Rockwell Automation PowerFlex 755, PowerFlex 755T User Manual
PowerFlex 755/755T
Integrated Safety Functions
Option Module
Catalog Number 20-750-S4
User Manual |
Original Instructions |
PowerFlex 755/755T Integrated Safety Functions Option Module User Manual
Important User Information
Read this document and the documents listed in the additional resources section about installation, configuration, and operation of this equipment before you install, configure, operate, or maintain this product. Users are required to familiarize themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws, and standards.
Activities including installation, adjustments, putting into service, use, assembly, disassembly, and maintenance are required to be carried out by suitably trained personnel in accordance with applicable code of practice.
If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be impaired.
In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the use or application of this equipment.
The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or liability for actual use based on the examples and diagrams.
No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or software described in this manual.
Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation, Inc., is prohibited.
Throughout this manual, when necessary, we use notes to make you aware of safety considerations.
WARNING: Identifies information about practices or circumstances that can cause an explosion in a hazardous environment, which may lead to personal injury or death, property damage, or economic loss.
ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property damage, or economic loss. Attentions help you identify a hazard, avoid a hazard, and recognize the consequence.
IMPORTANT Identifies information that is critical for successful application and understanding of the product.
Labels may also be on or inside the equipment to provide specific precautions.
SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous voltage may be present.
BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may reach dangerous temperatures.
ARC FLASH HAZARD: Labels may be on or inside the equipment, for example, a motor control center, to alert people to potential Arc Flash. Arc Flash will cause severe injury or death. Wear proper Personal Protective Equipment (PPE). Follow ALL Regulatory requirements for safe work practices and for Personal Protective Equipment (PPE).
2 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
Table of Contents
About Safe Stop and Safe
Monitor Functions
Installation
Preface
Summary of Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Terminology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Product Firmware and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Chapter 1
What Is the Integrated Safety Functions Option Module? . . . . . . . . 15 Compatible Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Compatible Safety Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Safety Application Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Safety Certification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Important Safety Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Stop Category Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Performance Level and Safety Integrity Level (SIL) CL3 . . . . . . 19 Proof Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 PFD and PFH Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 PFD and PFH Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Safety Data for Safe Torque Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Safety Data for Safe Feedback. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Safety Data for Safety I/O. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Spurious Trip Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Safety Reaction Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Considerations for Safety Ratings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Encoder Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Supported Encoders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Encoder Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 General Encoder Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Digital AqB Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Sine/Cosine and Hiperface Diagnostics . . . . . . . . . . . . . . . . . . . . . 27 Contact Information If Safety Option Failure Occurs . . . . . . . . . . . . 28
Chapter 2
Remove Power to the System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Access the Control Pod . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Set the SAFETY and Hardware ENABLE Jumpers . . . . . . . . . . . . . . 31 Install the Safety Option Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Feedback Installation Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 I/O Wiring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Power Supply Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
3 |
Table of Contents
Safety I/O
Drive-based Safe Stop
Functions
Chapter 3
Safety Inputs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Safety Input Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Latch Input Error Operation in Single Channel Mode. . . . . . . . 39
Single Channel Safety Input Status Data . . . . . . . . . . . . . . . . . . . . 40
Dual-channel Safety Input Operation . . . . . . . . . . . . . . . . . . . . . . . 41
Equivalent Dual-channel Input Operation. . . . . . . . . . . . . . . . . . . 42
Complementary Dual-channel Input Operation . . . . . . . . . . . . . 43
Standard Input Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Safety Input Safety Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Safety Input Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Determining Safety Input Alarm Type . . . . . . . . . . . . . . . . . . . . . . 48
Safety Input Alarm Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Input Delays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Use With PowerFlex 750-Series ATEX Option Module . . . . . . 50
Safety Outputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Safety Output with Test Pulse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Single-channel Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Latch Output Error Operation in Single Channel Mode . . . . . . 52
Dual-channel Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Latch Output Error Operation in Dual Channel Mode . . . . . . . 53
Safety Output Safety Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Commanding Safety and Test Outputs. . . . . . . . . . . . . . . . . . . . . . 57
Safety Output Alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Determining Safety Output Alarm Type . . . . . . . . . . . . . . . . . . . . 59
