Mitsubishi Electric Melsec-QS Safety Application Manual

SAFETY PRECAUTIONS

(Always read these instructions before using this equipment.)

Before using the product, please read this manual, the relevant manuals introduced in this manual, standard PLC manuals, and the safety standards carefully and pay full attention to safety to handle the product correctly.

In this manual, the safety instructions are ranked as "DANGER" and "CAUTION".

DANGER

CAUTION

Note that the CAUTION level may lead to a serious consequence according to the circumstances.

Always follow the instructions of both levels because they are important to personal safety.

Please save this manual to make it accessible when required and always forward it to the end user.

Indicates that incorrect handling may cause hazardous conditions, resulting in death or severe injury.

Indicates that incorrect handling may cause hazardous conditions, resulting in medium or slight personal injury or physical damage.

A - 1

[Design Precautions]

DANGER

When a safety PLC detects an error in an external power supply or a failure in PLC main module, it

turns off all the outputs. Create an external circuit to securely stop the power of hazard by turning off the outputs. Incorrect configuration may result in an accident.

Create short current protection for a safety relay, and a protection circuit such as a fuse, and

breaker, outside a safety PLC.

If load current more than the rating or overcurrent due to a short circuit in the load has flowed in the

CC-Link Safety remote I/O module, the module defines it as a fault and turns off all the outputs. However, if overcurrent flows in the CC-Link Safety remote I/O module for a long time, it may cause smoke or a fire. To prevent it, create a safety circuit such as a fuse outside the module.

When data/program change, or status control is performed from a PC to a running safety PLC,

create an interlock circuit outside the sequence program and safety PLC to ensure that the whole system always operates safely. For the operations to a safety PLC, pay full attention to safety by reading the relevant manuals carefully, and establishing the operating procedure. Furthermore, for the online operations performed from a PC to a safety CPU module, the corrective actions against a communication error due to a cable connection fault, etc. should be predetermined as a system.

All output signals from a safety CPU module to the CC-Link Safety system master module are

prohibited to use. These signals can be found in the CC-Link Safety System Master Module User's Manual. Do not turn ON or OFF these signals by sequence program, since turning ON/OFF these output signals of the PLC system may cause malfunctions and safety operation cannot be guaranteed.

When a safety remote I/O module has detected CC-Link Safety error, it turns off all the outputs. Note

that the outputs in a sequence program are not automatically turned off. If CC-Link Safety error has been detected, create a sequence program that turns off the outputs in the program. If the CC-Link Safety is restored with the outputs on, it may suddenly operate and result in an accident.

To inhibit restart without manual operation after safety functions was performed and outputs were

turned OFF, create an interlock program which uses a reset button for restart.

A - 2

[Design Precautions]

CAUTION

Do not bunch the wires of external devices or communication cables together with the main circuit or power lines, or install them close to each other. They should be installed 100 mm (3.94 inch) or more from each other. Not doing so could result in noise that would cause malfunctions.

Select the external devices to be connected to the CC-Link Safety remote I/O module, considering the maximum inrush current with reference to the CC-Link Safety System Remote I/O Module User's Manual.

[Installation Precautions]

CAUTION

Use a safety PLC in the environment that meets the general specifications described in the QSCPU User's Manual (Hardware Design, Maintenance and Inspection). Using this PLC in an environment outside the range of the general specifications could result in electric shock, fire, erroneous operation, and damage to or deterioration of the product.

While pressing the installation lever located at the bottom of module, insert the module fixing tab into the fixing hole in the base unit until it stops. Then, securely mount the module with the fixing hole as a supporting point. Incorrect loading of the module can cause a failure or drop. Secure the module to the base unit with screws. Tighten the screw in the specified torque range. If the screws are too loose, it may cause a drop of the screw or module. Over tightening may cause a drop due to the damage of the screw or module.

Make sure to fix the CC-Link Safety remote I/O module with a DIN rail or mounting screws and tighten the screws with the specified torque. If the screws are too loose, it may cause a drop of the screw or module. Over tightening may cause a drop due to the damage of the screw or module.

Completely turn off the external supply power used in the system before mounting or removing the module. Not doing so could result in damage to the product.

