How it Works
Festo
Loading...
CAMC-G-S3
Translation Of The Original Instructions
24 pgs1.09 Mb0
User Manual
310 pgs2.29 Mb0
Table of contents
Loading...

Festo CAMC-G-S3 User Manual

Safety module
CAMC-G-S3
Description
Safety functions – STO, – SS1, – SS2, – SOS, – SBC, – SLS, – SSR, – SSM in accordance with EN 61800-5-2
for motor controller CMMP-AS-...-M3
759296 1406NH
CAMC-G-S3
Translation of the original instructions GDCP-CAMC-G-S3-EN
Heidenhain®, EnDat®, PHOENIX® are registered trademarks of the respective trademark owners in certain countries.
Identification of hazards and instructions on how to prevent them:
Warning
Hazards that can cause death or serious injuries.
Caution
Hazards that can cause minor injuries or serious material damage.
Other symbols:
Note
Material damage or loss of function.
Recommendations, tips, references to other documentation.
Essential or useful accessories.
Information on environmentally sound usage.
Text designations:  Activities that may be carried out in any order.
1. Activities that should be carried out in the order stated. – General lists.
2 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English
CAMC-G-S3
Table of Contents – CAMC-G-S3
1 Safety and requirements for product use 13......................................
1.1 Safety 13..................................................................
1.1.1 General safety information 13..........................................
1.1.2 Intended use 13.....................................................
1.1.3 Foreseeable misuse 14...............................................
1.1.4 Achievable safety level,
safety function in accordance with EN ISO 13849-1 / EN 61800-5-2 15.........
1.2 Requirements for product use 16...............................................
1.2.1 Technical prerequisites 16............................................
1.2.2 Qualification of the specialised personnel (personnel requirements) 16........
1.2.3 Diagnostic coverage (DC) 16...........................................
1.2.4 Range of application and certifications 17................................
2 Product description of safety module CAMC-G-S3 18...............................
2.1 Product overview 18.........................................................
2.1.1 Purpose 18........................................................
2.1.2 Performance characteristics 18........................................
2.1.3 Supported devices 19................................................
2.1.4 Operating elements and connections 20.................................
2.1.5 Scope of delivery 20.................................................
2.2 Function and application 21....................................................
2.2.1 System overview 21.................................................
2.2.2 Circuitry of the safety module [X40] 23...................................
2.2.3 Overview of the supported safety functions 25............................
2.2.4 Functional diagram of the safety module 26..............................
2.2.5 Overview of supported position encoders 30..............................
2.2.6 Data exchange and control of the motor controller 33.......................
2.2.7 Configuration of the safety functions with the SafetyTool 36.................
2.3 Data transfer from the motor controller 37........................................
2.3.1 Basic information 38.................................................
2.3.2 Configuration of the encoders 40.......................................
2.3.3 Parameters for the position encoder 41..................................
2.3.4 Parameter for encoder monitoring and rotational speed measuring 43.........
2.3.5 List of all parameters for encoder configuration 46.........................
2.4 Digital inputs 48.............................................................
2.4.1 Overview 48........................................................
2.4.2 Two-channel safe inputs DIN40 … DIN43 [X40] 53..........................
2.4.3 Single-channel (partially-safe) digital inputs DIN44 … DIN49 [X40] 59..........
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 3
CAMC-G-S3
2.5 Safety functions 63..........................................................
2.5.1 STO – Safe Torque Off 66..............................................
2.5.2 SBC – Safe Brake Control 69...........................................
2.5.3 SS1 – Safe Stop 1 77.................................................
2.5.4 SS2 – Safe Stop 2 84.................................................
2.5.5 SOS – Safe Operating Stop 91.........................................
2.5.6 USF – Universal safety functions 95.....................................
2.5.7 SSF – Safe speed functions 95.........................................
2.5.8 SLS – Safely-Limited Speed 103.........................................
2.5.9 SSR – Safe Speed Range 104...........................................
2.5.10 SSM – Safe Speed Monitor 105.........................................
2.6 Logic functions 106...........................................................
2.6.1 Mode selector switch 106..............................................
2.6.2 Two-handed control device 108.........................................
2.6.3 Advanced Logic Functions – ALF 110......................................
2.7 Restart 111..................................................................
2.7.1 Function range 111...................................................
2.7.2 Examples and special notes on implementation 112.........................
2.8 Error management and error acknowledgment 114..................................
2.8.1 Triggering errors and error classes 114....................................
2.8.2 Parameterisation of the error response of the safety module 117..............
2.8.3 Logic for error acknowledgment 118.....................................
2.9 Digital outputs 120...........................................................
2.9.1 Two-channel safe outputs DOUT40 … DOUT42 [X40] 120.....................
2.9.2 Internal brake control of the motor controller [X6] 124.......................
2.9.3 Signal contact C1, C2 [X40] 127.........................................
2.9.4 Auxiliary supply +24 V [X40] 129.........................................
2.10 Operating status and status displays 130..........................................
2.10.1 Statuses of the system / finite state machine 130...........................
2.10.2 Status display on the safety module 134..................................
2.10.3 7-segment display of the motor controller 135.............................
2.11 Permanent and temporary diagnostic memory in the motor controller 135................
2.12 Runtime performance 137......................................................
2.12.1 Sampling times 137...................................................
2.12.2 Reaction time on request of a safety function 137...........................
2.12.3 Reaction time on violation of a safety function 139..........................
2.12.4 Other times for error detection and communication 141......................
2.13 DIL switches 141.............................................................
4 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English
CAMC-G-S3
3 Mounting and installation 142..................................................
3.1 Mounting / removing 142.......................................................
3.2 Electrical installation 144.......................................................
3.2.1 Safety instructions 144................................................
3.2.2 Functional earth 145..................................................
3.2.3 Connection [X40] 145.................................................
3.2.4 Minimum wiring for commissioning [X40] 147..............................
3.3 Sample circuits 148...........................................................
3.3.1 Safety request via devices with switch contacts 149.........................
