Rockwell Automation DriveGuard User Manual
User Manual
Original Instructions
Safe Torque Off Option (Series B) for PowerFlex 40P and PowerFlex 70 Enhanced Control AC Drives
Catalog Number 20A-DG01
Top ic Pa ge
General Description 3
What Is the DriveGuard Safe Torque Off Option? 3
Certifications and Compliance 4
CE Certification 5
Certified Equipment 6
Important Safety Considerations 6
Safe State 7
Safety Category 3 / PL (d) Performance Definition 7
Stop Category Definitions 8
Performance Level and Safety Integrity Level (SIL) CL2 8
PFDavg and PFH Definitions 8
PFDavg and PFH Data 9
Functional Proof Tests 10
Contact Information if Safety Option Failure Occurs 10
Installation and Wiring 11
Pre-Installation Instructions 11
EMC Considerations 12
DriveGuard Safe Torque Off Option Installation 13
Wiring 16
Verify Operation 17
Description of Operation 19
PowerFlex 40P Safe Torque Off Operation 19
PowerFlex 70 Safe Torque Off Operation 20
Connection Examples 21
Summary of Changes
Summary of Changes
Change See Page…
Updated Certifications and Compliance 4
Regrouped Certifications and Compliance to be under the proper headings 4…5
Updated CE Certification LV Directive and Machinery Directive 5
Added last bullet under Important Safety Considerations 6
Updated IMPORTANT statement to include description of Stop Category 1 8
Changed PFD to PFDavg 8…10
Added introduction to Installation and Wiring chapter 11
Changed title of Example 2 and figure to describe Stop Category 1 22
Added paragraph to Fault Detection to further describe Safe Stop 1 22
2 Rockwell Automation Publication PFLEX-UM003C-EN-P - October 2020
General Description
IMPORTANT
General Description
The DriveGuard® Safe Torque Off option, when used with PowerFlex® 40P or
PowerFlex 70 drives together with other safety components, provides a safety
function which inhibits torque generation in the motor(s) powered by the drive. When
used with PowerFlex 40P or PowerFlex 70 drive, the DriveGuard Safe Torque Off option
has been certified to meet the requirements for SIL 2 according to EN/IEC 61800-5-2
and IEC 61508, and PL (d) and Category 3 according to EN ISO 13849-1. The DriveGuard
Safe Torque Off option is just one component in a safety control system. Components
in the system must be chosen and applied appropriately to achieve the desired level
of safeguarding.
What Is the DriveGuard Safe Torque Off Option?
The DriveGuard Safe Torque Off option:
• Provides the “Safe torque off (STO)” function defined in EN/IEC 61800-5-2.
• Blocks gate firing signals from reaching the IGBT output power devices of the
drive. This prevents the IGBT’s from switching in the sequence necessary to
generate torque in the connected motor.
• Can be used in combination with other safety devices to fulfill the requirements
of a system “safe torque off” function which satisfies Category 3 / PL (d)
according to EN ISO 13849-1 and SIL CL 2 according to EN/IEC 62061, IEC 61508,
and EN/IEC 61800-5-2.
This option is suitable for performing only mechanical work on the drive
system or affected area of a machine. It does NOT disconnect or isolate the
drive power output to the motor.
This option should not be used as a control for normal starting and/or
stopping the drive.
Rockwell Automation Publication PFLEX-UM003C-EN-P - October 2020 3
General Description
Certifications and Compliance
TUV Rheinland EC Type Examination Certification
TUV Rheinland has certified the DriveGuard Safe Torque Off option, when used in a
PowerFlex 70 or PowerFlex 40P drive, is compliant with the requirements for
machines defined in Annex I of the EC Directive 2006/42/EC, and that it complies with
the requirements of the relevant standards listed below.
ATTENTION: Electrical Shock Hazard. Verify that all sources of AC and DC
power are de-energized and locked out or tagged out in accordance with the
requirements of ANSI/NFPA 70E, Part II.
ATTENTION: To avoid an electric shock hazard, verify that the voltage on the
bus capacitors has discharged before performing any work on the drive.
Measure the DC bus voltage at the +DC and -DC terminals or test points (refer
to your drive User Manual for locations). The voltage must be zero.
