Rockwell Automation 2300 User Manual
User Manual
Safe Torque Off Option (Series B)
for PowerFlex 40P and PowerFlex 70
Enhanced Control AC Drives
Catalog Number 20A-DG01
Topi c Pag e
General Description 2
What Is the DriveGuard Safe Torque Off Option? 2
Certifications and Compliance 3
CE Certification 4
Certified Equipment 5
Important Safety Considerations 5
Safe State 6
Safety Category 3 / PL (d) Performance Definition 6
Stop Category Definitions 7
Performance Level and Safety Integrity Level (SIL) CL2 7
PFD and PFH Definitions 7
PFD and PFH Data 8
Functional Proof Tests 9
Contact Information if Safety Option Failure Occurs 9
Installation and Wiring 10
Pre-Installation Instructions 10
EMC Considerations 11
DriveGuard Safe Torque Off Option Installation 11
Wirin g 15
Veri fy Ope ration 16
Description of Operation 18
PowerFlex 40P Safe Torque Off Operation 18
PowerFlex 70 Safe Torque Off Operation 19
Connection Examples 20
Original Instructions
General Description
IMPORTANT
General Description
The DriveGuard Safe Torque Off option, when used with PowerFlex 40P or
PowerFlex 70 drives together with other safety components, provides a safety
function which inhibits torque generation in the motor(s) powered by the
drive. When used with PowerFlex 40P or PowerFlex 70 drive, the DriveGuard
Safe Torque Off option has been certified to meet the requirements for SIL 2
according to EN/IEC 61800-5-2 and IEC 61508, and PL d and Category 3
according to EN ISO 13849-1. The DriveGuard Safe Torque Off option is
just one component in a safety control system. Components in the system
must be chosen and applied appropriately to achieve the desired level of
safeguarding.
What Is the DriveGuard Safe Torque Off Option?
The DriveGuard Safe Torque Off option:
• Provides the “Safe torque off (STO)” function defined in EN/IEC
61800-5-2.
• Blocks gate firing signals from reaching the IGBT output power devices
of the drive. This prevents the IGBT’s from switching in the sequence
necessary to generate torque in the connected motor.
• Can be used in combination with other safety devices to fulfill the
requirements of a system “safe torque off” function which satisfies
Category 3 / PL (d) according to EN ISO 13849-1 and SIL CL 2
according to EN/IEC 62061, IEC 61508, and EN/IEC 61800-5-2.
This option is suitable for performing only mechanical work on the drive system or
affected area of a machine. It does NOT disconnect or isolate the drive power output
to the motor.
This option should not be used as a control for normal starting and/or stopping the
drive.
2 Rockwell Automation Publication PFLEX-UM003B-EN-P - July 2012
General Description
ATTENTION: Electrical Shock Hazard. Verify that all sources of AC and DC power are
de-energized and locked out or tagged out in accordance with the requirements of
ANSI/NFPA 70E, Part II.
ATTENTION: To avoid an electric shock hazard, verify that the voltage on the bus
capacitors has discharged before performing any work on the drive. Measure the DC bus
voltage at the +DC and -DC terminals or test points (refer to your drive’s User Manual for
locations). The voltage must be zero.
ATTENTION: In Safe Torque Off mode, hazardous voltages may still be present at the
motor. To avoid an electric shock hazard, disconnect power to the motor and verify that
the voltage is zero before performing any work on the motor.
ATTENTION: In the event of the failure of two output IGBT's in the drive, when the
DriveGuard Safe Torque Off option has controlled the drive outputs to the off state, the
drive may provide energy for up to 180° of rotation in a 2-pole motor before torque
production in the motor ceases.
Certifications and Compliance
TUV Rheinland EC Type Examination Certification
TUV Rheinland has certified the DriveGuard Safe Torque Off option, when
used in a PF70 or PF40P drive, is compliant with the requirements for
machines defined in Annex I of the EC Directive 2006/42/EC, and that it
complies with the requirements of the relevant standards listed below.
