Safety Function: Zero Speed, Safe Limited Speed
Contents
1. 5 AEP P m 1 544 gt 1 6 45 1 6 46 1 56 47 1 6 48 1 56 49 1 6 50 1 6 51 Mame Safe Stop Input Safe Stop Type Stop Man Delay Max Stop Time Standstill Speed Standstill Pos Decel Ref Speed Stop Decel Tol af Limited Speed Tab 5 AEP P 1 6 52 Ens 16 54 5 95 b 8b Mame Lim Speed Input LimSpd Mon Delay Enable 5w Input Safe Speed Limit Speed Hysteresis cs 18 oafety Function Zero Speed Safe Limited Speed Safe Direction value Dual S F Chk Incremental Rey Normal SU00 0 0 Rev Normal j O 0 0 0 00006 0 0 Oo Pos Always 10 Value 2 OSSD 3s Torque OFF 3 0 15 0 2 O00 10 1600 1 value 2 OSSD 35 3 0 Mot Used 10 0 O Rockwell Automation Publication SAFETY ATO27D EN E March 2013 Safety Function Zero Speed Safe Limited Speed Safe Direction 19 Door Control Tab 5 MiP Pt Mame Value mmEP 15 57 Door Out Type Pwr to Rel 1 6 58 DM Input eh L 1 6 58 Lack Man Enable Enable gt 1 6 60 Lock Mon Input ZNC 1 amp 74 Door Out Made Pulse Test L eu Li Programming The Dual Channel Input Stop DCS monitors dual input safety devices whose main function is to stop a machine safely for example an E Stop light curtain or safety gate In this example one is being used to monitor an E Stop button and the other is monitoring the Safe Limited Speed SLS keyswitch The DCS instruction monitors dual input2. Publication SAFETY ATO27D EN E March 2013 Safety Function Zero Speed Safe Limited Speed Safe Direction 31 GuardLogix amp PowerFlex 750 Safe Speed with Guard Locking Safety Function Verification and Validation Checklist continued PowerFlex 750 Safe Speed Monitor Option Module SS and SLS Control and Lock Output Tests ee Validation Pass Fail Changes Modifications Initiate a Start command The drive should energize for a normal machine run condition Verify proper machine status indication and RSLogix 5000 safety application program indication While the system is running remove Channel 1 SS Input from the safe speed SLS module The drive should de energize Attempt a Reset command The system should not restart or reset Verify proper machine status indication and RSLogix 5000 safety application program indication Restore Channel 1 and repeat for Channel 2 While the system is running short Channel 1 SS Input of the safe speed SLS module to 24V DC The drive should de energize Attempt a Reset command The 3 system should not restart or reset Verify proper machine status indication and RSLogix 5000 safety application program indication Restore Channel 1 and repeat for Channel 2 While the system is running short Channel 1 SS Input of the safe speed SLS module to OV DC The drive should 4 de energize Attempt a Reset command The system should not restart or reset Verify proper machine status indication and RSL
3. assumes the use of two diverse incremental encoders one 845H and one 845T that are wired into the PowerFlex 750 Universal Feedback Option module and monitored by the safe speed module The default MTTFd of 10 years from ISO 13849 is used A Diagnostic Coverage of 99 will be obtained from the SISTEMA Library of DC Measures The DC is based on redundancy two encoders diversity two types of encoders diagnostics cross monitoring between encoder signals and individual power supplies for each encoder The SISTEMA calculations shown later in this document would have to be recalculated if different products are used Rockwell Automation Publication SAFETY ATO27D EN E March 2013 Safety Function Zero Speed Safe Limited Speed Safe Direction 5 Safety Function Realization Risk Assessment The required performance level is the result of a risk assessment and refers to the amount of the risk reduction to be carried out by the safety related parts of the control system Part of the risk reduction process is to determine the safety functions of the machine For the purposes of this document the assumed required performance level is Category 3 Performance Level d Cat 3 PLd From Risk Assessment ISO 12100 1 Identification of safety functions 2 Specification of characteristics of each function 3 Determination of required PL PLr for each safety function To Realization and PL Evaluation n Safety Function The PowerF
4. channels for consistency Equivalent Active High and detects and traps faults when the inconsistency is detected for longer than the configured Discrepancy Time ms The automatic restart type lets the DCS output O1 reset automatically after a demand The manual action typically required for safety is provided in rung 1 to reset the safety output enable Input status typically represents the channel status of the two input channels In this example the Combined Input Status bit goes LO if any of the eight input channels has a fault In this example the DCS reset acts as a fault reset Even when configured for automatic restart a reset is required to recover from a fault The output O1 of the DCS is used as a safety interlock in the seal in rungs to drive the S8 OK and SLS OK tags If the DCS output drops out so does the seal in and it remains off until a manual reset action is carried out The Configurable Redundant Output CROUT instruction controls and monitors redundant outputs Essentially this instruction verifies that feedback follows the safety outputs appropriately For the positive feedback used in this example if the outputs are HI the feedback should be HI and vice versa In this example the feedback has 500 ms to change to the proper state Because only a single feedback circuit is being used the feedback tag is used for both Feedback 1 and 2 The two output tags from the CROUT instruction are used to drive th
5. continuous output rating PowerFlex 750 Safe Speed Monitor Option Module PowerFlex 750 Universal Feedback Option Module N 845T 845H Incremental Encoders Rockwell Automation Publication SAFETY ATO27D EN E March 2013 T 8 Safety Function Zero Speed Safe Limited Speed Safe Direction Setup and Wiring For detailed information on installing and wiring refer to the publications listed in the Additional Resources on the back cover System Overview The PowerFlex 750 Safe Speed Monitor Option module monitors two door channels and two lock channels of the TLS3 GD2 The 1734 IB8S module monitors the Safe otop and Safe Limited Request keyswitch Both the safe speed module and the 1734 IB8S module can source the 24V DC for all these channels to dynamically test the signal wiring for shorts to 24V DC and channel to channel shorts If a fault occurs either or both channels will be set LO and the system reacts by dropping out the Safe Torque Off STO The system resets only after the fault is cleared and the input is cycled Shorts to OV DC and wire off are seen as an open circuit by the safe speed module and 1734 IB8S module input and the system will react by dropping out the safety contactors If the inputs remain discrepant for longer than the discrepancy time then the PowerFlex 755 drive safety or controller will declare a fault The system resets only after the fault is cleared and the input is cycled T