ATTENTION: In Safe Torque Off mode, hazardous voltages may still be present
at the motor. To avoid an electric shock hazard, disconnect power to the motor
and verify that the voltage is zero before performing any work on the motor.
ATTENTION: In the event of the failure of two output IGBT's in the drive, when
the DriveGuard Safe Torque Off option has controlled the drive outputs to the
off state, the drive may provide energy for up to 180° of rotation in a 2-pole
motor before torque production in the motor ceases.
• EN ISO 13849-1 Safety of machinery - Safety related parts of control systems Part 1: General principles for design
(DriveGuard Safe Torque Off option + drive achieves Category 3 / PL (d))
• EN/IEC 61800-5-2 Adjustable speed electrical power drive systems - Part 5-2
Safety requirements - Functional
(DriveGuard Safe Torque Off option + drive achieves SIL CL 2)
• EN/IEC 62061 Safety of machinery - Functional safety of safety-related electrical,
electronic and programmable electronic control systems
• IEC 61508 Part 1-7 Functional safety of electrical/electronic/programmable
electronic safety-related systems
TUV also certifies that the DriveGuard Safe Torque Off option may be used in
applications up to Category 3 / PL (d) according to EN ISO 13849-1 and SIL 2 according
to EN/IEC 62061 / IEC 61508 / EN/IEC 61800-5-2.
TUV Rheinland certifications may be found at rok.auto/certifications
4 Rockwell Automation Publication PFLEX-UM003C-EN-P - October 2020
.
General Description
UL Certification
The PowerFlex 40P, PowerFlex 70, and DriveGuard Safe Torque Off option have been
listed with UL as compliant with UL 508C.
Canadian Certification
The PowerFlex 40P, PowerFlex 70, and DriveGuard Safe Torque Off option have been
listed (cUL) as compliant with C22.2 No 14.
Australian C-tick Certification
Rockwell Automation declares the PowerFlex 40P (240V AC, 480V AC), PowerFlex 70
(240V AC, 400V AC, 480V AC), and DriveGuard Safe Torque Off option compliant with
the Australian Radiocommunications Act of 1992, the Radiocommunications
(Electromagnetic Compatibility) Standard of 2008, and the Radiocommunications
Labelling (Electromagnetic Compatibility) Notice of 2008 as demonstrated by
compliance with IEC 61800-3 Adjustable speed electrical power drive systems Part 3:
EMC requirements and specific test methods.
CE Certification
LV Directive 2006/95/EC
Rockwell Automation declares the PowerFlex 40P and PowerFlex 70 drives compliant
with the CE LV Directive as demonstrated by compliance with the requirements of
EN 61800-5-1 Adjustable speed electrical power drive systems - Part 5-1: Safety
requirements - Electrical, thermal, and energy. The DriveGuard Safe Torque Off Option
Kit is not within the scope of the Low Voltage Directive.
EMC Directive 2004/108/EC
Rockwell Automation declares the PowerFlex 40P (240V AC, 480V AC), PowerFlex 70
(240V AC, 400V AC, 480V AC), and DriveGuard Safe Torque Off option compliant with
the CE EMC Directive as demonstrated by compliance with the requirements of
EN 61800-3 Adjustable speed electrical power drive systems Part 3: EMC requirements
and specific test methods.
Machinery Directive 2006/42/EC
TUV Rheinland, Notified Body Identification Number 0035, certifies the DriveGuard
Safe Torque Off option compliant with the CE Machinery Directive as demonstrated by
compliance with the requirements of EN ISO 13849-1, EN/IEC 61800-5-2, and
EN/IEC 62061.
Rockwell Automation Publication PFLEX-UM003C-EN-P - October 2020 5
General Description
IMPORTANT
Certified Equipment
Drive Rating (AC) TUV Certified
PowerFlex 40P 240V Yes Series B or greater
480V Yes Series B or greater
PowerFlex 70
Enhanced Control
ATTENTION: Hazard of injury exists due to electric shock. Only install a Series
B or greater DriveGuard Safe Torque Off option in a PowerFlex 40P Drive.
