Rockwell Automation PowerFlex 755, PowerFlex 755T User Manual
PowerFlex 755/755T
Integrated Safety Functions
Option Module
Catalog Number 20-750-S4
User Manual
Original Instructions
PowerFlex 755/755T Integrated Safety Functions Option Module User Manual
Important User Information
Read this document and the documents listed in the additional resources section about installation, configuration, and
operation of this equipment before you install, configure, operate, or maintain this product. Users are required to familiarize
themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws, and standards.
Activities including installation, adjustments, putting into service, use, assembly, disassembly, and maintenance are required to
be carried out by suitably trained personnel in accordance with applicable code of practice.
If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be
impaired.
In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the use
or application of this equipment.
The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and
requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or liability for
actual use based on the examples and diagrams.
No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or software
described in this manual.
Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation, Inc., is
prohibited.
Throughout this manual, when necessary, we use notes to make you aware of safety considerations.
WA RN I NG : Identifies information about practices or circumstances that can cause an explosion in a hazardous environment,
which may lead to personal injury or death, property damage, or economic loss.
ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property
damage, or economic loss. Attentions help you identify a hazard, avoid a hazard, and recognize the consequence.
IMPORTANT Identifies information that is critical for successful application and understanding of the product.
Labels may also be on or inside the equipment to provide specific precautions.
SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous
voltage may be present.
BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may
reach dangerous temperatures.
ARC FLASH HAZARD: Labels may be on or inside the equipment, for example, a motor control center, to alert people to potential
Arc Flash. Arc Flash will cause severe injury or death. Wear proper Personal Protective Equipment (PPE). Follow ALL Regulatory
requirements for safe work practices and for Personal Protective Equipment (PPE).
2 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
About Safe Stop and Safe
Monitor Functions
Table of Contents
Preface
Summary of Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Terminology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Product Firmware and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Chapter 1
What Is the Integrated Safety Functions Option Module? . . . . . . . . 15
Compatible Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Compatible Safety Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Safety Application Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Safety Certification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Important Safety Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Stop Category Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Performance Level and Safety Integrity Level (SIL) CL3 . . . . . . 19
Proof Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
PFD and PFH Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
PFD and PFH Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Safety Data for Safe Torque Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Safety Data for Safe Feedback. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Safety Data for Safety I/O. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Spurious Trip Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Safety Reaction Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Considerations for Safety Ratings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Encoder Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Supported Encoders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Encoder Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
General Encoder Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Digital AqB Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Sine/Cosine and Hiperface Diagnostics . . . . . . . . . . . . . . . . . . . . . 27
Contact Information If Safety Option Failure Occurs . . . . . . . . . . . . 28
Chapter 2
Installation Remove Power to the System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Access the Control Pod . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Set the SAFETY and Hardware ENABLE Jumpers . . . . . . . . . . . . . . 31
Install the Safety Option Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Feedback Installation Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
I/O Wiring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Power Supply Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 3
Table of Contents
Chapter 3
Safety I/O Safety Inputs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Safety Input Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Latch Input Error Operation in Single Channel Mode. . . . . . . . 39
Single Channel Safety Input Status Data . . . . . . . . . . . . . . . . . . . . 40
Dual-channel Safety Input Operation . . . . . . . . . . . . . . . . . . . . . . . 41
Equivalent Dual-channel Input Operation. . . . . . . . . . . . . . . . . . . 42
Complementary Dual-channel Input Operation . . . . . . . . . . . . . 43
Standard Input Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Safety Input Safety Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Safety Input Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Determining Safety Input Alarm Type . . . . . . . . . . . . . . . . . . . . . . 48
Safety Input Alarm Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Input Delays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Use With PowerFlex 750-Series ATEX Option Module . . . . . . 50
Safety Outputs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Safety Output with Test Pulse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Single-channel Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Latch Output Error Operation in Single Channel Mode . . . . . . 52
Dual-channel Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Latch Output Error Operation in Dual Channel Mode . . . . . . . 53
Safety Output Safety Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Commanding Safety and Test Outputs. . . . . . . . . . . . . . . . . . . . . . 57
Safety Output Alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Determining Safety Output Alarm Type . . . . . . . . . . . . . . . . . . . . 59
Safety Output Alarm Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Test Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Standard Output Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Test Output Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Power Supply Output. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Test Output Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Test Output Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Test Output Ready . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Chapter 4
Drive-based Safe Stop
Functions
4 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Safety Output Assembly Safe Stop Function Tags. . . . . . . . . . . . . . . . 65
Safety Input Assembly Safe Stop Function Tags. . . . . . . . . . . . . . . . . . 66
Safety Function in Response to Connection Event . . . . . . . . . . . . . . . 68
Connection Loss Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Connection Idle Action. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Safe Torque Off Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Safe Torque Off Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Safe Torque Off Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Safe Torque Off Delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Safe Torque Off Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Safe Torque Off Stopping Action and Source . . . . . . . . . . . . . . . . 74
Controller-based Safety
Functions
Table of Contents
STO Safety Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Safe Stop 1 Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Safe Stop 1 Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Safe Stop 1 Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Safe Stop 1 Stopping Action and Source . . . . . . . . . . . . . . . . . . . . . 78
Timed Safe Stop 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Monitored Safe Stop 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
SS1 Safety Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Safe Brake Control Function. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Safe Brake Control Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Safe Brake Control Reset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Safe Brake Control Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Safe Brake Control Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
SBC Safety Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Connecting a Safety Brake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Chapter 5
Drive Safety Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Before Adding the Safety Instructions . . . . . . . . . . . . . . . . . . . . . . . 95
Drive Safety Instruction Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Pass-through Data Using Standard I/O Mode . . . . . . . . . . . . . . . . . . . 96
Pass-through Data Using Integrated Motion . . . . . . . . . . . . . . . . . . . . 98
SFX Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
SFX Instruction Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Standard I/O Mode –
Configuration, Programming,
and Operation