Safety Output Alarm Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Test Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Standard Output Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Test Output Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Power Supply Output. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Test Output Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Test Output Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Test Output Ready . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Chapter 4
Safety Output Assembly Safe Stop Function Tags. . . . . . . . . . . . . . . . 65 Safety Input Assembly Safe Stop Function Tags. . . . . . . . . . . . . . . . . . 66 Safety Function in Response to Connection Event . . . . . . . . . . . . . . . 68 Connection Loss Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Connection Idle Action. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Safe Torque Off Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Safe Torque Off Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Safe Torque Off Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Safe Torque Off Delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Safe Torque Off Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Safe Torque Off Stopping Action and Source . . . . . . . . . . . . . . . . 74
4 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
|
|
Table of Contents |
|
STO Safety Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . . 75 |
|
Safe Stop 1 Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . . 76 |
|
Safe Stop 1 Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 76 |
|
Safe Stop 1 Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 77 |
|
Safe Stop 1 Stopping Action and Source . . . . . . . . . . . . . . . . . |
. . . . 78 |
|
Timed Safe Stop 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 78 |
|
Monitored Safe Stop 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 79 |
|
SS1 Safety Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 82 |
|
Safe Brake Control Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 83 |
|
Safe Brake Control Activation . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 83 |
|
Safe Brake Control Reset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 84 |
|
Safe Brake Control Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 85 |
|
Safe Brake Control Operation . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 86 |
|
SBC Safety Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 91 |
|
Connecting a Safety Brake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 91 |
|
Chapter 5 |
|
Controller-based Safety |
Drive Safety Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 93 |
Functions |
Before Adding the Safety Instructions . . . . . . . . . . . . . . . . . . . |
. . . . 95 |
|
Drive Safety Instruction Example . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 95 |
|
Pass-through Data Using Standard I/O Mode . . . . . . . . . . . . . . . |
. . . . 96 |
|
Pass-through Data Using Integrated Motion . . . . . . . . . . . . . . . . |
. . . . 98 |
|
SFX Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . . 99 |
|
SFX Instruction Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. . . 100 |
Standard I/O Mode –
Configuration, Programming,
and Operation
Chapter 6
Safety Assembly Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Configure Safety in the Logix Designer Application . . . . . . . . . . . . . 104
Add a PowerFlex 755 Drive/755T Drive Product to the
Safety Controller Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Add an Option Module to a PowerFlex 755 Drive. . . . . . . . . . . 106 Using a 20-750-ENETR Dual-port EtherNet/IP Option Module with a 20-750-S4 Option Module. . . . . . . . . . . . . . . . . . 124 Safety Configuration Signature and Ownership . . . . . . . . . . . . . 126 Reset Ownership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Safety Tags in Standard Routines . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Standard Tags in Safety Routines (tag mapping). . . . . . . . . . . . . 126 Standard and Safety Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Safety Function Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Pass-through Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Falling Edge Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Understand Integrated Safety Drive Replacement. . . . . . . . . . . . . . . 130 Replace an Integrated Safety Drive in a GuardLogix System . . 130 PowerFlex 755 IO Mode Using SFX, SS1, and SLS Instructions. . 133 Studio 5000 Logix Designer Application Configuration . . . . . 133
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
5 |
Table of Contents
Integrated Motion –
Configuration, Programming,
and Operation
Programming Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Chapter 7
Safety Assembly Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Configure the Integrated Safety Function Option Module in
the Logix Designer Application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Add a PowerFlex 755 Drive to the Controller Project. . . . . . . . 144 Understand Module Properties Categories . . . . . . . . . . . . . . . . . . . . . 145 Module Properties>General Category. . . . . . . . . . . . . . . . . . . . . . 146 Module Properties>Connection and Safety Categories . . . . . . 149 Motion Safety>Actions Category . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Motion Safety>Primary Feedback Category . . . . . . . . . . . . . . . . 153 Motion Safety>Secondary Feedback Category . . . . . . . . . . . . . . 155 Motion Safety>Scaling Category. . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Motion Safety>Discrepancy Checking Category . . . . . . . . . . . . 157 Motion Safety>STO Category. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Motion Safety>SS1 Category. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 Motion Safety>SBC Category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 Motion Safety>Input Configuration Category. . . . . . . . . . . . . . 161 Motion Safety>Test Output Category . . . . . . . . . . . . . . . . . . . . . 162 Motion Safety>Output Configuration Category . . . . . . . . . . . . 163 Axis Properties > Actions > Safety Actions . . . . . . . . . . . . . . . . . 164
Module Properties > Associated Axes Motor and Load
Feedback Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Generate the Safety Network Number (SNN) . . . . . . . . . . . . . . 166 Safety Configuration Signature and Ownership . . . . . . . . . . . . . 167 Reset Ownership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Replace an Integrated Safety Drive in a GuardLogix System . . 168 Motion Direct Commands in Motion Control Systems. . . . . . 169
Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Motion and Safety Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Motion Safety Instances. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Safety Function Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Safe Monitor Network Communication. . . . . . . . . . . . . . . . . . . . 179 Explicit Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Application Example - Using SFX, SS1, and SLS Instructions