6. j 1768 Bus E 2 1 1768 ENBT A ENBT Al Mew Module a Paste Print Rockwell Automation Publication SAFETY ATO27D EN E March 2013 12 Safety Function Zero Speed Safe Limited Speed Safe Direction 6 Select the 1734 AENT adapter and click OK O Select Module i x 1734 Ethernet Adapter Twisted Pair Media Allen Bradley TE 1734 Ethernet Adapter 2 Port Twisted Pair Media Allen Bradley 1738 AENT 1738 Ethernet Adapter Twisted Pair Media Allen Bradley z 1738 AENTR 1738 Ethernet Adapter 2 Port Twisted Pair Media Allen Bradley Du 1756 EN2F 1756 10 100 Mbps Ethernet Bridge Fiber Media Allen Bradley 1756 ENZT 1756 10 100 Mbps Ethernet Bridge Twisted Pair Media Allen Bradley Z 1756 ENZTR 1756 10 100 Mbps Ethernet Bridge 2 Port Twisted Pair Allen Bradley e 1756 EN3TR 1756 10 100 Mbps Ethernet Bridge 2 Port Twisted Pair Allen Bradley 1756 ENBT 1756 10 100 Mbps Ethernet Bridge Twisted Pair Media Allen Bradley i 1756 ENET A 1756 Ethernet Communication Interface Allen Bradley z 1756 ENET 6 1756 Ethernet Communication Interface Allen Bradley i 1756 EWEB A 1756 10 100 Mbps Ethernet Bridge w Enhanced Web Serw Allen Bradley Find Add Favorite By Category Favorites men Heb E 7 Name the module type its IP address and click OK We used 192 168 1 11 for this application example Yours may be different 8 Click Change x General Connection Modul
7. reset signal on the safe speed module 2 1734 068 E Module Properties AENT 2 General Connection Safety Module Info Output Configuration pop toan Point Operation EN Dual um single ie oj Te Single Point Mode E Safety Pulse Test Safety Pulse Test Mot Used Mot Used Output Error Latch Time 1000 m Status Offline 7 Click OK PowerFlex 750 Safe Speed Monitor Option Module Configuration The parameters with a red arrow have been configured based on this example architecture Configure the remainder based on the risk assessment and application requirements General Tab 5 AEP P Mame 1 620 Cascaded config gt 1 46 71 Safety Mode mee 1 622 Reset Type 1 6 24 Qyerspd Response gt 1 572 55 Out Made mmEP 1573 SLS Out Made Ao Value Single Lim Speed DM Manual 42 msec Mo Pulse Tst Ma Pulse Tst Rockwell Automation Publication SAFETY ATO27D EN E March 2013 Feedback Tab 5 MFP P 1 amp z7 6 26 6 29 6 30 5 31 l6 d2 5 33 6 34 o g 6 36 3m 5 38 5 38 6 40 5 41 HE qu 6 43 i o EUG xs x F 1 l l l l l l 1 l 1 1 1 l l l l Mame Fbk Mode Fbk 1 Type Fbk 1 Units Fok 1 Polarity Fbk 1 Resolution Fok 1 Wolk Mon Fbk 1 Speed Fbk z Units Fbk 2 Polarity Fbk z Resolution Fok 2 Volk Mon Fbk 2 Speed Fbk Speed Ratia Fok Speed Tal Fbk Pos Tol Direction Man Direction Tol a Stop Tab
8. the motor speed is below the configured safe limited speed the gate is unlocked to allow operator entry into the hazardous area If the motor speed exceeds the safe speed while the gate is unlocked then the safe soeed module drops out the Safe Torque Off STO and the motor coasts to a stop If a demand is placed on the Emergency Stop the safe speed module drops out the STO and the motor coasts to a stop When Zero Speed is reached the gate unlocks The TLS3 GD2 channels are wired to the safe speed module in the PowerFlex 750 drive One channel pair is the lock monitoring contacts and the other is the door monitoring contacts The gate solenoid is wired to the safe speed module as well The Safe Stop button Reset button and Safe Limited Request keyswitch are wired to the POINT Guard input module Outputs from the POINT Guard output module are wired directly to inputs on the safe speed module These hardwired signals include the Safe Stop Safe Limited Speed Request and a reset signal The I O module is connected via CIP Safety over an EtherNet IP network to the safety controller SC1 The safety code in SC1 monitors the status of the Emergency Stop and SLS safety inputs using the pre certified safety instruction Dual Channel Input Stop DCS When all safety input interlocks are satisfied no faults are detected and the reset push button is pressed a second certified function block called Configurable Redundant Output CROUT controls and mon
9. 013 14 Safety Function Zero Speed Safe Limited Speed Safe Direction 11 Expand Safety select the 1734 IB8S module and click OK ll Select Module q X j 8 Point 24V DC Sink Input Allen Bradley foe 1734 05685 8 Point 24V DC Source Output Allen Bradley Find Add Favorite Bv Category Favorites HN E 12 In the New Module dialog box name the device IB8S and click Change x General Connection Safety Module Info Input Configuration Test Qutput Type 17341665 8 Point 24 DC Sink Input Vendor Allen Bradley Parent AENT Hame Ess Module Number fi Description m Safety Network 3987_040B_012E Vnum 388r D4DB 3E m zl 4 27 2012 2 50 30 62 PM Madule Definition Series A Change Revision 11 Electronic Keying Compatible Module Configured By This Controller Input Data Safety Output Data Test Input Status Pt Statue Status Creating Cancel Help Rockwell Automation Publication SAFETY ATO27D EN E March 2013 Safety Function Zero Speed Safe Limited Speed Safe Direction 15 13 When the Module Definition dialog box opens change the Output Data to None verify the Input Status is Combined Status Power and click OK Setting the output data to None means that you cannot use the Test Outputs as standard outputs which is appropriate in this example This saves one controller connection because we are using o
10. 1 l Encoder i Ch B l l l I Subsystem 2 Rockwell Automation Publication SAFETY ATO27D EN E March 2013 Safety Function Zero Speed Safe Limited Speed Safe Direction 25 Verification and Validation Plan Verification and validation play an important role in the avoidance of faults throughout the safety system design and development process ISO EN 13849 2 sets the requirements for verification and validation by calling for a documented plan to confirm that all of the safety functional requirements have been met Verification is an analysis of the resulting safety control system The Performance Level PL of the safety control system is calculated to confirm it meets the Required Performance Level PLr specified The SISTEMA software tool is typically used to perform the calculations and assist with satisfying the requirements of ISO 13849 1 Validation is a functional test of the safety control system to demonstrate that it meets the specified requirements of the safety function The safety control system is tested to confirm all of the safety related outputs respond appropriately to their corresponding safety related inputs The functional test should include normal operating conditions in addition to potential fault inject of failure modes A checklist is typically used to document the validation of the safety control system Validation of software development is a process in which similar methodologies and techniques that are