3.3.2 Safety request via devices with semi-conductor outputs 150..................
3.3.3 Safety request via a safety switching device 151............................
3.3.4 Linking of multiple CMMP-AS-…-M3 with CAMC-G-S3 153.....................
3.3.5 Activating a clamping unit 155..........................................
3.3.6 Activating a 2-channel clamping unit 156..................................
3.3.7 Connection of encoders for dynamic safety functions 157.....................
3.3.8 Activation of a 2-channel valve control block with safety functions 158..........
4 Commissioning 161...........................................................
4.1 Prior to commissioning 162.....................................................
4.2 DIP switch settings 162........................................................
4.3 Notes on parameterisation with the FCT plug-in CMMP-AS 163.........................
4.3.1 Setting the configuration 163...........................................
4.3.2 Setting the encoder configuration 163....................................
4.3.3 Specifying the units of measurement (optional) 164.........................
4.3.4 Accepting the safety module 164........................................
4.3.5 Status display 165....................................................
4.3.6 Display permanent diagnostic memory of the motor controller 165.............
4.4 Basic principles of parameterisation of the safety module 168.........................
4.4.1 Factory setting 168...................................................
4.4.2 Delivery status 170...................................................
4.4.3 FCT PlugIn CMMP-AS and SafetyTool 170..................................
4.5 Safe parameterisation with the SafetyTool 171.....................................
4.5.1 Starting the program 171..............................................
4.5.2 Selection of the session types - Configuration wizard 171.....................
4.5.3 Online parameterisation 172...........................................
4.5.4 Offline parameterisation 174...........................................
4.5.5 Basic rules for parameterisation with the SafetyTool 175.....................
4.5.6 Behaviour in case of invalid parameterisation 178...........................
4.5.7 Parameter set version 178.............................................
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 5
CAMC-G-S3
4.6 Sequence of parameterisation with the SafetyTool (example) 179......................
4.6.1 Selection of the session variant in the Wizard 180...........................
4.6.2 Data transfer and synchronisation 181....................................
4.6.3 Starting parameterisation 183..........................................
4.6.4 Checking the data transfer 184..........................................
4.6.5 Basic information 184.................................................
4.6.6 Encoder configuration 184.............................................
4.6.7 Configuring digital inputs 185...........................................
4.6.8 Selection and parameterisation of the safety functions 186...................
4.6.9 Logic functions 190...................................................
4.6.10 Logic error acknowledgment 191........................................
4.6.11 Digital outputs 191...................................................
4.6.12 Error management 191................................................
4.6.13 Finishing parameterisation 191.........................................
4.7 Special functions of the SafetyTool 193...........................................
4.7.1 Changing a password 193..............................................
4.7.2 Setting the factory settings 193.........................................
4.7.3 Plausibility check 193.................................................
4.7.4 Overview of parameters 194............................................
4.7.5 Diagnostic fault 195..................................................
4.8 Performance test, validation 197.................................................
5 Operation 200...............................................................
5.1 Obligations of the operator 200.................................................
5.2 Maintenance and care 200......................................................
5.3 Protective functions 200.......................................................
5.3.1 Supply - Overvoltage and reverse polarity protection voltage monitoring 200.....
5.3.2 Power supply for the internal electronics 200..............................
5.3.3 Fail-safe mode power supply 201........................................
5.3.4 Protective functions for the digital outputs 201.............................
5.3.5 Protective functions for the digital inputs 201..............................
5.3.6 Protective functions for the brake activation 201............................
5.3.7 Protective functions of the supply for driver activation 202....................
5.3.8 Protective function for the connected position encoder 202...................
5.3.9 Internal protective function of the electronics on the safety module 202.........
5.3.10 Monitoring compliance with the requested safety functions 203...............
5.4 Diagnostics and fault clearance 204..............................................
5.4.1 LED indicator on the safety module 204...................................
5.4.2 7-segment display of the motor controller 205.............................
5.5 Error messages and error handling 207............................................
5.5.1 Error numbers 207....................................................
5.5.2 Error acknowledgment 207.............................................
5.5.3 Diagnostic messages 208..............................................
5.6 Diagnostic messages with instructions for fault clearance 209.........................
6 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English
CAMC-G-S3
6 Service, repair, replacement, waste management 226...............................
6.1 Service 226.................................................................
6.2 Repair 226..................................................................
6.3 Replacement of the safety module 226............................................
6.3.1 Disassembly and installation 227........................................
6.3.2 Accepting safety module 227...........................................
6.3.3 Recommissioning with the SafetyTool 227.................................
6.4 De-commissioning and disposal 228..............................................
A Technical appendix 229........................................................
A.1 Technical data 229............................................................
A.1.1 Safety engineering 229................................................
A.1.2 General 230.........................................................
A.1.3 Operating and ambient conditions 231....................................
A.1.4 Digital inputs DIN40A/B to DIN43A/B and DIN44 to DIN49 [X40] 233...........
A.1.5 Digital outputs DOUT40A/B to DOUT42A/B [X40] 234.......................
A.1.6 Signal contact C1/C2 [X40] 235.........................................
A.1.7 24 V auxiliary voltage [X40] 235.........................................
A.1.8 Version of the connecting cable [X40] 236.................................
A.1.9 Digital output for a holding brake on the basic unit [X6] 236...................
A.2 Safety data 238..............................................................
A.2.1 Safety functions 238..................................................
A.2.2 Digital inputs 239....................................................
A.2.3 Encoder systems 241.................................................
A.2.4 Digital outputs 258...................................................
A.3 System precision and reaction time 260...........................................