Chapter 6
Safety Assembly Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Configure Safety in the Logix Designer Application. . . . . . . . . . . . . 104
Add a PowerFlex 755 Drive/755T Drive Product to the
Safety Controller Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Add an Option Module to a PowerFlex 755 Drive. . . . . . . . . . . 106
Using a 20-750-ENETR Dual-port EtherNet/IP Option
Module with a 20-750-S4 Option Module. . . . . . . . . . . . . . . . . . 124
Safety Configuration Signature and Ownership . . . . . . . . . . . . . 126
Reset Ownership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Safety Tags in Standard Routines . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Standard Tags in Safety Routines (tag mapping). . . . . . . . . . . . . 126
Standard and Safety Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Safety Function Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Pass-through Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Falling Edge Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Understand Integrated Safety Drive Replacement. . . . . . . . . . . . . . . 130
Replace an Integrated Safety Drive in a GuardLogix System . . 130
PowerFlex 755 IO Mode Using SFX, SS1, and SLS Instructions. . 133
Studio 5000 Logix Designer Application Configuration . . . . . 133
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 5
Table of Contents
Integrated Motion –
Configuration, Programming,
and Operation
Programming Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Chapter 7
Safety Assembly Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Configure the Integrated Safety Function Option Module in
the Logix Designer Application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Add a PowerFlex 755 Drive to the Controller Project. . . . . . . . 144
Understand Module Properties Categories . . . . . . . . . . . . . . . . . . . . . 145
Module Properties>General Category. . . . . . . . . . . . . . . . . . . . . . 146
Module Properties>Connection and Safety Categories . . . . . . 149
Motion Safety>Actions Category . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Motion Safety>Primary Feedback Category . . . . . . . . . . . . . . . . 153
Motion Safety>Secondary Feedback Category . . . . . . . . . . . . . . 155
Motion Safety>Scaling Category. . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Motion Safety>Discrepancy Checking Category . . . . . . . . . . . . 157
Motion Safety>STO Category. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Motion Safety>SS1 Category. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Motion Safety>SBC Category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Motion Safety>Input Configuration Category. . . . . . . . . . . . . . 161
Motion Safety>Test Output Category . . . . . . . . . . . . . . . . . . . . . 162
Motion Safety>Output Configuration Category . . . . . . . . . . . . 163
Axis Properties > Actions > Safety Actions . . . . . . . . . . . . . . . . . 164
Module Properties > Associated Axes Motor and Load
Feedback Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Generate the Safety Network Number (SNN) . . . . . . . . . . . . . . 166
Safety Configuration Signature and Ownership . . . . . . . . . . . . . 167
Reset Ownership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Replace an Integrated Safety Drive in a GuardLogix System . . 168
Motion Direct Commands in Motion Control Systems. . . . . . 169
Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Motion and Safety Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Motion Safety Instances. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Safety Function Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Safe Monitor Network Communication. . . . . . . . . . . . . . . . . . . . 179
Explicit Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Application Example - Using SFX, SS1, and SLS Instructions
with Integrated Motion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Studio 5000 Logix Designer Application Configuration . . . . . 185
Programming Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Chapter 8
Monitoring and
Troubleshooting
6 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Monitor Status Using Status Indicators . . . . . . . . . . . . . . . . . . . . . . . . 195
Module Status Indicator (DS1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Network Status Indicator (DS2). . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Motion Output Status Indicator (DS3) . . . . . . . . . . . . . . . . . . . . 197
Safety Fault Indicator (DS4). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Table of Contents
Safety Fault Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Understand Safety Faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Safety Supervisor State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Safety Core Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Safe Torque Off Fault. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Safe Stop 1 Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Safe Brake Control Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
SS2, SOS, SLS, SLP, and SDI Faults. . . . . . . . . . . . . . . . . . . . . . . . 202
Safety Feedback Faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Safety Fault Reset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Monitor Status with a HIM or Software . . . . . . . . . . . . . . . . . . . . . . . 205
Fault Messages on HIM, Drive Module, and Connected
Components Workbench Software . . . . . . . . . . . . . . . . . . . . . . . . 205
Monitor Status Using Integrated Motion . . . . . . . . . . . . . . . . . . . . . . 210
Out-of-Box State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Recognize Out-of-Box State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Restore the Drive to Out-of-Box State. . . . . . . . . . . . . . . . . . . . . . 214
Safety Function Validation
Checklist
Specifications, Certifications,
and CE Conformity
Appendix A
Safe Stop 1 (SS1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Safe Stop 2 (SS2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Safe Operating Speed (SOS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Safely-limited Speed (SLS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Safely-limited Position (SLP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Safe Direction (SDI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Safe Feedback Interface (SFX). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Safe Brake Control (SBC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Appendix B
Integrated Safety Functions Option Module Specifications . . . . . . 233
Electrical Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Environmental Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
CE Conformity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Machinery Directive (2006/42/EC) . . . . . . . . . . . . . . . . . . . . . . . 236
EMC Directive (2014/30/EU) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Waste Electrical and Electronic Equipment (WEEE) . . . . . . . . 237
Safety I/O Assemblies and
Safety Attributes
Appendix C
Safety Assembly Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Safety Feedback Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Safe Stop Function Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Explicit Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Example: Read SS1 Fault Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 7
Table of Contents
Appendix D
Parameter Data Parameters and Settings in a Linear List . . . . . . . . . . . . . . . . . . . . . . . . 253
Device Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Host Config Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Index
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
8 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Preface
This user manual explains how to use PowerFlex® 755 drives and PowerFlex
755T drive products in safety applications up to safety integrity level 3 (SIL 3),
performance level e (PLe), category 4.
This user manual is intended for people that design, install, configure, or
troubleshoot safety applications that use the Integrated Safety Functions
option module (catalog number 20-750-S4).
This user manual covers using network safety with drives in Standard I/O
mode and Integrated Motion mode. All chapters apply to both modes with the
following exceptions:
• Chapter 6
using Integrated Motion mode.
• Chapter 7
you are using Standard I/O mode.
IMPORTANT You must have a basic understanding of electrical circuitry and familiarity
is specific to Standard I/O mode and can be skipped if you are
is specific to Integrated Motion mode and can be skipped if
with PowerFlex 755 drives and PowerFlex 755T drive products. You must also
be trained and experienced in the creation, operation, and maintenance of
safety systems.
Summary of Changes
Conventions
This user manual describes the safety requirements, including probability of
dangerous failure on demand (PFD) and average frequency of a dangerous
failure (PFH) per hour values and application verification information (see
PFD and PFH Data on page 21
This publication contains new and updated information as indicated in the
following table.
Top ic Pa ge
Added attention statement regarding ambient temperature to Environmental Specifications in
Appendix B.
This manual identifies parameter names by listing the parameter number first,
followed by the name in brackets. For example, P7 [STO Fault Type].
Both the Host Config and Device Config parameters exist for this option
module and the parameter numbers overlap. For example, there is a P3 [Device
Config Identity State] and a P3 [Host Config Safety State]. Host Config
parameters reside on the Host (that is, the drive) side of the option module and
are specific to supporting the option module. Device Config parameters reside
on the option module itself.
