background image

3.1.2 Safety Certification

The safety option is certified for use in safety applications up to and including SIL 2 according to EN IEC 61508 and EN IEC
62061, Performance Level PL d and Category 3 according to EN ISO 13849-1. Safety requirements are based on the
standards valid at the time of certification. The IFA (Institute for Occupational Safety & Health) has approved the safety
option for use in safety-related applications where the de-energised state is considered to be the safe state. All of the
examples related to I/O included in this manual are based on achieving de-energisation as the safe state.

3.1.3 Implementation in Control Systems

In many cases design measures are not sufficient and protective devices are needed to minimise risk. In this context, safety
functions executed by SRP/CS (safety related parts of control systems) are defined. SRP/CS includes the entire safety chain
with sensor (detect), logic (process) and actuator (switch).

Safety functions are defined on the basis of both the application and the hazard. They are often specified in a Type C
standard (a product standard) which provides precise specifications for special machines. If a C standard is not available, the
machine designer defines the safety functions. Typical safety functions are described in more detail in EN ISO 13849-1,
section 5, 

Specification of Safety Functions

. The safety functions for frequency converter systems are described in IEC

61800-5-2.

130BC962.10

Detect

Sensor

E.g. lightcurtain

Process

Switch

Logic

E.g. MCB 15x

Actuator

E.g. FC 302

Illustration 3.2 Sensor-Logic-Actuator Safety Chain

3.2  Functions

3.2.1 Specification of Safety Functions

The standards require a specification of functional
requirements. The specification must contain details about
each safety function that should be executed. Also define
the

necessary interfaces with other control functions

required error responses

performance level required PLr or achievable SIL
level

3.2.1.1 Performance Level (PL) and Safety

Integrity Level (SIL) 

For safety-related control systems, Performance Level (PL),
according to EN ISO 13849-1, and SIL levels, according to
EN IEC 61508 and EN IEC 62061, include a rating of the
system's ability to perform its safety functions.

All of the safety-related components of the control system
must be included in both a risk assessment and the
determination of the achieved levels. Refer to EN ISO
13849-1, EN IEC 61508 or EN IEC 62061 standards for
complete information on requirements for PL and SIL
determination. 

3.2.2 Validation of Performance Level 

Check whether the required Performance Level “PLr”,
determined in the risk assessment, is achieved by the
selected system for each safety function used.
Check the calculation using the SISTEMA SW Tool of IFA
(Institute for Occupational Safety & Health). Danfoss
provides a component library which can be used for the
calculation. Danfoss offers corresponding services to
support the system check by calculation. Library can be
downloaded from 

www.dguv.de/ifa/en/pra/softwa/sistema

. 

If using another validation method for the performance
level, use the characteristic safety values specified.

Functions and System Overvi...

Operating Instructions

MG34W302

Danfoss A/S © Rev. 2014-02-11 All rights reserved.

11

3

3

Содержание VLT Safety Option MCB 150

Страница 1: ...MAKING MODERN LIVING POSSIBLE Operating Instructions Safety Option MCB 150 151 www danfoss com drives...

Страница 2: ......

Страница 3: ...ecification of Safety Functions 11 3 2 1 1 Performance Level PL and Safety Integrity Level SIL 11 3 2 2 Validation of Performance Level 11 3 2 3 Activation of Safety Functions 12 3 2 4 Simultaneous Ac...

Страница 4: ...Errors 24 3 7 2 Compatibility between Safety and Frequency Converter Functions 24 4 Installation 25 4 1 Installing the Safety Option 25 4 1 1 Requirements for Safe Use 25 4 1 2 Protected Cable Instal...

Страница 5: ...Servicing and Modifications 46 7 2 Repair 46 7 3 Replacing 46 7 3 1 Removing the Safety Option 46 7 3 2 Replacing the Safety Option 46 7 3 3 Copying Safe Parameter Set up 47 7 4 Commissioning Test 51...

Страница 6: ...9 5 Safety Characteristic Data 72 Index 73 Contents Operating Instructions 4 Danfoss A S Rev 2014 02 11 All rights reserved MG34W302...

Страница 7: ...xplains the contents structure and specific order of this manual Chapter 2 Legal Information and Safety Provides information on the most important product features Chapter 4 Installation Explains how...

Страница 8: ...angular position of a rotating component Installed on in a motor the encoder shows the angular position of the rotor Error Discrepancy between a computed observed or measured value or condition and th...

Страница 9: ...ation for safely limited speed SO Safety Option SRECS Safety Related Electrical Control System IEC 62061 SRP CS Safety related parts of control systems EN ISO 13849 1 SS1 Safe Stop 1 Safety function i...

