Rockwell Automation Allen-Bradley Lifeline 4, Allen-Bradley Guardmaster 440C-CR30, Allen-Bradley 100S-C Application Technique
Application Technique
Safety Function: Cable Pull Switch with a Configurable Safety
Relay
Products: Lifeline 4 Cable Pull Switch, Guardmaster 440C-CR30 Configurable Safety Relay, 100S-C Safety Contactors
Safety Rating: CAT. 3, PLd to ISO 13849-1: 2008
Top ic Pa ge
Important User Information 2
General Safety Information 3
Introduction 3
Safety Function Realization: Risk Assessment 3
Lifeline 4 Cable Pull Switch Safety Function 4
Safety Function Requirements 4
Functional Safety Description 4
Bill of Material 5
Setup and Wiring 5
Configurat ion 6
Calculation of the Performance Level 19
Veri ficat ion an d Valid ation Plan 22
Verification of the Configuration 28
Additional Resources 31
Safety Function: Cable Pull Switch with a Configurable Safet y Relay
IMPORTANT
Important User Information
Read this document and the documents listed in the additional resources section about installation, configuration, and
operation of this equipment before you install, configure, operate, or maintain this product. Users are required to
familiarize themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws,
and standards.
Activities including installation, adjustments, putting into service, use, assembly, disassembly, and maintenance are required
to be carried out by suitably trained personnel in accordance with applicable code of practice.
If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be
impaired.
In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the
use or application of this equipment.
The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and
requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or
liability for actual use based on the examples and diagrams.
No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or
software described in this manual.
Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation,
Inc., is prohibited.
Throughout this manual, when necessary, we use notes to make you aware of safety considerations.
WARNING: Identifies information about practices or circumstances that can cause an explosion in a hazardous environment,
which may lead to personal injury or death, property damage, or economic loss.
ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property
damage, or economic loss. Attentions help you identify a hazard, avoid a hazard, and recognize the consequence.
Identifies information that is critical for successful application and understanding of the product.
Labels may also be on or inside the equipment to provide specific precautions.
SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous
voltage may be present.
BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may
reach dangerous temperatures.
ARC FLASH HAZARD: Labels may be on or inside the equipment, for example, a motor control center, to alert people to
potential Arc Flash. Arc Flash will cause severe injury or death. Wear proper Personal Protective Equipment (PPE). Follow ALL
Regulatory requirements for safe work practices and for Personal Protective Equipment (PPE).
2 Rockwell Automation Publication SAFETY-AT134B-EN-P - November 2015
Safety Function: Cable Pull Switch with a Configurable Safety Relay
IMPORTANT
From: Risk Assessment (ISO 12100)
1. Identification of safety functions
2. Specification of characteristics of each function
3. Determination of required PL (PLr) for each safety function
To: Realization and PL Evaluation
General Safety Information
Contact Rockwell Automation to find out more about our safety risk assessment services.
This application example is for advanced users and assumes that you are trained and experienced in safety system requirements.
ATTENTION: Perform a risk assessment to make sure all task and hazard combinations have been identified and addressed. The risk
assessment can require additional circuitry to reduce the risk to a tolerable level. Safety circuits must take into consideration safety
distance calculations, which are not part of the scope of this document.
Introduction
This safety function application technique explains how to wire, configure, and integrate a Lifeline™ 4 cable pull switch,
and an E-stop with a Guardmaster® 440C-CR30 configurable safety relay and two safety contactors. When the Lifeline 4
cable pull switch is tripped, the E-stop is pressed, or a fault is detected, the 440C-CR30 relay turns off two outputs, which
then turn off two safety contactors and remove power from the motor.
Safety Function Realization: Risk Assessment
The required performance level is the result of a risk assessment and refers to the amount of the risk reduction to be carried
out by the safety-related parts of the control system. Part of the risk reduction process is to determine the safety functions of
the machine. In this application, the performance level required (PLr) by the risk assessment is Category 3, Performance
Level d (CAT. 3, PLd), for each safety function. A safety system that achieves CAT. 3, PLd, or higher, can be considered
control reliable. Each safety product has its own rating and can be combined to create a safety function that meets or
exceeds the PLr.
Rockwell Automation Publication SAFETY-AT134B-EN-P - November 2015 3
Safety Function: Cable Pull Switch with a Configurable Safet y Relay
Lifeline 4 Cable Pull Switch Safety Function
This application technique includes two safety functions:
• Safety-related stop function initiated by a safeguard (Lifeline 4 cable pull switch)
• Manually-actuated Emergency stop (E-stop)
These safety functions both execute a Stop Category 0 stop.
Safety Function Requirements
Actuating the Lifeline 4 cable pull switch stops and prevents hazardous motion by de-energizing the redundant safety
contactors. When the cable pull switch is de-activated, the 440C-CR30 relay is reset, and no faults are detected, motion
does not resume until a secondary start command is issued by the external start/stop system.
