emergency stop examples sistema ver 100

7/22/2019 Emergency Stop Examples Sistema Ver 100

1/16

1 /16

Example Usage of Danfoss VLT Library for

IFA SISTEMA

Disclaimer

THE SISTEMA LIBRARY IS SOLELY FOR GUIDING PURPOSES. THE DATA PRESENTED DOES NOT REPRESENTGUARANTEED PERFORMANCE. THE DOCUMENTATION FOR ALL COMPONENTS USED SHALL BE OBSERVED. ALWAYSCONTACT DANFOSS SALES ORGANIZATION TO DETERMINE YOUR ACTUAL NEED. THE USER HAS THE FULL ANDSOLE RESPONSIBILITY AND LIABILITY THAT SAFETY FUNCTIONS IN USER PRODUCTS FULFIL ALL REQUIREMENTS. INNO EVENT SHALL DANFOSS POWER ELECTRONICS A/S BE LIABLE FOR ANY DAMAGE OR LOSSES RELATED TO THEUSE OF THE SISTEMA LIBRARY.

DANFOSS POWER ELECTRONICS A/S RESERVES THE RIGHT, TO MAKE ANY CHANGES ANY TIME WITHOUT ANYANNOUNCEMENT. IN CASE OF DIFFERENCES BETWEEN THE DATA PROVIDED IN THE LIBRARY AND OTHERPUBLICATIONS OF DANFOSS POWER ELECTRONICS A/S, E.G. DOCUMENTATION, THE CONTENT OF THE OTHERDOCUMENTATION HAS ALWAYS PRIORITY!

Copyright 2010 Danfoss Power Electronics A/S


2/16

2 /16

Table of Contents

Example 1 3Emergency stop of FC300 w/o Safe Stop - Category B, PL b

Example 2 5Emergency stop of FC300 with Safe Stop - Category 1, PL c

Example 3 7Emergency stop of FC300 with Safe Stop using safety relay - Category 3, PL d

Example 4 9Emergency stop of FC300 with Safe Stop using safety relay with delayed output - Category 3, PL d

Example 5 11Emergency Stop of frequency converter with Safe Stop, Safety Relay and output contactor - Category 4, PL e

Example 6 13Emergency Stop of multiple drives - Category 3, PL d

Example 7 15Emergency stop of VLT2800 - Category B, PL b

Important!

The information given in this publication gives guidance on the application of Danfoss Power Electronics SafeTorque Off, and also some general background material on the design of safety-related systems for machinerycontrol. This publication is not intended to form a complete guide to the subject. The information provided isbelieved to be correct and to reflect accepted practice at the time of writing. It is the responsibility of the designerof the end product or application to ensure that it is safe and in compliance with the relevant regulations.

The design of safety-related systems requires specialist knowledge. To ensure that a complete control system is safeit is necessary for the whole system to be designed according to recognised safety principles. The use of individualsub-systems such as drives with Safe Torque Off functions, which are intended for safety-related applications, doesnot in itself ensure that the complete system is safe.


3/16

3 /16

Example 1: Emergency stop of FC300 w/oSafe Stop - Category B, PL b

Setup

FC 300

FrequencyConverter

Mains

Normal Stop

(Terminal 27)

M

Emergency Stop

Device

Control Signal

Functional diagram


4/16

4 /16

Safety Function:STO (safe torque off) according to IEC 61800-5-2Stop category 0 according to IEC60204-1Following a stop or emergency stop command the drive is halted.

Functional Description:

In case of emergency, the Emergency Stop Device is activated. The Control Signalis disconnected from the drive. Thedrive is halted.

Design Features:This circuit can be used up to PL b according to ISO 13849-1. The used drive is a standard drive without functionalsafety.For PL b the complete safety function has to be calculated (MTTFd). Basic safety principles have to be used.

Implementation in SISTEMA using the Danfoss library:Use the subsystem FC300 Normal Stop (Terminal 27). All parameters are set in the library there is no need to edit.

Remember:

any related non-safety standards should be fulfilled for the application and its components

application designer should have responsibility for choosing liable components

if the frequency converter that is used in application has a Safe Stop function it is strongly recommended touse it even if the safety requirements could be fulfilled with Normal Stop

to fulfill PL d the MTTFd and DC for the whole safety function has to be calculated

Idle current principle has to be used. Drive must be configured to stop if voltage at terminal 27 disappears.