).
235
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 9
Preface
Throughout this manual, the PowerFlex 755/755T Integrated Safety
Functions option module is also referred to as the Integrated Safety Functions
option module.
Throughout this manual, the PowerFlex 755TL low harmonic drives,
PowerFlex 755TR regenerative drives, PowerFlex 755TM drive systems are
also referred to as PowerFlex 755T drive products.
The PowerFlex 755 drive is used for the examples in this manual.
Terminology
Ta b l e 1 defines the abbreviations that are used in this manual.
Table 1 - Abbreviations and Definitions
Abbreviation Full Term Definition
Timed SS1 Timed Safe Stop 1 Timed SS1 and Safe Stop 1 time-controlled (SS1-t) are synonymous. Both mean a safe stop where the
SS1-t Safe Stop 1 time-controlled
Monitored SS1 Monitored Safe Stop 1 Monitored SS1 and Safe Stop 1 ramp-monitored (SS1-r) are synonymous. Both mean a safe stop where
SS1-r Safe Stop 1 ramp-monitored
1oo2 One out of Two Refers to the behavioral design of a dual-channel safety system.
CAT Category
CL Claim Limit
CIP™ Common Industrial Protocol Protocol for industrial automation applications and trademarked by ODVA, Inc.
EN European Norm The offi cial European Standard.
ESD Emergency Shutdown Systems
ESPE Electro-sensitive Protective Equipment
HFT Hardware Fault Tolerance
HIM Human Interface Module A module that is used to configure a device.
IEC International Electrotechnical Commission
IGBT Insulated Gate Bi-polar Transistors Typical power switch that is used to control main c urrent.
ISO International Organization for Standardization
NC Normally Closed
NO Normally Open
OSSD Output Signal Switching Device
motor speed is decelerated to zero and o nce the maximum stop-time elapses, torque is removed from
the motor.
• Safe Stop 1 time-controlled (SS1-t) is according to EN/IEC 61800-5-2.
the motor speed is reduced to standstill within deceleration limits and once standstill speed is reached
or the maximum stop-time elapses, torque is removed from the motor.
• Safe Stop 1 ramp-monitored (SS1-r) is according to EN/IEC 61800-5-2.
Classification of the safety-related parts of a control system in respect of their resistance to faults and
their subsequent behavior in the fault condition, and which is achieved by the structural arrangement
of the parts, fault detection, and/or by their reliability (source ISO 13849-1).
The maximum SIL rating that can be claimed for a safety-related electrical control system subsystem in
relation to architectural constraints and systematic safety integrity (source IEC 62061).
A system, usually independent of the main control system, which is designed to shut down an
operating system safely.
An assembly of devices and/or components working together for protective tripping or presencesensing purposes and includes as a minimum:
•A sensing device.
• Controlling/monitoring devices.
• Output signal-switching devices (OSSD).
The HFT equals n, where n+1 faults could cause the loss of the safet y function. An HFT of one means
that two faults are required before safety is lost.
The International Electrotechnical Commission (IEC) is the organization that prepares and publishes
international standards for all electrical, electronic, and related technologies.
The International Organization for Standardization is an international standard-setting body that is
composed of representatives from various national standards organizations.
A set of contacts on a relay or switch that are closed when the relay is de-energized or the switch is deactivated.
A set of contacts on a relay or switch that are open when the relay is de-energized or the switch is deactivated.
The component of the electro-sensitive protective equipment (ESPE) connected to the control system
of a machine. When the sensing device is actuated during normal operation, the device responds by
going to the OFF-state.
10 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Preface
Table 1 - Abbreviations and Definitions (Continued)
Abbreviation Full Term Definition
PELV Protective Extra Low Voltage
PES Programmable Electronic Systems
PFD Probability of Dangerous Failure on Demand The average probability of a system to fail to perform its design function on demand.
PFH Average Frequency of a Dangerous Failure per hour The average frequency of a system to have a dangerous failure occur per hour.
PL Performance Level EN ISO 13849-1 safety rating
PM Permanent Magnet
SBC Safe Brake Control Controls safety discrete outputs that actuate a brake. Sets timing between brake and Safe Torque Off.
SDI Safe Direction
SELV Safety Ex tra Low Voltage Circuit
SFX Safety Feedback Interface
SIL Safety Integrity Level A measure of a products ability to lower the risk that a dangerous failure could occur.
SLP Safely-Limited Position Prevents the motor shaft from exceeding one or more specified position limits.
SLS Safely-Limited Speed
SNN Safety Network Number
SOS Safe Operating Stop
SS1-r Safe Stop 1 Ramp Monitored
SS1-t Safe Stop 1 Time Controlled
STO Safe Torque Off
An electrical system where the voltage cannot exceed ELV under normal conditions, and under singlefault conditions, except earth faults in other circuits.
System for control, protection, or monitoring based on one or more programmable electronic devices,
including all elements of the system such as power supplies, sensors and other input devices, data
highways and other communication paths, and actuators and other output devices.
In permanent magnet (PM) motors, magnets mounted on or embedded in the rotor, couple with the
current-induced internal magnetic fields of the motor generated by electrical input to the stator.
Monitors position of a motor to detec t movement of more than a defined amount in the unintended
direction.
A secondary circuit that is designed and protected so that, under normal and single fault conditions, its
voltages do not exceed a safe value.
A GuardLogix® Drive Safety interface that scales feedback position into position units and feedback
velocity into position units per time unit. Feedback Position and Velocity are read from a Safety Input
assembly to an integrated Safe Speed drive.
Monitors the speed of a motor and sets the SLS Limit output if the speed exceeds the Active Limit input
value.
Uniquely identifies a network across all networks in the safety system. You are responsible for
assigning a unique number for each safety network or safety subnet within a system.
Prevents the motor from deviating more than a defined amount from the stopped position. The drive
provides energy to the motor to enable it to resist ex ternal forces.
Safe stop where the motor speed is decelerated to zero and once the maximum stop-time elapses,
torque is removed from the motor.
Safe Stop 1 ramp-monitored (SS1-r) is according to EN/IEC 61800-5-2 and is Stop Category 1, as
defined in IEC 60204
Safe stop where the motor speed is reduced to standstill within deceleration limits and once standstill
speed is reached or the maximum stop-time elapses, torque is removed from the motor.