Страница 10: ...G HIGH VOLTAGE Frequency converters contain high voltage when connected to AC mains input power Installation start up and maintenance should be performed by qualified personnel only Failure to perform...

Страница 11: ...ucts may only be assembled installed programmed commissioned maintained and decommis sioned by persons with proven skills Persons with proven skills are qualified electrical engineers or persons who h...

Страница 12: ...ets S37 output low This allows the operator to open the safety gate In speed monitor applications the safety output S37 is high for operation when the motor speed of the monitored device is below the...

Страница 13: ...uator E g FC 302 Illustration 3 2 Sensor Logic Actuator Safety Chain 3 2 Functions 3 2 1 Specification of Safety Functions The standards require a specification of functional requirements The specific...

Страница 14: ...other functions are active Safe Stop 1 has medium priority to the other safe functions Safely Limited Speed has the lowest priority If 2 Safe Stop 1 functions are active at the same time the function...

Страница 15: ...safety option is designed for use in safety related applications It meets the requirements for safety functions in accordance with IEC 61800 5 2 regarding safe motion monitoring 3 2 8 MCT 10 Set up So...

Страница 16: ...ors the controlled stop If a power outage or an error occurs a controlled stop is impossible Trigger the safety function Safe Torque Off after the stop to shut off the motor torque Refer to EN IEC 618...

Страница 17: ...tion This function ensures that no torque generating energy can continue to affect a motor and prevents unintentional start ups WARNING If any external forces influence the motor axis e g suspended lo...

Страница 18: ...uring that the system is also stopped before Safe Torque Off is activated If a fault occurs the frequency converter does not come to a stop It coasts after the time delay no matter of the speed of the...

Страница 19: ...e speed is at zero speed limit Safe Torque Off is activated Safety function Safe Torque Off is activated when the configured limit value for the position error is exceeded A standstill threshold Zero...

Страница 20: ...peed monitoring profile by a deceleration time and a tolerable speed Delta V Parameter Unit Range Default 42 47 Ramp Time s 0 1 3600 0 s 1 0 s 42 45 Delta V RPM 1 10000 RPM 120 RPM 42 46 Zero Speed RP...

Страница 21: ...peed represents the maximum allowed frequency of the actual motor frequency If the motor frequency accelerates above that value the safety option enters external fault selected STO or SS1 Ramp and the...

Страница 22: ...e ramp down times out If the system speed exceeds or is equal to the configured safe speed limit during Safely Limited Speed monitoring a Safely Limited Speed fault occurs and the safety option initia...

Страница 23: ...annel input are not detected Therefore the cables of the channels must be routed separately to exclude short circuits NOTICE Routing of the sensor cables All proximity switch sensor encoder cables mus...

Страница 24: ...nnected sensor on DI1 or DI2 or both is enabled via a reset the safety option can be switched on again This deactivates active safety functions or errors NOTICE First trip alarms displayed on the freq...

Страница 25: ...state for at least 42 23 Stable Signal Time Input Signal 130BC317 10 DI1 DI2 Safety function Active Inactive Test pulse pattern Stable signal time Stable signal time Illustration 3 15 Filter for Suppr...

Страница 26: ...he safety option or frequency converter activates the safety function Safe Torque Off The frequency converter coasts the motor Internal errors always result in a fault requiring a power cycle of the f...

Страница 27: ...n read and follow the instructions 4 1 1 Requirements for Safe Use CAUTION Ensure that the installation and wiring are EMC compliant to avoid personal injury and damage to the product Refer to the gui...

Страница 28: ...is 10 cm 6 Connect the control cables to safety option and relieve the cable by the enclosed cable strips Follow the guidelines in chapter 4 1 4 General Wiring Guidelines 130BT340 10 Illustration 4 3...

Страница 29: ...erter terminal 37 NOTICE Control cables must be screened armoured See the section Earthing of Screened Control Cables in the VLT AutomationDrive Design Guide for detailed specifi cations Only screened...

Страница 30: ...nel B 8 DI2 B Digital Input 2 B channel 9 ENC nB Encoder Channel B inverted 10 24 V Power output 11 GND Supply GND 12 S37 STO enable Table 4 1 Connector Pin Assignment MCB 150 E30BC325 11 MCB 150 Safe...

Страница 31: ...Digital Input 2 B channel 9 GND Digital GND 10 24 V Power output 11 GND Supply GND 12 S37 STO enable Table 4 2 Connector Pin Assignment MCB 151 E30BC326 11 MCB 151 SafeOption SW ver xx xx OptionB 130...

Страница 32: ...l transmission according to RS 485 standard must be used for data signals or track A and track B The wire cross section must in each individual case be chosen in compliance with the current consumptio...