11. 5000 Controller Tags window All output devices are qualified by cycling their respective 8 actuators Monitor the status in the RSLogix 5000 Controller Tags window Rockwell Automation Publication SAFETY ATO27D EN E March 2013 28 Safety Function Zero Speed Safe Limited Speed Safe Direction GuardLogix amp PowerFlex 750 Safe Speed with Guard Locking Safety Function Verification and Validation Checklist continued Normal Operation Verification The safety system properly responds to all normal Start Stop SLS E Stop Lock and Reset commands Initiate a Start Command The drive should energize for a normal machine run condition Verify proper machine status indication and RSLogix 5000 safety application program indication Initiate a Stop command The drive should de energize immediately for a normal machine Stop condition After 2 the preset time delay verify the door unlocks Verify proper machine status indication and RSLogix 5000 safety application program indication While the system is running attempt to open the guard door The door should remain closed and locked The drive should remain energized for a normal run condition Verify proper machine status indication and RSLogix 5000 safety application program indication Repeat for all guard doors While the system is stopped attempt to open the guard door The door should be unlocked and able to be 4 opened The drive should remain de energized for a
12. Application Technique Safety Function Zero Speed Safe Limited Speed Safe Direction Products PowerFlex 750 Safe Speed Monitor Option Module TLS3 GD2 Switch GuardLogix Controller POINT Guard Safety I O Modules oafety Rating PLd Cat 3 to EN ISO 13849 1 2008 LISTEN oe Rockwell D Allen Bradley Rockwell Software Automation 2 Safety Function Zero Speed Safe Limited Speed Safe Direction Important User Information Solid state equipment has operational characteristics differing from those of electromechanical equipment Safety Guidelines for the Application Installation and Maintenance of Solid State Controls publication SGI 1 1 available from your local Rockwell Automation sales office or online at http literature rockwellautomation com describes some important differences between solid state equipment and hard wired electromechanical devices Because of this difference and also because of the wide variety of uses for solid state equipment all persons responsible for applying this equipment must satisfy themselves that each intended application of this equipment is acceptable In no event will Rockwell Automation Inc be responsible or liable for indirect or consequential damages resulting from the use or application of this equipment The examples and diagrams in this manual are included solely for illustrative purposes Because of the many variables and requirements associated with any particular in
13. U SA
14. d Safe Limited Speed Safe Direction 3 General Safety Information Contact Rockwell Automation to find out more about our safety risk assessment services IMPORTANT This application example is for advanced users and assumes that you are trained and experienced in safety system requirements ATTENTION A risk assessment should be performed to make sure all task and hazard combinations have been identified and addressed The risk assessment may require additional circuitry to reduce the risk to a tolerable level Safety circuits must take into consideration safety distance calculations that are not part of the scope of this document Table of Contents HPV CNG TO PEN TTD Tm 4 Safety Function Realization Risk Assessment cc cece eecceeeeeeeeceeeseeceeeaeeseeeaeeees 5 Safety Function cccceccscccecceccaeececcaeeceecaeeceecoeeseeseeeceesaeeceesaaecsesaeeceesaeeaeeseeseeesass 5 Safety Function Requirements c cccccccsseceeeceeceeceeeceeceeeceeseeeceecaeeseeseeaeeseesaeesaes 6 Functional Safety Description suo ice doce ccteteceectu le wend Susan eE 6 PINON iri c PEE T Seana VIG MR E 8 COnNNGUrAUON ENERO E 10 Programming PRESS O 19 Falling Edge ROSEL uocem eee eee oe eee eee 21 Calculation of the Performance LeVEl cccccecceecceceeeeceeeeeeeeeceeeeeeeeeeseeseeeeeeeeees 21 Verification and Validation PI An cccccccecceccecceeceeeceeceeeseeeeeeseee
15. e AUTOMATIC Cold Start Type AUTOMATIC Channel amp AENT 1 I Pt 2Data 0 Channel B AENT 1 I Pt 3Data 1 Input Status ENT 1 I CombinedlnputStatus 1 Reset AENT 1 I Pt 5Data 0 SLS_OK e a ROUT Configurable Redundant Output CROUT Safe_Limited_Speed 015 Feedback Type POSITIVE Feedback Reaction Time Msec 500 Oo25 Actuate SLS OK 0 FP Feedback 1 AENT 1 I PtO7Data 1 Feedback 2 AENT 1 I Pt 7Data 1 Input Status AENT 1 I CombinedlnputStatus 1 Output Status amp ENT 2 I CombinedOutputStatus 1 Reset AENT 1 I Pt 5Data 0 AENT 2 0 Pt04Data AENT 2 0 Pt05Data Rockwell Automation Publication SAFETY ATO27D EN E March 2013 Safety Function Zero Speed Safe Limited Speed Safe Direction 21 Falling Edge Reset ISO 13849 1 stipulates that instruction reset functions must occur on falling edge signals To comply with this requirement a One Shot Falling OSF instruction is used on the reset rung Then the OSF instruction Output Bit tag is used as the reset bit for the Output Enable rungs AENT 1 I Pt 4Data SF One Shot Falling Storage Bit store1 Output Bit Reset_FallingEdge Reset_FallingEdge EStop1 O1 Safe_Stop FP 2 e SS OK Calculation of the Performance Level When configured correctly these safety functions can achieve a safety rating of PLd according to EN ISO 13849 1 2008 The functional safety specifications of the projec