Do not directly touch the module's conductive parts or electronic components. Doing so may cause malfunctions or a failure.

A - 3

[Wiring Precautions]

DANGER

Be sure to shut off all phases of the external supply power used by the system before wiring.

Not completely turning off all power could result in electric shock or damage to the product.

When energizing or operating the module after installation or wiring, be sure to close the attached terminal cover. Not doing so may result in electric shock.

CAUTION

Ground the FG and LG terminals correctly. Not doing so could result in electric shock or malfunctions.

Use a solderless terminal with insulation sleeve for wiring of a terminal block. Use up to two solderless terminals for a single terminal.

Use applicable solderless terminals and tighten them with the specified torque. If any solderless spade terminal is used, it may be disconnected when the terminal screw comes loose, resulting in a failure.

Wire the module correctly after confirming the rated voltage and terminal layout. Connecting a power supply of a different rated voltage or incorrect wiring may cause a fire or failure.

Tighten a terminal block mounting screw, terminal screw, and module mounting screw within the specified torque range. If the terminal block mounting screw or terminal screw is too loose, it may cause a short circuit, fire, or malfunctions. If too tight, it may damage the screw and/or the module, resulting in a drop of the screw or module, a short circuit or malfunctions. If the module mounting screw is too loose, it may cause a drop of the screw or module. Over tightening the screw may cause a drop due to the damage of the screw or module.

Be sure there are no foreign substances such as sawdust or wiring debris inside the module. Such debris could cause a fire, failure, or malfunctions.

The module has an ingress prevention label on its top to prevent foreign matter, such as wire offcuts, from entering the module during wiring. Do not peel this label during wiring. Before starting system operation, be sure to peel this label because of heat dissipation.

A - 4

[Wiring Precautions]

CAUTION

Be sure to fix the communication cables or power cables by ducts or clamps when connecting them to the module. Failure to do so may cause damage of the module or cables due to a wobble, unintentional shifting, or accidental pull of the cables, or malfunctions due to poor contact of the cable.

When removing the connected communication cables or power cables, do not pull the cable with grasping the cable part. Remove the cable connected to the terminal block after loosening the terminal block screws. Pulling the cable connected to a module may result in malfunctions or damage of the module or cable.

For the cables to be used in the CC-Link Safety system, use the ones specified by the manufacturer. Otherwise, the performance of the CC-Link Safety system is not guaranteed. As to the maximum overall cable length and station - to station cable length, follow the specifications described in the CC-Link Safety System Master Module User's Manual. If not following the specification, the normal data transmission is not guaranteed.

Install our PLC in a control panel for use. Wire the main power supply to the power supply module installed in a control panel through a distribution terminal block. Furthermore, the wiring and replacement of a power supply module have to be performed by a maintenance worker who acquainted with shock protection. (For the wiring methods, refer to the QSCPU User's Manual (Hardware Design, Maintenance and Inspection).

A - 5

[Stratup and Maintenance precautions]

DANGER

Do not touch the terminals while power is on.

Doing so could could result in electric shock.

Correctly connect the battery. Also, do not charge, disassemble, heat, place in fire, short circuit, or solder the battery. Mishandling of battery can cause overheating, cracks, or ignition which could result in injury and fires.

Turn off all phases of the external supply power used in the system when cleaning the module or retightening the terminal block mounting screws, terminal screws, or module mounting screws. Not doing so could result in electric shock. Tighten a terminal block mounting screw, terminal screw, and module mounting screw within the specified torque range. If the terminal block mounting screw or terminal screw is too loose, it may cause a short circuit, fire, or malfunctions. If too tight, it may damage the screw and/or the module, resulting in a drop of the screw or module, a short circuit or malfunctions. If the module mounting screw is too loose, it may cause a drop of the screw or module. Over tightening the screw may cause a drop due to the damage of the screw or module.

CAUTION

The online operations performed from a PC to a running safety PLC (Program change when a safety CPU is RUN, device test, and operating status change such as RUN-STOP switching) have to be executed after the manual has been carefully read and the safety has been ensured. Following the operating procedure predetermined at designing, the operation has to be performed by an instructed person. When changing a program while a safety CPU is RUN (Write during RUN), it may cause a program breakdown in some operating conditions. Fully understand the precautions described in the GX Developer's manual before use.