This circuit meets Category B, for there are fundam ental Safety principles used, such as proper sizing and Design,proper earthing connection as well as resistance to Environment stress, etc.

To reach Category 1, would be proven components required. A Standard frequency converter indicated herecontains complex programmable circuits. These apply to EN ISO 13849-2 but not as good components. Thecomponents Emergency stop switch with switching contact element and could be regarded as proven components.But as the weakest link in the chain is the Standard input of FC300 safety integrity is limited, even in total max.Category B and PL d is feasible.


5/16

5 /16

Example 2: Emergency stop of FC300with Safe Stop - Category 1, PL c

Setup

Emergency

Stop Device

FC 300

FrequencyConverter

Mains

Normal Stop(Terminal 27)

M

Safe Stop

(Terminal 37)

VDC

Control Signal

Functional diagram


6/16

6 /16

Safety Function:STO (safe torque off) according to IEC 61800-5-2Stop category 0 according to IEC 60204-1Following a stop or emergency stop command the drive is halted.


In case of emergency, the Emergency Stop Device is activated. Drive Safe Stop function is activated. The drive ishalted.

Design Features:Circuit can be used up to category 3 and PL d. Safe stop function is activated via one positive switching signal.For PL d the complete safety functions have to be calculated (MTTFd). Basic safety principles have to be used.Device used for activation of safe stop must be suitable for the chosen category and PL.

The control signal is used for normal control of the drive. Safe stop input should not be used for regular stopping ofthe drive.

Implementation in SISTEMA using the Danfoss library:Use the subsystem FC300 Safe Stop (Terminal 37). All parameters are set in the library there is no need to edit.

The operational control path via terminal 27 does not need to be modeled in SISTEMA. That path does notcontribute to the safety function.

Remember:



the cable shown as orange on Figure 2.1 has to be short-circuit protected according to ISO 13849-2 tableD.4.

to fulfill PL d the MTTF and Dc for the whole safety function has to be calculated

the emergency stop device must be usable in applications up to Category 3, PL d


7/16

7 /16

Example 3: Emergency stop of FC300with Safe Stop using safety relay -

Category 3, PL dSetup

FC 300FrequencyConverter

Mains

Normal Stop

(Terminal 27)

M

Safe Stop(Terminal 37)

Safety Relay

Control Signal

VDD

Emergency

Stop Device

Functional diagram


8/16

8 /16




Design Features:Circuit can be used up to category 3 and PL d. Safe stop function is activated via one positive switching signal.For PL d the complete safety function has to be calculated (MTTFd). Basic safety principles have to be used.Device used for activation of safe stop and safety relay must be suitable for the chosen category and PL.


Implementation in SISTEMA using the Danfoss library:Use the subsystem FC300 Safe Stop (Terminal 37). All parameters are set in the library there is no need to editsomething.


Remember:





This setup can be used if a dual positive switching device is used. Depending on the safety relay it is also possible toconnect several activation devices to one safe stop.


9/16

9 /16

Example 4: Emergency stop of FC300with Safe Stop using safety relay with

delayed output - Category 3, PL dSetup


Mains

Normal Stop

(Terminal 27)

M


Safety Relay

Delayed output

Normal output

VDD

Emergency

Stop Device

Functional diagram


10/16

10 /16

Safety Function:SS1 (safe stop 1) with safe delay time according to IEC 61800-5-2Stop category 1 according to IEC60204-1Following a stop or emergency stop command the drive will ramp down as configured for function and after a safedelay time the drive will enter STO.

Functional Description:In case of emergency, the Emergency Stop Device is activated. Drive Safe Stop function is activated. The drive ishalted.

Design Features:Circuit can be used up to category 3 and PL d. Safe stop function is activated via one positive switching signal.For PL d the complete safety function has to be calculated (MTTFd). Basic safety principles have to be used.Device used for activation of safe stop and safety relay must be suitable for the chosen category and PL.When activating the safety function a normal controlled stop will be performed. This is activated through terminal27. After the safe delay time expires the STO will be triggered and terminal 37 will be set low. Ramp down will beperformed as configured in the drive. If drive is not stopped after the safe delay time the activation of STO will coastthe drive.


Implementation in SISTEMA using the Danfoss library:Use the subsystem FC300 Safe Stop (Terminal 37). All parameters are set in the library there is no need to edit.