16. e Info Internet Protocol Port Configuration Chassis Size Type 1734 AENT 1734 Ethernet Adapter Twisted Pair Media Vendor Allen Bradley Parent ENBT Ethernet Address Name pent Private Network 192 168 1 i Description E rpm l E C Host Name Module Definition Slot o Revision 31 Electronic Keying Compatible Module Connection Rack Optimization 1 Chassis Size Status Creating Cancel Help Rockwell Automation Publication SAFETY ATO27D EN E March 2013 Safety Function Zero Speed Safe Limited Speed Safe Direction 13 9 Set the Chassis Size as 3 for the 1734 AENT adapter and click OK Chassis size is the number of modules that will be inserted in the chassis The 1734 AENT adapter is considered to be in slot 0 so for one input and one output module the chassis size is 3 Module Definition Revision 3 124 Electronic Keping Compatible Module Connection LC OT AN Cancel Help 10 In the Controller Organizer right click the 1734 AENT adapter and choose New Module E Trends 1 5 1 0 Configuration E ffi 1768 Bus Ee 1 1768 NBT A ENET Ethernet Bb 1768 ENBT A ENBT _1734 AENT A AENT EZ PointiO 3 Slot Chasgg o eo fl 0 1748 1435 cGLX A 1769 Bus z EG 0 1768 1435 cGLX A New Module EA Paste Clty Print Rockwell Automation Publication SAFETY ATO27D EN E March 2
17. e safety outputs on the 1734 OB8S module that are wired to the respective solid state inputs on the PowerFlex 750 Safe Speed Monitor Option module Rockwell Automation Publication SAFETY ATO27D EN E March 2013 2 0 S afety Function Zero Speed Safe Limited Speed Safe Direction AENT 1 I Pt dData ons E ons SS OK Safe Stop O1 Safe Stop O2 AENT 1 1 Pt04Data SLS_OK Safe Limited Speed O1 ons2 Fons Safe Limited Speed O2 EStop1 O1 Safe Stop FP Ee SLS Kevyswitch O1 Safe Limited Speed FP DCS Dual Channel Input Stop DCS EStop1 Safety Function EMERGENCY STOP Input Type EQUIVALENT ACTIVE HIGH Discrepancy Time Msec 250 Restart Type AUTOMATIC Cold Start Type AUTOMATIC Channel 4 AENT 1 I Pt Data 0 Channel B AENT 1 1 Pt01 Data 1 Input Status AENT 1 CombinedinputStatus 1 Reset AENT 1 1 Pt05Data 0 O1 FP SS OK ROLIT Configurable Redundant Output CROUT Safe_Stop O1 Feedback Type POSITIVE Feedback Reaction Time Msec 500 02 gt Actuate SS OK 0 FP Feedback 1 AENT 1 1 Pt06Data 0 Feedback 2 AENT 1 1 Pt06Data 0 Input Status AENT 1 1 CombinedinputStatus 1 Output Status AENT 2 CombinedOutputStatus 1 Reset AENT 1 I Pt 5Data 0 AENT 2 0 Pt00Data AENT 2 0 Pt01 Data DCS Dual Channel Input Stop DCS SLS_Keyswitch 015 Safety Function EMERGENCY STOP Input Type EQUIVALENT ACTIVE HIGH FP Discrepancy Time Msec 250 Restart Typ
18. eeeseeeseeseeeseeaeeees 25 Addlonal TS SOU OOS sasprins nais E E e 33 Rockwell Automation Publication SAFETY AT027D EN E March 2013 4 Safety Function Zero Speed Safe Limited Speed Safe Direction Introduction This Safety Function application note explains how to wire configure and program a Compact GuardLogix controller and POINT Guard I O module to interface to a PowerFlex 750 Safe Speed Monitor Option S1 module to perform Safe Speed functions It is important to note that the safe speed module actually performs the Zero Speed Safe Limited Speed and Safe Direction safety functions described in this application note The GuardLogix safety controller simply requests when the Zero Speed and Safe Limited Speed SLS safety functions should be performed For example when the SLS keyswitch is rotated the GuardLogix outputs wired to the PowerFlex 755 SLS inputs are energized to request Safe Limited Speed Note that Safe Direction is configured in the safe speed module and is always being monitored The GuardLogix controller has no interaction with the Safe Direction safety function The actuators for the safety functions are the Safe Torque Off STO channels embedded within the safe speed module If the PowerFlex 755 STO inputs are de energized the motor controlled by the PowerFlex 755 drive will coast to a stop This example uses a Compact GuardLogix controller but is applicable to any GuardLogix controller This example
19. ety Function Zero Speed Safe Limited Speed Safe Direction Safe Limited Speed e i u Safety function POINT Guard 1 0 17341685 POINT Guard 1 0 1734 0B8S FONT eyswitch PLC Compact GuardLogix 1768 TLS3 GD2 Interlock Switch AC Drive PowerFlex 755 Safe Speed M Incremental Encoders i 10 Medium Safe Direction a safety function 99 High 10 Medium The overall safety function value is shown below for each safety function Zero Speed Safety function IFA Rockwell Automation Publication SAFETY AT027D EN E March 2013 Safety Function Zero Speed Safe Limited Speed Safe Direction 23 Safe Limited Speed Safety function Safe Direction e Safety function Rockwell Automation Publication SAFETY ATO27D EN E March 2013 24 Safety Function Zero Speed Safe Limited Speed Safe Direction The safety functions can be modeled as shown in the following safety related block diagram TLS3 GD2 ChA Zero Speed 1768 L43S 1734 OB8S 20 750 S1 1734 IB8S TLS3 GD2 ChB Subsystem 3 Subsystem 6 TLS3 GD2 Encoder ChA ChA TLS3 GD2 Encoder ChB ChB Subsystem 1 Subsystem 2 Subsystem 3 Subsystem 4 Subsystem 5 Subsystem 6 Subsystem 7 800FM Keyswitch ChA 1768 L43S 1734 OB8S 20 750 51 1734 IB8S l l l 800FM l l Keyswitch l l Ch B l l l l l l l l l i Encoder I Ch A l 20 750 S
20. he gate solenoid is controlled by the safe speed module From a Guardlogix controller perspective Safe Stop Zero Speed is a pair of safety outputs wired to the Safe Stop inputs 812 922 on the safe speed module If the oafe Stop inputs ever go LO a shutdown occurs and the motor coasts to a stop The GuardLogix controller gets feedback for Safe Stop by using one of the cascading SS outputs 834 844 on the safe speed module These safety outputs cannot restart if the feedback channel is not in the correct state This feedback is optional Because the redundant safety outputs are pulse tested this is no different than wiring a Cat 4 light curtain to the SS inputs an architecture that achieves Cat 4 without feedback From a Guardlogix controller perspective the SLS safety function device is a pair of safety outputs wired to the SLS inputs 852 862 on the safe speed module If the SLS inputs ever go LO a SLS request is made to the PowerFlex 755 drive The GuardLogix controller gets feedback for SLS using one of the cascading SLS outputs 868 878 on the safe speed module These safety outputs cannot restart if the feedback channel is not in the correct state This feedback is optional for the same reasons as stated above The system has individual reset buttons for resetting faults and safety outputs If either of these resets is pressed a signal is sent from a GuardLogix output to the reset input on the safe speed module S34 The reset b