Do not disassemble or modify the modules. Doing so could cause a failure, malfunctions, injury, or fire. If the product is repaired or remodeled by other than the specified FA centers or us, the warranty is not covered.

Use any radio communication device such as a cellular phone or a PHS phone more than 25cm (9.85 inch) away in all directions of safety PLC. Not doing so can cause malfunctions.

A - 6

[Stratup and Maintenance precautions]

CAUTION

Completely turn off the external supply power used in the system before mounting or removing the module. Not doing so may result in a failure or malfunctions of the module.

Restrict the mounting/removal of a module, base unit, and terminal block up to 50 times (IEC61131-2-compliant), after the first use of the product. Failure to do so may cause the module to malfunction due to poor contact of connector.

Do not drop or give an impact to the battery mounted to the module. Doing so may damage the battery, causing the battery fluid to leak inside the battery. If the battery is dropped or given an impact, dispose of it without using.

Before touching the module, always touch grounded metal, etc. to discharge static electricity from human body, etc. Not doing so may result in a failure or malfunctions of the module.

Since the module case is made of resin, do not drop or apply any strong impact to the module. Doing so may damage the module.

Completely turn off the external supply power used in the system before mounting or removing the module to/from the panel. Not doing so may result in a failure or malfunctions of the module.

[Disposal Precautions]

CAUTION

When disposing of this product, treat it as industrial waste.

[Transportation Precautions]

CAUTION

When transporting lithium batteries, make sure to treat them based on the transport regulations. (For details of the controlled models, refer to the QSCPU User's Manual (Hardware).

A - 7

REVISIONS

The manual number is given on the bottom left of the back cover.

Print date Manual number Revision

Sep., 2006 SH(NA)-080613ENG-A First edition

Mar., 2007 SH(NA)-080613ENG-B

Apr., 2008 SH(NA)-080613ENG-C

Partial correction

CHAPTER1, Section 4.2, 5.5, 5.6.3, 5.6.4

Partial correction

Section 4.1, Appendix 1

Japanese Manual Version SH-080611-C

This manual confers no industrial property rights or any rights of any other kind, nor does it confer any patent licenses.

Mitsubishi Electric Corporation cannot be held responsible for any problems involving industrial property rights which may

occur as a result of using the contents noted in this manual.

2006 MITSUBISHI ELECTRIC CORPORATION

A - 8

INTRODUCTION

Thank you for purchasing the Mitsubishi safety programmable controller MELSEC-QS series. Before using the equipment, please read this manual carefully to develop full familiarity with the functions

and performance of the QS series PLC you have purchased, so as to ensure correct use.

SAFETY PRECAUTIONS ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• A - 1

REVISIONS•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••A - 8

INTRODUCTION •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• A - 9

CONTENTS••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• A - 9

ABOUT MANUALS ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• A - 11

HOW THIS MANUAL IS ORGANIZED ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• A - 13

HOW TO USE THIS MANUAL ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• A - 14

GENERIC TERMS AND ABBREVIATIONS ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• A - 15

