Home

Safety Function: Door Monitoring, SAFETY

1. OUTPUT FE a L Zaum m F o g 1 l I i 1 l l i i 1 l I i Trojan 5 I l E i Channel 1 1 l I i l 1 l i l I l trojans I i FE l l I 1 I i Trojan 5 I l l Channel 2 1 l l 1 l I i I I I l 1 l l i i 1 l I i J D a a i l A e o e ak ee et ee l The door monitoring safety function subsystem values are shown below Boase Safety function W IFA Documentation Pr PL Subsystems Projects 4 PR GSR PF525 SFAE WSF E Stop Safety Function 4 5F Door Monitoring Safety Function VSB Trojan a Library G Status Type Name PL PFH 1 h CCF score DCavg P lt MTTFd a Category Requirements of the category dhe reptans GSR DI SB Trojan 2 47E 8 65 fulfilled 99 High 100 High 3 fulfilled SB AC Drive needa ae SafeTorque Off fa New 5B Trojan Fault Exclusion 0 ot reievant t relevant ot relevant 3 fulfilled Monitoring Safety Relay GSR DI e 4 35E 9 t t t 4 fulfilled j t t t aint 3 SB AC Drive PowerFlex 525 with SafeTorque Off d 8 13E 10 fulfilled 464 tA w lt j tan The Trojan 5 switch is a mechanical device therefore the expected number of times it is operated each year is used in the calculation of its MTTFd In this application technique it is expected that the Trojan 5 switch is operated once an hour 24 hours a day 365 days a year for a total of 8760 times a year The Trojan 5 switch can be used in either PLe or CAT 4 systems But in general to
2. The GSR DI is more of an electronic device and as such is assumed to have an extremely long MTTFd Therefore the expected number of operations each year is not part of the calculation of its Performance Level SE Monitoring Safety Relay GSR DI Rockwell Automation Publication SAFETY AT126A EN P January 2014 Safety Function Door Monitoring 11 Likewise the PowerFlex 525 drive is regarded as an electronic device Therefore the expected number of operations each year is not part of the calculation of its Performance Level EE AC Drive PowerFlex 525 with SafeTorque Off While the PowerFlex 525 drive has an excellent probability of failure per hour PFH it achieves a Category 3 Performance Level d CAT 3 PLd due largely to its DCavg of 62 5 PFD and PFH for 20 year Proof Test Interval wo fes The attribute values above include both ISO 13849 1 and IEC 62061 values The two standards are closely related We refer to ISO 13849 1 values and calculations in this document Door Monitoring Safety Function H X Olas e 4 h Projects 4 PR GSR PF525 SFAE ee SF Door Monitoring Safety Function Door Monitoring Safety Function PLr dd PL fd PFH 1 3 46E Rockwell Automation Publication SAFETY AT126A EN P January 2014 12 safety Function Door Monitoring The door monitoring safety function can be modeled as shown below FAULT INPUT EXCLUSION LOGIC
3. 20 Safety Function Door Monitorin Test Step Door Monitoring Safety Function Verification and Validation Checklist continued Safety Output PowerFlex 525 Drive Tests Verification and Validation Power up the safety system Confirm that the E stop is released and the gate is closed Press and release the Reset button to start reset the GSR DI Press the Start button The motor starts While the motor is running remove the wire from terminal 14 of the GSR DI The GSR DI does not trip The drive trips and the motor stops Reconnect the wire to terminal 14 The drive does not start Press the Start button The drive does not start Power down the drive then power it back up Once the drive is fully up press the Start button The motor starts While the motor is running remove the wire from terminal 24 of the GSR DI The GSR DI does not trip The drive trips and the motor stops Reconnect the wire to terminal 24 The drive does not start Press the Start button The drive does not start Power down the drive then power it back up Once the drive is fully up press the Start button The motor starts Pass Fail Changes Modifications Rockwell Automation Publication SAFETY AT126A EN P January 2014 Safety Function Door Monitoring 21 Additional Resources These publications contain additional information concerning related products from Rockwell Automation Resource Guardmaster Safety Relay D
4. 5 tongue switch but the concept is applicable to any dual channel electro mechanical device with at least two N C contacts The SISTEMA calculations shown later in this document must be re calculated by using data for the actual products used Rockwell Automation Publication SAFETY AT126A EN P January 2014 4 safety Function Door Monitoring Safety Function Realization Risk Assessment The required performance level is the result of a risk assessment and refers to the amount of the risk reduction to be carried out by the safety related parts of the control system Part of the risk reduction process is to determine the safety functions of the machine In this application the performance level required PLr by the risk assessment is Category 3 Performance Level d CAT 3 PLd for each safety function A safety system that achieves CAT 3 PLd or higher can be considered control reliable Each safety product has its own rating and can be combined to create a safety function that meets or exceeds the PLr From Risk Assessment ISO 12100 1 Identification of safety functions 2 Specification of characteristics of each function 3 Determination of required PL PLr for each safety function To Realization and PL Evaluation Ms Door Monitoring Safety Function Part of the risk reduction process is to determine the safety functions included in the safety project This safety project has two safety functions e Removal of po