21. hould de energize Verify proper machine 8 status indication and RSLogix 5000 safety application program indication Verify that the drive is unable to reset and restart with a fault Restore Channel 1 and repeat for Channel 2 While the system is running short the Lock Monitor Channels 1 and 2 of the safe speed SLS module The drive should de energize Verify proper machine status 9 indication and RSLogix 5000 safety application program indication Verify that the drive is unable to reset and restart with a fault Restore Channel 1 and Channel 2 wiring GuardLogix Controller and Safety I O Network Tests Aes Validation Pass Fail Changes Modifications While the system is running remove the Ethernet network connection between the safety I O module and 1 the controller The drive should de energize Verify proper machine status indication and I O Connection otatus in the RSLogix 5000 safety application program Restore the safety I O module network connection and allow time to reestablish communication Verify the 2 Connection Status bit in the RSLogix 5000 safety application program Repeat for all safety I O module connections While the system is running switch the controller out of Run mode The drive should de energize Return the 3 keyswitch back to Run mode The drive should remain de energized Verify proper machine status indication and RSLogix 5000 safety application program indication Rockwell Automation
22. ication Verify that the drive is unable to reset and restart with a fault Restore Channel 1 wiring and repeat for Channel 2 While the system is running remove the Lock Monitor Channel 1 wire from the safe speed SLS module The drive should de energize Verify proper machine status 6 indication and RSLogix 5000 safety application program indication Verify that the drive is unable to reset and restart with a fault Restore Channel 1 and repeat for Channel 2 Rockwell Automation Publication SAFETY ATO27D EN E March 2013 30 Safety Function Zero Speed Safe Limited Speed Safe Direction GuardLogix amp PowerFlex 750 Safe Speed with Guard Locking Safety Function Verification and Validation Checklist continued Abnormal Operation Validation The safety system properly responds to all foreseeable faults with corresponding diagnostics PowerFlex 750 Safe Speed Monitor Option Module SLS Door Monitoring and Lock Input Tests Lent Validation Pass Fail Changes Modifications While the system is running short the Lock Monitor Channel 1 of the safe speed SLS module to 24V DC The drive should de energize Verify proper machine 7 status indication and RSLogix 5000 safety application program indication Verify that the drive is unable to reset and restart with a fault Restore Channel 1 and repeat for Channel 2 While the system is running short the Lock Monitor Channel 1 of the safe speed SLS module to OV DC The drive s
23. itors feedback for the Safe Stop signal to the PowerFlex 750 drive Rockwell Automation Publication SAFETY ATO27D EN E March 2013 Safety Function Zero Speed Safe Limited Speed Safe Direction Bill of Material This application uses these products Cat No 440G T27181 800FM G611MX10 800FM KM22XMO02 800FP MT44PX02 800F 15YE112 1768 ENBT 1768 L43S 1768 PA3 1769 ECR 1734 AENT 1734 TB 1734 IB8S 1734 OB8S 1783 US05T 20G11RD2P1AAONNNNN 20 750 S1 20 750 UFB 1 User specified Description Quantity TLS3 GD2 Power to Release Safety Interlock owitch 1 800F Reset Push Button metal guarded blue R metal latch mount 1 N O contact s standard 2 position keyswitch metal maintained right key removal 2 N C contacts 800F non illuminated mushroom operators twist to release 40 mm round plastic Type 4 4X 13 IP66 red 2 N C contacts 800F Legend Plate 60 mm round English EMERGENCY STOP yellow with black legend text CompactLogix EtherNet IP Bridge Module 1 Compact GuardLogix Processor 2 0 MB standard memory 0 5 MB safety memory POINT Guard Safety Output Module 1 Power Supply 120 240 VAC input 3 5 A 24V Right end cap terminator 24V DC ethernet adapter Module base with removable IEC screw terminals A POINT Guard Safety Input Module POINT Guard Safety Output Module Stratix 2000 Unmanaged Ethernet Switch 1 PowerFlex 750 480V 2 1A
24. kwell Automation Publication SAFETY ATO27D EN E March 2013 Safety Function Zero Speed Safe Limited Speed Safe Direction 2 GuardLogix amp PowerFlex 750 Safe Speed with Guard Locking Safety Function Verification and Validation Checklist continued Safety System Configuration and Wiring Verification Verify that the safe speed drive has been wired and configured in accordance with the Safe Speed Monitor Option Module for PowerFlex 750 Series AC Drives Safety Reference Manual publication 750 RM001 Verify the safety system has been designed in accordance with the GuardLogix System Safety 2 Reference Manuals publication 1756 RM093 for GuardLogix 5560 and Compact GuardLogix publication 1756 RMO099 for GuardLogix 5570 Verify the safety application program has been designed 3 in accordance with the GuardLogix Application Instruction Safety Reference Manual publication 1756 RMO95 Visually inspect the safety system network and I O to 4 verify that they are wired as documented in the schematics Visually inspect the RSLogix 5000 program to verify that 5 safety system network and I O modules are configured as documented Visually inspect the RSLogix 5000 application program to verify suitable safety certified instructions are utilized The logic is readable understandable and testable with the aid of clear comments All input devices are qualified by cycling their respective 7 actuators Monitor the status in the RSLogix
25. lex 750 Safe Speed Monitor Option module is capable of performing multiple safety functions simultaneously In this application note the following functions are used 1 Safe Direction When the safe speed module is configured to monitor the safe direction a shutdown occurs if the motor attempts to rotate in the dangerous direction 2 Safe Limited Speed When Safe Limited Speed has been requested the safe speed module initiates a shutdown if the motor exceeds a pre determined speed the Safe Max Speed When at or below the Safe Limited Speed the door control logic is set to Unlock You must perform a risk assessment to determine the safe maximum speed for the axis 3 Standstill Zero Speed When configured for Safe Stop the safe speed module initiates a safe stop upon deactivation of the SS In inputs Standstill Speed is used to declare motion as stopped The system is at standstill when the speed detected is less than or equal to the configured Standstill Speed When standstill has been reached door control logic is set to Unlock Standstill Position Tolerance defines the position limit in encoder units that is tolerated after standstill has been reached If the position changes by more than the amount specified by the Standstill Position Tolerance after standstill Rockwell Automation Publication SAFETY ATO27D EN E March 2013 6 Safety Function Zero Speed Safe Limited Speed Safe Direction has been reached and the door is u