• EN ISO 13849-1:2008 Safety of machinery - Safety related parts of
control systems - Part 1: General principles for design
(DriveGuard Safe Torque Off option + drive achieves Category 3 / PL
(d))
• EN/IEC 61800-5-2:2007 Adjustable speed electrical power drive systems
- Part 5-2 Safety requirements - Functional
(DriveGuard Safe Torque Off option + drive achieves SIL CL 2)
• EN/IEC 62061:2005 Safety of machinery - Functional safety of
safety-related electrical, electronic and programmable electronic control
systems
• IEC 61508 Part 1-7:1998 and 2000 Functional safety of electrical/
electronic/programmable electronic safety-related systems - Parts 1-7
TUV also certifies that the DriveGuard Safe Torque Off option may be used
in applications up to Category 3 / PL (d) according to EN ISO 13849-1 and
SIL 2 according to EN/IEC 62061 / IEC 61508 / EN/IEC 61800-5-2.
TUV Rheinland certificate 01/205/0665/09 may be found at:
www.rockwellautomation.com/products/certification/
Rockwell Automation Publication PFLEX-UM003B-EN-P - July 2012 3
General Description
CE Certification
LV Directive 2006/95/EC
Rockwell Automation declares the PF40P and PF70 drives compliant with
the CE LV Directive as demonstrated by compliance with the requirements of
EN 50178 Electronic equipment for use in power installations. The
DriveGuard Safe Torque Off Option Kit is not within the scope of the Low
Voltage Directive.
EMC Directive 2004/108/EC
Rockwell Automation declares the PF40P (240V, 480V), PF70 (240V, 400V,
480V), and DriveGuard Safe Torque Off option compliant with the CE
EMC Directive as demonstrated by compliance with the requirements of EN
61800-3 Adjustable speed electrical power drive systems Part 3: EMC
requirements and specific test methods.
Machinery Directive 2006/42/EC
TUV Rheinland, Notified Body Identification Number 0035, certifies the
DriveGuard Safe Torque Off option compliant with the CE Machinery
Directive as demonstrated by compliance with the requirements of EN ISO
13849-1, EN ISO 13849-2, EN/IEC 61800-5-2, and EN/IEC 62061.
UL Certification
The PF40P, PF70, and DriveGuard Safe Torque Off option have been listed
with UL as compliant with UL 508C.
Canadian Certification
The PF40P, PF70, and DriveGuard Safe Torque Off option have been listed
(CuL) as compliant with C22.2 No 14.
Australian C-tick Certification
Rockwell Automation declares the PF40P (240V, 480V), PF70 (240V, 400V,
480V), and DriveGuard Safe Torque Off option compliant with the
Australian Radiocommunications Act of 1992, the Radiocommunications
(Electromagnetic Compatibility) Standard of 2008, and the
Radiocommunications Labelling (Electromagnetic Compatibility) Notice of
2008 as demonstrated by compliance with IEC 61800-3 Adjustable speed
electrical power drive systems Part 3: EMC requirements and specific test
methods.
4 Rockwell Automation Publication PFLEX-UM003B-EN-P - July 2012
General Description
IMPORTANT
Certified Equipment
Drive Rating TUV Certified DriveGuard Safe Torque Off
Function
PowerFlex 40P 240V ✔ Series B or greater
480V ✔ Series B or greater
PowerFlex 70 Enhanced
Control
ATTENTION: Hazard of injury exists due to electric shock. Only install a Series B or
greater DriveGuard Safe Torque Off option in a PowerFlex 40P Drive.
240V ✔ Series A or greater
400V ✔ Series A or greater
480V ✔ Series A or greater
Certifications Online
See the Product Certifications link at http://ab.com for Declarations of
Conformity, Certificates, and other certifications details.
Important Safety Considerations
The system user is responsible for:
• the set-up, safety rating, and validation of any sensors or actuators
connected to the system.
• completing a system-level risk assessment and reassessing the system any
time a change is made.
• certification of the system to the desired safety performance level.
• project management and proof testing.
• programming the application software and the safety option
configurations in accordance with the information in this manual.
• access control to the system, including password handling.
• analyzing all configuration settings and choosing the proper setting to
achieve the required safety rating.
When applying Functional Safety, restrict access to qualified, authorized personnel
who are trained and experienced.
ATTENTION: When designing your system, consider how personnel will exit the
machine if the door locks while they are in the machine. Additional safeguarding
devices may be required for your specific application.