5. P January 2014 18 Safety Function Door Monitorin Test Step iN O1 Door Monitoring Safety Function Verification and Validation Checklist continued Trojan Input Tests GSR DI Verification and Validation Pass Fail Changes Modifications Remove the Trojan input wire at terminal S32 of the GSR DI The GSR DI immediately trips de energizing the safety contactors and the motor coasts to a stop The IN2 and OUT status indicators turn OFF Reconnect the wire to S32 The GSR DI does not respond Press and release the Reset button The GSR DI does not respond Open and close the gate The PWR Fault IN1 and IN2 status indicators are green ON The OUT status indicator is blinking green Press and release the Reset button The OUT status indicator turns steady green Jump the Trojan input wire at terminal S11 to terminal S32 of the GSR DI The GSR DI does not respond Open the gate The GSR DI immediately trips The IN2 and OUT status indicators turn OFF Close the gate Press and release the Reset button The GSR DI does not respond Remove the jumper from S11 to S32 Open and close the gate The IN2 status indicator is ON and the OUT status indicator is blinking Press and release the Reset button The OUT status indicator is steady ON Repeat steps 1 7 to test Trojan channel 2 Use S21 in place of S11 and S42 in place of S32 Briefly short the Trojan input wire at terminal S32 of the GSR DI to 24
6. Press and release the Reset button The OUT status indicator 9 of the Guardmaster dual input safety relay GSR DI turns steady green ON The motor does not start 10 Press the drive Start button to start the motor The motor starts Press the drive Stop button to stop the motor The motor coasts to a stop The safety relay does not trip 12 Press the Start button to start the motor Rockwell Automation Publication SAFETY AT126A EN P January 2014 Safety Function Door Monitorin 15 Test Step 2 22 Door Monitoring Safety Function Verification and Validation Checklist continued Normal Operation Verification The safety system properly responds to all normal Start Stop Reset E stop and Trojan switch inputs continued Press the E stop button The safety system trips and the IN and OUT status indicators turn OFF The IN2 status indicator remains ON The motor coasts to a stop Do not release the E stop button Press and release the Reset button The IN1 and OUT status indicators of the GSR DI remains OFF The motor does not Start Release the E stop button The IN1 status indicator turns ON and the OUT status indicator blinks The motor does not start Press and release the Reset button The OUT status indicator of the GSR DI turns steady green ON The motor does not Start Press the Start button to start the motor Open the gate The safety system trips The IN2 and OUT status indic
7. and release the Reset button The OUT status indicator is steady ON Press the Start button The motor starts to run This step is skipped in the following tests O1 oO While the motor is running jump the E stop input wire at 4 terminal S11 to terminal S12 of the GSR DI The GSR DI does not trip Press the E stop button The GSR DI immediately trips and the IN1 and OUT status indicators turn OFF Release the E stop button Press and release the Reset button The GSR DI does not respond Remove the jumper from S11 to S12 Press and release the E stop The IN1 status indicator is ON and the OUT status indicator is blinking Press and release the Reset button The OUT status indicator is steady ON Repeat steps 1 7 to test E stop channel 2 Use S271 in place of S11 and S22 in place of 12 Briefly short the E stop input wire at terminal S12 of the GSR DI to 24V DC The GSR DI immediately trips The PWR Fault status indicator is steady red All other status indicators are OFF 11 Press and release the Reset button The GSR DI does not ue respond Cycle power to the GSR DI Confirm that the PWR Fault IN1 13 and IN2 status indicators are green Confirm that the OUT status indicator blinks green Press and release the Reset button The OUT status indicator turns steady green Rockwell Automation Publication SAFETY AT126A EN P January 2014 Safety Function Door Monitorin 17 Door Monitorin