26. nlocked a fault occurs and the system enters the safe state Safety Function Requirements Limiting and monitoring the speed of a motor to make sure hazardous motion does not exceed a predetermined limit The safe speed limit must be established such that the operator can avoid the hazardous motion Monitoring the direction of the motor guards against hazardous motion The system monitors for Zero Standstill Speed so that the door remains closed and locked until hazardous motion is stopped At such time the safe soeed module unlocks the door by applying power to the guard lock While the door is open the system is monitored to prevent an unexpected start up When the door is closed hazardous motion and power to the motor does not resume until a secondary action start button depressed occurs Faults at the variable speed drive door interlock switch encoder wiring terminals or safety controller will be detected before the next safety demand The safety function meets the requirements for Category 3 Performance Level d Cat 3 PLd per ISO 13849 1 and control reliable operation per ANSI B11 19 Functional Safety Description In this example Safe Limited Speed is requested by placing a demand on a safety input interlock After a user configured delay 3 seconds in this example to reach the safe speed the PowerFlex 750 Safe Speed Monitor Option module begins monitoring the speed and makes sure that the safe speed is not exceeded If
27. nly the input connection x Series m Revision I 12 Electronic Keying Compatible Module Configured By This Controller Input Data Output Data Am Status Combined 5tatuzs Power Cancel Help 14 Close the Module Properties dialog box by clicking OK 15 Repeat steps 10 14 to add the 1734 OB8S safety output module a Name the module OB8S b Choose slot 2 c Select Combined Status Readback Power for Input Status definition Module Definition X Seres lA Hevislan fi zz Electronic Keying Compatible Module Configured By ue Controller input Data Output Data 7 Status Combined Status Readhack Poyer Cancel Help Rockwell Automation Publication SAFETY ATO27D EN E March 2013 16 Safety Function Zero Speed Safe Limited Speed Safe Direction Configure the I O Modules Follow these steps to configure the POINT Guard I O modules 1 In the Controller Organizer right click the 1734 IB8S module and choose Properties 2 Click Test Output and configure the module as shown TO and T1 are used to pulse test the E Stop and keyswitch Bl Module Properties AENT 1 1734 IB85 1 1 mi x General Connection Safety Module Info Input Configuration Test Output 0 Pulse Test em Test Y Used 3 Click Input Configuration and configure the module as shown Inputs 0 1 are the E Stop channels Recall that inputs 0 1 are being sourced from
28. normal safe condition Verify proper machine status indication and RSLogix 5000 safety application program indication Repeat for all guard doors While the system is stopped with the guard door open initiate a Start command The drive should remain de energized for a normal safe condition Verify proper machine status indication and RSLogix 5000 safety application program indication Repeat for all guard doors Initiate a Safe Limited Speed request The drive should energize and run at the predefined safe limited speed Verify proper machine status indication and RSLogix 5000 safety application program indication Initiate a Reset command The drive should remain de T energized Verify proper machine status indication and RSLogix 5000 safety application program indication Rockwell Automation Publication SAFETY AT027D EN E March 2013 Safety Function Zero Speed Safe Limited Speed Safe Direction 29 GuardLogix amp PowerFlex 750 Safe Speed with Guard Locking Safety Function Verification and Validation Checklist continued Abnormal Operation Validation The safety system properly responds to all foreseeable faults with corresponding diagnostics PowerFlex 750 Safe Speed Monitor Option Module SLS Door Monitoring and Lock Input Tests iia Validation Pass Fail Changes Modifications While the system is running remove the Door Monitor Channel 1 wire from the safe speed SLS module The drive should de energize Verify p
29. ogix 5000 safety application program indication Restore Channel 1 and repeat for Channel 2 While the system is running short Channels 1 and 2 SS Input of the safe speed SLS module The drive should de energize Attempt a Reset command The system should not restart or reset Verify proper machine status indication and RSLogix 5000 safety application program indication Restore Channel 1 and 2 wiring While the system is running remove Channel 1 SLS Input from the safe speed SLS module The drive should de energize Attempt a Reset command The 6 system should not restart or reset Verify proper machine status indication and RSLogix 5000 safety application program indication Restore Channel 1 and repeat for Channel 2 While the system is running short Channel 1 SLS Input of the safe speed SLS module to 24V DC The drive should de energize Attempt a Reset command The 7 system should not restart or reset Verify proper machine status indication and RSLogix 5000 safety application program indication Restore Channel 1 and repeat for Channel 2 Rockwell Automation Publication SAFETY ATO27D EN E March 2013 32 Safety Function Zero Speed Safe Limited Speed Safe Direction GuardLogix amp PowerFlex 750 Safe Speed with Guard Locking Safety Function Verification and Validation Checklist continued 10 11 12 PowerFlex 750 Safe Speed Monitor Option Module SS and SLS Control and Lock Output Tests ius Valida
30. one 7 Slat D Safety Partner Slot imtemals Create In EARS Logis SOOO Projects Browse 2 Inthe Controller Organizer add the 1768 ENBT module to the 1768 bus Oh ccm ee 2 Trends EX I O Configuration asini 1768 Bus LM A New Module oa atl irt Paste Crit Print d Rockwell Automation Publication SAFETY AT027D EN E March 2013 Safety Function Zero Speed Safe Limited Speed Safe Direction 11 3 Select the 1768 ENBT module and click OK Select Module El Communications i a 1768 ControlNet Bridge Allen Bradley Toe ContralMet Bridge Redundant Mediz Allen Bragie 1768 10 100 Mbps Ethernet Bridge Twisted Pair Media Allen Bradley bo 1U 1UU Mbps Ethernet bridge w tnnanced Web serv Allen bradie y E Motion H Other Find Add Favorite By Category Favorites OF Cancel Help Z 4 Name the module type its IP address and click OK We used 192 168 1 8 for this application example Yours may be different New Module E x Type 1rB58 EMBT 4 1768 10 100 Mbps Ethernet Bridge Twisted Par Media Vendor Allen Bradley Parent nics T Address Host pem rl C Host Name Slot Revision NE i B Electronic Keping Compatible Keying vw Open Module Properties Cancel Help o Add the 1734 AENT adapter by right clicking the 1768 ENBT module in the Controller Organizer and choosing New Module il el l el we I O Configuration E
