Page 183
EMERGENCY OFF / EMERGENCY STOP – terminology and standards
In accordance with a danger analysis / risk assessment following the machinery directive 98/37/EC, EN
ISO 12100, EN 954-1, and EN 1050, the machine manufacturer has to plan the safety system for the
entire machine whilst taking into account all the integrated components. Among these are also electric
drives. The standstill of the machine has to be initiated and ensured by the control system of the
machine. This applies particularly to vertical axes without a self-locking mechanism or weight
compensation.
The standard EN 954-1 subdivides the requirements placed on control systems into five categories
graduated according to the level of risk (see Table 10).
Table 39: Description of the requirements to be met for the categories in accordance with EN
954-1
Category
1)
Summary of requirements
System behavior
2)
Principles to achieve
safety
B
Safety-related parts of control systems and/or
their protective equipments, as well as their
components, shall be designed, constructed,
selected, assembled and combined in
accordance with relevant standards to that
they can withstand the expected influence.
The occurrence of a fault can lead to the
loss of the safety function.
Mainly characterized by
selection of
components.
1
The requirements of category B shall apply.
Well-tried components and well-tried safety
principles shall be used.
The occurrence of a fault can lead to the
loss of the safety function but the
probability of occurrence is lower than for
category B.
2
The requirements of category B and the use of
well-tried safety principles shall apply. The
safety function must be checked at suitable
intervals by the control system of the
machine.
The occurrence of a fault can lead to the
loss of the safety function between the
checks.
The loss of a safety function is detected
by the checks.
Mainly characterized by
structure
3
The requirements of category B and the use of
well-tried safety principles shall apply.
Safety-relevant parts must fulfill the following
requirements:
- It must be ensured that a single fault in any
of the parts does not lead to a loss of the
safety function.
- The single fault is detected whenever this is
reasonably practical.
When a single fault occurs, the safety
function is always performed.
Some but not all faults will be detected.
Accumulation of undetected faults can
lead to the loss of the safety function.
4
The requirements of category B and the use of
well-tried safety principles shall apply.
Safety-relevant parts must have a redundant
design; permanent self-checking; complete
fault detection!
When faults occur, the safety function is
always performed.
Faults will be detected in time to prevent
the loss of the safety function.
1)
The categories are not intended to be used in any given order or in any given hierarchy in respect of
safety requirements.
2)
The risk assessment will indicate whether the total or partial loss of the safety function(s) arising from
faults is acceptable.
User Manual DUET_FL „DUET_FL 48/10“
Version 1.1 Motor Power Company
Summary of Contents for DUET_FL 48/10
Page 3: ...ber dieses Handbuch Page 3...
Page 4: ...Page 4 User Manual DUET_FL DUET_FL 48 10 Version 1 1 Motor Power Company...
Page 12: ...Page 12 List of Figures User Manual DUET_FL DUET_FL 48 10 Version 1 1 Motor Power Company...
Page 15: ...Page 15 List of Tables User Manual DUET_FL DUET_FL 48 10 Version 1 1 Motor Power Company...
Page 76: ...Page 76 User Manual DUET_FL DUET_FL 48 10 Version 1 1 Motor Power Company...
Page 196: ...Page 196 User Manual DUET_FL DUET_FL 48 10 Version 1 1 Motor Power Company...