TERMINOLOGY •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• A - 16

Chapter1 OVERVIEW 1 - 1 to 1 - 2

Chapter2 APPLICATION EXAMPLE 2 - 1 to 2 - 2

Chapter3 RISK ASSESSMENT AND SAFTY LEVEL 3 - 1 to 3 - 5

3.1 Risk Assessment•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 3 - 1

3.1.1 Risk reduction••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••3 - 2

3.2 Safety Category •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••3 - 3

3.3 SIL ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 3 - 5

Chapter4 PRECAUTIONS FOR USE OF SAFETY PLC 4 - 1 to 4 - 11

4.1 Precautions for Designing Safety Application ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 4 - 1

4.2 Precautions for Programming •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 4 - 5

4.3 Precautions for Startup •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 4 - 10

4.4 Precautions for Safety Functions Maintenance ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 4 - 10

Chapter5 SAFETY APPLICATION CONFIGURATION EXAMPLE 5 - 1 to 5 - 35

5.1 System Configuration ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••5 - 1

5.2 Network-Related Switch Settings of Module••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 5 - 2

5.2.1 Safety Power supply module••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••5 - 2

5.2.2 Safety CPU module•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••5 - 2

5.2.3 Safety master module •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 5 - 2

5.2.4 Safety remote I/O module ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 5 - 3

5.3 CC-Link Parameter Settings •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 5 - 4

5.3.1 CC-Link station information settings••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 5 - 4

A - 9

5.3.2 Safety remote station parameter settings ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••5 - 5

5.4 Relationship between the Safety CPU Module Devices and Remote I/O •••••••••••••••••••••••••••••••• 5 - 6

5.5 Wiring Diagram and Parameter Setting of Standard Input •••••••••••••••••••••••••••••••••••••••••••••••••• 5 - 7

5.6 Case Examples•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 5 - 8

5.6.1 Emergency stop circuit •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••5 - 8

5.6.2 Door lock circuit•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 5 - 14

5.6.3 Entering detection and existence detection circuit 1 ••••••••••••••••••••••••••••••••••••••••••••••••• 5 - 20

5.6.4 Entering detection and existence detection circuit 2 ••••••••••••••••••••••••••••••••••••••••••••••••• 5 - 28

APPENDIX Appendix- 1 to Appendix - 8

Appendix.1Calculation Method of Safety Response Time••••••••••••••••••••••••••••••••••••••••••••••••• Appendix - 1

Appendix.2Checklist •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• Appendix - 8

INDEX INDEX - 1

A - 10

ABOUT MANUALS

Related manuals

The following manuals are related to this product. If necessary, order them by quoting the details in the tables below.

Manual name

QSCPU User's Manual (Hardware)

Explains the specifications of the QSCPU, safety power supply module and safety base unit, etc.

(Supplied with the product)

QSCPU User's Manual (Hardware Design, Maintenance and Inspection)

Explains the specifications of the QSCPU, safety power supply module, safety base unit, etc.

(Sold separately)

QSCPU User's Manual (Function Explanation, Program Fundamentals)

Explains the functions, programming methods, devices, etc. that are necessary to create programs

with the QSCPU.

(Sold separately)

QSCPU Programming Manual (Common Instructions)

Explains how to use the sequence instructions, basic instructions, application instructions, and

QSCPU dedicated instructions.

(Sold separately)

CC-Link Safety System Master Module User's Manual (Hardware)

QS0J61BT12

Explains the specifications of the QS0J61BT12 type CC-Link Safety system master module.

(Supplied with the product)

CC-Link Safety System Master Module User's Manual QS0J61BT12

Explains the specifications, procedures and settings up to operation, parameter settings and trouble

shootings of the QS0J61BT12 type CC-Link Safety system master module.

(Sold separately)

CC-Link Safety System Remote I/O Module User's Manual (Hardware)

QS0J65BTB2-12DT

Explains the specifications of the QS0J65BTB2-12DT type CC-Link Safety system remote I/O module.

(Supplied with the product)

CC-Link Safety System Remote I/O Module User's Manual QS0J65BTB2-12DT

Explains the specifications, procedures and settings up to operation, parameter settings and

trouble shootings of the QS0J65BTB2-12DT type CC-Link Safety system remote I/O module.

(Sold separately)

Q Corresponding MELSECNET/H Network System Reference Manual (PLC to PLC network)

Explains the specifications for a MELSECNET/H network system for PLC to PLC network, the

procedures and settings up to operation, parameter settings, programming and troubleshooting.

(Sold separately)

GX Developer Version 8 Operating Manual (Startup)

Explains the system configration, installation and starting methods of GX Developer.

(Sold separately)

GX Developer Version 8 Operating Manual

Explains the online functions of the GX Developer, such as the programming, printout, monitoring, and

debugging methods.

(Sold separately)

GX Developer Version 8 Operating Manual (Safety PLC)

Explains the functions of GX Developer that are added or changed to support the safety PLC.

(Sold separately)

Manual number

(Model code)

IB-0800340ENG

(13JR91)

SH-080626ENG

(13JR92)

SH-080627ENG

(13JR93)

SH-080628ENG

(13JW01)

IB-0800344ENG

(13JP95)

SH-080600ENG

(13JP88)

IB-0800345ENG

(13JP96)

SH-080612ENG

(13JR89)

SH-080026ENG

(13JD04)

SH-080372ENG

(13JU40)

SH-080373ENG

(13JU41)

SH-080576ENG

(13JU53)

A - 11

Remark

If you would like to obtain a manual individually, printed materials are available separately. Order the manual by quoting the manual number on the table above (model code).

