Rockwell Automation Publication PFLEX-UM003D-EN-P - June 2021
7
General Description
Safe State
The DriveGuard Safe Torque Off option is intended for use in safety-related
applications where the de-energized state is the safe state. All of the examples in the
Description of Operation section are based on achieving the de-energization as the
safe state.
Safety Category 3 / PL (d) Performance Definition
To achieve Safety Category 3 / PL (d) according to EN ISO 13849-1, the safety-related
parts have to be designed such that:
•
The safety-related parts of machine control systems and/or their protective
equipment, as well as their components, shall be designed, constructed, selected,
assembled, and combined in accordance with relevant standards so that they can
withstand expected conditions.
•
Well tried safety principles shall be applied.
•
A single fault in any of its parts does not lead to a loss of safety function.
•
Some but not all faults will be detected.
•
The accumulation of undetected faults can lead to loss of safety function.
•
Short circuits in the external wiring of the safety inputs is not one of the faults
that can be detected by the system, therefore, according to EN ISO 13849-2, these
cables must be installed so as to be protected against external damage by cable
ducting or armor.
•
Whenever reasonably practical a single fault shall be detected at or before the
next demand of the safety function.
•
The average diagnostic coverage of the safety-related parts of the control
system shall be low.
•
The mean time to dangerous failure of each of the redundant channels shall be
low to high.
