7.3. Funzione Safe Torque Off
The Safe Torque Off safety function of the DR2020 has been validated according to the SIL 3 safety integrity level
as defined in the CEI EN 61800-5-2: 2008 product standard proving that:
the chance for dangerous failures per hour (PFHd) is 9 x 10 -10 hours-1 (see 7.3.1 / 2).
The validation of the function and the related STO circuit provide for the use of two different types of monitoring:
the first consists of a normally closed electrical contact (hereinafter referred to as "Hardware Feedback"), the
second one identified by a binary type digital signal ( hereinafter referred to as "Software Feedback") defined by
the IEC61800-7-201 standard, CIA 402, Object 60FD (digital inputs), bit 3.
Compliance with the UNI EN ISO 13849-1: 2008 has also been verified using the PFHd calculated with reference to
the CEI EN 61800-5-2: 2008 standard. According to this standard, the STO function respects the performance level
(PL) "and"(see 7.3.1).
The STO function is located in a subsystem as defined by the CEI EN 62061: 2005 standard, with a SIL limit
required SILCL3.
The DR2020 STO safety function can also be used to safely stop injection molding machines, interlocked guards in
the mold area and other less dangerous areas in compliance with the UNI EN 201: 2010 standard.
7.3.1. CHARACTERISTIC VALUES ACCORDING TO UNI EN ISO 13849-1
•
“Hardware Feedback” Characteristic values according to UNI EN ISO 13849-1
•
“Software Feedback” Characteristic values according to UNI EN ISO 13849-1
Value
Observation
Performance level
PL e
Category
4
External subsystems must be able to perform
diagnostics at the same time as or before the
subsequent safety function request, for example
immediately when turned on, or at the end of a machine
operating cycle.
MTTFd
> 100 years
According to UNI EN ISO 13849-1, a maximum value of
100 years may be considered.
Coverage of diagnostics
DC=99%
External systems that perform diagnostics must use
technologies that can provide a DC
≥
99%
Duration
20 years
Replace the drive
Repair time
8 hours
Diagnostic test interval
maximum 8 hours
See also observations relative to the category
Value
Observation
Performance level
PL e
Category
4
External subsystems must be able to perform
diagnostics at the same time as or before the
subsequent safety function request, for example
immediately when turned on, or at the end of a machine
operating cycle.
MTTFd
> 100 years
According to UNI EN ISO 13849-1, a maximum value of
100 years may be considered.
Coverage of diagnostics
DC=99%
External systems that perform diagnostics must use
technologies that can provide a DC
≥
99%
Duration
20 years
Replace the drive
Repair time
8 hours
Diagnostic test interval
maximum 8 hours
See also observations relative to the category
DR2020
MAR2-E-191
83