A.3.1 Accuracy of position monitoring (SOS) from the point of view of the application 261 A.3.2 Accuracy of speed monitoring (SLS, SSR)
from the point of view of the application 262...............................
A.3.3 Specification of the relevant parameters for Safe Speed Function (with SLS, SSR) ....
263
A.3.4 Requirements for encoder errors from the point of view of the application 264....
A.3.5 Vector length monitoring of analogue encoder signals (resolver, SIN/COS encoder) . .
267
A.3.6 Impact of an angle error within the error limits of
vector length monitoring on the speed signal 270...........................
A.3.7 Basis for observation of system accuracy 272..............................
A.4 Status messages, diagnostics via fieldbus 274......................................
A.4.1 Output of status messages via the digital outputs of the basic unit 274..........
A.4.2 Status signals via fieldbus – protocol CiA 402 275...........................
A.4.3 Status signals via fieldbus – protocol FHPP 279.............................
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 7
CAMC-G-S3
A.5 Recording trace data - “Trace” 282...............................................
A.5.1 Overview 282........................................................
A.5.2 Configure 282.......................................................
A.5.3 Start trace 284......................................................
A.5.4 Example 284........................................................
B Reference list for control signals and parameters 286...............................
B.1 List of all logic signals 286......................................................
B.1.1 Logical inputs LIN 286.................................................
B.1.2 Virtual inputs VIN 289.................................................
B.1.3 Virtual outputs VOUT 290..............................................
B.1.4 Logical outputs LOUT 292..............................................
B.1.5 Status words for the data exchange / diagnostics via fieldbuses 293............
B.2 List of additional parameters 295................................................
B.3 List of important communication objects in the basic unit 302.........................
C Glossary 305................................................................
C.1 Safety terms and abbreviations 305..............................................
C.2 Terms for the SafetyTool and for safe parameterisation 307...........................
8 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English
CAMC-G-S3
Notes on this documentation
This documentation is intended to help you safely work with the safety functions
– STO – Safe Torque Off
– SS1 – Safe Stop 1
– SS2 – Safe Stop 2
– SOS – Safe Operating Stop
– SLS – Safely-Limited Speed
– SSR – Safe Speed Range
– SSM – Safe Speed Monitor
– SBC – Safe Brake Control
in accordance with EN 61800-5-2 through the usage of the safety module CAMC-G-S3 for the motor
controller CMMP-AS-...-M3.
 In addition, always observe the general safety regulations for the CMMP-AS-…-M3.
The general safety regulations for the CMMP-AS-...-M3 can be found in the hardware description “Mounting and installation”, GDCP-CMMP-M3-HW-... è Tab. 3. Observe the information regarding safety and on the requirements for product use in Section 1.2.
Product identification
This documentation refers to the following versions: – Safety module CAMC-G-S3, from revision 01 (overall revision 1.1) – Motor controller CMMP-AS-...-M3 with firmware from version 4.0.1501.2.1 and hard
ware version from 6.0 (CMMP-AS-C2-3A-M3, CMMP-AS-C5-3A-M3) or from 4.1
(CMMP-AS-C5-11A-P3-M3, CMMP-AS-C10-11A-P3-M3) – FCT PlugIn CMMP-AS from version 2.4.x.x with SafetyTool from version 1.0.x.x These are the first available of supported versions. In the case of more versions or the replacement of the safety module, check whether the versions are compatible è see documentation of the appropriate version used.
Rating plate (example) Function
1
CAMC-G-S3
1501331 XX
ESD
5
P0012345
Rev XX
23 4
1) Part number of the safety module CAMC-G-S3
2) Permits traceability of the product
[XX]
1 Order code (type designation) 2 Part number 3 Two-digit code for unique identification of the
production date
1)
2)
4 Module revision (overall revision, i.e. combina
tion of hardware and firmware states)
5 Continuous serial number
2)
Tab. 1 Rating plate CAMC-G-S3
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 9
CAMC-G-S3
Service
Please consult your regional Festo contact if you have any technical problems.
Issue status of the specified standards
Standard: Issue status
EN 50178:1997 EN ISO 13849-1:2008 EN 61326-3-1:2008 EN ISO 13849-2:2012 EN 61800-3:2004 + A1:2012 EN 62061:2005 EN 61800-5-1:2007 EN 61508-1 to -7:2010 EN 61800-5-2:2007
Tab. 2 Issue statuses
10 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English
CAMC-G-S3
Documentation
You will find information on the motor controller in the following documentation:
User documentation on the motor controller CMMP-AS-...-M3 Name, type Table of contents
Hardware description, GDCP-CMMP-M3-HW-...
Assembly and installation of the motor controller CMMP­AS-...-M3 for all variants/output classes (1-phase, 3-phase), pin
allocations, error messages, maintenance. Function descriptions, GDCP-CMMP-M3-FW-... Description FHPP, GDCP-CMMP-M3/-M0-C-HP-...
Functional description (firmware) CMMP-AS-...-M3, Instructions
on commissioning.
Control and parameterisation of the motor controller via the
FHPP Festo profile.
– Motor controller CMMP-AS-...-M3 with the following field
busses: CANopen, PROFINET, PROFIBUS, EtherNet/IP, Devi ceNet, EtherCAT.
– Motor controller CMMP-AS-...-M0 with fieldbus CANopen. Description CiA 402 (DS 402), GDCP-CMMP-M3/-M0-C-CO-...
Control and parameterisation of the motor controller via the
device profile CiA 402 (DS402)
– Motor controller CMMP-AS-...-M3 with the following field
busses: CANopen and EtherCAT.
– Motor controller CMMP-AS-...-M0 with fieldbus CANopen. Description of CAM Editor, P.BE-CMMP-CAM-SW-... Description of safety module, GDCP-CAMC-G-S1-... Description of safety module, GDCP-CAMC-G-S3-...
Cam disc function (CAM) of the motor controller CMMP-
AS-...-M3/-M0.
Functional safety engineering for the motor controller CMMP-
AS-...-M3 with the safety function STO.
Functional safety engineering for the motor controller CMMP-
AS-...-M3 with the safety functions STO, SS1, SS2, SOS, SLS,
SSR, SSM, SBC. Description for exchange and pro ject conversion GDCP-CMMP-M3-RP-...
Motor controller CMMP-AS-...-M3 as a replacement device for
previous motor controller CMMP-AS. Changes to the electrical
installation and description of project conversion. Help for the FCT PlugIn CMMP-AS User interface and functions of the CMMP-AS PlugIn for the
Festo Configuration Tool.
è www.festo.com SafetyTool Help User interface and functions of the SafetyTools for paramet
erisation of the safety module CAMC-G-S3.
Tab. 3 Documentation on the motor controller CMMP-AS-...-M3
The documentation is available on the following media: – CD-ROM (scope of delivery) – Support Portal: è www.festo.com/sp
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 11
CAMC-G-S3
Safety engineering system symbols used
Inputs and outputs
Input, two-channel Output, two-channel
Output, single-channel Relay output
Sensor types
Mode selector switch Start button
Holding brake Exit safety function (restart)
Light curtain Door lock/safety guard
Emergency stop switches Enabling buttons
Acknowledgment Two-hand control device
Reliable reference switch Position encoder
Safety functions
STO – Safe Torque Off USF – Universal safety function
SS1 – Safe stop 1 SLS – Safely-Limited Speed
SS1 – Safe stop 2 SSR – Safe Speed Range
SOS – Safe Operating Stop SSM – Safe Speed Monitor
SBC – Safe Brake Control ALF – Advanced Logic Function, not
a safety function (Advanced Logic Function)
Tab. 4 Safety engineering systems symbols
12 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English