Safe Stop 1 time-controlled (SS1-t) is according to EN/IEC 61800-5-2 and is Stop Category 1, as defined
in IEC 60204
The Safe Torque Off (STO) function is used to help prevent unexpected motor rotation during an
emergency while the drive remains connected to the power supply. When STO is activated, the torque
power cannot reach the drive, which stops and prevents any motor shaft rotation.
Safe Torque Off (STO) is according to EN/IEC 61800-5-2 and is Stop Category 0 as defined in IEC 60204.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 11
Preface
Product Firmware and Release Notes
Product firmware and release notes are available online within the Product
Compatibility and Download Center.
1. From the Search bar on http://www.ab.com
Downloads.
2. Search for your product.
, choose Compatibility and
3. On the search results page, find the firmware and release notes for your
product. If no firmware/release notes are available, the module is still
shipping with its original firmware release.
IMPORTANT Both standard connections to the drive and safety connections to the card
must be closed to update the Integrated Safety Functions Module.
See the Product Compatibility and Download Center Quick Start Guide,
publication PCDC-QS001
firmware and release notes.
, for instructions on how to find and download
12 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Preface
Additional Resources
These documents contain additional information concerning related Rockwell
Automation products.
Resource Description
PowerFlex 750-Series Products with TotalFORCE® Control Installation
Instructions, publication 750-IN100
PowerFlex 755TM IP00 Open Type Kits Installation Instructions, publication
750-IN101
PowerFlex Drives with TotalFORCE Control Programming Manual, publication
750-PM100
PowerFlex 750-Series AC Drive Installation Instructions, publication
PowerFlex 750-Series AC Drives Programming Manual, publication
Enhanced PowerFlex 7-Class Human Interface Module (HIM) User Manual,
publication
GuardLogix Safety Application Instruction Set Reference Manual,
publication 1756-RM095
EtherNet/IP Network Devices User Manual, publication ENET-UM006
EtherNet/IP Device Level Ring Application Technique, publication ENET-AT007
System Design for Control of Electrical Noise Reference Manual,
publication GMC-RM001
Safety Guidelines for the Application, Installation, and Maintenance of
Solid-State Control, publication
GuardLogix 5580 and Compact GuardLogix 5380 Controller Systems Safety
Reference, publication 1756-RM012
ControlLogix® 5580 Controllers User Manual, publication 1756-UM543 Provides information on how to use standard ControlLogix 5580 controllers.
CompactLogix™ 5380 Controllers User Manual, publication 5069-UM001 Provides information on how to use standard CompactLogix 5380 controllers.
Product Certification s website, ro k.auto/cer tificatio ns
20HIM-UM001
750-IN001
750-PM001
SGI-1.1
Provides the basic steps to install PowerFlex 755TL low harmonic drives, PowerFlex 755TR
regenerative drives, and PowerFlex 755TM drive systems.
Provides instructions to install IP00 Open Type kits in user-supplied enclosures.
Provides detailed information on:
• I/O, control, and feedback options
• Parameters and programming
• Faults, alarms, and troubleshooting
Provides information on how to install the Safe Torque Off option module in PowerFlex 750Series drive.
Provides information on how to mount, install, and configure PowerFlex 750-Series drives.
Provides information for using the 20-HIM-A6 HIM module to configure PowerFlex 750-Series
drives and the Safe Torque Off option module.
Provides information that describes the GuardLogix Safety Application Instruction set.
Describes how to configure and use EtherNet/IP devices to communicate on the EtherNet/IP
network.
Describes Device Level Ring (DLR) topologies, configuration considerations, and diagnostic
methods.
Information, examples, and techniques that are designed to minimize system failures caused by
electrical noise.
Describes important differences between solid-state control and hard wired electro mechanical
devices.
Provides information on safety application requirements for GuardLogix 5580 and Compact
GuardLogix 5380 controllers in Studio 5000 Logix Designer® applications.
Provides declarations of conformity, certificates, and other certification details.
You can view or download publications at rok.auto/literature
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 13
.
Preface
Notes:
14 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Chapter 1
About Safe Stop and Safe Monitor Functions
This chapter provides information on safety considerations for the Integrated
Safety Functions option module.
Top ic Pa ge
What Is the Integrated Safety Functions Option Module? 15
Compatible D rives 17
Compatible Safety Controllers 17
Safety Application Requirements 18
Safety Certification 18
Proof Tests 20
PFD and PFH Definitions 20
PFD and PFH Data 21
Safety Reaction Time 23
Contact Information If Safety Option Failure Occurs 28
What Is the Integrated Safety Functions Option Module?
The Integrated Safety Functions option module provides a networked STO
(Safe Torque Off) function via an EtherNet/IP® network. It is also equipped
for Integrated (drive-based) Timed SS1, Monitored SS1, and Safe Brake
Control, which operate in the drive and are activated through the network
safety connection.
The Integrated Safety Functions option module also supports select controllerbased EN/IEC 61800-5-2 safety functions operating in GuardLogix® 5580 or
Compact GuardLogix 5380 controllers that use the EtherNet/IP network to
communicate with the safety I/O. This support includes the new safety
function instructions that are provided on the Drive Safety tab in the Logix
Designer application.
The Integrated Safety Functions option module includes these features:
• Is designed to remove power from the gate firing circuits of the drive
output power devices (IGBTs). With the power removed, the drive
output power devices cannot turn on to generate AC power to the
motor.
• Can be used in combination with other safety devices to satisfy the
requirements of IEC 61508, EN/IEC 61800-5-2 SIL 3, ISO 13849-1
PLe, and Category 4 for Safe Torque Off (STO).
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 15
Chapter 1
When used for safe speed monitoring, the drive can be configured for single- or
dual-feedback to achieve the following safety ratings:
• Single-feedback configurations using safety encoders provide up to SIL
2 PLd capability.
• Dual-feedback configurations provide up to SIL 3 PLe capability when
discrepancy testing (either velocity, position, or both) is enabled. Safety
functions that use position check have up to SIL 2 PLd capability. In this
configuration, at least one encoder (the primary encoder) has to comply
with SIL 2, PL d. The second encoder can be a standard encoder.
IMPORTANT The Integrated Safety Functions option module is suitable for performing
mechanical work on the drive train or affected area of a machine only. It
does not provide electrical safety.
ATT EN TI ON : The Integrated Safety Functions option module does not
remove dangerous voltages at the drive output. Before performing any
electrical work on the drive or motor, turn off the input power to the drive,
and follow all safety procedures. See Remove Power to the System
on
page 30 for more information.