8. I Installation Instructions publication 440R IN037 Guardmaster Safety Relay DI DIS Quick Start Guide publication 440R TGO02 Industrial Automation Wiring and Grounding Guidelines publication 1770 4 1 PowerFlex 525 Adjustable Frequency AC Drive User Manual publication 520 UM001 Global Short Circuit Current Ratings Product Profile publication SCCR PP001 PowerFlex 525 Series AC Drive Specifications publication 520 TD001 Trojan 5 and 6 Installation Instructions publication 440K IN002 Safety Products Catalog publication S117 CA001A Description Provides guidance on installing commissioning operating and maintaining 440R D22R2 Safety Relays Provides guidance on Trouble Shooting 440R D22R2 Safety Relay installations Provides general guidelines for installing an industrial automation system Provides guidance on installing starting up and troubleshooting the PowerFlex 520 Series Adjustable Frequency AC Drive Provides the SCCR selection Tables for component drive circuits Provides information on the PowerFlex 525 Series AC Drives Provides guidance on installing starting up and troubleshooting the Trojan 5 and 6 switches Provides overview of products product specifications and application examples You can view or download publications at http www rockwellautomation com literature To order paper copies of technical documentation contact your local Allen Bradley distributor or Rockwe
9. USTER THINK SIVE Application Technique Safety Function Door Monitoring Products Trojan 5 Interlock Switch Guardmaster Safety Relay PowerFlex 525 Drive with Safe Torque off Safety Rating CAT 3 PLd to EN ISO 13849 1 2008 Rockwell Allen Bradley Rockwell Software Automation 2 safety Function Door Monitoring Important User Information Read this document and the documents listed in the additional resources section about installation configuration and operation of this equipment before you install configure operate or maintain this product Users are required to familiarize themselves with installation and wiring instructions in addition to requirements of all applicable codes laws and standards Activities including installation adjustments putting into service use assembly disassembly and maintenance are required to be carried out by suitably trained personnel in accordance with applicable code of practice If this equipment is used in a manner not specified by the manufacturer the protection provided by the equipment may be impaired In no event will Rockwell Automation Inc be responsible or liable for indirect or consequential damages resulting from the use or application of this equipment The examples and diagrams in this manual are included solely for illustrative purposes Because of the many variables and requirements associated with any particular installation Rockwell Automation Inc canno
10. V DC The GSR DI immediately trips The PWR Fault status indicator is steady red All other status indicators are OFF Press and release the Reset button The safety system does not respond Cycle power to the GSR DI Confirm that the PWR Fault IN1 and IN2 status indicators are green Confirm that the OUT status indicator blinks green Press and release the Reset button The OUT status indicator turn steady green Briefly short the Trojan input wire at terminal S32 of the GSR DI to OV DC The GSR DI immediately trips The PWR Fault status indicator is steady red All other status indicators are OFF Press and release the Reset button The GSR DI does not respond Rockwell Automation Publication SAFETY AT126A EN P January 2014 Safety Function Door Monitorin 19 Test Step 21 22 23 Test Step Set the rotary switch back to 2 After a moment the PWR Fault status indicator turns steady green Door Monitoring Safety Function Verification and Validation Checklist continued Trojan Input Tests GSR DI continued Verification and Validation Pass Fail Changes Modifications Cycle power to the GSR DI Confirm that the PWR Fault IN1 and IN2 status indicators are green Confirm that the OUT status indicator blinks green Press and release the Reset button The OUT status indicator turns steady green Repeat steps 1 9 to test Trojan input channel 2 Use S42 in place of S32 Briefly shor
11. ase 0 5 HP 0 4 kW normal duty 0 5 HP 0 4 kW heavy duty frame A IP20 NEMA open type no filter 800FP U2E4F3PX11 800F 2 position momentary multifunction rd plastic 1 IP66 4 4x IP65 position A red ext push button position C green flush push button plastic latch mount 1 N O contact 1 N C contact standard standard pack quantity 1 S8OOFP R611PX10 800F reset round plastic type 4 4x 13 IP66 blue 1 R plastic latch mount 1 N O contact 0 N C contacts standard standard pack quantity 1 Rockwell Automation Publication SAFETY AT126A EN P January 2014 6 safety Function Door Monitoring Setup and Wiring For detailed information on installation and wiring refer to the publications listed in the Additional Resources System Overview The Guardmaster dual input safety relay GSR DI monitors the two N C channels of the E stop When the E stop is pressed these two channels open and the GSR DI reacts by de energizing its N O safety contacts removing 24V DC from the drive safe torque off STO inputs The PowerFlex 525 drive turns off its outputs and the motor coasts to a stop The GSR DI monitors the two N C channels of the Trojan 5 switch When the guard gate is opened these two channels open and the GSR DI reacts by de energizing its N O safety contacts removing 24V DC from the drive STO inputs The PowerFlex 525 drive turns off its outputs and the motor coasts to a stop The GSR DI monitors eac
