11.03
2 General Information about Integrated Safety Systems
2.12 Error analysis
© Siemens AG 2003 All Rights Reserved
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03
2-49
Error control enables easy and cost-effective implementation of the
requirements of Machinery Directive 98/37EC (MDIR column, Appendix 1).
1.2.4
1)
Stopping, normal stopping and stopping in an emergency
1.2.5
1)
Mode selector switch
1.2.6
1)
Power
supply
fault
1.2.7
1)
Control
circuit
fault
1.3.6
1)
Risks relating to variations in tool speeds
1.3.7
1)
Preventing risks relating to moving parts
1.3.8
1)
Selecting protective equipment against risks relating to moving parts
1.4.2
1)
Special requirements placed on isolating protective equipment
1.4.3
1 )
Special requirements placed on non-isolating protective equipment.
Risk assessment enables the machine manufacturer to determine the residual
risk for his machine with respect to the control. The following residual risks are
defined:
•
SI is not active until the control system and drive have completely run-up.
SI cannot be activated if any one of the control or drive components is not
powered-up.
•
Faults in the absolute track (C-D track), cyclically interchanged phases of
motor connections (V-W-U instead of U-V-W) and a reversal in the control
direction can cause an increase in the spindle speed or axis motion.
Category 1 and 2 Stop functions according to EN 60204-1 (defined as
Stops B to E in Safety Integrated) that are provided are not effective due to
the fault. Category 0 stop function according to EN 60204-1 (defined as
Stop A in Safety Integrated) is not activated until the transition or delay
time set via machine data has expired. When SBR is active, these errors
are detected (STOP B/C) and the Category 0 stop function according to
EN 60204-1 (STOP A in Safety Integrated system) is activated as early as
possible irrespective of this delay (refer to Chapter 3.8, "Safe braking
ramp").
Electrical faults (defective components etc.) can also result in the response
described above.
•
When incremental encoders are used, the functions "safe software limit
switch" (SE) and "safe software cam" (SN) are not guaranteed until
referencing has been successfully completed.
•
When no user agreement has been given (refer to Chapter 2 "User
agreement"), the safe software limit switches (SE) are not operative; the
safe software cams (SN) are operative, but not safe as defined by Safety
Integrated.
•
The simultaneous failure of two power transistors (one in the upper and the
other offset in the lower inverter bridge) in the inverter may cause the axis
to move briefly.
Example: Synchronous motor:
1)
Refer to: Appendix, References General /1/
Topics or Chapter
headings of MDIR,
Appendix 1
Residual risk