Functional safety
328
9.
FUN
C
TI
ON
AL SAFET
Y
Residual risks
Ref.1912
DDS
HARDWARE
· 320 ·
9.6 Residual risks
Machine risk assessment and reduction
The machine manufacturer should conduct an assessment of the machine
risks and take measures to reduce them to a safe level. Finally, a residual risk
in the machine will remain. See EN ISO 13849-1, section 4.2 Strategy to
reduce risk.
The risk assessment should take into account the conventional residual risks
of the drive and those specific for the safety functions of the drive described
in the following item.
Residual risks of the drive safety functions
Simultaneous failure of two IGBT’s
When STO is active, simultaneous failure of two IGBT’s (one on the top and
the other on the bottom of the output stage) can cause the axis to move for
an instant (< 180 electrical degrees). If accessing the machine while it is
stopped is risky (according to risk analysis), take the necessary measures.
Uncompensated forces on a vertical axis
Even if the motor is stopped, there may be external forces onto the motor (e.g.
uncompensated forces on a vertical axis) that could cause a risk when STO
is applied. In this case, additional protection measures are required against
axis drop (e.g. a holding brake FAGOR’S FKM motors contain the integrated
holding brake option). A risk analysis of the machine will determine whether
this measure is needed or not.
STO while the motor is moving
Demanding STO while the motor is moving causes the motor to stop only by
friction. A risk analysis of the machine will determine whether an external
stopping brake is needed to stop the motor.
SS1-t
The decelerating of the SS1-t stop in
is not monitored and if it fails,
the STO would not be activated until after the time configured in the safety
controller. An analysis of the machine risks will determine whether SS1-t is
appropriate for the application.
Holding brake control
The examples in section
do not consider the case
in which a holding brake is required. If required, its control must reach the PL
required by the risk analysis in aspects such as architecture, diagnostics, fault
exclusion, residual risks, ...
Holding brake monitoring
If the holding brake is closed inadvertently due to an error and the motor torque
remains enabled, the brake could suffer some damage. A risk analysis on the
machine will determine whether a diagnosis must be performed or not.
Failures in the holding brake
If the risk analysis requires it, subject the holding brake to regular tests to
detect these failures.
PFH. Probability of failure per hour
As a result of possible random hardware failures in any electronic system, an
additional residual risk whose probability is PFH appears.
Electrical risk of the drive
See
at the beginning of this manual.
DANGER.
The holding brake integrated into the motor should not be used to stop the
machine because using it repeatedly could damage the brake.
NOTE.
Usually the holding brake is not redundant. Therefore, that part of
the system is not 1oo2.
Summary of Contents for DDS Series
Page 1: ...DRIVE DDS Hardware manual Ref 1912...
Page 6: ...6 Ref 1912 DDS HARDWARE 6 I This page intentionally left blank...
Page 9: ......
Page 10: ......
Page 11: ......
Page 12: ......
Page 16: ...Ref 1912 DDS HARDWARE 16...
Page 20: ...Ref 1912 DDS HARDWARE 20...
Page 179: ...3 Drives Ref 1912 179 DDS HARDWARE...
Page 180: ...3 Drives Ref 1912 DDS HARDWARE 180...
Page 200: ...4 AUXILIARY MODULES Auxiliary modules Ref 1912 DDS HARDWARE 200...
Page 260: ...7 Cables Ref 1912 DDS HARDWARE 260...
Page 397: ...Sales models 12 Ref 1912 397 DDS HARDWARE 12 9 Order example F H12 21 Order example...
Page 404: ...13 Compatibility Ref 1912 DDS HARDWARE 404...
Page 405: ......