31. peed SLS module The drive should de energize Attempt a Reset command The system should not restart or reset Verify proper machine status indication and RSLogix 5000 safety application program indication Restore wiring Rockwell Automation Publication SAFETY ATO27D EN E March 2013 33 Additional Resources For more information about the products used in this application refer to these resources Resource Compact GuardLogix Controllers User Manual publication 1768 UM002 POINT Guard I O Safety Modules Installation and User Manual publication 1734 UM013 GuardLogix 5560 Controller Systems Safety Reference Manual publication 1756 RM093 GuardLogix 5570 Controller oystems Safety Reference Manual publication 1756 RMO099 GuardLogix Safety Application Instruction Set Reference Manual publication 1756 RM095 oafety Accelerator Toolkit for GuardLogix Systems Quick Start Guide publication IASIMP QS005 Description Provides information on configuring operating and maintaining Compact GuardLogix controllers Provides information on installing configuring and operating POINT Guard I O modules Provides detailed requirements for achieving and maintaining safety ratings with the GuardLogix 5560 and Compact GuardLogix controller systems Provides detailed requirements for achieving and maintaining safety ratings with the GuardLogix 5570 controller systems Provides detailed information on the GuardLogi
32. roper machine status 1 indication and RSLogix 5000 safety application program indication Verify that the drive is unable to reset and restart with a fault Restore Channel 1 and repeat for Channel 2 While the system is running short the Door Monitor Channel 1 of the safe speed SLS module to 24V DC The drive should de energize Verify proper machine 2 status indication and RSLogix 5000 safety application program indication Verify that the drive is unable to reset and restart with a fault Restore Channel 1 and repeat for Channel 2 While the system is running short the Door Monitor Channel 1 of the safe speed SLS module to OV DC The drive should de energize Verify proper machine 3 status indication and RSLogix 5000 safety application program indication Verify that the drive is unable to reset and restart with a fault Restore Channel 1 and repeat for Channel 2 While the system is running short the Door Monitor Channels 1 and 2 of the safe speed SLS module The drive should de energize Verify proper machine status 4 indication and RSLogix 5000 safety application program indication Verify that the drive is unable to reset and restart with a fault Restore Channel 1 and Channel 2 wiring While the system is running short Channel 1 to Test Source 1 of the safe speed SLS module Open the guard door The drive should de energize Verify proper 5 machine status indication and RSLogix 5000 safety application program ind
33. stallation Rockwell Automation Inc cannot assume responsibility or liability for actual use based on the examples and diagrams No patent liability is assumed by Rockwell Automation Inc with respect to use of information circuits equipment or software described in this manual Reproduction of the contents of this manual in whole or in part without written permission of Rockwell Automation Inc is prohibited Throughout this manual when necessary we use notes to make you aware of safety considerations WARNING Identifies information about practices or circumstances that can cause an explosion in a hazardous environment which may lead to personal injury or death property damage or economic loss IMPORTANT Identifies information that is critical for successful application and understanding of the product ATTENTION Identifies information about practices or circumstances that can lead to personal injury or death property damage or economic loss Attentions help you identify a hazard avoid a hazard and recognize the consequence SHOCK HAZARD Labels may be on or inside the equipment for example a drive or motor to alert people that dangerous voltage may be present BURN HAZARD Labels may be on or inside the equipment for example a drive or motor to alert people that surfaces may reach dangerous temperatures Rockwell Automation Publication SAFETY ATO27D EN E March 2013 Safety Function Zero Spee
34. t call for a minimum Performance Level of PLd and a minimum structure of Cat 3 A PFHd of less than 1 0E 06 for the overall safety function is one of the requirements for PLd The measures against Common Cause Failure CCF are quantified using the scoring process outlined in Annex F of ISO 13849 1 For the purposes of the PL calculation the required score of 65 needed to fulfill the CCF requirement is considered to be met The complete CCF scoring process must be performed when implementing this example Calculations are based on one operation of the Safe Stop per hour therefore 8760 operations per year The individual subsystem values are shown below Zero Speed Safety function W IFA Documentation PLr PL Subsystems 2 Library Name P PFH i h CCFscoe DCavg z MrTFd a Category Requirements of the category POINT Guard I 0 1734 885 1 34E 10 nor nar Por eise or essa 4 fulfilled New POINT Guard 1 0 1734 0B8S E 1 38E 10 Y RV nev niea Y niea Safety PLC Compact GuardLogix 1768 2 1E 10 vr RHR Po feit Y nS fulfilled i c TLS3 GD2 Interlock Switch 2 47E 8 65 fulfilled 33 High 100 High fulfilled 3B Dele Emergency Stop Button 2 47E 8 65 fulfilled 33 High 100 High fulfilled reddas AC Drive PowerFlex 755 Safe Speed M 2 77E fulfilled fulfilled Incremental Encoders 3 54E 7 65 fulfilled 33 High 10 Medium fulfilled Rockwell Automation Publication SAFETY ATO27D EN E March 2013 22 Saf