12. ators turn OFF The IN1 status indicator remains ON The motor coasts to a stop Do not close the gate Press and release the Reset button The IN2 and OUT status indicators of the GSR DI remains OFF The motor does not Start Close the gate The IN2 status indicator turns ON The OUT status Indicator blinks The motor does not start Press and release the Reset button The OUT status indicator of the GSR DI turns steady ON The motor does not start Press the Start button to start the motor Pass Fail Changes Modifications Rockwell Automation Publication SAFETY AT126A EN P January 2014 16 Safety Function Door Monitorin Door Monitoring Safety Function Verification and Validation Checklist continued Abnormal Operation Validation The safety relay system properly responds to all foreseeable faults with corresponding diagnostics E stop Input Tests Guardmaster Dual input Safety Relay GSR DI cao Verification and Validation Pass Fail Changes Modifications While the motor is running remove the E stop input wire at terminal S12 of the GSR DI The GSR DI immediately trips de energizing the safety contactors and the motor coasts to a stop The IN1 and OUT status indicators turn OFF Reconnect the wire to S12 The GSR DI does not respond 2 Press and release the Reset button The GSR DI does not respond Cycle the E stop button The IN1 status indicator is ON and the OUT status indicator is blinking Press
13. cccccccececeeecee cece eeeeeceseeeeaeeeseeeseueeseeeseeessneess 4 Safety Function Requirements ccceecceececeeeceeeeceeeceeeeceeeseneeseeeceueesueeseeeesaeesaeesees 4 Functional Safety DESCIIPtiON cccccccceccceeeceececeeeeee cece eeseeeeeeeeeeeesseeeseueesaeeseeeeaneeas 5 POM I ARCS lei n E buspates R anedhieasmeise sunnogunie sesame 5 SCUO AI VV Na reise dress scission a E E E ceaniees 6 OS TAT AOA os eas errs nce pense see ore sess eese pe cigs E eae sees E 8 Calculation of the Performance Level cccccccceccceeceeececeeeeeeeeeeceeeeeeseeeeseeeseeesaneeaes 9 Verification and Validation PI An cccccccccccsecceeceeeeeeeeeeceeeeeeeeseeeseueeseeeseueeseeesseeeaes 13 Additional Resources cccicesciasincinndsuhssnaiiadntumodiesendcensncctwadesesieec eudachndednbeweddnceteedavewdenevenes ses 21 Introduction This safety function application technique explains how to wire configure verify and validate a safety system where a Guardmaster dual input safety relay GSR DI monitors an E stop and a Trojan 5 tongue switch mounted on a gate If the E stop is pressed the gate is opened or a fault is detected in the monitoring circuit the GSR DI de energizes the final control devices in this case the PowerFlex 525 drive via its two safe torque off STO inputs This example uses a GSR DI safety relay but the concept is applicable to any suitable safety relay This example uses an E stop and a Trojan
14. d the Trojan switch have no diagnostic coverage of their own The DCavg in this example is provided by the Guardmaster dual input safety relay GSR DI with its pulse testing technique This DCavg average is 99 as shown in the GSR DI Installation Instructions See the Additional Resources on page 22 EN ISO 13849 1 IEC 61508 IEC 62061 MTEGA PFH R The E stop safety function subsystem values are shown below B New Open E Save Close Project hi Library j Report Help Wizard K What s This ee Safety function V IFA SF E Stop Safety Function Documentation Plr PL Subsystems SF Door Monitoring Safety Function a Library Status Type Name PL PFH l h CCF score DCavg MTTFd a Category Requirements of the category E Stop e 2 47E 8 65 fulfilled 99 High 100 High 4 fulfilled fa New v SB Monitoring Safety Relay GSR DI e 4 35E 9 t ot relevant ot rele 4 v SB AC Drive PowerFlex 525 with SafeTorque Off d 8 13E 10 elevant ot relevant t relevant 3 fulfilled fulfilled The E stop is a mechanical device and as such the expected number of times it is operated each year is used in the calculation of its Mean Time to Failure dangerous MTTFd Calculations are based on the safety function being operated once an hour 24 hours a day 365 days a year for a total of 8760 operations per year EE E Stop EL le PFH 1 2 47E 8 Cat MT Ted 100 High Dava 199 High CCF J65 fulfillect