Страница 33: ...ximity switch as encoder feedback set 42 14 Feedback Type to 1 Without direction info 4 3 Application Examples 4 3 1 Connecting Safe Digital Inputs The following pages contain examples of connecting t...

Страница 34: ...n An example of an unsafe condition could be the failure of the contact to a short circuit condition A switch with positive opening operation should be used to reduce the possibility of a failure of t...

Страница 35: ...to configure safety functions that are wired up to the safety option inputs 2 Ensure that the device number serial number and order number of the safety option on the frequency converter matches the d...

Страница 36: ...p to 10 s may elapse before the safety option is ready for operation 5 2 3 Safety Option Customisation LCP messages used to indicate the different states of the customisation processes LCP message Des...

Страница 37: ...tion EN IEC 61508 EN IEC 62061 and EN ISO 13849 require that the final assembler of the machine validates the operation of the safety function with a commissioning test The commissioning tests for the...

Страница 38: ...Plug in The control system passes the configuration to the respective safety option The feasibility of the configuration is checked when it is downloaded Further information on configuration and setti...

Страница 39: ...e also reset If 42 31 Reset Source is set to 1 Drive Safe Reset 3 Safe Option Reset must be configured in 8 14 Configurable Control Word CTW NOTICE The frequency converter specific alarms are not rese...

Страница 40: ...ption is in this state at each power up Bit 14 External failure Bit 14 0 No External failure is active Bit 14 1 External failure is active Bit 15 Safe function pending Bit 15 0 No Safe function pendin...

Страница 41: ...atus 2 Bit 00 01 DI1 Safety Status Bit 00 01 00 Inactive Bit 00 01 01 Active Bit 00 01 10 Pending Bit 02 03 DI2 Safety Status Bit 00 01 00 Inactive Bit 00 01 01 Active Bit 00 01 10 Pending Bit 04 Blan...

Страница 42: ...e Option are read only Refer to VLT AutomationDrive FC 302 Programming Guide for general information about usage of conversion index and data type General Parameter Set up Operating Instructions 40 Da...

Страница 43: ...sed when gear mounted 4 u_int32 42 14 Feedback Type 0 With direction info 1 Without direction info 0 With direction info The feedback can be with or without direction information For TTL HTL encoder d...

Страница 44: ...iour 0 Manual 1 Automatic 0 Manual In case of an activated safety function the safety option can either restart automatically or wait for a RESET signal from the user u_int8 42 3 General 42 30 Externa...

Страница 45: ...peed that the safety option allows 67 u_int16 42 46 Zero Speed 1 600 RPM 10 RPM When this speed is reached the safety option activates the STO 67 u_int16 42 47 Ramp Time 0 1 3600 0 s 1 0 s Time to ram...

Страница 46: ...O no u_int8 42 54 Ramp Down Time 0 1 3600 0 s 1 0 s Ramp down time for start ramp 1 u_int16 42 8 Status 42 80 Safe Option Status 0 4294967295 0 Shows the safety option status word as a hexadecimal val...

Страница 47: ...9 Special 42 90 Restart Safe Option 0 No 1 Yes 0 No Possibility to restart option after internal failure without power cycling the frequency converter u_int8 Table 6 3 Safety Option Parameters Refer...

Страница 48: ...e safety option see MCT 10 Set up Software Operating Instructions 2 Duplicate the existing device setting NOTICE The frequency converter generates an error message after removing the safety option How...

Страница 49: ...or the duplicated safety option parameters Follow the guided sequence on the LCP display to transfer the safety option parameters to a safety option Verify that the correct safety parameter file is tr...

Страница 50: ...130BD118 10 Safety Password Please enter the safety Password 1 1 0 RPM None 0000000 0 If password protection is enabled in 0 69 Password Protection of Safety Parameters enter the correct LCP copy para...

Страница 51: ...ess Cancel to abort the customisation of the safety option A reset is required to finalise this procedure Table 7 1 LCP Copy Messages Mismatch of Safety Option Parameters Message Description 130BD115...

Страница 52: ...ameters including the level 1 password 1 1 0 RPM 0 00A 130BD121 10 SO Data Confirmation Press OK to confirm commissioning test must be performed or CANCEL to abort 1 1 0 RPM 0 00A Decision box for con...

Страница 53: ...llowing Secure the site in accordance with the regulations barrier warning signs etc The system may only be commissioned recommissioned by qualified personnel Refer to the information and specificatio...

Страница 54: ...correctly on the frequency converter A commissioning test of the safety option must be performed in the following situations After the configuration of each machine After changing the safety option p...