35. test outputs 0 1 Inputs 2 3 are the keyswitch channels They are also being sourced from test outputs 0 1 Single is used because the discrepancy time diagnostic is done in the Dual Channel Input Stop DCS safety instruction in the controller Inputs 4 5 are the reset buttons Inputs 6 7 are wired to the safe speed module for Safe Stop SS and Safe Limited Speed SLS feedback Bl Module Properties AENT 1 1734 IB85 1 1 General Connection Safety Module Info Input Configuration Test Output Point Point Operation ae Input Delay Time ms Delay Time ma e Point Discrepancy Point Mode Source EN Single Pulse Test o0 m Pulse Test w 1 l Single E Safety Pulse Test n Safety Pulse Test v 0 nj 0 og NI D os Single Safety Nee xO SO Safety WEE O_O 0 E x os x pes Input Error Latch Time 100024 m Status Offline Cancel Apply Help 4 Click OK 5 In the Controller Organizer right click the 1734 OB8S module and choose Properties Rockwell Automation Publication SAFETY ATO27D EN E March 2013 Safety Function Zero Speed Safe Limited Speed Safe Direction 17 6 Click Output Configuration and configure the module as shown Outputs 0 1 are controlling the Safe Stop inputs on the safe speed module Outputs 4 5 are controlling the Safe Limited Speed inputs on the PowerFlex 755 drive All four of these outputs are configured for pulse testing Output 7 is driving the
36. tion Pass Fail Changes Modifications While the system is running short Channel 1 SLS Input of the safe speed SLS module to OV DC The drive should de energize Attempt a Reset command The system should not restart or reset Verify proper machine status indication and RSLogix 5000 safety application program indication Restore Channel 1 and repeat for Channel 2 While the system is running short Channels 1 amp 2 SLS Input of the safe speed SLS module The Drive should de energize Attempt a Reset command The system should not restart or reset Verify proper machine status indication and RSLogix 5000 safety application program indication Restore Channel 1 and Channel 2 wiring While the system is stopped remove the safety output to the door lock solenoid The door should remain locked and the drive should remain de energized Verify proper machine status indication and RSLogix 5000 safety application program indication PowerFlex 750 Safe Speed Monitor Option Module SS and SLS Control and Lock Output Tests nh Validation Pass Fail Changes Modifications While the system is running remove the SS Output status of the safe speed SLS module The drive should de energize Attempt a Reset command The system should not restart or reset Verify proper machine status indication and RSLogix 5000 safety application program indication Restore wiring While the system is running remove the SLS Output status of the safe s
37. used in hardware development are deployed Faults created through poor software development processes and procedures are systemic in nature rather than faults associated with hardware which are considered to be random Prior to validating the GuardLogix Safety System confirm that the safety system and safety application program has been designed in accordance with the GuardLogix system Safety reference manuals publication 1756 RM093 for GuardLogix 5560 and Compact GuardLogix and publication 1756 RMO099 for GuardLogix 5570 controllers and the GuardLogix Application Instruction Safety Reference Manual publication 1756 RMO095 Rockwell Automation Publication SAFETY ATO27D EN E March 2013 26 Safety Function Zero Speed Safe Limited Speed Safe Direction GuardLogix amp PowerFlex 750 Safe Speed with Guard Locking Safety Function Verification and Validation Checklist General Machinery Information Machine Name Model Number Machine Serial Number Customer Name Test Date Tester Name s ochematic Drawing Number 20 750 S1 Configuration Signature ID Controller Name RSLogix 5000 Safety Signature ID Safety Network Number s RSLogix 5000 Software Version Safety Control System Modules GuardLogix System Modules Firmware Version GuardLogix Safety Controller 1768 L43S CompactLogix Ethernet Bridge 1768 ENBT POINT I O Ethernet Adapter 1734 AENT POINT Guard l O Input Modules 1734 IB8S POINT Guard I O Output Modules 1734 OB8S Roc
38. uttons and the feedback circuits are all wired to the 1734 IB8S module in this example This is not required for functional safety These inputs could be wired to a standard input module Rockwell Automation Publication SAFETY ATO27D EN E March 2013 Safety Function Zero Speed Safe Limited Speed Safe Direction 9 Electrical Schematic 24V DC Safety Reset Fault Reset PowerFlex 755 drive standard wiring not shown Pulse Outputs SS Inputs SLS Inputs Enable Inputs Solenoid Lock Status Door Status PowerFlex 750 Safe Speed Monitor Option S1 SS Output Reset SLS Output COM COM oo COM COM 1734 OB8S 24V DC COMMON Rockwell Automation Publication SAFETY ATO27D EN E March 2013 10 Safety Function Zero Speed Safe Limited Speed Safe Direction Configuration The Compact GuardLogix controller is configured by using RSLogix 5000 version 17 or later You must create a new project and add the I O modules Then configure the I O modules for the correct input and output types A detailed description of each step is beyond the scope of this document Knowledge of the RSLogix programming environment is assumed Configure the Controller and Add I O Modules Follow these steps 1 In RSLogix 5000 software create a new project x Vendor Allen Bradley Type 1768 L5 L ompactlagix53435 Safety Controller OF Revision fis Cancel Redundancy Enabled Help Description P M ame hassig Type h
39. x Safety Application Instruction Set Provides a step by step guide to using the design programming and diagnostic tolls in the Safety Accelerator Toolkit Safety Products Catalog You can view or download publications at http www rockwellautomation com literature To order paper copies of technical documentation contact your local Allen Bradley distributor or Rockwell Automation sales representative For More Information on Safety Function Capabilities visit discover rockwellautomation com safety Rockwell Automation Allen Bradley GuardLogix RSLogix 5000 CompactLogix Stratix 2000 POINT Guard I O and Rockwell Software are trademarks of Rockwell Automation Inc Trademarks not belonging to Rockwell Automation are property of their respective companies www rockwellautomation com Power Control and Information Solutions Headquarters Americas Rockwell Automation 1201 South Second Street Milwaukee WI 53204 2496 USA Tel 1 414 382 2000 Fax 1 414 382 4444 Europe Middle East Africa Rockwell Automation NV Pegasus Park De Kleetlaan 12a 1831 Diegem Belgium Tel 32 2 663 0600 Fax 32 2 663 0640 Asia Pacific Rockwell Automation Level 14 Core F Cyberport 3 100 Cyberport Road Hong Kong Tel 852 2887 4788 Fax 852 2508 1846 Publication SAFETY AT027D EN E March 2013 Supersedes Publication SAFETY AT027C EN E January 2013 Copyright 2013 Rockwell Automation Inc All rights reserved Printed in
Download Pdf Manuals
Related Search