15. estart of the motor The PowerFlex 525 drive monitors the STO inputs If one input channel applies power or removes power when the other channel does not the PowerFlex 525 drive turns off its output and cannot be run until the fault is corrected The PowerFlex 525 drive must be power cycled and both STO inputs must be in the applied power state before the drive responds to the start restart button Rockwell Automation Publication SAFETY AT126A EN P January 2014 Safety Function Door Monitorin 7 Channel Operation and Verification Drive In Safe State Drive In Drive In Safe Drive Able to Run Safe State State Configured by t105 Fault F111 Fault F111 Ready Run Safety Open En Safety Safety Safety Function Status Drive Status Hardware Hardware Safety Channel Operation Safety Input S1 No Power Applied Power No Power Power Applied Applied Applied Safety Input S2 No Power Applied No Power Power Power Applied Applied Applied Electrical Schematic 24V DC Supply iiiar 756 AZP5N 104 amp 00FP U2E4 FSR 1 a Status To PLC BOO FAH 1 Axo Reset Rockwell Automation Publication SAFETY AT126A EN P January 2014 8 S afety Function Door Monitorin Configuration Configure the Guardmaster Dual input Safety Relay The following procedure sets the function of the device 1 To start configuration overwrite with the power off turn the rotary switch to
16. g Safety Function Verification and Validation Checklist continued Abnormal Operation Validation The safety relay system properly responds to all foreseeable faults with corresponding diagnostics continued E stop Input Tests GSR DI continued He Verification and Validation Pass Fail Changes Modifications Briefly short the E stop input wire at terminal S12 of the GSR DI to OV DC The GSR DI immediately trips The PWR Fault i status indicator is steady red All other status indicators are OFF 15 Press and release the Reset button The GSR DI does not respond Cycle power to the GSR DI Confirm that the PWR Fault IN1 and IN2 status indicators are green Confirm that the OUT status indicator blinks green Press and release the Reset button The OUT status indicator turns steady green 16 Repeat steps 11 16 to test E stop input channel 2 Use 22 Ki in place of S12 Briefly short the E stop terminal S12 to terminal S22 of the GSR DI The GSR DI immediately trips The PWR Fault status indicator is steady red All other status indicators are OFF Press and release the Reset button The GSR DI does NOT respond 21 22 Cycle power to the GSR DI Confirm that the PWR Fault IN1 53 and IN2 status indicators are green Confirm that the OUT status indicator blinks green Press and release the Reset button The OUT status indicator turns steady green Rockwell Automation Publication SAFETY AT126A EN
17. h input channel for a contact failed open loose wire a contact failed closed a channel short to 24V DC supply a channel short to 24V COM and channel to channel shorts When such a fault occurs the GSR DI de energizes its N O safety contacts removing 24V DC from the drive STO inputs The PowerFlex 525 drive turns off its outputs and the motor coasts to a stop A single input channel fault a contact failed open or a contact failed closed is considered a relatively minor fault for example a sticky contact In the case of a single channel fault a successful cycle of that input is where both channels open and close properly the fault clears and the subsequent pressing and releasing of the Reset button energizes the safety outputs which allows a start restart of the motor An input channel short fault is considered to be a major fault An input channel short fault can be an input channel shorted to 24V DC an input channel shorted to OV DC or input channels shorted together When an input channel short fault is detected the GSR DI de energizes it outputs immediately regardless of the state of the input devices In the case of an input channel short fault the GSR DI must first be powered down and the short found and removed Then power is restored to the GSR DI to clear the fault When the E stop is not pressed and the gate is closed subsequent pressing and releasing of the Reset button energizes the safety outputs which allows a start r