1 Safety and requirements for product use

1 Safety and requirements for product use

1.1 Safety

1.1.1 General safety information

 In addition, always observe the general safety regulations for the CMMP-AS-…-M3.
The general safety regulations for the CMMP-AS-...-M3 can be found in the hardware description, GDCP-CMMP-M3-HW-..., è Tab. 3, page 11 .
Please note Failure of the safety function.
The safety functions might fail if you do not comply with the parameters and conditions required for the surroundings and connections.  In particular, you must provide input voltages within the specified tolerances
è Technical data, Appendix A.1.
Please note Incorrect handling can damage the safety module or motor controller.
 Switch off the supply voltage before mounting and installation work. Switch on the
supply voltage only when mounting and installation work are completely finished.
 Never unplug the safety module from, or plug it into the motor controller when
powered!
 Observe the specifications for handling electrostatically sensitive devices.

1.1.2 Intended use

The safety module CAMC-G-S3 serves as an expansion of the motor controller CMMP-AS-...-M3 to im plement the safety function: – STO – Safe Torque Off – SS1 – Safe Stop 1 – SS2 – Safe Stop 2 – SOS – Safe Operating Stop – SLS – Safely-Limited Speed – SSR – Safe Speed Range – SSM – Safe Speed Monitor – SBC – Safe Brake Control
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 13
1 Safety and requirements for product use
When suitable position transmitters are used and with suitable activation of the safety module, the requirements are fulfilled in accordance with EN 61800-5-2 up to and including SIL3 and in accordance with EN ISO 13849-1 up to and including Category 4 / PL e. Depending on the encoders used for position recording, it is possible that only SIL2 is implemented è Section 1.1.4. The motor controller CMMP-AS-...-M3 with safety module CAMC-G-S3 is a product with safety-relevant functions and is intended for installation in machines or automation systems. Use it only: – in excellent technical condition, – in its original state without unauthorised modifications, – within the product's limits as defined by the technical data è Appendix A.1, – in an industrial environment.
The safety module CAMC-G-S3 can be operated in all motor controllers CMMP-AS-...-M3 that have an Ext3 slot for safety equipment. It cannot be plugged into one of the Ext1 or Ext2 slots for interfaces.
Please note
In the event of damage caused by unauthorised manipulation or improper use, the guar antee is invalidated and the manufacturer is not liable for damages.

1.1.3 Foreseeable misuse

The following misuses are among those not approved as intended use: – use in a device other than the CMMP-AS-…-M3, – use outdoors, – use in non-industrial areas (residential areas), – use outside the limits of the product defined in the technical data, – unauthorised modifications.
Please note
– The STO function must not be used as the sole safety function for drives subject to
permanent torque (e.g. suspended loads). Take this into account through the use of
suitable measures, e. g. a clamping unit. – Bypassing of safety equipment is not allowed. – Repairs to the safety module are not allowed! A professional replacement of the
safety module is permissible.
The STO (Safe Torque Off) function does not provide protection from electric shock, only from hazardous movements! The drive is not disconnected from the power supply as is required for electrical safety è hardware description, GDCP-CMMP-M3-HW-...
14 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English
1 Safety and requirements for product use

1.1.4 Achievable safety level, safety function in accordance with EN ISO 13849-1 / EN 61800-5-2

The safety module fulfills the basic test requirements – Category 4 / PL e in accordance with EN ISO 13849-1, – SIL CL 3 in accordance with EN 62061, and can be used in applications up to cat. 4 / PL e in accordance with EN ISO 13849-1 and up to SIL 3 in accordance with EN 62061 / IEC 61508. The achievable safety level depends on the other components used to implement a safety function.
CAMC-G-S3: Cat. 4 / PL e, SIL 3
Peripheral:
Cat. ... / PL ..., SIL ... è Appendix A.2
Motor controller
Safety module
Inputs/out puts
Encoder 1
Encoder 2
Fig. 1.1 Safety level CAMC-G-S3 and complete system
Take into account the approved combinations of position encoders along with the corres ponding notes è Section 2.2.5, Tab. 2.7. You can find information on the characteristic safety values, which can be implemented with the corresponding peripherals, for the different safety functions in è Appendix A.2
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 15
1 Safety and requirements for product use

1.2 Requirements for product use

 Make the complete documentation available to the design engineer, installation technician and
personnel responsible for commissioning the machine or system in which this product is used.
 Make sure that the specifications of the documentation are always complied with. When so doing,
also take into account the documentation for the other components and modules (e. g. motor con troller, circuits etc.).
 Take into consideration the legal regulations applicable at the installation site, as well as:
– regulations and standards, – regulations of the testing organisations and insurers, – national specifications.
 The safety module fulfils the requirements of EN 61800-5-2. Additional regulations, standards and
directives apply to the other safety devices used in the machine and their use, and must also be taken into account.
 For emergency stop applications, protection from automatic restart corresponding to the required
category must be planned. This can be achieved, for example, with an external safety switching device or suitable parameterisation of the safety module CAMC-G-S3 è Section 2.7.

1.2.1 Technical prerequisites

General information for the correct and safe use of the product, which must be observed at all times:  Comply with the connection and environmental conditions of the safety module (è appendix A.1),
the motor controller and all connected components. The product can only be operated in compliance with the relevant safety regulations if you comply with the limit values and load limits.
 Observe the instructions and warnings in this documentation.