IMPORTANT Multiple safety option modules in a single drive are not allowed. Only one of
these safety option modules can be installed in the drive:
• PowerFlex® 750-Series Safe Torque Off option module
(catalog number 20-750-S)
• PowerFlex 750-Series Safe Speed Monitor option module
(catalog number 20-750-S1)
• PowerFlex 755/755T Integrated Safety - Safe Torque Off option module
(catalog number 20-750-S3)
• PowerFlex 755/755T Integrated Safety Functions option module (catalog
number 20-750-S4)
ATTENTION: If two output IGBTs fail in the drive, when the Integrated Safety
Functions option module has controlled the drive outputs to the Off state, the
drive can provide stored energy for up to 180° of rotation in a 2-pole motor
before torque production in the motor stops.
ATT EN TI ON : The STO function only disables motor torque. A mechanical
force on the motor shaft such as suspended loads, back pressure in a pump or
fan, can cause motor rotation.
IMPORTANT Do not use this option module as a control for starting or stopping the drive.
16 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Chapter 1
Compatible Drives
The Integrated Safety Functions option module is compatible with these
PowerFlex 755 drives and PowerFlex 755T drive products:
• PowerFlex 755 drives (v14.xxx or later)
• PowerFlex 755TL low harmonic drives (v4.xxx or later)
• PowerFlex 755TR regenerative drives (v4.xxx or later)
• PowerFlex 755TM common bus inverters (v4.xxx or later)
IMPORTANT The Integrated Safety Functions option module is not compatible with
PowerFlex 753 drives.
Integrated safety functions are controlled via the embedded Ethernet port on
the drive only. The 20-750-ENETR can still be used, but only in conjunction
with the embedded Ethernet port by being in Tap mode (safety messages must
go through the embedded Ethernet port on drive).
The following Add-on Profiles (AOPs) are needed depending on the drive and
type of control used:
Product Standard Control Integrated Motion
755 v5.03 (or later) v19.00.00 (or later)
755T v5.04 (or later) Future
Compatible Safety Controllers
A GuardLogix safety controller is required for use of the Integrated Safety
Functions option module that is used in Network mode control (‘Safety’,
‘Standard and Safety’, or ‘Motion and Safety’ used for Connection type). The
following GuardLogix controllers can be used:
Controller
GuardLogix 5580 safety controller v31 (or later)
Compact GuardLogix 5380 safety controller v31 (or later)
Studio 5000 Logix Designer® Application Version /
Controller Firmware
IMPORTANT The Integrated Safety Functions option module is not supported by
GuardLogix 5570 and GuardLogix 5370 (or earlier) safety controllers.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 17
Chapter 1
Safety Application Requirements
Safety Certification
Create, record, and verify the safety signature as part of the required safety
application development process. The safety controller creates the safety
signature, which consists of an identification number, date, and time that
uniquely identifies the safety portion of a project. This signature covers all
safety logic, data, and safety I/O configuration.
If the Drive Safety Function Instructions are used in the safety application,
special consideration must be taken to verify the application. See Appendix A
for guidance on verifying the drive safety function instructions.
For safety system requirements, including information on the safety network
number (SNN), verifying the safety signature, and functional verification tests,
see the GuardLogix Controller Systems Safety Reference Manuals that are
listed in the Additional Resources
The TÜV Rheinland group has approved the PowerFlex 755 Integrated Safety
Functions option module (catalog number 20-750-S4) as suitable for use in
integrated safety applications:
• Up to and including SIL 3 according to IEC 61508
• Up to and including SIL CL3 according to IEC 62061
• Up to and including PLe (Category 4) according to ISO 13849-1.
on page 13.
In these applications, the removal of motion-producing power is considered to
be the safe state. All components in the system must be chosen and applied
correctly to achieve the desired level of operator safeguarding.
Important Safety Considerations
You are responsible for these system safety considerations:
• Set-up, safety rating, and validation of any sensors or actuators
connected to the system.
• Complete a system-level risk assessment, and reassess the system anytime
a change is made.
• Certification of the system to the desired safety Performance Level/
Safety Integrity Level.
• Project management and proof testing.
• Programming the application software and the safety option module
configurations in accordance with the information in this manual.
• Access control to the system.
• Analyze all configuration settings and choose the proper setting to
achieve the required safety rating.
• Validation and documentation of all safety functions used.
IMPORTANT Only qualified, authorized personnel that are trained and experienced in
functional safety can plan, implement, and apply functional safety systems.
18 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Chapter 1
ATT EN TI ON : When designing your system, consider how various personnel
can interact with the machine. Additional safeguard devices can be required
for your specific application.
ATT EN TI ON : In circumstances where external influences (for example,
suspended loads that can fall) are present, additional measures (for
example, mechanical brakes) can be necessary to help prevent any hazard.
Stop Category Definitions
There are three stop categories:
• Stop Category 0 is achieved with immediate removal of power to the
machine actuators, which results in an uncontrolled coast-to-stop. An
STO accomplishes a Stop Category 0 stop.
• Stop Category 1 is achieved with a Ramp to Stop followed with
immediate removal of power to the machine actuators. This can be
achieved using SS1 with STO.
• Stop Category 2 is a controlled stop with power left available to the
machine actuators. This can be achieved using controller-based SS2 /
SOS with the PowerFlex 755T drive products.
IMPORTANT When designing the machine application, consider timing and distance for a
coast-to-stop (Stop Category 0 or Safe Torque Off). For more information on
stop categories and Safe Torque Off, see EN 60204-1 and EN/IEC 61800-5-2.
Performance Level and Safety Integrity Level (SIL) CL3
For safety-related control systems, Performance Level (PL), according to
ISO 13849-1, and SIL levels, according to IEC 61508 and EN 62061, include
a rating of the ability of the system to perform its safety functions. All safetyrelated components of the control system must be included in both a risk
assessment and the determination of the achieved levels.
See the ISO 13849-1, IEC 61508, and EN 62061 standards for complete
information on requirements for PL and SIL determination.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 19
Chapter 1
Proof Tests
PFD and PFH Definitions
IEC 61508 requires you to perform various proof tests of the equipment that is
used in the system. Proof tests are performed at user-defined times. For
example, proof tests can be once a year, once every 15 years, or whatever time
frame is appropriate.
The Integrated Safety Functions option module has a useful life of 20 years, no
proof test required. Other components of the system, such as safety I/O
devices, sensors, and actuators can have different useful life times.
IMPORTANT The time frame for the proof test interval depends on the specific
application.
