Safety LED, status of the safety engineering
LED
Meaning
Flashes
red
Error in the safety part or a safety condition has been violated.
Flashes
yellow
The safety sub-function has been requested but is not yet active.
Illumi-
nated
yellow
The safety sub-function has been requested and is active.
Flashes
green
Power stage, brake outputs and safety diagnostic outputs are blocked (safety
parameterisation is running).
Illumi-
nated
green
Ready, no safety sub-function has been requested.
Tab. 47: Safety LED
11.2
Repair
Repair or maintenance of the product is not permissible. If necessary, replace the
complete product.
1. If there is an internal defect: Always replace the product.
2. Send the defective product unchanged, together with a description of the
error and application, back to Festo.
3. Check with your regional Festo contact person to clarify the conditions for the
return shipment.
12
Disassembly
Disassemble in reverse order of installation.
Before disassembly
1. Switch off the power supply at the main switch.
2. Secure the system against accidental reactivation.
3. Wait at least 5 minutes until the intermediate circuit has discharged.
4. Let the device cool down to room temperature.
5. Before touching the power connections [X6A], [X9A], [X9B], check to ensure
they are free of voltage.
6. Disconnect all electrical cables.
To dismount the device
•
Loosen retaining screws (2x) and remove the device from the mounting sur-
face.
13
Technical data
13.1
Technical data, safety engineering
Approval information, safety engineering
Type test
The functional safety engineering of the product has
been certified by an independent testing body, see EC-
type examination certificate
Certificate issuing authority
TÜV Rheinland, Certification Body of Machinery, NB
0035
Certificate no.
01/205/5640.00/18
Tab. 48: Approval information, safety engineering
General safety reference data
Request rate in accordance
with EN 61508
High request rate
Reaction time when the
safety sub-function is
requested
[ms]
<
10 (applies to STO and SBC)
Error reaction time (how long
it takes for the diagnostic
output status to become cor-
rect once the safety sub-func-
tion has been requested)
[ms]
<
20 (applies for STA and SBA)
Tab. 49: Safety reference data and safety specifications
Safety reference data for the safety sub-function STO
Circuitry
Without high
test pulses,
without or
with STA
evaluation
With high
test pulses
and with STA
evaluation
1)
With high
test pulses
and without
STA evalua-
tion
Safety sub-function
in accordance with
EN 61800-5-2
Safe torque off (STO)
Safety integrity level in
accordance with EN 61508
SIL 3
SIL 3
SIL 2
SIL claim limit for a sub-
system in accordance with
EN 62061
SIL CL 3
SIL CL 3
SIL CL 2
Category in accordance with
EN ISO 13849-1
Cat. 4
Cat. 4
Cat. 3
Performance level in accord-
ance with EN ISO 13849-1
PL e
PL e
PL d
Safety reference data for the safety sub-function STO
Circuitry
Without high
test pulses,
without or
with STA
evaluation
With high
test pulses
and with STA
evaluation
1)
With high
test pulses
and without
STA evalua-
tion
Probability of dangerous
failure per hour in accord-
ance with EN 61508, PFH
[1/h]
3.70 x 10
–11
9.40 x 10
–11
5.90 x 10
–10
Mean time to dangerous
failure in accordance with
EN ISO 13849-1, MTTF
d
[a]
2400
1960
1960
Average diagnostic cov-
erage in accordance with
EN ISO 13849-1, DC
AVG
[%]
97
95
75
Operating life (mission
time) in accordance with
EN ISO 13849-1, T
M
[a]
20
Safe failure fraction SFF in
accordance with EN 61508
[%]
99
99
99
Hardware fault tolerance in
accordance with EN 61508,
HFT
1
Common cause factor for
dangerous undetected fail-
ures
β
in accordance with
EN 61508
[%]
5
Classification in accordance
with EN 61508
Type A
1) Safety sub-function STO tested and STA diagnostic output monitored by the safety controller at least 1 x
every 24 h.
Tab. 50: Safety reference data for the safety sub-function STO
Safety reference data for the safety sub-function SBC
Circuitry
Two brakes
1)
with
SBA evaluation
2)
One brake
3)
Without
SBA evaluation
Safety sub-function
in accordance with
EN 61800-5-2
Safe brake control (SBC)
Safety integrity level in
accordance with EN 61508
SIL 3
SIL 1
SIL claim limit for a sub-
system in accordance with
EN 62061
SIL CL 3
SIL CL 1
Category in accordance with
EN ISO 13849-1
Cat. 3
Cat. 1
Performance level in accord-
ance with EN ISO 13849-1
PL e
PL c
Probability of dangerous
failure per hour in accord-
ance with EN 61508, PFH
[1/h]
3.00 x 10
–10
9.00 x 10
–8
Mean time to dangerous
failure in accordance with
EN ISO 13849-1, MTTF
d
[a]
1400
950
Average diagnostic cov-
erage in accordance with
EN ISO 13849-1, DC
AVG
[%]
93
–
Operating life (mission
time) in accordance with
EN ISO 13849-1, T
M
[a]
20
Safe failure fraction SFF in
accordance with EN 61508
[%]
99
87
Hardware fault tolerance in
accordance with EN 61508,
HFT
1
0
Common cause factor for
dangerous undetected fail-
ures
β
in accordance with
EN 61508
[%]
5
Classification in accordance
with EN 61508
Type A
1) One brake connected to BR+/BR− and a second brake connected to BR-EXT; 2-channel wiring and request
via #SBC-A and #SBC-B.
2) Safety sub-function monitored by the safety controller via the SBA diagnostic output at least once every
24 h.
3) Brake connected either to BR+/BR− or to BR-EXT; 1-channel request via the safety controller using #SBC-A
and #SBC-B; both inputs must be bridged externally.
Tab. 51: Safety reference data for the safety sub-function SBC
The technical data for the safety sub-function SS1 must be calculated individually
according to the application. Use the specified safety reference data for STO and
SBC for the calculation.