1.2.2 Qualification of the specialised personnel (personnel requirements)

The device may only be set into operation by a qualified electrical technician who is familiar with: – how to install and operate electrical control systems, – the applicable regulations for operating safety-engineered systems, – the applicable regulations for accident protection and operational reliability, and – the documentation for the product.

1.2.3 Diagnostic coverage (DC)

Diagnostic coverage depends on the integration of the motor controller with safety module into the control loop system, the motors/position encoders used, as well as the implemented diagnostic measures.
16 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English
1 Safety and requirements for product use
If a malfunction is detected during the diagnostics, appropriate measures must be taken to maintain the safety level.
Please note
The reaction of the safety module to detected faults can be parameterised accordingly, e.g. activate the safety functions SS1 and SBC if there is a cross-circuit of safe input signals.
Please note
Check whether cross-circuit detection of the input circle and the connection wiring is required in your application. If needed, use a safety switching device with cross-circuit detection to activate the safety module or use the safe outputs of the safety module for the supply of passive switching devices together with the corresponding monitoring functions of the safe inputs.

1.2.4 Range of application and certifications

The motor controller with built-in safety module is a safety device in accordance with the EC Machinery Directive 2006/42/EC; the motor controller has the CE logo. Safety-orientated standards and test values, which the product must comply with and fulfil, can be found in the section “Technical data” è Appendix A.1. The product-relevant EC directives and stand ards can be found in the declaration of conformity.
Certificates and declaration of conformity on this product can be found at è www.festo.com/sp.
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 17

2 Product description of safety module CAMC-G-S3

2 Product description of safety module CAMC-G-S3

2.1 Product overview

2.1.1 Purpose

As processes become increasingly automated, protecting people from potentially hazardous move ments is gaining in importance. Functional safety refers to measures required of electrical or electronic equipment to reduce or eliminate malfunction-induced dangers. In normal operation, protective devices prevent human access to hazardous areas. In certain operating modes, during set-up, for ex ample, people need to be in hazardous areas. In such situations, the machine operator must be protec ted by drive and internal control measures. The functional safety engineering integrated with the safety module CAMC-G-S3 in the motor controller CMMP-AS-...-M3 meets the requirements of the controller and drive for optimised implementation of protective functions. Planning and installation complexity are reduced. The use of integrated functional safety engineering produces extended machine functionality and better availability over the levels achieved by conventional safety engineering.
The motor controllers of the CMMP-AS-...-M3 series can be equipped with plug-in modules for integ rated functional safety technology. The following modules are available:
Type Description
CAMC-DS-M1 Micro switch module with DIL switches, no safety functions. CAMC-G-S1 Safety module with DIP switches and STO function. CAMC-G-S3 Safety module with the STO, SS1, SS2, SOS, SBC, SLS, SSR, SSM functions and
DIP switches.
Tab. 2.1 Overview of the safety and micro switch modules for the CMMP-AS-...-M3

2.1.2 Performance characteristics

The safety module CAMC-G-S3 has the following performance characteristics: – Implementation of one or more of the safety functions:
– STO – Safe Torque Off – SS1 – Safe Stop 1 – SS2 – Safe Stop 2 – SOS – Safe Operating Stop – SLS – Safely-Limited Speed – SSR – Safe Speed Range – SSM – Safe Speed Monitor
– SBC – Safe Brake Control – two-channel and single-channel inputs to request the safety function. – two-channel safe outputs to control additional safety elements and functions. – potential-free acknowledgement contact for the operating status.
18 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English
2 Product description of safety module CAMC-G-S3
– design as a module that can be plugged in from the outside thus enabling retrofits. This functional safety engineering integrated in the motor controller allows: – shortest reaction times through more rapid detection of possibly hazardous statuses. – comprehensive detection of hazards through rapid, direct access to a wide range of signals and
measured variables in the motor controller.
– analysis of a wide range of position transmitters, such as resolvers, SIN/COS encoders, Hiperface
encoders, and also the analysis of position transmitters with purely serial protocols (ENDAT 2.2, BISS, etc.)
– if necessary, rapid, direct manipulation of the setpoints / control system of the drive controller. An
axle can also be safety and precisely brought to idle without action by the functional controller / PLC or braked to a limited speed.
– Direct interaction between the sequence control in the motor controller and the safety module. In
this way, for example, the clamping unit or holding brake, after a request of the SBC safety function and the subsequent restart, is only opened when the motor controller is actively controlling the position. This avoids “dropping” of vertical axles and there is no need to program a sequence in the function controller.

2.1.3 Supported devices

The safety module CAMC-G-S3 can only be used in motor controllers in conformity with section 1.1.2. The motor controllers CMMP-AS-...-M3 are delivered without a safety or micro switch module in slot Ext3 for safety modules. The use of safety module CAMC-G-S3 enables the safety functions described in this documentation for the integrated functional safety of safety-relevant motion monitoring and motion control to be expanded.
If no safety functions are required, the switch module CAMC-DS-M1 must be ordered and inserted in the Ext3 slot for safety modules.
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 19
2 Product description of safety module CAMC-G-S3

2.1.4 Operating elements and connections

The safety module CAMC-G-S3 has the following control sections, connections and display components:
3 4
2
Pin 1
Pin 12
Pin 13
Pin 24
1
1 Motor controller CMMP-AS-...-M3 with slot
Ext3
2 7-segment display of the motor controller to
display the active safety function or error messages of the safety module
3 Safety module CAMC-G-S3
4 I/O interface [X40A] and [X40B] to control the
safety functions
5 LED for display of the operating status
(status of functional safety)
6 DIP switch (activation/configuration of the
fieldbus communication in the motor controller)
7 Functional earth connection (flat plug
6.3 mm)
Fig. 2.1 Control section and connections CAMC-G-S3

2.1.5 Scope of delivery

Safety module CAMC-G-S3
Safety module with mounting accessories (2 screws with spring washer) 2 plugs for I/O interface [X40A], [X40B]
Module for safety functions STO, SS1, SS2, SOS, SLS, SSR, SSM, SBC
PHOENIX Mini-Combicon MC1.5_12-ST-3.81-BK (also available separately as an assortment of plugs NEKM-C-9) Brief description with mounting instructions German / English / Spanish / French / Italian /
Chinese
Tab. 2.2 Scope of delivery
5
6
7
20 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English
2 Product description of safety module CAMC-G-S3