Страница 55: ...ng 5 Select Safe Torque Off while the frequency converter is running 6 Check the following The frequency converter coasts to zero speed The motor is braked and stopped by the mechanical brake if avail...

Страница 56: ...stops within the delay time specified The motor is braked and stopped by the mechanical brake if available and configured The SS1 will end with an STO warning or alarm depending on configuration 7 De...

Страница 57: ...tops within the delay time specified The motor is braked and stopped by the mechanical brake if available and configured The SS1 will end with an STO warning or alarm depending on configuration 7 Dese...

Страница 58: ...o zero speed The motor is braked and stopped by the mechanical brake if available and configured The SS1 will end with an STO warning or alarm depending on configuration 7 Deselect Safe Stop 1 8 Check...

Страница 59: ...nverter coasts to zero speed if Safe Torque Off is selected as fault reaction Run Safe Stop 1 if that is selected as fault reaction The motor is braked and stopped by the mechanical brake if available...

Страница 60: ...nc Pending is displayed 9 Run the frequency converter The motor speed must be higher than the Safely Limited Speed selected if the machine allows this 10 Ensure that the correct frequency converter is...

Страница 61: ...disposed of together with domestic waste It must be separately collected with electrical and electronic waste according to local and currently valid legislation Service and Repair Operating Instructi...

Страница 62: ...onfiguration validated Green Permanent System OK input or output activated Yellow Flashing System OK configuration not yet validated Red Flashing Alarm Red Permanent Fatal error Table 8 2 LED Status I...

Страница 63: ...Encoder Direction to the opposite value Decrease ramping time on frequency converter Try to run the system at e g 60 RPM If error nr 99 now occurs this is the reason Improve shielding of feedback cabl...

Страница 64: ...ccordingly Increase 42 50 Cut Off Speed or decrease 42 51 Speed Limit to get a larger tolerance Red constant 71 Int fail speed limit SLSb Reaction STO See 70 See 70 Red constant 72 Internal failure MC...

Страница 65: ...ification Extend discrepancy time on safe input tab in MCT 10 safe plug in 14 22 Operation Mode Red constant 76 Int Fail DI1 in PUST Reaction STO Safety input connected to DI1 has illegal signal level...

Страница 66: ...tion First power cycle the frequency converter If the problem persists contact Danfoss Red constant 82 Internal failure safety option First power cycle the frequency converter If the problem persists...

Страница 67: ...persists contact Danfoss Red constant 89 Internal failure safety option Perform a general reset of the safety option with the Administration button If the problem persists contact Danfoss Red constan...

Страница 68: ...Danfoss Red constant 98 Int fail invalid customer file version Version of customisation file of safety option stored in EEPROM does not match the customisation file supported by the SW version of safe...

Страница 69: ...ate assigned to DI1 and DI2 Red flashing cycle on 500 ms off 500 ms 116 Ext Fail SF activation Speed Suspension Reaction STO The frequency converter has been running below 120 RPM for more that 1 year...

Страница 70: ...nd LED2 depends on Safety function state assigned to DI1 and DI2 Red flashing cycle on 500 ms off 500 ms 244 Ext Fail SF activation Speed Suspension Reaction SS1b See 116 See 116 Red flashing cycle on...

Страница 71: ...start and Failure Acknowledge signal which is always required after a PUST and when a safety function gets released and is configured to be confirmed that the motor is able to run LCP message Descript...

Страница 72: ...S 485 incremental encoders Input differential voltage range 7 to 12 V DC Input common mode voltage 12 to 12 V DC Input voltage logic 0 diff 200 mV DC Input voltage logic 1 diff 200 mV DC Input resista...

Страница 73: ...Specifications Ground I O section Cable length 30 m screened or unscreened cable 30 m screened cable Cable cross sections Digital inputs output supply voltage 0 75 mm2 AWG 18 AEH without plastic coll...

Страница 74: ...l SIL 2 SIL CL2 HFT IEC 61508 Hardware Fault Tolerance 1 Subsystem Classification Type B Probability of Dangerous Failure per Hour PFH 1 52 e 8 Probability of Dangerous Failure on Demand PFD 1 33 e 3...

Страница 75: ...2 47 49 50 58 60 62 68 69 71 Response time 23 Risk assessment 8 11 RS 485 30 33 36 47 S Safe jog 20 Safe motion monitoring 13 Safe Stop 1 7 10 12 13 14 15 16 17 19 21 36 Safe Torque Off 10 12 14 15 16...

Страница 76: ...ithout notice This also applies to products already on order provided that such alterations can be made without subsequential changes being necessary in specifications already agreed All trademarks in...

Отзывы: