3 Functions
3.1 Safety Functions
International standards EN ISO 13850 and EN IEC 60204-1
specify the functional requirements and design principles
of emergency stop devices.
In control systems where there is a risk of equipment
damage or personal injury, safety related parts of control
systems (SRP/CS) are required to minimise the risk. SRP/CS
include the following general components:
Detect
Process
Switch
Sensor
Logic
Actuator
e.g. lightcurtain
e.g. MCB 15x
e.g. FC 302
130BE101.10
Illustration 3.1 Sensor-Logic-Actuator Safety Chain
Safety functions are defined on the basis of both the
application and the hazard. They are often specified in a
Type C standard (a product standard) which provides
precise specifications for special machines. If a C standard
is not available, the machine designer defines the safety
functions. Typical safety functions are described in more
detail in EN ISO 13849-1, section 5,
Specification of Safety
Functions
. The safety functions for frequency converter
systems are described in IEC 61800-5-2.
NOTICE
When designing the machine application, consider
timing and distance for a coast to stop (Stop Category 0
or Safe Torque Off). For more information regarding stop
categories, refer to EN IEC 60204-1.
3.1.1 Safe Torque Off - STO
The safety function STO disconnects power to the motor. It
is implemented via the frequency converter's shutdown
path and the safety option’s safe output.
Features of the safety function:
•
The motor becomes torque-free and no longer
generates any hazardous movements.
•
The safety function STO corresponds to a
category 0 stop (uncontrolled stop) in accordance
with EN IEC 60204-1.
Prerequisites for normal operation:
•
The safe PLC gave an acknowledgement for
operation of safety inputs.
•
STO is not activated through the safe fieldbus.
•
STO is not activated via inputs DI1 or DI2 if those
inputs are configured.
•
PROFIsafe communication is established and
functional.
•
The safety option detected no errors and there is
no pending safety function.
When the prerequisites for normal operation are met, safe
output S37 is active (signal 1, +24 V DC).
Safety function is activated in the following cases:
•
An internal error on the safety option.
•
Power-up self test (PUST).
•
External errors at digital inputs.
•
Changes in configuration via MCT 10 Safe Plug-in
if the current frequency converter is running.
•
There is a 1/0 transition on a digital input or the
STO signal through the safe fieldbus.
•
PROFIsafe communication is not established.
STO disables the control voltage of the frequency
converter output. This prevents the frequency converter
from generating the voltage required to rotate the motor
(see
). STO is suitable for performing
mechanical work on the frequency converter system or
affected area of a machine only. It does not provide
electrical safety. STO should not be used as a control for
starting and/or stopping the frequency converter.
Functions
Operating Instructions
MG37F102
Danfoss A/S © 10/2014 All rights reserved.
9
3
3