2.2 Function and application

2.2.1 System overview

The following figure shows a typical drive system with integrated functional safety design, comprising the following components: – motor controller CMMP-AS-...-M3, – safety module CAMC-G-S3, – synchronous servo motor, e.g. from the series EMMS-AS or EMME-AS from Festo, – linear axle with second measuring system, e.g. EGC-...-M... from Festo, – reliable clamping unit.
Fieldbus or X1
Motor controller
Safety module
μC2
μC1
X40
DIN40A/B DIN41A/B DIN42A/B DIN43A/B DIN44 DIN45 DIN46 DIN47 DIN48 DIN49 DOUT40A/B DOUT41A/B DOUT42A/B C1 C2
Request via DIN4x
STO SBC SS1 SS2 SOS SLS SSM SSR
Status
Diagnostics
e.g. external clamping unit via DOUT4x
Status
DIP
X6
X2A
X2B
X10
Motor phases U/V/W
Holding brake in the motor
X2A encoder
X2B encoder
X10 encoder
Linear measurement system
Motor
μC-GG
BR+ BR-
Fig. 2.2 Safety module functional principle
The actual drive control and function control of the axle of motion takes place as usual via the motor controller CMMP-AS-...-M3 and the assigned control interfaces, e. g. [X1] or a fieldbus. The safety module monitors the function of the drive controller of the motor controller. For this, the safety-relevant variables of the motor movement are recorded and monitored according to the selected safety functions. If the safety limits are exceeded (e.g. a maximum permissible speed), then the safety module can, for example, safely switch off the driver supply for the output semi-conductor, thus pre venting the power output stage from supplying the energy required by the motor.
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 21
2 Product description of safety module CAMC-G-S3
Please note
Technical failure or failure of the power supply will lead to a switch-off of the power output stage of the motor controller. Safety limitations could be the result, depending on the application.
The safety module monitors the safety of the axle as follows: – In the CAMC-G-S3, there are two microcontrollers in a redundant structure. During operation, they
continuously compare all the relevant input and output signals as well as the data of the position encoders.
– The safety functions in the CAMC-G-S3 are requested or activated via the digital safe inputs on the
safety module, by other safety functions or as an error response. Logic operations can be used to set which digital inputs in which signal combination request a safety function.
– As soon as a safety function is active, safe monitoring of the status of the basic unit and axle takes
place.
– For this, the safety module detects the movement of the axle (position, speed) via the position en
coder in the motor and, depending on the system structure, via a second measuring system.
– For this, the position sensors are connected to [X2A], [X2B] and [X10] on the basic unit, as usual.
The signals are forwarded internally to the safety module.
Important: The second measuring system on the axle may be essential, depending on the requested safety classification and the axle configuration.
– If the axle is in the safe status, the safety function signals the status SSR, “Safe State Reached”,
and, when the safety conditions are violated, the safety function signals the status SCV “Safety Condition Violated”.
– The safety module has safe digital outputs, in order to signal the safety status to the outside, e.g. to
an external safety controller or an additional CAMC-G-S3 or to supply digital inputs with test pulses.
– The safety module uses an internal device path to control the brake control output at the motor
connection [X6], thus allowing the safety function SBC in combination with an appropriately-certi fied clamping unit.
– An external clamping unit can also be activated via a safe digital output and an external safe switch
ing device.
Important: To use the safety function SBC, a clamping unit with corresponding safety classification must be used. For all types of holding brakes or clamping units without certification, a risk analysis must be carried out and the suitability determined for the appropriate safety application. Otherwise, these may not be used. The holding brake in motors is not usually qualified and is thus not suitable.
22 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English
2 Product description of safety module CAMC-G-S3
– A potential-free signal contact is available for diagnostic purposes – The operating status of the safety module is displayed by a status LED and the 7-segment display of
the basic unit Data is exchanged between the safety module and the basic unit via an internal communication interface. – This means that the basic unit is always aware of the current operating status of the safety module,
e.g. whether a safety function is requested and executed, or whether a violation of a safety condi
tion is detected. – This means that the operating status of the safety design can be signalled to the functional control
ler via the different fieldbus interfaces. – The safety module can actively manipulate the controller of the basic unit, without having to go
through the function controller. For example, the drive can actively be decelerated to the zero speed
when the safety function SS2 is requested
Important: This function is primarily beneficial when individual axles are moved. By con trast, if the axle is moved in an interpolating operating mode (e.g. CAN interpolated posi tion mode), then this function makes less sense.
Additional functions of the firmware in the safety module: – safe switch-off of the motor controller in case of error, variable reaction to various errors. – analysis of the signals of the safe inputs, monitoring of the correct function of the hardware (test
pulses). – control of the safe outputs, monitoring of the correct function of the hardware. – safe monitoring of the correct function of the microcontrollers: Cyclical test of the memory (RAM,
Flash) and the CPU. – Monitoring of the supply voltages. – Cross-monitoring of the two involved microcontrollers. – Management of the parameter sets, implementation of a safe parameterisation, secured with check
sums and a password.

