviour. On a heavy industrial line moving significant mass, stopping time and stopping distance directly influence safeguard positioning, zoning boundaries and access control measures.
This analysis defined the zoning structure and established the requirements for the safety-related control system. A programmable, network-capable safety controller was necessary to implement the defined functions while maintaining integrity across the site. Delivering this required a coordinated safeguarding strategy, integrating specialist guarding design with advanced electrical engineering to create a coherent, compliant plant-wide architecture.
Technical Collaboration with SICK
SST has a long history of working with SICK Sensor Intelligence on machinery safety applications across demanding sectors.
For this project, SST engineers collaborated with SICK’s UK technical specialists to design an architecture capable of maintaining safe communication integrity across long industrial spans, supporting distributed input/output (I/O) points within coordinated safety logic, achieving Performance Level e under BS EN ISO 13849-1 and delivering structured diagnostics plant-wide.
SICK’s Flexi Soft modular safety controller was selected for its suitability in distributed safety networks. Flexi Soft enabled field devices to be daisy-chained via Flexi Line without compromising deterministic safety communication, resulting in a facility-wide integrated system supported by jointly developed controller configuration and zoning logic.
Integrating Protective Devices Through Flexi Soft
With the architectural framework defined, SST implemented the safety functions through the Flexi Soft platform, integrating protective devices within a coordinated control structure.
Safety light curtains were connected at defined hazard zones, with blanking and muting applied selectively to prevent nuisance stops while maintaining reliable personnel detection. Mechanical and non-contact interlocks on guards, gates and doors were configured to initiate safe stops on opening, with guard locking applied where stopping time analysis required access prevention until confirmed standstill.
Laser scanners, emergency stop pushbuttons and two-hand controls were incorporated against clearly defined safety functions rather than introduced as generic protection. Protective measures were therefore implemented systematically within a unified architecture rather than layered incrementally.
Implementation and Validation
A network of local control panels created four operational zones across the facility, connected to a new panel in the main welding house. This enabled site-wide initiation of a safe state and coordinated reset once safe conditions across all zones were verified, bringing safety functions into a single coherent control system rather than independent subsystems.
Commissioning was sequenced to minimise disruption to a live facility. Migration from legacy circuits was controlled, with each zone undergoing functional testing before global integration.
Each safety function was documented within the Safety Requirements Specification, with Performance Level calculations recorded as part of the project file. Validation followed BS EN ISO 13849-2 principles, including defined fault-condition testing to confirm correct behaviour under failure scenarios. Real-time system overview via PLC and HMI provides transparency for engineering and operations teams, supporting fault diagnosis, validation confidence and ongoing compliance management.
Documentation issued included the Safety Requirements Specification, Performance Level calculations, validation and test records, and the as-built Flexi Soft configuration. All documentation was version-controlled, with formal change management applied during commissioning, giving the client a complete audit trail linking each safety function to its specification, calculated performance, validation evidence and installed configuration.
Results and Compliance Outcomes
The facility transitioned from fragmented local safeguards to a verified, performance-classified safety architecture with immediate plant-wide stop capability, coordinated reset logic, structured zoning, real-time diagnostics and capacity for future expansion. The entire facility can now be brought to a safe state within response times defined by the assigned stop category for each function, regardless of hazard origin.
Shop floor operators now experience consistent and predictable emergency response behaviour. Engineers gained structured diagnostic visibility. Senior management gained confidence that compliance is supported by documented evidence rather than assertion.
Governance Impact and Long-Term Value
The redesigned architecture strengthened the facility’s compliance posture beyond the immediate incident response. The version-controlled compliance file supports ongoing audit defensibility, while the zoned Flexi Soft architecture provides capacity for future expansion without requiring a further architectural overhaul.
By replacing isolated local safeguards with a networked, documented system, the client reduced foreseeable enforcement exposure and established a safety architecture that can absorb future changes to the production line while retaining traceable compliance evidence.
Key Compliance Lessons
- A plant-wide emergency stop capability is the result of engineered safety logic distributed across a networked control architecture, not a single device.
- Compliance in distributed environments depends on architectural integrity, not only the presence of individually compliant devices.
- Stop category selection should be assessed function by function, based on hazard type, stopping time and stopping distance.
- Performance Level claims require documented calculation and validation under BS EN ISO 13849-2 to be audit defensible.
Conclusion
A plant-wide emergency stop capability is not delivered by installing more devices. It is the outcome of a structured process that defines each hazard, assigns the correct stop category, calculates the required Performance Level and validates that the resulting architecture behaves as intended under fault conditions.
This project shows how a facility with individually compliant but disconnected safety devices can be brought into a single, coherent architecture, giving both a verified plant-wide stop capability and a documented basis for ongoing compliance. Engineering it correctly, and recording that engineering correctly, is what allows the system to remain defensible as the facility continues to change.
SST can assess your safety-related control system against BS EN ISO 13849-1, validate Performance Level calculations and confirm audit-ready documentation.