with Integrated Motion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Studio 5000 Logix Designer Application Configuration . . . . . 185 Programming Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
|
Chapter 8 |
|
Monitoring and |
Monitor Status Using Status Indicators . . . . . . . . . . . . . . . . . . . . . . . . |
195 |
Troubleshooting |
Module Status Indicator (DS1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
196 |
|
Network Status Indicator (DS2). . . . . . . . . . . . . . . . . . . . . . . . . . . |
196 |
|
Motion Output Status Indicator (DS3) . . . . . . . . . . . . . . . . . . . . |
197 |
|
Safety Fault Indicator (DS4). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
197 |
6 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
Table of Contents
Safety Function Validation
Checklist
Safety Fault Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Understand Safety Faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Safety Supervisor State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Safety Core Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Safe Torque Off Fault. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Safe Stop 1 Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Safe Brake Control Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 SS2, SOS, SLS, SLP, and SDI Faults. . . . . . . . . . . . . . . . . . . . . . . . 202 Safety Feedback Faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Safety Fault Reset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Monitor Status with a HIM or Software . . . . . . . . . . . . . . . . . . . . . . . 205
Fault Messages on HIM, Drive Module, and Connected Components Workbench Software . . . . . . . . . . . . . . . . . . . . . . . . 205
Monitor Status Using Integrated Motion . . . . . . . . . . . . . . . . . . . . . . 210 Out-of-Box State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Recognize Out-of-Box State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Restore the Drive to Out-of-Box State. . . . . . . . . . . . . . . . . . . . . . 214
Appendix A
Safe Stop 1 (SS1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Safe Stop 2 (SS2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Safe Operating Speed (SOS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Safely-limited Speed (SLS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Safely-limited Position (SLP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Safe Direction (SDI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Safe Feedback Interface (SFX). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Safe Brake Control (SBC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
|
Appendix B |
|
Specifications, Certifications, |
Integrated Safety Functions Option Module Specifications . . . . . . |
233 |
and CE Conformity |
Electrical Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
234 |
|
Environmental Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
235 |
|
Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
236 |
|
CE Conformity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
236 |
|
Machinery Directive (2006/42/EC) . . . . . . . . . . . . . . . . . . . . . . . |
236 |
|
EMC Directive (2014/30/EU) . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
237 |
|
Waste Electrical and Electronic Equipment (WEEE) . . . . . . . . |
237 |
|
Appendix C |
|
Safety I/O Assemblies and |
Safety Assembly Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
240 |
Safety Attributes |
Safety Feedback Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
245 |
|
Safe Stop Function Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
247 |
|
Explicit Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
251 |
|
Example: Read SS1 Fault Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
251 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
7 |
Table of Contents |
|
|
|
Appendix D |
|
Parameter Data |
Parameters and Settings in a Linear List . . . . . . . . . . . . . . . . . . . . . . . . |
253 |
|
Device Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
253 |
|
Host Config Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
259 |
|
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
263 |
8 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
Preface
Summary of Changes
This user manual explains how to use PowerFlex® 755 drives and PowerFlex 755T drive products in safety applications up to safety integrity level 3 (SIL 3), performance level e (PLe), category 4.
This user manual is intended for people that design, install, configure, or troubleshoot safety applications that use the Integrated Safety Functions option module (catalog number 20-750-S4).
This user manual covers using network safety with drives in Standard I/O mode and Integrated Motion mode. All chapters apply to both modes with the following exceptions:
•Chapter 6 is specific to Standard I/O mode and can be skipped if you are using Integrated Motion mode.
•Chapter 7 is specific to Integrated Motion mode and can be skipped if you are using Standard I/O mode.
IMPORTANT You must have a basic understanding of electrical circuitry and familiarity with PowerFlex 755 drives and PowerFlex 755T drive products. You must also be trained and experienced in the creation, operation, and maintenance of safety systems.
This user manual describes the safety requirements, including probability of dangerous failure on demand (PFD) and average frequency of a dangerous failure (PFH) per hour values and application verification information (see PFD and PFH Data on page 21).
This publication contains new and updated information as indicated in the following table.
Topic |
Page |
|
|
|
|
Added attention statement regarding ambient temperature to Environmental Specifications in |
235 |
|
Appendix B. |
||
|
||
|
|
Conventions
This manual identifies parameter names by listing the parameter number first, followed by the name in brackets. For example, P7 [STO Fault Type].
Both the Host Config and Device Config parameters exist for this option module and the parameter numbers overlap. For example, there is a P3 [Device Config Identity State] and a P3 [Host Config Safety State]. Host Config parameters reside on the Host (that is, the drive) side of the option module and are specific to supporting the option module. Device Config parameters reside on the option module itself.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
9 |
Preface
Terminology
Table 1 - Abbreviations and Definitions
Throughout this manual, the PowerFlex 755/755T Integrated Safety Functions option module is also referred to as the Integrated Safety Functions option module.
Throughout this manual, the PowerFlex 755TL low harmonic drives, PowerFlex 755TR regenerative drives, PowerFlex 755TM drive systems are also referred to as PowerFlex 755T drive products.
The PowerFlex 755 drive is used for the examples in this manual.
Table 1 defines the abbreviations that are used in this manual.