240V Yes Series A or greater
400V Yes Series A or greater
480V Yes Series A or greater
DriveGuard Safe Torque
Off Function
Certifications Online
See the Product Certifications link at rok.auto/certifications. for Declarations of
Conformity, Certificates, and other certifications details.
Important Safety Considerations
The system user is responsible for:
• The set-up, safety rating, and validation of any sensors or actuators connected to
the system.
• Completing a system-level risk assessment and reassessing the system any time
a change is made.
• Certification of the system to the desired safety performance level.
• Project management and proof testing.
• Programming the application software and the safety option configurations in
accordance with the information in this manual.
• Access control to the system, including password handling.
• Analyzing all configuration settings and choosing the proper setting to achieve
the required safety rating.
• In circumstances where external influences (for example falling or suspended
loads) are present, additional measures (for example mechanical brakes) can be
necessary to prevent any hazard.
When applying Functional Safety, restrict access to qualified, authorized
personnel who are trained and experienced.
ATTENTION: When designing your system, consider how personnel will exit the
machine if the door locks while they are in the machine. Additional
safeguarding devices may be required for your specific application.
6 Rockwell Automation Publication PFLEX-UM003C-EN-P - October 2020
General Description
Safe State
The DriveGuard Safe Torque Off option is intended for use in safety-related
applications where the de-energized state is the safe state. All of the examples in the
Description of Operation section are based on achieving the de-energization as the
safe state.
Safety Category 3 / PL (d) Performance Definition
To achieve Safety Category 3 / PL (d) according to EN ISO 13849-1, the safety-related
parts have to be designed such that:
• The safety-related parts of machine control systems and/or their protective
equipment, as well as their components, shall be designed, constructed, selected,
assembled, and combined in accordance with relevant standards so that they can
withstand expected conditions.
• Well tried safety principles shall be applied.
• A single fault in any of its parts does not lead to a loss of safety function.
• Some but not all faults will be detected.
• The accumulation of undetected faults can lead to loss of safety function.
• Short circuits in the external wiring of the safety inputs is not one of the faults
that can be detected by the system, therefore, according to EN ISO 13849-2, these
cables must be installed so as to be protected against external damage by cable
ducting or armor.
• Whenever reasonably practical a single fault shall be detected at or before the
next demand of the safety function.
• The average diagnostic coverage of the safety-related parts of the control
system shall be low.
• The mean time to dangerous failure of each of the redundant channels shall be
low to high.
Rockwell Automation Publication PFLEX-UM003C-EN-P - October 2020 7
General Description
IMPORTANT
Stop Category Definitions
The selection of a stop category for each stop function must be determined by a risk
assessment.
• Stop Category 0 is achieved with immediate removal of power to the actuator,
resulting in an uncontrolled coast to stop. See “Description of Operation” Example
1 on page 21
• Stop Category 1 is achieved with power available to the machine actuators to
achieve the stop. Power is removed from the actuators when the stop is
achieved. See “Description of Operation” Example 2 on page 22
Performance Level and Safety Integrity Level (SIL) CL2
.
.
When designing the machine application, timing and distance should be
considered for a coast to stop:
• Stop Category 0 or Safe Torque Off
• Stop Category 1 or Safe Stop 1 - Time Controlled
For more information regarding stop categories, refer to EN/IEC 60204-1 or
IEC 61800-5-2.
For safety-related control systems, Performance Level (PL), according to
EN ISO 13849-1, and SIL levels, according to IEC 61508 and EN/IEC 62061, include a
rating of the system’s ability to perform its safety functions. All of the safety-related
components of the control system must be included in both a risk assessment and
the determination of the achieved levels.
Refer to the EN ISO 13849-1, IEC 61508, and EN/IEC 62061 standards for complete
information on requirements for PL and SIL determination.
PFDavg and PFH Definitions
Safety-related systems can be classified as operating in either a Low Demand mode,
or in a High Demand/Continuous mode.
• Low Demand mode: where the frequency of demands for operation made on a
safety-related system is no greater than one per year or no greater than twice
the proof-test frequency.
• High Demand/Continuous mode: where the frequency of demands for operation
made on a safety-related system is greater than once per year or greater than
twice the proof test interval.
8 Rockwell Automation Publication PFLEX-UM003C-EN-P - October 2020
Loading...