Safety-related systems can be classified as operating in either a Low Demand
mode, or in a High Demand/Continuous mode.
• Low Demand mode: where the frequency of demands for operation,
made on a safety-related system, is no greater than one per year, or no
greater than twice the proof-test frequency.
• High Demand/Continuous mode: where the frequency of demands for
operation, made on a safety-related system, is greater than once per year,
or greater than twice the proof test interval.
The SIL value for a low-demand safety-related system is directly related to
order-of-magnitude ranges of its average probability of failure to perform its
safety function on demand or, simply, average probability of dangerous failure
on demand (PFD
The SIL value for a High Demand/Continuous mode safety-related system is
directly related to the average frequency of a dangerous failure (PFH) per hour.
avg
).
20 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Chapter 1
PFD and PFH Data
These PFD
and PFH calculations are based on the equations from Part 6 of
avg
EN 61508 and show worst-case values.
Safety Data for Safe Torque Off
Ta b l e 2 , and Ta b l e 3 provide PFD
(STO) or Timed Safe Stop 1 functions. These values apply when Safety
Instance is set to ‘Safe Stop Only – No Feedback’.
Table 2 - PFD and PFH for PowerFlex 755 Drives STO and Timed SS1
Attribute Frames 1…7 Frame 8 Frame 9 Frame 10
PFD
(average)
PFH (1/hour) 4.77E-10 2.09E-9 3.14E-9 4.19E-9
SIL 3 3 3 3
PL e e e e
Category 4 4 4 4
years 204.1 (high) 93.3 (high) 69.1 (high) 55.1 (high)
MTTF
D
% 97.5% (medium) 97.4% (high) 97.5% (high) 97.5% (high)
DC
avg
HFT 1 (1oo2) 1 (1oo2) 1 (1oo2) 1 (1oo2)
Mission time 20 years 20 years 20 years 20 years
4.08E-5 1.81E-4 2.73E-4 3.64E-4
and PFH values for the Safe Torque Off
avg
Table 3 - PFD and PFH for PowerFlex 755T Drive Products STO and Timed SS1
Attribute Frames 5 and 6 Frames 7 and 8 Frame 9 Frame 10 Frame 11 Frame 12 Frame 13 Frame 14 Frame 15
PFD
(average)
PFH (1/hour) 5.24E-10 2.96E-9 3.25E-9 3.55E-9 3.85E-9 4.15E-9 4.45E-9 5.05E-9 5.65E-9
SIL 333333333
PLeeeeeeeee
Category444444444
MTTF
D
% 97.4% (high) 97.0% (high) 97.0% (high) 97.0% (high) 97.0% (high) 96.9% (high) 96.9% (high) 96.9% (high) 96.9% (high)
DC
avg
HFT 1 (1oo2) 1 (1oo2) 1 (1oo2) 1 (1oo2) 1 (1oo2) 1 (1oo2) 1 (1oo2) 1 (1oo2) 1 (1oo2)
Mission time 20 years 20 years 20 years 20 years 20 years 20 years 20 years 20 years 20 years
4.49E-5 2.56E-4 2.82E-4 3.08E-4 3.34E-4 3.60E-4 3.86E-4 4.38E-4 4.9 0E-4
years 187.5 (high) 102.6 (high) 87.8 (high) 76.7 (high) 68.1 (high) 61.2 (high) 55.6 (high) 47 (high) 40.7 (high)
Safety Data for Safe Feedback
Ta b l e 4 provides PFD
from Ta b l e 2
or Ta b l e 3 for safety functions that require safe encoder feedback.
Safety functions using safe encoder feedback include drive based Monitored
Safe Stop 1 and controller-based safety functions SS1, SS2, SOS, SLS, SLP, and
SDI.
and PFH values to add to the PFD
avg
and PFH values
avg
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 21
Chapter 1
In general, the PFD
Ta b l e 2
and Ta b l e 3 when Safety Instance is set to ‘Single Feedback
and PFH values from Ta b l e 4 should be added to
avg
Monitoring’ or ‘Dual Feedback Monitoring’.
When using Dual Feedback Monitoring, enable Discrepancy Testing.
Table 4 - PFD or PFH to Add When Safety Functions Use Safety Feedback
Attribute Single Encoder Feedback
PFD (average) 6.75E-4 4.32E-5
PFH (1/hour) 7.70E-9 4.93E-10
SIL 2 3
PL d e
Category 3 4
MTTFD years 1446.7 (high) 1427.7 (high)
DCavg% 90.0% (medium) 99.0% (high)
HFT 1 (1oo2) 1 (1oo2)
Mission time 20 years 20 years
(1) Dual channel values apply with discre pancy checking configured.
Dual Encoder
(1)
Feedback
The safe motion-monitoring option can be configured for single feedback or
dual feedback to achieve the following safety rating:
• Single feedback configurations provide up to SIL 2 PLd capability.
• Dual-feedback configurations provide up to SIL 3 PLe capability when
discrepancy testing (either velocity, position, or both) is enabled.
IMPORTANT Achievable safety rating depends on each system component. For Safe
Feedback, the safety rating of the selected encoders may limit the safety
rating of the system.
Safety Data for Safety I/O
The Integrated Safety Functions option module provides four safety inputs
and two safety outputs. Ta b l e 5
provides PFD
safety functions that use this Safety I/O.
Table 5 - PFD or PFH to Add When Safety Functions Use Safety I/O
Attribute Single Channel Safety I/O Dual Channel Safety I/O
PFD (average) 3.35E-4 2.49E-4
PFH (1/hour) 3.83E-9 2.84E-9
SIL 2 3
PL d e
Category 2 4
MTTFD years 1064.9 (high) 1998.0 (high)
and PFH values to add for
avg
22 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Chapter 1
Table 5 - PFD or PFH to Add When Safety Functions Use Safety I/O
Attribute Single Channel Safety I/O Dual Channel Safety I/O
DCavg% 96.4% (high) 94.2% (high)
HFT 0 (1oo1) 1 (1oo2)
Mission time 20 years 20 years
IMPORTANT Single channel safety I/O is only certified for use in functional safety
applications with process safety times greater than or equal to 300 ms; or
applications with demand rates less than or equal to 1 demand per 30
seconds.
IMPORTANT If single channel safety I/O is used, pulse testing (external pulse testing for
safety inputs, pulse testing for safety outputs) MUST be enabled on the
single channel I/O points.