18. he Guardmaster dual input safety relay GSR DI reset The N C contacts of the E stop are connected between the GSR DI 11 and 21 pulse test outputs of the GSR DI and the IN1 terminals S12 and S22 of the GSR DI The N C contacts of the Trojan 5 switch are connected between the 11 and 21 pulsed outputs of the GSR DI and the IN2 terminals S32 and S42 of the GSR DI The N O safety outputs of the GSR DI are connected between the 24V DC supply and the safe torque off STO inputs of the PowerFlex 525 drive When all of the safety inputs of the GSR DI are satisfied no faults are detected and the Reset button is pressed and released the N O safety outputs close providing 24V DC to the STO inputs Pressing the PowerFlex 525 drive Start button provides power to the controlled motor and hazardous motion commences Bill of Material This application uses these products Cat No Description Quantity 440K T11090 Tongue switch Trojan 5 contacts safety and aux 1 2 N C 1 N O BBM preference break before make actuator standard model type standard conduit entry M20 conduit 800F 1YP8 800F 1 hole enclosure E stop station plastic pg 1 twist to release 60 mm non illuminated 2 N C 1 N O 440R D22R2 Guardmaster dual input safety relay 2 dual channel 1 universal inputs 2 N O safety outputs 1 N C solid state auxiliary output 25B B2P5N104 PowerFlex 525 AC drive with embedded EtherNet IP 1 and safety 240V AC 3 ph
19. ll Automation sales representative Rockwell Automation Publication SAFETY AT126A EN P January 2014 22 safety Function Door Monitoring For more information on Safety Function Capabilities visit discover rockwellautomation com safety Rockwell Automation Allen Bradley Rockwell Software Guardmaster PowerFlex Trojan and LISTEN THINK SOLVE are trademarks of Rockwell Automation Inc Trademarks not belonging to Rockwell Automation are property of their respective companies www rockwellautomation com Power Control and Information Solutions Headquarters Americas Rockwell Automation 1201 South Second Street Milwaukee WI 53204 2496 USA Tel 1 414 382 2000 Fax 1 414 382 4444 Europe Middle East Africa Rockwell Automation NV Pegasus Park De Kleetlaan 12a 1831 Diegem Belgium Tel 32 2 663 0600 Fax 32 2 663 0640 Asia Pacific Rockwell Automation Level 14 Core F Cyberport 3 100 Cyberport Road Hong Kong Tel 852 2887 4788 Fax 852 2508 1846 Publication SAFETY AT126A EN P January 2014 Copyright 2014 Rockwell Automation Inc All rights reserved Printed in U S A
20. master Safety Relay GSR system confirm that the Guardmaster safety relay has been wired and configured in accordance with the installation instructions Rockwell Automation Publication SAFETY AT126A EN P January 2014 14 safety Function Door Monitoring Door Monitoring Safety Function Verification and Validation Checklist General Machinery Information Machine Name Model Number Machine Serial Number Customer Name Test Date Tester Name s Schematic Drawing Number Guardmaster Safety Relay Model 440R D22R2 PowerFlex Drive 29B B2P5N104 Safety Wiring and Relay Configuration Verification oe Verification Pass Fail Changes Modifications Visually inspect the safety relay circuit to verify that the safety relay circuit is wired as documented in the schematics 2 Visually inspect the safety relays configuration switch settings to verify they are correct as documented Normal Operation Verification The safety system properly responds to all normal Start Stop Reset E stop and Trojan switch inputs pe Verification Pass Fail Changes Modifications 1 Confirm that no one is in the guarded area 2 Confirm the E stop is released 3 Confirm the gate is closed 4 Confirm the motor is stopped 5 Apply power to the safety system 6 Confirm that the motor does not start on powerup Confirm that the PWR Fault IN1 and IN2 status indicators of the GSR DI are green 8 Confirm that the OUT status indicator of the blinks green
21. ocumentation Safety functions 4 PR GSR PF525 SFAE SF E Stop Safety Function SF Door Monitoring Safety Function W IFA E New Status Type v SF Z Edit v SF E stop Safety Function Holas Name E Stop Safety Function Safety related stop function initiated by safeguard d d Door Monitoring Safety Function Safety related stop function initiated by safeguard d d d p Projects 4 PR GSR PF525 SFAE SF Door Monitoring Safety Function Type PLr PL LH E Stop Safety Function Per jd PL jd PEAT 2 98E 8 The E stop safety function can be modeled as shown below E stop Channel 1 E stop Channel 2 Rockwell Automation Publication SAFETY AT126A EN P January 2014 10 safety Function Door Monitoring Some of the data used in the SISTEMA software calculations comes from the Rockwell Automation safety product library Other data must be entered by the user In the case of mechanical devices as in this document the user must enter the Common Cause Failure CCF score the Diagnostic Coverage DCavg the expected number of operations per year and the category achieved by the specific circuit structure employed The CCF score is derived by accumulating points based on good design practices and experience Annex F of ISO 13849 1 covers this scoring process A minimum score of 65 is required to avoid a penalty in the performance level calculation Mechanical devices such as the E stop an