Abbreviation |
Full Term |
Definition |
||
|
|
|
||
Timed SS1 |
Timed Safe Stop 1 |
Timed SS1 and Safe Stop 1 time-controlled (SS1-t) are synonymous. Both mean a safe stop where the |
||
|
|
motor speed is decelerated to zero and once the maximum stop-time elapses, torque is removed from |
||
|
|
|||
SS1-t |
Safe Stop 1 time-controlled |
the motor. |
||
• Safe Stop 1 time-controlled (SS1-t) is according to EN/IEC 61800-5-2. |
||||
|
|
|||
|
|
|
||
Monitored SS1 |
Monitored Safe Stop 1 |
Monitored SS1 and Safe Stop 1 ramp-monitored (SS1-r) are synonymous. Both mean a safe stop where |
||
|
|
the motor speed is reduced to standstill within deceleration limits and once standstill speed is reached |
||
|
|
|||
SS1-r |
Safe Stop 1 ramp-monitored |
or the maximum stop-time elapses, torque is removed from the motor. |
||
• Safe Stop 1 ramp-monitored (SS1-r) is according to EN/IEC 61800-5-2. |
||||
|
|
|||
|
|
|
||
1oo2 |
One out of Two |
Refers to the behavioral design of a dual-channel safety system. |
||
|
|
|
||
|
|
Classification of the safety-related parts of a control system in respect of their resistance to faults and |
||
CAT |
Category |
their subsequent behavior in the fault condition, and which is achieved by the structural arrangement |
||
|
|
of the parts, fault detection, and/or by their reliability (source ISO 13849-1). |
||
|
|
|
||
CL |
Claim Limit |
The maximum SIL rating that can be claimed for a safety-related electrical control system subsystem in |
||
relation to architectural constraints and systematic safety integrity (source IEC 62061). |
||||
|
|
|||
|
|
|
||
CIP™ |
Common Industrial Protocol |
Protocol for industrial automation applications and trademarked by ODVA, Inc. |
||
|
|
|
||
EN |
European Norm |
The official European Standard. |
||
|
|
|
||
ESD |
Emergency Shutdown Systems |
A system, usually independent of the main control system, which is designed to shut down an |
||
operating system safely. |
||||
|
|
|||
|
|
|
||
|
|
An assembly of devices and/or components working together for protective tripping or presence- |
||
|
|
sensing purposes and includes as a minimum: |
||
ESPE |
Electro-sensitive Protective Equipment |
• |
A sensing device. |
|
|
|
• |
Controlling/monitoring devices. |
|
|
|
• Output signal-switching devices (OSSD). |
||
|
|
|
||
HFT |
Hardware Fault Tolerance |
The HFT equals n, where n+1 faults could cause the loss of the safety function. An HFT of one means |
||
that two faults are required before safety is lost. |
||||
|
|
|||
|
|
|
||
HIM |
Human Interface Module |
A module that is used to configure a device. |
||
|
|
|
||
IEC |
International Electrotechnical Commission |
The International Electrotechnical Commission (IEC) is the organization that prepares and publishes |
||
international standards for all electrical, electronic, and related technologies. |
||||
|
|
|||
|
|
|
||
IGBT |
Insulated Gate Bi-polar Transistors |
Typical power switch that is used to control main current. |
||
|
|
|
||
ISO |
International Organization for Standardization |
The International Organization for Standardization is an international standard-setting body that is |
||
composed of representatives from various national standards organizations. |
||||
|
|
|||
|
|
|
||
NC |
Normally Closed |
A set of contacts on a relay or switch that are closed when the relay is de-energized or the switch is de- |
||
activated. |
||||
|
|
|||
|
|
|
||
NO |
Normally Open |
A set of contacts on a relay or switch that are open when the relay is de-energized or the switch is de- |
||
activated. |
||||
|
|
|||
|
|
|
||
|
|
The component of the electro-sensitive protective equipment (ESPE) connected to the control system |
||
OSSD |
Output Signal Switching Device |
of a machine. When the sensing device is actuated during normal operation, the device responds by |
||
|
|
going to the OFF-state. |
||
|
|
|
|
|
10 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
Preface
Table 1 - Abbreviations and Definitions (Continued)
Abbreviation |
Full Term |
Definition |
|
|
|
|
|
PELV |
Protective Extra Low Voltage |
An electrical system where the voltage cannot exceed ELV under normal conditions, and under single- |
|
fault conditions, except earth faults in other circuits. |
|||
|
|
||
|
|
|
|
|
|
System for control, protection, or monitoring based on one or more programmable electronic devices, |
|
PES |
Programmable Electronic Systems |
including all elements of the system such as power supplies, sensors and other input devices, data |
|
|
|
highways and other communication paths, and actuators and other output devices. |
|
|
|
|
|
PFD |
Probability of Dangerous Failure on Demand |
The average probability of a system to fail to perform its design function on demand. |
|
|
|
|
|
PFH |
Average Frequency of a Dangerous Failure per hour |
The average frequency of a system to have a dangerous failure occur per hour. |
|
|
|
|
|
PL |
Performance Level |
EN ISO 13849-1 safety rating |
|
|
|
|
|
PM |
Permanent Magnet |
In permanent magnet (PM) motors, magnets mounted on or embedded in the rotor, couple with the |
|
current-induced internal magnetic fields of the motor generated by electrical input to the stator. |
|||
|
|
||
|
|
|
|
SBC |
Safe Brake Control |
Controls safety discrete outputs that actuate a brake. Sets timing between brake and Safe Torque Off. |
|
|
|
|
|
SDI |
Safe Direction |
Monitors position of a motor to detect movement of more than a defined amount in the unintended |
|
direction. |
|||
|
|
||
|
|
|
|
SELV |
Safety Extra Low Voltage Circuit |
A secondary circuit that is designed and protected so that, under normal and single fault conditions, its |
|
voltages do not exceed a safe value. |
|||
|
|
||
|
|
|
|
|
|
A GuardLogix® Drive Safety interface that scales feedback position into position units and feedback |
|
SFX |
Safety Feedback Interface |
velocity into position units per time unit. Feedback Position and Velocity are read from a Safety Input |
|
|
|
assembly to an integrated Safe Speed drive. |
|
|
|
|
|
SIL |
Safety Integrity Level |
A measure of a products ability to lower the risk that a dangerous failure could occur. |
|
|
|
|
|
SLP |
Safely-Limited Position |
