6 FUNCTIONAL SAFETY
6.1 Functions and configuration
335
6
Risk assessments
To satisfy social demands for the provision of highly safe machine and equipment in which risk has been reduced to an
acceptable level, perform risk assessments to identify potential hazards in this machine and equipment and objectively
evaluate risk through rational steps. Users must determine all risk assessments and residual risks for the machine and
equipment as a whole. The company or individual(s) in charge of the system configuration are fully responsible for the
installation and commissioning of the safety system. Additionally, if compliance with the European Machinery Directive is
required, certification for the relevant safety standards is required for the whole system.
Perform all risk assessments and obtain safety level certifications for the machine or the whole system. Use of a third-party
certification body for the final safety certification of the system is recommended.
The residual risks related to the safety sub-functions of the product are described below.
Common residual risks in each function
• At the time of shipping, it is necessary to check the settings of the safety-related components with programming tools and
the monitor/display contents on the display, record and save the setting data of the safety-related components, and store
programming tools used. Perform these actions using a check sheet or the like.
• Safety is not assured during machine assembly or until processes such as installation, wiring, and adjustments have been
completed properly. For the installation, wiring, and adjustments, follow the installation guide of each servo amplifier.
• Only qualified personnel are authorized to install, start up, repair, and adjust the machines in which components are
installed. Only trained engineers should install and operate the equipment. (Remark: ISO 13849-1 Attachment F Table F.1
No. 5)
• Separate the wiring related to the safety sub-functions from the other signal wiring. (Remark: ISO 13849-1 Attachment F
Table F.1 No. 1)
• Protect the cables by appropriate means (routing them in a cabinet, using cable guards, etc.).
• In addition to securing the appropriate clearance/creepage distance according to the voltage used, we recommend using
switches, relays, and sensors. etc., that comply with safety standards. When using a switch, relay, sensor, etc., that does
not comply with the safety standards, use one that has been certified to be safe by the user or that has been carefully
evaluated by the user. (Remark: ISO 13849-1 Attachment F Table F.1 No. 3)
• The time until detection of a safety monitoring error depends on the parameter settings.
Residual risks in each function
Function
Residual risks
Speed monitoring (SLS)
• The speed monitoring function guarantees the servo motor speed, but it does not guarantee the actual
safety speed of the machine. Set the parameters so that the safety speed of the machine is the same as
the safety speed of the specified servo motor.
• It is necessary to check that the speed of the monitored servo axis is the same as the actual speed by
using a tachometer, etc., taking into consideration the error caused by the command and encoder
resolution.
• Malfunctions of working parts, such as shaft slips and timing belt falling off, are not covered by the
warranty. Be sure to eliminate risks in working parts in advance.
• The speed monitor error detection time is set in units of 1 ms. Errors of shorter duration than this time are
not detected.
• Upon detection of a speed that exceeds the specified speed, the safety monitor error (shut-off signal off)
does not occur within the speed error detection time set by the parameter. Make sure that safety can be
ensured during this period.
Safety speed monitor (SSM)
When SSM is used as a restart trigger, implement it according to IEC/EN 60204-1.
Safety brake control (SBC)
This function only guarantees that power to the mechanical brake is properly supplied. It cannot detect errors
in mechanical brake mechanisms and brake wear.
Safe operating stop (SOS)
If the same stop position is maintained for a long time, periodically move the servo motor stop position slightly
to avoid cumulative malfunctions at the same stop position.
Safety-limited increment (SLI)
If the stopped state continues for a long time after the specified movement of the servo motor axis (coil in the
case of a linear servo motor) is completed, switch to the SOS function.
Safe direction (SDI)
If the stopped state continues for a long time after the specified movement of the servo motor axis (coil in the
case of a linear servo motor) is completed, switch to the SOS function.