Pressing the E-stop prevents hazardous motion by de-energizing the redundant safety contactors. When the E-stop is deactivated, the 440C-CR30 relay is reset, and no faults are detected, motion does not resume until a secondary start
command is issued by the external start/stop system.
The safety functions in this application technique each meet or exceed the requirements for Category 3, Performance
Level d (CAT. 3, PLd), per ISO 13849-1 and control reliable operation per ANSI B11.19.
Functional Safety Description
An assembly conveyor needs to be protected from accidental contact with personnel. The risk assessment determined that,
due to the length of the hazardous area, a cable pull switch must be installed to protect the area and to help mitigate the
risk. When the switch is activated, a Stop Category 0 stop takes place on the conveyor motor. The cable pull switch
prevents unexpected startup of the machine while the switch is activated.
An E-stop is also provided to address unanticipated emergency situations. The E-stop is a manually-actuated
complementary safety device. Pressing the E-stop also initiates a Stop Category 0 stop of the conveyor motor. The E-stop
switch prevents unexpected startup of the machine while the E-stop is depressed.
After a safety-related stop, the safety system cannot be reset unless the cable pull switch is reset and the E-stop is released.
Once the safety system is reset, a separate, deliberate action can be used to restart the conveyor with the external start/stop
system.
4 Rockwell Automation Publication SAFETY-AT134B-EN-P - November 2015
Safety Function: Cable Pull Switch with a Configurable Safety Relay
Bill of Material
This application uses these products.
Cat. No. Description Quantity
440E-L13137 440E emergency stop device – Lifeline 4 cable pull switch 1
100S-C12EJ23BC Bulletin 100S-C safety contactors, 12 A, 24V DC with electronic coil, bifurcated contacts 2
440C-CR30-22BBB Guardmaster 440C-CR30 software-configured safety relay, PLe, SIL 3, 22 safety I/O embedded serial port, USB
programming port, 2 plug-in slots, 24V DC
2080-IQ4OB4 4-channel digital input/output combination module 1
800FP-R611PQ10V 800F reset PB, round plastic (type 4/4x/13,IP66), blue, plastic latch mount, 1 N.O. contact 1
800F-1YP3 800F 1-hole enclosure E-stop station, plastic, PG, twist-to-release 40mm, non-illuminated, 2 N.C. 1
1
Setup and Wiring
For detailed information on installing and wiring, refer to the publications listed in the Additional Resources. Follow the
installation instructions for your cable pull switch to make sure the pull switch operates properly.
System Overview
The Lifeline 4 cable pull switch is equipped with two normally closed (N.C.) contacts between two test pulse outputs
(MP_12 and MP_13) of the 440C-CR30 relay and two embedded safety inputs (EI_00 and EI_01). The pulse test
outputs are used to feed the inputs so that shorts can be detected on the input circuits. By using the pulse test outputs to
source the inputs, the 440C-CR30 relay can detect a short between input channels, a short to 24V DC, and a short to
ground. If any of these faults are detected, the 440C-CR30 relay takes the system to a safe state.
The E-stop is equipped with two normally closed (N.C.) contacts between two test pulse outputs (MP_12 and MP_13) of
the 440C-CR30 relay and two embedded safety inputs (EI_02 and EI_03). The pulse test outputs are used to feed the
inputs so that shorts can be detected on the input circuits. By using the pulse test outputs to source the inputs, the
440C-CR30 relay can detect a short between input channels, a short to 24V DC, and a short to ground. If any of these
faults are detected, the 440C-CR30 relay takes the system to a safe state.
If either the Lifeline 4 cable pull switch or the E-stop is depressed, the 440C-CR30 relay reacts by turning off two outputs
(EO_18 and EO_19) which are connected to two safety contactors (K1 and K2). These safety contactors are wired in series
to the motor. When the contactors drop out, motion at the motor stops. Each safety contactor is equipped with a normally
closed (N.C.) contact. The normally closed contact from each safety contactor is wired in series to a plug-in input (P1_00)
on the 440C-CR30 relay to serve as a feedback status for the contactors. This plug-in input is used to reserve the safety
inputs on the 440C-CR30 relay for actual safety devices. A safety input is not required for feedback status. This input is
monitored by the 440C-CR30 relay to make sure that neither safety contactor is welded in the closed position. If the
440C-CR30 relay detects that either contactor is welded closed, it does not let the system restart until the fault has been
corrected and the reset button has been pressed and released.