Prevents the motor shaft from exceeding one or more specified position limits. |
|
|
|
|
|
SLS |
Safely-Limited Speed |
Monitors the speed of a motor and sets the SLS Limit output if the speed exceeds the Active Limit input |
|
value. |
|||
|
|
||
|
|
|
|
SNN |
Safety Network Number |
Uniquely identifies a network across all networks in the safety system. You are responsible for |
|
assigning a unique number for each safety network or safety subnet within a system. |
|||
|
|
||
|
|
|
|
SOS |
Safe Operating Stop |
Prevents the motor from deviating more than a defined amount from the stopped position. The drive |
|
provides energy to the motor to enable it to resist external forces. |
|||
|
|
||
|
|
|
|
|
|
Safe stop where the motor speed is decelerated to zero and once the maximum stop-time elapses, |
|
SS1-r |
Safe Stop 1 Ramp Monitored |
torque is removed from the motor. |
|
Safe Stop 1 ramp-monitored (SS1-r) is according to EN/IEC 61800-5-2 and is Stop Category 1, as |
|||
|
|
||
|
|
defined in IEC 60204 |
|
|
|
|
|
|
|
Safe stop where the motor speed is reduced to standstill within deceleration limits and once standstill |
|
SS1-t |
Safe Stop 1 Time Controlled |
speed is reached or the maximum stop-time elapses, torque is removed from the motor. |
|
Safe Stop 1 time-controlled (SS1-t) is according to EN/IEC 61800-5-2 and is Stop Category 1, as defined |
|||
|
|
||
|
|
in IEC 60204 |
|
|
|
|
|
|
|
The Safe Torque Off (STO) function is used to help prevent unexpected motor rotation during an |
|
STO |
Safe Torque Off |
emergency while the drive remains connected to the power supply. When STO is activated, the torque |
|
power cannot reach the drive, which stops and prevents any motor shaft rotation. |
|||
|
|
||
|
|
Safe Torque Off (STO) is according to EN/IEC 61800-5-2 and is Stop Category 0 as defined in IEC 60204. |
|
|
|
|
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
11 |
Preface
Product Firmware and
Release Notes
Product firmware and release notes are available online within the Product Compatibility and Download Center.
1.From the Search bar on http://www.ab.com, choose Compatibility and Downloads.
2.Search for your product.
3.On the search results page, find the firmware and release notes for your product. If no firmware/release notes are available, the module is still shipping with its original firmware release.
IMPORTANT Both standard connections to the drive and safety connections to the card must be closed to update the Integrated Safety Functions Module.
See the Product Compatibility and Download Center Quick Start Guide, publication PCDC-QS001, for instructions on how to find and download firmware and release notes.
12 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
Preface
Additional Resources
These documents contain additional information concerning related Rockwell Automation products.
Resource |
Description |
|
|
|
|
PowerFlex 750-Series Products with TotalFORCE® Control Installation |
Provides the basic steps to install PowerFlex 755TL low harmonic drives, PowerFlex 755TR |
|
Instructions, publication 750-IN100 |
regenerative drives, and PowerFlex 755TM drive systems. |
|
|
|
|
PowerFlex 755TM IP00 Open Type Kits Installation Instructions, publication |
Provides instructions to install IP00 Open Type kits in user-supplied enclosures. |
|
750-IN101 |
|
|
|
|
|
PowerFlex Drives with TotalFORCE Control Programming Manual, publication |
Provides detailed information on: |
|
750-PM100 |
• I/O, control, and feedback options |
|
|
• Parameters and programming |
|
|
• Faults, alarms, and troubleshooting |
|
|
|
|
PowerFlex 750-Series AC Drive Installation Instructions, publication 750-IN001 |
Provides information on how to install the Safe Torque Off option module in PowerFlex 750- |
|
Series drive. |
||
|
||
|
|
|
PowerFlex 750-Series AC Drives Programming Manual, publication 750-PM001 |
Provides information on how to mount, install, and configure PowerFlex 750-Series drives. |
|
|
|
|
Enhanced PowerFlex 7-Class Human Interface Module (HIM) User Manual, |
Provides information for using the 20-HIM-A6 HIM module to configure PowerFlex 750-Series |
|
publication 20HIM-UM001 |
drives and the Safe Torque Off option module. |
|
|
|
|
GuardLogix Safety Application Instruction Set Reference Manual, |
Provides information that describes the GuardLogix Safety Application Instruction set. |
|
publication 1756-RM095 |
||
|
||
|
|
|
EtherNet/IP Network Devices User Manual, publication ENET-UM006 |
Describes how to configure and use EtherNet/IP devices to communicate on the EtherNet/IP |
|
network. |
||
|
||
|
|
|
EtherNet/IP Device Level Ring Application Technique, publication ENET-AT007 |
Describes Device Level Ring (DLR) topologies, configuration considerations, and diagnostic |
|
methods. |
||
|
||
|
|
|
System Design for Control of Electrical Noise Reference Manual, |
Information, examples, and techniques that are designed to minimize system failures caused by |
|
publication GMC-RM001 |
electrical noise. |
|
|
|
|
Safety Guidelines for the Application, Installation, and Maintenance of |
Describes important differences between solid-state control and hardwired electromechanical |
|
Solid-State Control, publication SGI-1.1 |
devices. |
|
|
|
|
GuardLogix 5580 and Compact GuardLogix 5380 Controller Systems Safety |
Provides information on safety application requirements for GuardLogix 5580 and Compact |
|
Reference, publication 1756-RM012 |
GuardLogix 5380 controllers in Studio 5000 Logix Designer® applications. |
|
|
|
|
ControlLogix® 5580 Controllers User Manual, publication 1756-UM543 |
Provides information on how to use standard ControlLogix 5580 controllers. |
|
|
|
|
CompactLogix™ 5380 Controllers User Manual, publication 5069-UM001 |
Provides information on how to use standard CompactLogix 5380 controllers. |
|
|
|
|
Product Certification s website, rok.auto/certifications |
Provides declarations of conformity, certificates, and other certification details. |
|
|
|
You can view or download publications at rok.auto/literature.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
13 |
Preface
Notes:
14 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
Chapter 1
What Is the Integrated
Safety Functions Option
Module?