2.2.2 Circuitry of the safety module [X40]

To connect the safety functions, the safety module has a 24-pin interface [X40A/B] with the following connections: – 4 digital, two-channel sensor inputs with configurable allocation (SIL3 inputs), – 6 digital, single-channel inputs with configurable allocation (max. SIL2 inputs), e.g. as
– 1 digital, 3-pole mode selector switch
– 1 input for error acknowledgment
– 1 input to control the restart after a safety function was requested
– 1 input for a feedback signal of an external clamping unit – 3 digital, two-channel outputs (SIL3) with configurable allocation, optionally useable as clock output, – 1 acknowledgment contact (relay contact) for diagnostic purposes, – reference potential for all inputs and outputs, – a 24 V auxiliary current supply for connected sensors.
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 23
2 Product description of safety module CAMC-G-S3
Tab. 2.3 shows the connections, arranged by function. You can find the pin allocation arranged by pin numbers in è Section 3.2, Electrical installation.
Designation Description (factory setting1)) Pin, plug
Digital inputs DIN40A Digital input 40, two-channel
DIN40B X40A.2
(Factory setting: Emergency stop switching device, STO and SBC request)
X40A.1
DIN41A Digital input 41, two-channel X40B.13 DIN41B X40B.14 DIN42A Digital input 42, two-channel X40A.3 DIN42B X40A.4 DIN43A Digital input 43, two-channel X40B.15 DIN43B X40B.16 DIN44 Digital input 44
X40A.7
(Factory setting: Brake activation feedback) DIN45 Digital inputs 45, 46, 47 DIN46 X40A.9
(Factory setting: Mode selector switch) DIN47 X40A.10 DIN48 Digital input 48
X40A.8
X40A X40B
X40A.11
(Factory setting: Error acknowledgment). DIN49 Digital input 49
X40A.12 (Factory setting: Terminate safety function on rising edge).
Digital outputs and signal contact DOUT40A Digital output 40, two-channel X40A.5 DOUT40B X40A.6 DOUT41A Digital output 41, two-channel X40B.17 DOUT41B X40B.18 DOUT42A Digital output 42, two-channel X40B.19 DOUT42B X40B.20 C1 Signal contact, relay contacts
X40B.21 (Factory setting: Safe state reached, no safety condi
C2 X40B.22
tion violated). – Opened: “Safety function not active” – Closed: “Safety function active”
Reference potential and auxiliary supply GND24 0 V, reference potential for DINx / DOUTx / +24 V X40B.23 +24 V 24 V output, auxiliary supply, e.g. for safety peripherals
X40B.24 (24 V DC logic supply of t he motor controller).
1) Function in the delivery status or after resetting to factory settings (advance parameterisation)
Tab. 2.3 Digital inputs and outputs, signal contact, reference potential and auxiliary supply [X40]
24 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English
2 Product description of safety module CAMC-G-S3

2.2.3 Overview of the supported safety functions

The safety module supports the following safe stop and safe movement functions:
Function Number Comment
STO 1 Uncontrolled stopping, safe restart interlock è Section 2.5.1 SS1 1 Controlled stopping with subsequent STO è Section 2.5.3 SS2 1 Controlled stopping with subsequent SOS è Section 2.5.4 SOS 1 Safe stop (with “Fine rotational speed limit”1)) è Section 2.5.5 USF 4 “Universal Safety Function”, combined safety functions.
In the “Safe Speed Function” (SSF) version, the following safety functions can be implemented with appropriate parameterisation: SLS Safely limited speed è Section 2.5.8 SSR Safe speed range è Section 2.5.9 SSM Safely monitored speed è Section 2.5.9
SBC 1 Safe brake control è Section 2.5.2
1) A slow movement within the monitored position window can be permissible
Tab. 2.4 Equipment of the safety module
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 25
2 Product description of safety module CAMC-G-S3