22. position 0 Apply power to the unit After the power up test the PWD status indicator blinks red LOGIC 0 aN 1 J j2 ane Ai 8 4 65 2 To set the configuration turn the rotary switch to position 2 The IN1 status indicator blinks for the new setting Position is set when the PWR status indicator is solid green Lock in the configuration by cycling unit power Confirm the configuration before operation Record the unit setting in the white space on the face of the device LOGIC 2 L12 or IN1 and IN2 LOGIC 0 About Configuring the PowerFlex 525 Drive Configuration of the PowerFlex 525 drive is beyond the intended scope of this application technique Other than configuring the drive to use the local Stop Start button required by this application technique the aspects of the drive configuration relative to performing its particular application tasks are not relevant to this application technique Refer to the drive publications listed in the Additional Resources section for guidance in regard to installing and configuring the drive Rockwell Automation Publication SAFETY AT126A EN P January 2014 Safety Function Door Monitoring 9 Calculation of the Performance Level When properly implemented these safety functions can achieve a safety rating of Category 3 Performance Level d Cat 3 PLd according to EN ISO 13849 1 2008 as calculated by using the SISTEMA software PL calculation tool nalas Project D
23. quirements of the Category The GSR DI values are the same as the E stop safety function The PowerFlex 525 drive values are also the same as in the E stop safety function SE AC Drive PowerFlex 525 with SafeTorque Off Verification and Validation Plan Verification and validation play important roles in the avoidance of faults throughout the safety system design and development process EN ISO 13849 2 sets the requirements for verification and validation The standard calls for a documented plan to confirm all of the safety functional requirements have been met Verification is an analysis of the resulting safety control system The Performance Level PL of the safety control system is calculated to confirm that the system meets the required Performance Level PLr specified The SISTEMA software is typically used to perform the calculations and assist with satisfying the requirements of EN ISO 13849 1 Validation is a functional test of the safety control system to demonstrate that the system meets the specified requirements of the safety function The safety control system is tested to confirm that all of the safety related outputs respond appropriately to their corresponding safety related inputs The functional test includes normal operating conditions in addition to potential fault injection of failure modes A checklist is typically used to document the validation of the safety control system Prior to validating the Guard
24. reach these ratings two Trojan switches would have to be used Because the Performance Level required PLr of this project is CAT 3 PLd the more conservative single Trojan switch CAT 3 approach is appropriate Because the Trojan 5 switch has the same MTTFd and DCavg as the E stop the SISTEMA calculation gives the Trojan 5 switch a PLe rating PFH 1 2 MT ed J100 High DCavag 99 High CCF J65 fulfilled Rockwell Automation Publication SAFETY AT126A EN P January 2014 Safety Function Door Monitoring 13 There is a possibilty of failures related to the single actuation device of the Trojan 5 switch This is addressed by including a Fault Exclusion subsystem Subsystem W IFA Documen tation PL Category TIME 4 PR GSR PF525 SFAE WSF E Stop Safety Function a SF Door Monitoring Safety Function SB Trojan SB Trojan Fault Exclusion Determine PL PFH from Category MTTFd and DCavg SB Monitoring Safety Relay GSR DI SB AC Drive PowerFlex 525 with SafeTorque Off J Performance Level PL e v PFH 1 h 0 Cs raun esauson Documentation reasoning 2 The data given is based on the use of fault exclusion at some single fault mechanical failure points Therefor bsystems intended to achieve Category A 4 PLe or SIL 3 may require the use of two separate devices This is in accordance with the latest ISO Technical Report ISO TR 23849 Enter PL PFH directly manufacturer ensures compliance with the re
25. t for example a motor control center to alert people to potential Arc Flash Arc Flash will cause severe injury or death Wear proper Personal Protective Equipment PPE Follow ALL Regulatory requirements for safe work practices and for Personal Protective Equipment PPE gt gt Pe Rockwell Automation Publication SAFETY AT126A EN P January 2014 Safety Function Door Monitorin 3 General Safety Information Contact Rockwell Automation to find out more about our safety risk assessment services IMPORTANT This application example is for advanced users and assumes that you are trained and experienced in safety system requirements ATTENTION Perform a risk assessment to make sure all task and hazard combinations have been identified and addressed The risk assessment can require additional circuitry to reduce the risk to a tolerable level Safety circuits must take into consideration safety distance calculations which are not part of the scope of this document Table of Contents Important User Information cccccceeccececeeeceeeeeeenseceeeeeeeeeeeteeeteeteeteeeeneeeseeeneeeneees 2 General Safety Information cccccccccseccceeeceececeeeseececeeeeeueeseeeseneeseeessueeseeeseeesaeeeses 3 PC OCC WON e E E E E anvannseratencansqupeasaeneaee 3 Safety Function Realization Risk Assessment cccccceeccseeeceeeeceeeceeeeaeeeseeeeaeeeaes 4 Door Monitoring Safety Function ccc cec