Spurious Trip Rate
Safety Reaction Time
Ta b l e 6 shows the Spurious Trip Rate (STR) and Mean Time to Failure
Spurious (MTTF
) values for the Integrated Safety Functions option
Spurious
module, calculated according to the ISA TR-84 method.
Table 6 - STR and MTTF Spurious Values
Attribute Value
Spurious Trip Rate 3.00E-6
MTTFSpurious (years) 37.0
The safety reaction time is the length of time from a safety-related event as
input to the system until the system is in the safe state. Ta b l e 7
shows the safety
reaction time from an input signal condition that triggers a safe stop, to the
initiation of the configured Stop Type. For details on how to calculate system
reaction times with GuardLogix controllers, see the GuardLogix Controller
Systems Safety Reference Manuals listed in the Additional Resources
on
page 13.
Table 7 - Safety Reaction Time
Drive Family Network STO Reaction Time, Max
PowerFlex 755 drives (firmware revision 13 or later), Frames 1…10
PowerFlex 755TL low harmonic drives, Frames 7…15
PowerFlex 755TR regenerative drives, Frames 7…15
PowerFlex 755TM, Frames 8…15
PowerFlex 755TL low harmonic drives, Frames 5 and 6 26 ms
15 ms
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 23
Chapter 1
IMPORTANT An input signal condition that is present for less than the reaction time may
not result in the safety function being performed. Repeated requests of the
safety function for less than the reaction time can result in a spurious
detection of a fault.
Considerations for Safety Ratings
Encoder Considerations
IMPORTANT In network STO Mode, the safety reaction time in Ta bl e 7
does not include
the connection reaction time limit. See the GuardLogix Controller Systems
Safety Reference Manuals, listed in the Additional Resources
on page 13, for
details.
The achievable safety rating of an application that uses the Integrated Safety
Functions option module that is installed in PowerFlex 755/755T drive
products is dependent upon many factors, drive options, and the type of motor.
A safety rating up to and including SIL 3, PLe, and Category 4 can be achieved.
This section describes factors to consider when using an encoder with the
Integrated Safety Functions option module.
Supported Encoders
Ta b l e 8 describes the supported encoder types based on the feedback card that
is used and the physical terminal it is connected to. You must determine the
safety capability of a system based on the supported encoder types and the
encoder diagnostics that are described in this chapter.
Table 8 - Supported Feedback Cards and Encoder Types
Feedback Option
20-750-UFB-1 Sine/Cosine
20-750-DENC-1 Digital AqB
Primary Channel Secondary Channel
Encoder Type Encoder Motion Axis Encoder Type Encoder Motion Axis
Not Used Not Used SIL 2/PL d with safety rated encoder
Motor Feedback
Digital AqB Load Feedback SIL 3/PL e
Not Used Not Used SIL 2/PL d with safety rated encoder
Digital AqB Load Feedback SIL 3/PL e
Encoder Diagnostics
Depending on the encoder type, the module performs several diagnostic tests
on encoder signals to detect faults in the encoder. You must determine if the
combination of the selected encoder device type and the diagnostics that are
described in this chapter will satisfy the required safety function rating. The
use of non-safety, standard encoders my require further analysis and assessment
activties.
24 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Achievable System Safety Rating
Chapter 1
General Encoder Diagnostics
The following encoder diagnostics are available for all supported encoder
types:
•Encoder Voltage Monitoring (Configurable)
• Maximum Speed Limit (Configurable)
• Maximum Acceleration (Configurable)
•Maximum Encoder Input Frequency
• Dual Encoder Velocity and/or Position Discrepancy (Configurable)
IMPORTANT These diagnostics are based on the capability of the chosen encoder and its
rated limits. They do not provide a safety-rated safety function.
Encoder Voltage Monitoring
The voltage monitoring diagnostic samples the voltage being supplied to the
encoder to confirm that its level is within its configured range. If the voltage
monitoring diagnostic detects a voltage that is out of the configured range, the
safety feedback instance reports a voltage monitoring fault and causes the
module to enter the safe state.
The following voltage monitoring ranges are supported:
• 4.75…5.25V (Recommended setting when using 20-750-DENC-1 card
with the 12V Jumper in the ‘Storage’ position)
• 11.4…12.6V (Recommended setting when using 20-750-DENC-1 card
with the 12V Jumper in the ‘Enabled’ position)
• 7…12V (Recommended setting when using 20-750-UFB-1)
If a voltage range is not specified, then the voltage monitoring diagnostic is not
performed.
Maximum Speed Limit
The maximum speed limit diagnostic detects when encoder speed is above a
configured limit. If the speed of the encoder is greater than the configured max
speed limit, an exceeded max speed fault is reported by the safety feedback
instance. This causes the module to enter the safe state.
If the encoder being used specifies a maximum speed, set the maximum speed
limit configuration value to this value or lower. If the limit is configured as 0,
this diagnostic is not be performed.
Maximum Acceleration
The maximum acceleration diagnostic detects when encoder acceleration is
above a configured limit. If the module detects that the acceleration of the
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 25
Chapter 1
encoder has exceeded the configured limit, a max acceleration fault is reported
by the safety feedback instance. This causes the module to enter the safe state.
If the encoder being used specifies a maximum acceleration, set the maximum
acceleration configuration value to this value or lower. If the maximum
acceleration is configured as 0, this diagnostic is not performed.
Maximum Encoder Input Frequency
The maximum encoder input frequency diagnostic confirms that the safety
feedback signals do not exceed the maximum frequency (encoder counts per
second) supported by the module. This value is not configurable and has fixed
values based on the encoder type. Ta b l e 9
on encoder type.
Table 9 - Maximum Frequency of Encoder Types
Encoder Type Max Frequency
Digital AqB 250 kHz
Sine/Cosine and Hiperface 163.8 kHz
shows the maximum frequency based
If the module detects an encoder input frequency above the limit, a max
frequency fault is reported in the safety feedback instance and the module
enters the safe state.
Dual Encoder Velocity and/or Position Discrepancy
The dual encoder velocity and position discrepancy diagnostic confirms that
the position and/or velocity of the two encoders match within a configurable
tolerance. The position and velocity discrepancy limits are individually
configurable; setting the limit to a value of 0 disables the diagnostic check. If
the module detects that the difference between the position and/or velocity of
both encoders is outside the configured limit, a discrepancy error is reported in
both safety feedback instances and the module enters the safe state. This
diagnostic is only available when the module is configured in a dual feedback
configuration.