Rockwell Automation Publication PFLEX-UM003B-EN-P - July 2012 5
General Description
Safe State
The DriveGuard Safe Torque Off option is intended for use in safety-related
applications where the de-energized state is the safe state. All of the examples
in the Description of Operation section are based on achieving the
de-energization as the safe state.
Safety Category 3 / PL (d) Performance Definition
To achieve Safety Category 3 / PL (d) according to EN ISO 13849-1, the
safety-related parts have to be designed such that:
• the safety-related parts of machine control systems and/or their protective
equipment, as well as their components, shall be designed, constructed,
selected, assembled, and combined in accordance with relevant standards
so that they can withstand expected conditions.
• well tried safety principles shall be applied.
• a single fault in any of its parts does not lead to a loss of safety function.
• some but not all faults will be detected.
• the accumulation of undetected faults can lead to loss of safety function.
• short circuits in the external wiring of the safety inputs is not one of the
faults that can be detected by the system, therefore, according to EN ISO
13849-2, these cables must be installed so as to be protected against
external damage by cable ducting or armor.
• whenever reasonably practical a single fault shall be detected at or before
the next demand of the safety function.
• the average diagnostic coverage of the safety-related parts of the control
system shall be low.
• the mean time to dangerous failure of each of the redundant channels
shall be low to high.
6 Rockwell Automation Publication PFLEX-UM003B-EN-P - July 2012
General Description
IMPORTANT
Stop Category Definitions
The selection of a stop category for each stop function must be determined by
a risk assessment.
• Stop Category 0 is achieved with immediate removal of power to the
actuator, resulting in an uncontrolled coast to stop. See “Description of
Operation” Example 1 on page 20
• Stop Category 1 is achieved with power available to the machine actuators
to achieve the stop. Power is removed from the actuators when the stop is
achieved. See “Description of Operation” Example 2 on page 21
When designing the machine application, timing and distance should be considered
for a coast to stop (Stop Category 0 or Safe Torque Off). For more information
regarding stop categories, refer to EN/IEC 60204-1.
.
.
Performance Level and Safety Integrity Level (SIL) CL2
For safety-related control systems, Performance Level (PL), according to EN
ISO 13849-1, and SIL levels, according to IEC 61508 and EN/IEC 62061,
include a rating of the system’s ability to perform its safety functions. All of
the safety-related components of the control system must be included in both
a risk assessment and the determination of the achieved levels.
Refer to the EN ISO 13849-1, IEC 61508, and EN/IEC 62061 standards for
complete information on requirements for PL and SIL determination.
PFD and PFH Definitions
Safety-related systems can be classified as operating in either a Low Demand
mode, or in a High Demand/Continuous mode.
• Low Demand mode: where the frequency of demands for operation made
on a safety-related system is no greater than one per year or no greater
than twice the proof-test frequency.
• High Demand/Continuous mode: where the frequency of demands for
operation made on a safety-related system is greater than once per year or
greater than twice the proof test interval.
Rockwell Automation Publication PFLEX-UM003B-EN-P - July 2012 7
General Description
The SIL value for a low demand safety-related system is directly related to
order-of-magnitude ranges of its average probability of failure to satisfactorily
perform its safety function on demand or, simply, average probability of
failure on demand (PFD). The SIL value for a High Demand/Continuous
mode safety-related system is directly related to the probability of a dangerous
failure occurring per hour (PFH).
PFD and PFH Data
These PFD and PFH calculations are based on the equations from Part 6 of
IEC 61508 and show worst-case values.
This table provides data for a 20-year proof test interval and demonstrates the
worst-case effect of various configuration changes on the data.
PowerFlex 40P PFD and PFH for 20-year Proof Test Interval
Attribute Test Result
PFD 1.74E-05
PFH 2.0E-10
SFF 81%
PowerFlex 70 PFD and PFH for 20-year Proof Test Interval
Attribute Test Result
PFD 3.4E-05
PFH 3.9E-10
SFF 81%
Terminology
Abbreviation Full Term Definition
PFD Probability of
PFH Probability of
SFF Safe Failure Fraction The sum of safe failures plus the sum of dangerous detected
8 Rockwell Automation Publication PFLEX-UM003B-EN-P - July 2012
Failure on Demand
Failure per Hour
The average probability of a system to fail to perform its
design function on demand.
The probability of a system to have a dangerous failure occur
per hour.
failures divided by the sum of all failures.
Loading...