The reset function is carried out by a push button with a single, normally open (N.O.) contact that is tied to a plug-in input
(P1_01) on the 440C-CR30 relay. This plug-in input is used to reserve the safety inputs on the 440C-CR30 relay for
actual safety devices. A safety input is not required for the reset function. The reset function takes place during the ON-to-
Rockwell Automation Publication SAFETY-AT134B-EN-P - November 2015 5
Safety Function: Cable Pull Switch with a Configurable Safet y Relay
24V DC
DC_COM
Cable Pul l Switch
Contac tor–Feed back
Reset–PB
E-stop
24V DC
External_Switched
Start/Stop_Circuit
Feedback–to–P1_00
11 12
21
22
11
12
21
22
A1
EI_00
EI_01
A2
EO_18
EO_19
MP_13
MP_12
K1
K2
L1
L2 L3
K1
K2
M
EI_02
EI_03
440C-CR30-22BBB
2080-IQ40B4
P1_00
P1_01
B4
A3
B4
OFF transition of the reset button. This functionality is built in to the 440C-CR30 relay to make sure that the reset button
has not failed in the ON state, or that no one has defeated the button in the closed position.
Electrical Schematic
Configuration
Configure the 440C-CR30 relay by using Connected Components Workbench™ software, release 6.01 or later. A detailed
description of each step is beyond the scope of this document. Knowledge of Connected Components Workbench
software is assumed.
6 Rockwell Automation Publication SAFETY-AT134B-EN-P - November 2015
Safety Function: Cable Pull Switch with a Configurable Safety Relay
Configure the 440C-CR30 Relay
Follow these steps to configure the Guardmaster 440C-CR30 relay by using Connected Components Workbench
software.
1. In Connected Components Workbench software, choose View and then Device Toolbox.
2. Select 440C-CR30-22BBB.
3. In the Project Organizer, double-click the Guardmaster_400C_CR30 relay.
Rockwell Automation Publication SAFETY-AT134B-EN-P - November 2015 7
Safety Function: Cable Pull Switch with a Configurable Safet y Relay
TIP
The Guardmaster_440C_CR30 screen appears.
4. To add the plug-in I/O module called for in the schematic, right-click the left plug-in module space and choose the
2080-IQ4OB4 module.
The I/O module is shown in standard gray, because it is not a safety I/O module. That is permissible in this application, because the
standard I/O module is not used to connect safety signals. The contactor feedback and reset button signals are not considered
strict, safety signals. By using standard I/O for these non-safety signals, you can reserve the limited number of safety inputs and
outputs for true safety signals.
8 Rockwell Automation Publication SAFETY-AT134B-EN-P - November 2015
Safety Function: Cable Pull Switch with a Configurable Safety Relay
5. Click the Edit Logic button to open the Connected Components Workbench Workspace.
6. From the View pull-down menu, choose Toolbox.
Configure the Inputs
Follow these steps to configure the inputs.
1. Select Emergency Stop.
2. Drag it to the green rectangle under Safety Monitoring and release it.
Rockwell Automation Publication SAFETY-AT134B-EN-P - November 2015 9
Safety Function: Cable Pull Switch with a Configurable Safet y Relay
Connected Components Workbench software assigns input terminals EI_00 and EI_01 on the left side of the block.
The software automatically assigns the next unused terminal for a newly-added device. The terminals can be changed
to any unused input terminal, but in this case, leave the default. Because an E-stop is an electro-mechanical device,
the software automatically adds terminals 12 and 13 as test sources. Numbers 12 and 13 refer to multi-purpose
terminals 12 and 13 (MP_12 and MP_13). The diagnostic technique of using the test pulses lets the E-stop be used
in a safety system that achieves the required PL.
3. To add the Lifeline 4 cable pull switch, which is not included in the Toolbox, select Alternate Device and drag and
release it to the block below the E-stop you added previously.
Connected Components Workbench software assigns input terminals EI_02 and EI_03 on the left side of the block.
The software automatically assigns the next unused terminal for a newly-added device. The terminals can be changed
to any unused input terminal, but in this case, leave the default. Because the Lifeline 4 cable pull switch is an electromechanical device, the software automatically adds terminals 12 and 13 as test sources. Numbers 12 and 13 refer to
multi-purpose terminals 12 and 13 (MP_12 and MP_13). The diagnostic technique of using the test pulses lets the
Lifeline 4 cable pull switch be used in a safety system that achieves the required PL.
4. To add a Feedback Monitoring input from the Toolbox, select Feedback Monitoring and drag and drop it onto the
block below the cable pull switch you added in the previous step.
The input defaults to one of the embedded safety EI inputs, and Connected Components Workbench software
names the block SMF3.
5. Because the feedback block is used to monitor the auxiliary contacts from the two safety contactors, change this to
use the non-safety plug-in module input P1_00, as shown.
6. To add a Reset input from the Toolbox. select Reset and drag and drop it onto the block below the Feedback Device.
The input defaults to one of the embedded safety EI inputs, and Connected Components Workbench software
names the block SMF4.
10 Rockwell Automation Publication SAFETY-AT134B-EN-P - November 2015
Loading...