26 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Chapter 1
Digital AqB Diagnostics
The following diagnostic functions are implemented in the module to perform
diagnostics for digital AqB encoders:
• Inverse Signal Monitoring
• Quadrature Error Detection
Inverse Signal Monitoring
The inverse signal monitoring diagnostic confirms that the inverted and noninverted signals are always at opposite signal levels. If the module detects a noninverted signal, a feedback signal lost fault is reported in the safety feedback
instance and the module enters the safe state. This diagnostic is meant to detect
encoder wiring errors, such as open, short, or short to power.
Quadrature Error Detection
The quadrature error detection confirms that the A and B signals from the
digital AqB encoder do not change simultaneously. This diagnostic is also
referred to as an exclusive bit check. If the module detects a quadrature error,
the safety feedback instance reports a quadrature error fault and enters the safe
state. A simultaneous change indicates an error with the encoder wiring or an
issue with the encoder itself.
Sine/Cosine and Hiperface Diagnostics
The following diagnostic functions are implemented in the module to perform
diagnostics on Hiperface and or Sine/Cosine type encoders:
2
•Sin
+ Cos2 Vector Length Monitoring
• Zero-crossing Detection
• Signal Offset (Sine/Cosine Encoder Type Only)
Sin 2+ Cos2 Vector Length Monitoring
The Sin2 + Cos2 vector length monitoring diagnostic confirms that the sine
and cosine signals are sinusoidal and 90° apart. This diagnostic is meant to
detect errors in the wiring of the encoder and problems within the encoder
itself. Ta b l e 1 0
this diagnostic. Ta b l e 1 1
module detects that the amplitude and or phase of the signals is out of range,
the safety feedback instance reports a Sin
placed in the safe state.
describes the tolerance of encoder output signal amplitudes for
describes the phase tolerance of the diagnostic. If the
2
+ Cos2 fault and the module is
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 27
Chapter 1
Table 10 - Sin2 + Cos2 Vector Length Monitoring Amplitude Range
Max Min
1.3 Vpp 0.7 Vpp
Table 11 - Sin2 + Cos2 Vector Length Monitoring Phase Tolerance
Tol era nc e
90º ± 20º
Zero-crossing Detection
The zero-crossing detection diagnostic confirms that the sine and cosine
signals have a similar offset to ground. The offset tripping point is ± 50 mV. If
the offset of the sine and cosine signals is greater than the tripping point, the
zero-crossing detection diagnostic will fail, a signal lost fault is reported in the
safety feedback instance, and the module is placed in the safe state.
Contact Information If Safety Option Failure Occurs
Signal Offset
The signal offset diagnostic confirms that a Sine/Cosine type encoder is
producing the proper offset on the Sine and Cosine signals. This diagnostic is
not performed when the feedback device type is configured as Hiperface.
Ta b l e 1 2
and or Cosine signals are outside the tolerance range, the safety feedback
instance reports a signal offset fault and the module is placed in the safe state.
Table 12 - Signal Offset Tolerance
Max Min
3.0V 2.0V
If you experience a failure with any safety-certified device, contact your local
Allen-Bradley distributor to request any of these actions:
describes the offset tolerance of the diagnostic. If the offset of the Sine
• Return the device to Rockwell Automation so the failure is
appropriately logged for the catalog number that is affected and a record
is made of the failure.
• Request a failure analysis (if necessary) to determine the probable cause
of the failure.
In case of malfunction or damage, no attempts at repair should be made. The
option module should be returned to the manufacturer for repair. Do not
dismantle the option module.
For more information about replacing drives, see Replace an Integrated Safety
Drive in a GuardLogix System on page 130 and Replace an Integrated Safety
Drive in a GuardLogix System on page 168.
28 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Chapter 2
Installation
This chapter provides installation, jumper settings, and wiring for the
Integrated Safety Functions option module.
Top ic Pa ge
Remove Power to the System 30
Access t he Control Pod 30
Set the SAFETY and Hardware ENABLE Jumpers 31
Install the Safety Option Module 32
I/O Wiring 34
Cabling 34
ATT EN TI ON : The following information is a guide for proper installation.
Rockwell Automation does not assume responsibility for the compliance or
the noncompliance to any code, national, local, or otherwise for the proper
installation of this equipment. A hazard of personal injury and/or equipment
damage exists if codes are ignored during installation.
IMPORTANT Installation must be in accordance with the instructions in this user manual
and the installation instructions for your drive.
Only qualified, authorized personnel that are trained and experienced in
functional safety can plan, implement, and apply functional safety systems.
IMPORTANT During installation and maintenance, check your drive firmware release
notes for known anomalies and verify that there are not safety-related
anomalies.
The Integrated Safety Functions option module is intended to be part of the
safety-related control system. Before installation, perform a risk assessment that
compares the Integrated Safety Functions option module specifications and all
foreseeable operational and environmental characteristics of the control
system.
A safety analysis is required to determine how often to test the safety function
for proper operation during the life of the machine.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 29
Chapter 2
Panel-mo unted D rives
Drives in Cabinet Enclosures
Remove Power to the System
Before performing any work on the drive, remove all power to the system.
ATT EN TI ON :
• Electrical Shock Hazard. Verify that all sources of AC and DC power are deenergized and locked out or tagged out in accordance with the requirements
of ANSI/NFPA 70E, Part II.
• To avoid an electric shock hazard, verify that the voltage on the bus
capacitors has discharged before performing any work on the drive. Measure
the DC bus voltage at the +DC and -DC terminals or test points. The voltage
must be zero. For the location of the terminal block and test point sockets,
see the manual for your drive:
• PowerFlex® 750-Series AC Drive Installation Instructions,
publication
• PowerFlex 750-Series Products with TotalFORCE® Control Installation
Instructions, publication 750-IN100
• PowerFlex 755TM IP00 Open Type Kits Installation Instructions,
publication 750-IN101
• In Safe Torque Off mode, hazardous voltages may still be present at the
motor. To avoid an electric shock hazard, disconnect power to the motor and
verify that the voltage is zero before performing any work on the motor.
750-IN001
Access the Control Pod
The option module is installed in the drive control pod. Different drives have
different ways to access the control pod. To access the control pod, follow these
steps.
1. Remove the door or cover.
2. Loosen the retention screw on the HIM cradle.
3. Lift the cradle until the latch engages.
See the installation instructions for your drive for more information.
Figure 1 - Access the Control Pod.
30 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Loading...