A - 12

HOW THIS MANUAL IS ORGANIZED

In this manual,

( Section 3.5) A reference destination is indicated as ( Section 3.5).

In addition, this manual provides the following explanations.

POINT

Remark

Explains the matters to be especially noted, the functions and others related to the description on that page. Provides the reference destination related to the description on that page and the useful information.

A - 13

HOW TO USE THIS MANUAL

This manual describes the points to be concerned when configuring safety application that meets the safety standards using the safety PLC. Although the safety application configuration example is shown in CHAPTER 5 of this manual, authentication is not obtained. The safety standards conformance approval must be obtained for the user with the entire safety-related system.

This manual is classified roughly into five chapters as shown below.

Chapter 1 Describes the outline of the safety PLC.

Chapter 2 Describes the safety application that is configured using the safety PLC. Chapter 3 Describes the risk assessment, Category, and SIL.

Chapter 4 Describes the cautions for use of the safety PLC.

Chapter 5 Describes the safety application examples.

For the detailed specifications and functions of each module, refer to the related manuals.

A - 14

GENERIC TERMS AND ABBREVIATIONS

Unless otherwise specified, this manual uses the following generic terms and abbreviations. When a clear indication of target model name is required, the module name is indicated.

Generic term/

abbreviation

GX Developer

RWr

RWw

Safety remote I/O station

Standard remote I/O

station

Remote I/O station Generic term for safety remote I/O station and standard remote I/O station

Remote device station

Safety master module Other name for the QS0J61BT12 type CC-link Safety system master module.

Safety remote I/O module

Safety main base unit Abbreviation for the QS034B(-E) type safety main base unit.

Safety CPU module Abbreviation for the QS001CPU type safety CPU module.

Safety power supply

module

Safety PLC

Standard PLC

Safety input Generic term for the signals that are input to the safety PLC for realizing the safety functions.

Safety output

Safety application

Generic product name for models SWnD5C-GPPW, SWnD5C-GPPW-A, SWnD5C-GPPW-V,

and SWnD5C-GPPW-VA.

Remote register (Read area for CC-Link Safety system)

Information entered in 16-bit units from the remote device station to the master station.

(Expressed as RWr for convenience.)

Remote register (Write area for CC-Link Safety system)

Information output in 16-bit units from the master station to the remote device station.

(Expressed as RWw for convenience.)

Remote input (for CC-Link Safety system)

Information entered in bit units from the remote station to the master station. (Expressed as RX

for convenience.)

Remote output (for CC-Link Safety system)

Information output in bit units from the master station to the remote station. (Expressed as RY

for convenience.)

Link special relay (for CC-Link Safety system)

Bit information that indicates the module operating status and data link status of the master

station. (Expressed as SB for convenience.)

Link special register (for CC-Link Safety system)

16-bit information that indicates the module operating status and data link status of the master

station. (Expressed as SW for convenience.)

Remote station which handles only the informaion in bit units.

Compatible with the safety-related system.

Remote station which handles only the information in bit units.

Not compatible with the safety

Remote station which handles information in both bit and word units.

Not compatible with the safety-related system.

Other name for the QS0J65BTS2-8D, QS0J65BTS2-4T and QS0J65BTB2-12DT type CC-Link

Safety system remote I/O module.

Abbreviation for the QS061P-A1 and QS061P-A2 type safety power supply modules.

Generic term for safety CPU module, safety power supply module, safety main base unit,

CC-Link safety master module and CC-Link safety remote I/O module.

General name of each module for MELSEC-Q series, MELSEC-QnA series, MELSEC-A series

and MELSEC-FX series. (Used for distinction from safety PLC.)

Generic term for the signals that are output from the safety PLC for realizing the safety

functions.

Generic term for the applications that are operated using the safety PLC for realizing the safety

functions.

-related system.