About Safe Stop and Safe Monitor Functions
This chapter provides information on safety considerations for the Integrated Safety Functions option module.
Topic |
Page |
|
|
What Is the Integrated Safety Functions Option Module? |
15 |
|
|
Compatible Drives |
17 |
|
|
Compatible Safety Controllers |
17 |
|
|
Safety Application Requirements |
18 |
|
|
Safety Certification |
18 |
|
|
Proof Tests |
20 |
|
|
PFD and PFH Definitions |
20 |
|
|
PFD and PFH Data |
21 |
|
|
Safety Reaction Time |
23 |
|
|
Contact Information If Safety Option Failure Occurs |
28 |
|
|
The Integrated Safety Functions option module provides a networked STO (Safe Torque Off ) function via an EtherNet/IP® network. It is also equipped for Integrated (drive-based) Timed SS1, Monitored SS1, and Safe Brake Control, which operate in the drive and are activated through the network safety connection.
The Integrated Safety Functions option module also supports select controllerbased EN/IEC 61800-5-2 safety functions operating in GuardLogix® 5580 or Compact GuardLogix 5380 controllers that use the EtherNet/IP network to communicate with the safety I/O. This support includes the new safety function instructions that are provided on the Drive Safety tab in the Logix Designer application.
The Integrated Safety Functions option module includes these features:
•Is designed to remove power from the gate firing circuits of the drive output power devices (IGBTs). With the power removed, the drive output power devices cannot turn on to generate AC power to the motor.
•Can be used in combination with other safety devices to satisfy the requirements of IEC 61508, EN/IEC 61800-5-2 SIL 3, ISO 13849-1 PLe, and Category 4 for Safe Torque Off (STO).
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
15 |
Chapter 1
Whenusedforsafespeedmonitoring,thedrivecanbeconfiguredforsingle-or dual-feedback to achieve the following safety ratings:
•Single-feedback configurations using safety encoders provide up to SIL 2 PLd capability.
•Dual-feedback configurations provide up to SIL 3 PLe capability when discrepancy testing (either velocity, position, or both) is enabled. Safety functions that use position check have up to SIL 2 PLd capability. In this configuration, at least one encoder (the primary encoder) has to comply with SIL 2, PL d. The second encoder can be a standard encoder.
IMPORTANT The Integrated Safety Functions option module is suitable for performing mechanical work on the drive train or affected area of a machine only. It does not provide electrical safety.
ATTENTION: The Integrated Safety Functions option module does not remove dangerous voltages at the drive output. Before performing any electrical work on the drive or motor, turn off the input power to the drive, and follow all safety procedures. See Remove Power to the System on page 30 for more information.
IMPORTANT Multiple safety option modules in a single drive are not allowed. Only one of these safety option modules can be installed in the drive:
•PowerFlex® 750-Series Safe Torque Off option module (catalog number 20-750-S)
•PowerFlex 750-Series Safe Speed Monitor option module (catalog number 20-750-S1)
•PowerFlex 755/755T Integrated Safety - Safe Torque Off option module (catalog number 20-750-S3)
•PowerFlex 755/755T Integrated Safety Functions option module (catalog number 20-750-S4)
ATTENTION: If two output IGBTs fail in the drive, when the Integrated Safety Functions option module has controlled the drive outputs to the Off state, the drive can provide stored energy for up to 180° of rotation in a 2-pole motor before torque production in the motor stops.
ATTENTION: The STO function only disables motor torque. A mechanical force on the motor shaft such as suspended loads, back pressure in a pump or fan, can cause motor rotation.
IMPORTANT Do not use this option module as a control for starting or stopping the drive.
16 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
Chapter 1
Compatible Drives
Compatible Safety
Controllers
The Integrated Safety Functions option module is compatible with these PowerFlex 755 drives and PowerFlex 755T drive products:
•PowerFlex 755 drives (v14.xxx or later)
•PowerFlex 755TL low harmonic drives (v4.xxx or later)
•PowerFlex 755TR regenerative drives (v4.xxx or later)
•PowerFlex 755TM common bus inverters (v4.xxx or later)
IMPORTANT The Integrated Safety Functions option module is not compatible with PowerFlex 753 drives.
Integrated safety functions are controlled via the embedded Ethernet port on the drive only. The 20-750-ENETR can still be used, but only in conjunction with the embedded Ethernet port by being in Tap mode (safety messages must go through the embedded Ethernet port on drive).
