TwinSAFE System Description
EL6910
11
Version: 1.8.0
2
TwinSAFE System Description
2.1
Extension of the Beckhoff I/O system with safety
functions
The TwinSAFE products from Beckhoff enable convenient expansion of the Beckhoff I/O system with safety
components, and integration of all the cabling for the safety circuit within the existing fieldbus cable. Safe
signals can be mixed with standard signals as required. The transfer of safety-related TwinSAFE telegrams
is handled by the standard controller. Maintenance is simplified significantly thanks to faster diagnosis and
simple replacement of components.
The following basic functionalities are included in the TwinSAFE components:
digital inputs (e.g. EL19xx, EP1908), digital outputs (e.g. EL29xx), drive components (e.g. AX5805) and logic
units (e.g. EL6900, EL6910). For a large number of applications, the complete safety sensor and actuator
technology can be wired on these components. The required logical link of the inputs and the outputs is
handled by the EL69xx. In addition to Boolean operations, the EL6910 now also enables analog operations.
2.2
Safety concept
TwinSAFE: Safety and I/O technology in one system
• Extension of the familiar Beckhoff I/O system with TwinSAFE components
• Safe and non-safe components can be combined as required
• Logical link of the I/Os in the EL69xx TwinSAFE logic terminal
• Suitable for applications up to SIL 3 according to EN 61508:2010 and Cat 4, PL e according to
DIN EN ISO 13849-1:2016-06
• Safety-relevant networking of machines via bus systems
• In the event of an error, all TwinSAFE components always switch to the wattless and therefore safe
state
• No safety requirements for the higher-level standard TwinCAT system
Safety over EtherCAT protocol (FSoE)
• Transfer of safety-relevant data via any media (“genuine black channel”)
• TwinSAFE communication via fieldbus systems such as EtherCAT, Lightbus, PROFIBUS, PROFINET
or Ethernet
• IEC 61508:2010 SIL 3 compliant
• FSoE is IEC standard (IEC 61784-3-12) and ETG standard (ETG.5100)
Fail-safe principle (fail stop)
The basic rule for a safety system such as TwinSAFE is that failure of a part, a system component or the
overall system must never lead to a dangerous condition. The safe state is always the switched off and
wattless state.
CAUTION
Safe state
For all TwinSAFE components the safe state is always the switched-off, wattless state.
Summary of Contents for TwinSAFE EL6910
Page 1: ...Operation Manual for EL6910 TwinSAFE Logic Terminal 1 8 0 2019 01 09 Version Date...
Page 2: ......
Page 69: ...Operation EL6910 69 Version 1 8 0 Fig 73 The Safety Project Online View tab...
Page 136: ...Appendix EL6910 136 Version 1 8 0 5 2 Certificates...
Page 137: ...Appendix EL6910 137 Version 1 8 0...