Description

A - 15

TERMINOLOGY

Term Description

Safety component Equipment such as the safety compatible sensor and actuator. Safety-related system

Safety functions Functions to be realized for protecting a human from machinery hazards.

Safety measure Measure for reducing the risk.

Category Safety level standardized in EN954-1. The safety level is classified into 5 levels of B and 1 to 4.

SIL

Risk

Risk assessment To clarify hazards in machinery and assess the degree of the hazards.

Link ID Unique network identifier which is given to each network of the CC-Link Safety system.

Target failure measure

Close contact Same as NC.

Open contact Same as NO.

Dark test

System executing a safety functions to be required.

Safety level which is standardized in IEC61508. The safety level is classified into 4 levels of SIL1

to SIL4.

Degree of hazards, which is the combination of the occurrence probability and degree of an injury

and a health problem.

Target value of reliability for each SIL level standardized in IEC61508. There are PFD and PFH

depending on the operation frequency of the safety functions.

Abbreviation for normal close contact which is normally closed, but opened when a switch or other

function is operated.

Abbreviation for normal open contact which is normally opened, but closed when a switch or other

function is operated.

Outputs a pulse to turn OFF the input/output when it is ON, and performs the failure diagnostics to

contacts including external equipment.

A - 16

OVERVIEW

CHAPTER1 OVERVIEW

This chapter describes the overview of the safety PLC. The safety PLC is a PLC that acquired the safety approval of EN954-1/ISO13849-1 Category 4 and IEC61508 SIL3. The safety PLC can be used in safety-related system configuration up to Category 4 of EN954-1 and SIL3 of IEC61508. The system configuration diagram of the safety PLC is shown in Figure1.1.

• Install the safety power supply module, safety CPU module, and safety master module to the safety main base unit.

• Connect the safety master module and the safety remote I/O module to a network.

• Connect a personal computer with GX Developer installed to the safety CPU module via USB when setting programs and parameters.

Power supply/CPU/CC-Link Safety master module

CC-Link Safety remote I/O station

OVERVIEW

APPLICATION

EXAMPLE

RISK ASSESSMENT

AND SAFTY LEVEL

GX Developer (Version 8.40S or later)*1

Standard remote I/O station

*1 : The available functions vary depending on the version. For details, refer to the following manual.

CC-Link Safety

Emergency stop switch

Standard Remote device station

Figure1.1 System configuration of safety PLC

QSCPU User's Manual(Function Explanation,Program Fundamentals)

CC-Link Safety remote I/O station

Emergency stop switch

Light curtain

CC-Link Safety remote I/O station

Safety relay

PRECAUTIONS FOR

USE OF SAFETY

PLC

SAFETY

APPLICATION

CONFIGURATION

APPENDIXINDEX

1 - 1

Memo

OVERVIEW

1 - 2

APPLICATION EXAMPLE

CHAPTER2 APPLICATION EXAMPLE

The application image for the car welding line is shown as an application example of the safety PLC in Figure2.1.

The safety application operated by the safety PLC is configured for the following purposes. When the safe state signal can be confirmed, supply the power to a robot. When the safe state signal cannot be confirmed, turn off the power to a robot . Confirm the safe state signal using an emergency stop switch or a light curtain.

The safety PLC is operated as follows. The safe state signal is connected to a safety remote I/O module. The safe state signal is sent from the safety remote I/O module to the safety CPU module. The safety CPU module processes the received safe state signal with the sequence program and sends the safety output to the safety remote I/O module. The safety output stops the power of a robot.

Integrated control panel First process Second process n-th process

MELSECNET/H(10),

Ethernet, etc.

(Communication between

standard CPUs)

OVERVIEW

APPLICATION

EXAMPLE

RISK ASSESSMENT

AND SAFTY LEVEL

Safety PLC

(Safety control)

Line integrated control Line control network

MELSECNET/H

Safety remote

I/O module

Standard input

Restart

switch

Safety input Safety input

Standard output

Emergency

stop switch

Safety remote

I/O module

Warning

light

Process control CPU

Light curtain

Line control networkLine control network

Safety remote

I/O module

Safety output

Robot Robot

PRECAUTIONS FOR

USE OF SAFETY

PLC

SAFETY

APPLICATION

CONFIGURATION

APPENDIXINDEX

Body welding line

Figure2.1 Application image for car welding line

2 - 1

Memo

APPLICATION EXAMPLE

2 - 2

RISK ASSESSMENT AND SAFTY LEVEL

CHAPTER3 RISK ASSESSMENT AND SAFTY LEVEL

Conforming to EN954-1 and IEC61508, select the risk assessment, safety category, and SIL to reduce the risk. This chapter briefly describes the risk assessment, risk reduction and safety category, and SIL. For details, refer to each standard.