26. t assume responsibility or liability for actual use based on the examples and diagrams No patent liability is assumed by Rockwell Automation Inc with respect to use of information circuits equipment or software described in this manual Reproduction of the contents of this manual in whole or in part without written permission of Rockwell Automation Inc is prohibited Throughout this manual when necessary we use notes to make you aware of safety considerations WARNING Identifies information about practices or circumstances that can cause an explosion in a hazardous environment which may lead to personal injury or death property damage or economic loss ATTENTION Identifies information about practices or circumstances that can lead to personal injury or death property damage or economic loss Attentions help you identify a hazard avoid a hazard and recognize the consequence gt D IMPORTANT Identifies information that is critical for successful application and understanding of the product Labels may also be on or inside the equipment to provide specific precautions SHOCK HAZARD Labels may be on or inside the equipment for example a drive or motor to alert people that dangerous voltage may be present BURN HAZARD Labels may be on or inside the equipment for example a drive or motor to alert people that surfaces may reach dangerous temperatures ARC FLASH HAZARD Labels may be on or inside the equipmen
27. t the Trojan input terminal S32 to terminal S42 of the GSR DI The GSR DI immediately trips The PWR Fault status indicator is steady red All other status indicators are OFF Press and release the Reset button The GSR DI does not respond Cycle power to the GSR DI Confirm that the PWR Fault IN1 and IN2 status indicators are green Confirm that the OUT status indicator blinks green Press and release the Reset button The OUT status indicator turns steady green Logic Switch Setting Tests GSR DI Validation Pass Fail Changes Modifications While the system is running turn the logic rotary switch on the safety relay from the proper 2 to 4 The motor keeps running The PWR Fault status indicator blinks red green twice then remains green and repeats the pattern Press and release the E stop button The system trips and the motor stops The PWR Fault status indicator blinks red green twice then remains green and repeats the pattern The OUT status indicator blinks requesting a Reset Press and release the Reset button The OUT status indicator turns steady green indicating that the GSR DI has reset The PWR Fault status indicator continues to blink red green twice then remains green and repeats the pattern Press the Start button The motor starts and the PWR Fault status indicator continues to blink red green twice then remains green and repeats the pattern Rockwell Automation Publication SAFETY AT126A EN P January 2014
28. wer from the motor when the E stop is pressed e Removal of power from the motor when the gate is opened Safety Function Requirements Pressing the E stop or opening the guard gate stops hazardous motion by removal of power to the motor When the E stop is released and the guard gate is closed power to the motor and hazardous motion does not resume until the safety system is reset and a secondary action Start button is pressed and released occurs Faults at the E stop gate interlock switch wiring terminals or safety controller are detected before the next safety demand The PowerFlex 525 drive monitors itself for input internal and output faults When the PowerFlex 525 drive detects a fault it turns off its output removing power to the motor The fault must be corrected and power to the drive cycled before the drive can be restarted Faults at the safe torque off STO inputs on the PowerFlex 525 drive can go undetected Rockwell Automation Publication SAFETY AT126A EN P January 2014 Safety Function Door Monitoring 5 The safety functions in this application technique each meet or exceed the requirements for Category 3 Performance Level d CAT 3 PLd per EN ISO 13849 1 and control reliable operation per ANSI B11 19 Functional Safety Description Hazardous motion is stopped by pressing the E stop button or opening the guard gate Hazardous motion cannot be resumed until the E stop is released the guard gate closed and t

Safety Function: Door Monitoring, SAFETY

Contents

Download Pdf Manuals

Related Search

Related Contents