2.2.4 Functional diagram of the safety module

The functions of the safety module are explained using the following functional diagram:
LOUT_x
VOUT_x
VIN_x_yLI N_x
Safety Functions
DOUT40A/B
Output Driver +Test Pulse Unit
Logic
...
VOUT_STO_SFR
VOUT_STO_SSR
STO
Safety Function
...
Logic
... ...
DOUT42A/B
Output Driver +Test Pulse Unit
Logic
...
VOUT_SS1_SFR
VOUT_SS1_SSR
SS1
Safety Function
...
Logic
... ...
C1/C2
Signal
Logic
Relay
...
BR+/BR-
Internal
Logic
VOUT_SBC_SFR
Safety Function
Logic
... ...
U_OS+/
Brake
Control
...
VOUT_SBC_SSR
SBC
...
U_US
Internal
Power Stage
Logic
...
Logic Functions
Enable
Logic
VOUT_ALF0_OUT
VOUT_ALF7_OUT
ALF0 ... 7
Advanced Logic
...
... ...
[5x-x] xxx_ERR
Error Logic + Error Handler
VOUT_PS_EN
VOUT_ERROR
VOUT_SCV
Operating
Mode Switch
Fixed Inputs
LIN_D45...D47
Finite state Machine
VOUT_READY
VOUT_SFR
VOUT_WARN
Two Hand
Control Unit
Fixed Inputs
LIN_D42 + D43
LED
VOUT_SSR
VOUT_SERVICE
LIN_D47_SAFE
LIN_D40
INPUT
FILTER+LOGIC
DIN40A/B
LIN_D43
INPUT
FILTER+LOGIC
DIN43A/B
LIN_D44
INPUT
FILTER+LOGIC
DIN44
LIN_D49
INPUT
FILTER+LOGIC
DIN49
LIN_D49_RISING...
Status signals from drive
LIN_D46_SAFE
LIN_D45_SAFE
LIN_D45 ... D47
LIN_2HAND_CTRL
Feedback Signals LIN_xy := VOUT_xy
Fig. 2.3 Functional diagram, safety module (legendè Tab. 2.5)
26 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English
2 Product description of safety module CAMC-G-S3
Term/abbreviation Explanation
DIN40A/B ... DIN43A/B Two-channel digital inputs DIN44 ... DIN49 Single-channel digital inputs INPUT FILTER + LOGIC Input filter and input logic Status signals from drive Status signals from drive LIN_x Logical inputs VIN_x_y Virtual inputs Safety functions Safety functions Logic Logic, configurable for the safety functions using product
terms Safety function STO, SS1, etc. Safety function STO, SS1, etc. Logic functions Logic functions Advanced logic ALF... Advanced logic functions ALF... Fixed inputs LIN_... Permanently assigned logical inputs LIN_... Operating Mode Switch Mode selector switch Two Hand Control Unit Two-handed control device VOUT_x Virtual outputs LOUT_x Logical outputs Output Driver + Test Pulse Unit Output drive and test pulse generation DOUT40A/B ... DOUT42A/B Two-channel digital outputs Signal relay Signal contact C1/C2 Pins C1/C2 of the signal contact Internal Brake Control Internal brake control BR+/BR- Pins BR+/BR- of the internal brake control Internal Power Stage Enable Internal output stage enable U_OS+/U_OS- Pins U_OS+/U_OS- of the internal output stage enable Error Logic + Error Handler Error logic and error handling [5x-x] xxx_ERR Internal error signal, error 5x-x Finite state Machine Finite state machine Feedback Signals LIN_xy := VOUT_xy Feedback of the signals LIN_xy := VOUT_xy
Tab. 2.5 Legend for Fig. 2.3
The digital inputs of the interface [X40] are shown on the very left of the block diagram and the digital outputs on the very right. Between them is a structure with logic blocks and the safety functions.
In the functional diagrams and other block diagrams, all the safe signals have a yellow background and potentially unsafe signals have a grey background.
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 27
2 Product description of safety module CAMC-G-S3
Input filters and logical inputs:
The digital input signals at [X40] are first filtered in the “Input Filter + Logic” function block. The block also checks whether test pulses exist on the input signals and whether they are plausible. In the case of two-channel inputs, a test is carried out of whether the input level corresponds to the configured input type (equivalent / antivalent switching) and whether the signals switch at the same time. As a result of these tests, the logical statuses of the input signals are mapped, shown in the block dia gram as LIN_x “Logic Inputs”. For example, the signal LIN_D40 maps the logical switching status of the two-channel input DIN40. List of logical inputs è Section B.1.1, Tab. B.2.
Safety functions:
The safety functions have some standardised features: Configurable logic functions are used to define which logical input signals, LINs, are switched to the safety function for – requesting the safety function, – terminating the request, – selecting additional control signals, if required. These internal control signals for the safety functions are termed VIN_x_y “Virtual Inputs”, e.g. VIN_SS1_RSF is the term for the input for requesting (Request Safety Function) the safety function SS1. The switching status of these signals can be read out and displayed. List of virtual outputs è Section B.1.2, Tab. B.5.
A total of 32 product terms are available for the configuration of the switching conditions and are comparable to a programmable logic module (PLD). The product terms can be distributed flexibly to the desired functions. A maximum of 4 of OR-linked product terms with a maximum of 7 inputs with/without inversion can be used for each VIN_x_y control signal for safety and logic functions, but also for the configuration of the VOUT_x outputs. Virtual inputs, to which no product term has been assigned, have the logical status “0”. The following example uses two of the 32 product terms to request the STO function:
The product terms are managed automatically using the SafetyTool (a special software, integrated in the FCT PlugIn) and are scarcely visible to the user.
28 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English
2 Product description of safety module CAMC-G-S3
The safety function itself contains logic and sequence functions which can be parameterised. The safety function takes the current status of the drive (position, speed) into account and monitors the drive. Each safety function makes the following output signals available: – the status signal that the safety function has been requested, – the status signal that the safe state has been reached, – an error message in the case of violation of the safety condition. In addition, some safety functions make yet more control signals available for the direct control of func tions in the drive controller. These status messages are shown as a group in the block diagram and are indicated with VOUT_x “VIrtual Output Signals”. List of virtual outputs è Section B.1.2, Tab. B.5.
Logic functions for the inputs:
Special logical control signals are required for some applications, and are made up of a combination of multiple input signals. The safety module supports these applications by making predefined logic func tions available for: – the mode selector, – the two-handed control device The output signals of these logic blocks are mapped directly in LIN_x, as they also serve to control safety functions. However, you can configure your own additional logic blocks. The so-called ALF “Advanced Logic Func tions” ALF0 to ALF7 are available for this. Their output signals are available as VOUT_x “Virtual Output Signals”. List of virtual outputs è Section B.1.2, Tab. B.5.
Logical outputs and output drivers:
The safety module has configurable blocks with power drivers for: – activating the digital outputs with the generation of test pulses, – activating the relay output, – activating the basic unit, e.g. the output for brake activation and to switch off the driver supply for
STO. A configurable logic function is used to define which VOUT signals are switched to the appropriate out put driver as LOUT “Logic Output Signal”. The logic function consists of a product term with a maximum of seven inputs as well as input and out put inversion. List of virtual outputs è Section B.1.4, Tab. B.7. The status of the logical output (one bit) is converted by the output driver to the physical output sig nals (frequently two signals, configurable as antivalent / equivalent / test pulses).
Feedback:
The safety module has an internal feedback path, as it is desirable in some applications to execute safety functions according to the status of another safety or logic function: The most important VOUT signals are therefore guided back to logical inputs LIN and are available to logical operations. List of logical inputs è Section B.1.1, Tab. B.2.
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 29
2 Product description of safety module CAMC-G-S3
State machine:
The operating status of the safety module is controlled using a finite state machine. The operating status is displayed using a multi-coloured LED and also mapped in VOUT. An exact description of the operating statuses can be found in è Section 2.10.
Error management:
The error management controls how the safety module reacts when errors occur. The most important error reaction is to immediately switch-off the power output stage in the basic unit (Safe Torque Off, STO) as well as to switch off all safe outputs. The error responses can be configured è Section 2.8.

2.2.5 Overview of supported position encoders

Position-detection sensors are required, in order to safely monitor the speed (e.g. for SLS) and position (e.g. for SOS). The motor controller CMMP-AS-...-M3 supports many different shaft encoders for position and speed detection via the device interfaces X2A, X2B and X10. The signals of the position encoders are forwar ded internally from the CMMP-AS-...-M3 to the safety module (è Fig. 2.2). Most shaft encoders can also be analysed directly by the safety module, as the signals are available to the safety module. The position and speed are detected via the shaft encoders. The following shaft encoders are supported by the safety module: – resolver via X2A – SIN/COS incremental encoder via X2B – SICK Hiperface shaft encoder via X2B (only process data channel) – Heidenhain ENDAT encoder via X2B – incremental encoder with digital A/B signals via X2B – BISS position transmitters for linear motors via X2B – incremental encoder with digital A/B signals via X10 The position and speed are detected via the shaft encoders.
The safety functions supported by the safety module do not require knowledge of the absolute position. For this reason, safe analysis of the absolute position of the encoders or safe homing is not intended.
Each microcontroller on the safety module can analyse up to two position transmitters:
30 Festo – GDCP-CAMC-G-S3-EN – 1406NH – English
Loading...
+ 280 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use