3.1 Risk Assessment

The risk assessment is to clarify hazards in a machine and assess the degree of the hazards. The risk assessment procedure is shown in Figure3.1. This procedure is standardized in ISO12100 and 14121.

APPLICATION

OVERVIEW

EXAMPLE

Risk reduction

( Section 3.1.1)

Section 3.1.1

1) Machine analysis, target equipment confirmation, and operation status check

2) Hazard identidication

3) Risk estimation

4) Risk evalution Safety category

Section 3.2

( Section 3.2) SIL ( Section 3.3)

machinery safe?

Yes

Start

Section 3.3

Is the

END

Risk assesmen

RISK ASSESSMENT

AND SAFTY LEVEL

PRECAUTIONS FOR

USE OF SAFETY

PLC

SAFETY

APPLICATION

CONFIGURATION

APPENDIXINDEX

Figure3.1 Risk assessment procedure

(Referred to ISO12100.)

3.1 Risk Assessment

3 - 1

RISK ASSESSMENT AND SAFTY LEVEL

3.1.1 Risk reduction

As a result of the risk assessment, when the machinery is judged as unsafe, the risk reduction must be performed. The measures for the risk reduction are standardized in ISO12100 and ISO14121 as shown in Figure3.2.

1) Inherently safety design

2) Safeguarding

Risk reduction

3) Additional precautions

4) Risk reduction with cautions for use

According to the procedure of Figure3.1, combine and execute the several risk reduction measures until the machine is safe.

Protection by isolation

Protection by stop

Emergency stop device

Ensuring of the energy zero status

Risk condition indication and warning

Attached document and instruction manual

Figure3.2 Risk reduction

Safety barrier

Protective device

(Referred to ISO12100 and 14121.)

3 - 2

3.1 Risk Assessment

3.1.1 Risk reduction

RISK ASSESSMENT AND SAFTY LEVEL

3.2 Safety Category

The safety category is standardized in EN954-1. The risk graph to be used for the safety category selection is shown in Figure3.3.

Risk analysis result

Safety category selection

OVERVIEW

Safety category

selection starting point

Severity of the injury

(S)

Minor (normally

recoverable) trouble

Major (normally

unrecoverable) trouble

Frequency and time of

exposure to hazard

(F)

Rare, considerable,

often, or short

time exposures

Frequent to

continuous, or long

time exposures

Definition of symbols:

Symbol Definition

Safety category which is desirable as a reference

point

Safety category which may be over-specification

— Insufficient safety category

Possibility of

avoidance

Available under a

specific condition

Almost impossible

Available under a

specific condition

Almost impossible

hazard

(P)

Safety category

B 1 2

3 4

APPLICATION

EXAMPLE

RISK ASSESSMENT

AND SAFTY LEVEL

PRECAUTIONS FOR

USE OF SAFETY

PLC

Figure3.3 Safety category selection relevant to safety related sections of control system

(Referred to EN954-1.)

SAFETY

APPLICATION

CONFIGURATION

APPENDIXINDEX

3.2 Safety Category

3 - 3

Mitsubishi Electric Melsec-QS Safety Application Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

SAFETY PRECAUTIONS

REVISIONS

INTRODUCTION

CONTENTS

ABOUT MANUALS

HOW THIS MANUAL IS ORGANIZED

HOW TO USE THIS MANUAL

GENERIC TERMS AND ABBREVIATIONS

TERMINOLOGY

CHAPTER1 OVERVIEW

CHAPTER2 APPLICATION EXAMPLE

CHAPTER3 RISK ASSESSMENT AND SAFTY LEVEL

3.1 Risk Assessment

3.1.1 Risk reduction

3.2 Safety Category