The following Add-on Profiles (AOPs) are needed depending on the drive and type of control used:
Product |
Standard Control |
Integrated Motion |
|
|
|
755 |
v5.03 (or later) |
v19.00.00 (or later) |
|
|
|
755T |
v5.04 (or later) |
Future |
|
|
|
A GuardLogix safety controller is required for use of the Integrated Safety Functions option module that is used in Network mode control (‘Safety’, ‘Standard and Safety’, or ‘Motion and Safety’ used for Connection type). The following GuardLogix controllers can be used:
|
Studio 5000 Logix Designer® Application Version / |
Controller |
Controller Firmware |
|
|
GuardLogix 5580 safety controller |
v31 (or later) |
|
|
Compact GuardLogix 5380 safety controller |
v31 (or later) |
|
|
IMPORTANT The Integrated Safety Functions option module is not supported by GuardLogix 5570 and GuardLogix 5370 (or earlier) safety controllers.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
17 |
Chapter 1
Safety Application
Requirements
Safety Certification
Create, record, and verify the safety signature as part of the required safety application development process. The safety controller creates the safety signature, which consists of an identification number, date, and time that uniquely identifies the safety portion of a project. This signature covers all safety logic, data, and safety I/O configuration.
If the Drive Safety Function Instructions are used in the safety application, special consideration must be taken to verify the application. See Appendix A for guidance on verifying the drive safety function instructions.
For safety system requirements, including information on the safety network number (SNN), verifying the safety signature, and functional verification tests, see the GuardLogix Controller Systems Safety Reference Manuals that are listed in the Additional Resources on page 13.
The TÜV Rheinland group has approved the PowerFlex 755 Integrated Safety Functions option module (catalog number 20-750-S4) as suitable for use in integrated safety applications:
•Up to and including SIL 3 according to IEC 61508
•Up to and including SIL CL3 according to IEC 62061
•Up to and including PLe (Category 4) according to ISO 13849-1.
In these applications, the removal of motion-producing power is considered to be the safe state. All components in the system must be chosen and applied correctly to achieve the desired level of operator safeguarding.
Important Safety Considerations
You are responsible for these system safety considerations:
•Set-up, safety rating, and validation of any sensors or actuators connected to the system.
•Complete a system-level risk assessment, and reassess the system anytime a change is made.
•Certification of the system to the desired safety Performance Level/ Safety Integrity Level.
•Project management and proof testing.
•Programming the application software and the safety option module configurations in accordance with the information in this manual.
•Access control to the system.
•Analyze all configuration settings and choose the proper setting to achieve the required safety rating.
•Validation and documentation of all safety functions used.
IMPORTANT Only qualified, authorized personnel that are trained and experienced in functional safety can plan, implement, and apply functional safety systems.
18 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
Chapter 1
ATTENTION: When designing your system, consider how various personnel can interact with the machine. Additional safeguard devices can be required for your specific application.
ATTENTION: In circumstances where external influences (for example, suspended loads that can fall) are present, additional measures (for example, mechanical brakes) can be necessary to help prevent any hazard.
Stop Category Definitions
There are three stop categories:
•Stop Category 0 is achieved with immediate removal of power to the machine actuators, which results in an uncontrolled coast-to-stop. An STO accomplishes a Stop Category 0 stop.
•Stop Category 1 is achieved with a Ramp to Stop followed with immediate removal of power to the machine actuators. This can be achieved using SS1 with STO.
•Stop Category 2 is a controlled stop with power left available to the machine actuators. This can be achieved using controller-based SS2 / SOS with the PowerFlex 755T drive products.
IMPORTANT When designing the machine application, consider timing and distance for a coast-to-stop (Stop Category 0 or Safe Torque Off). For more information on stop categories and Safe Torque Off, see EN 60204-1 and EN/IEC 61800-5-2.
Performance Level and Safety Integrity Level (SIL) CL3
For safety-related control systems, Performance Level (PL), according to
ISO 13849-1, and SIL levels, according to IEC 61508 and EN 62061, include a rating of the ability of the system to perform its safety functions. All safetyrelated components of the control system must be included in both a risk assessment and the determination of the achieved levels.
See the ISO 13849-1, IEC 61508, and EN 62061 standards for complete information on requirements for PL and SIL determination.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
19 |
Chapter 1
Proof Tests
IEC 61508 requires you to perform various proof tests of the equipment that is used in the system. Proof tests are performed at user-defined times. For example, proof tests can be once a year, once every 15 years, or whatever time frame is appropriate.
The Integrated Safety Functions option module has a useful life of 20 years, no proof test required. Other components of the system, such as safety I/O devices, sensors, and actuators can have different useful life times.
IMPORTANT The time frame for the proof test interval depends on the specific application.
PFD and PFH Definitions
Safety-related systems can be classified as operating in either a Low Demand mode, or in a High Demand/Continuous mode.
•Low Demand mode: where the frequency of demands for operation, made on a safety-related system, is no greater than one per year, or no greater than twice the proof-test frequency.
•High Demand/Continuous mode: where the frequency of demands for operation, made on a safety-related system, is greater than once per year, or greater than twice the proof test interval.
The SIL value for a low-demand safety-related system is directly related to order-of-magnitude ranges of its average probability of failure to perform its safety function on demand or, simply, average probability of dangerous failure on demand (PFDavg).
The SIL value for a High Demand/Continuous mode safety-related system is directly related to the average frequency of a dangerous failure (PFH) per hour.
20 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
Chapter 1
PFD and PFH Data
These PFDavg and PFH calculations are based on the equations from Part 6 of EN 61508 and show worst-case values.
Safety Data for Safe Torque Off
Table 2, and Table 3 provide PFDavg and PFH values for the Safe Torque Off (STO) or Timed Safe Stop 1 functions. These values apply when Safety Instance is set to ‘Safe Stop Only – No Feedback’.