Remember:





the activation of STO after a safe delay time is the safety function, ramp down is performed operational andis not part of the safety function.

This setup is created for cases when the ramp-down is preferable way to stop the drive in case of emergency.Ramping-down can avoid harm to equipment in case of emergency. However because the ramp-down is not safe,the Safe Stop is always triggered after expiring of delay time.Note that if the braking function is itself a safety requirement then this arrangement is not suitable, becausebraking requires all or most of the drive to be operational, i.e. it is not failsafe. Then a more complex brakingsupervision function is required or alternatively a fail-safe mechanical brake.


11/16

11 /16

Example 5: Emergency Stop of frequencyconverter with Safe Stop, Safety Relay

and output contactor - Category 4, PL eSetup

VDD


Mains

Normal Stop

(Terminal 27)

M


Safety Relay

K1K1

Emergency

Stop Device

Functional diagram

SB Stopping Devices

BL OutputContactor: 100S-C

BL FC300 Safe

Stop (Terminal 37)

from Danfoss VLT library

CH Channel 1

CH Channel 2

SB Monitoring SafetyRelay: MSR33

SB Emergency StopDevice


12/16

12 /16



Where the safety control system must be designed to be in accordance wilt PL e ISO13849-1 it requires a twochannel stop for the STO function, one channel can be implemented by the STO input on the drive and the other bya contactor, which may be connected in either the drive input or output power circuits. The contactor must bemonitored through an auxiliary guided contact, shown as K1 in the diagram.


Design Features:Circuit can be used up to category 4 and PL e. Safe stop function is activated via one positive switching signal.For PL e the complete safety function has to be calculated (MTTFd). Basic safety principles have to be used.Device used for activation of safe stop and safety relay must be suitable for the chosen category and PL.


Implementation in SISTEMA using the Danfoss library:Use the subsystem FC300 Safe Stop (Terminal 37). All parameters are set in the library there is no need to editsomething.


Remember:







13/16

13 /16

Example 6: Emergency Stop of multipledrives - Category 3, PL d

Setup

FC 300

FrequencyConverter

Mains

M

Safe Stop

(Terminal 37)

Safety RelayEmergency

Stop Device

FC 300

FrequencyConverter

Mains

M

Safe Stop

(Terminal 37)

FC 300

FrequencyConverter

Mains

M

Safe Stop

(Terminal 37)

Functional diagram


14/16

14 /16



FC302 Safe Torque Off inputs may be connected directly together if it is required to control multiple drives from thesame control line.Connecting inputs together increases the probability of a fault in the unsafe direction, since a fault in one drivemight result in all drives becoming enabled. The probability of a fault is so low, at 8 x 10-10 per hour, that theresulting probability still meets the requirements for SIL2 for realistic numbers of drives. It is recommended that nomore than 20 inputs should be connected in parallel if SIL2 is required.

Remember:







15/16

15 /16

Example 7: Emergency stop of VLT2800 -Category B, PL b

Setup

VLT2800

FrequencyConverter

Mains

Normal Stop(Terminal 27)

M

EmergencyStop Device

Control Signal

Functional diagram


16/16

16 /16



In case of emergency, the Emergency Stop Device is activated. The Control Signalis disconnected from the drive. Thedrive is halted.

Design Features:This circuit can be used up to PL b according to ISO 13849-1. The used drive is a standard drive without functionalsafety.For PL b the complete safety function has to be calculated (MTTFd). Basic safety principles have to be used.

Implementation in SISTEMA using the Danfoss library:Use the subsystem VLT2800 Normal Stop (Terminal 27). All parameters are set in the library there is no need toedit.

Remember:



if the frequency converter that is used in application has a Safe Stop function it is strongly recommended touse it even if the safety requirements could be fulfilled with Normal Stop


Idle current principle has to be used. Drive must be configured to stop if voltage at terminal 27 disappears.

This circuit meets Category B, for there are fundam ental Safety principles used, such as proper sizing and Design,proper earthing connection as well as resistance to Environment stress, etc.

To reach Category 1, would be proven components required. A Standard frequency converter indicated herecontains complex programmable circuits. These apply to EN ISO 13849-2 but not as good components. Thecomponents Emergency stop switch with switching contact element and could be regarded as proven components.But as the weakest link in the chain is the Standard input of FC300 safety integrity is limited, even in total max.

Category B and PL d is feasible.

emergency stop examples sistema ver 100

Documents