Table 2 - PFD and PFH for PowerFlex 755 Drives STO and Timed SS1
Attribute |
Frames 1…7 |
Frame 8 |
Frame 9 |
Frame 10 |
|
|
|
|
|
PFD(average) |
4.08E-5 |
1.81E-4 |
2.73E-4 |
3.64E-4 |
PFH (1/hour) |
4.77E-10 |
2.09E-9 |
3.14E-9 |
4.19E-9 |
|
|
|
|
|
SIL |
3 |
3 |
3 |
3 |
|
|
|
|
|
PL |
e |
e |
e |
e |
|
|
|
|
|
Category |
4 |
4 |
4 |
4 |
|
|
|
|
|
MTTFD years |
204.1 (high) |
93.3 (high) |
69.1 (high) |
55.1 (high) |
DCavg% |
97.5% (medium) |
97.4% (high) |
97.5% (high) |
97.5% (high) |
HFT |
1 (1oo2) |
1 (1oo2) |
1 (1oo2) |
1 (1oo2) |
|
|
|
|
|
Mission time |
20 years |
20 years |
20 years |
20 years |
|
|
|
|
|
Table 3 - PFD and PFH for PowerFlex 755T Drive Products STO and Timed SS1
Attribute |
Frames 5 and 6 |
Frames 7 and 8 |
Frame 9 |
Frame 10 |
Frame 11 |
Frame 12 |
Frame 13 |
Frame 14 |
Frame 15 |
|
|
|
|
|
|
|
|
|
|
PFD(average) |
4.49E-5 |
2.56E-4 |
2.82E-4 |
3.08E-4 |
3.34E-4 |
3.60E-4 |
3.86E-4 |
4.38E-4 |
4.90E-4 |
PFH (1/hour) |
5.24E-10 |
2.96E-9 |
3.25E-9 |
3.55E-9 |
3.85E-9 |
4.15E-9 |
4.45E-9 |
5.05E-9 |
5.65E-9 |
|
|
|
|
|
|
|
|
|
|
SIL |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
|
|
|
|
|
|
|
|
|
|
PL |
e |
e |
e |
e |
e |
e |
e |
e |
e |
|
|
|
|
|
|
|
|
|
|
Category |
4 |
4 |
4 |
4 |
4 |
4 |
4 |
4 |
4 |
|
|
|
|
|
|
|
|
|
|
MTTFD years |
187.5 (high) |
102.6 (high) |
87.8 (high) |
76.7 (high) |
68.1 (high) |
61.2 (high) |
55.6 (high) |
47 (high) |
40.7 (high) |
DCavg% |
97.4% (high) |
97.0% (high) |
97.0% (high) |
97.0% (high) |
97.0% (high) |
96.9% (high) |
96.9% (high) |
96.9% (high) |
96.9% (high) |
HFT |
1 (1oo2) |
1 (1oo2) |
1 (1oo2) |
1 (1oo2) |
1 (1oo2) |
1 (1oo2) |
1 (1oo2) |
1 (1oo2) |
1 (1oo2) |
|
|
|
|
|
|
|
|
|
|
Mission time |
20 years |
20 years |
20 years |
20 years |
20 years |
20 years |
20 years |
20 years |
20 years |
|
|
|
|
|
|
|
|
|
|
Safety Data for Safe Feedback
Table 4 provides PFDavg and PFH values to add to the PFD avg and PFH values from Table 2 or Table 3 for safety functions that require safe encoder feedback. Safety functions using safe encoder feedback include drive based Monitored Safe Stop 1 and controller-based safety functions SS1, SS2, SOS, SLS, SLP, and SDI.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
21 |
Chapter 1
In general, the PFDavg and PFH values from Table 4 should be added to
Table 2 and Table 3 when Safety Instance is set to ‘Single Feedback
Monitoring’ or ‘Dual Feedback Monitoring’.
When using Dual Feedback Monitoring, enable Discrepancy Testing.
Table 4 - PFD or PFH to Add When Safety Functions Use Safety Feedback
Attribute |
Single Encoder Feedback |
Dual Encoder |
Feedback(1) |
||
PFD (average) |
6.75E-4 |
4.32E-5 |
|
|
|
PFH (1/hour) |
7.70E-9 |
4.93E-10 |
|
|
|
SIL |
2 |
3 |
|
|
|
PL |
d |
e |
|
|
|
Category |
3 |
4 |
|
|
|
MTTFD years |
1446.7 (high) |
1427.7 (high) |
|
|
|
DCavg% |
90.0% (medium) |
99.0% (high) |
|
|
|
HFT |
1 (1oo2) |
1 (1oo2) |
|
|
|
Mission time |
20 years |
20 years |
|
|
|
(1) Dual channel values apply with discrepancy checking configured.
The safe motion-monitoring option can be configured for single feedback or dual feedback to achieve the following safety rating:
•Single feedback configurations provide up to SIL 2 PLd capability.
•Dual-feedback configurations provide up to SIL 3 PLe capability when discrepancy testing (either velocity, position, or both) is enabled.
IMPORTANT Achievable safety rating depends on each system component. For Safe Feedback, the safety rating of the selected encoders may limit the safety rating of the system.
Safety Data for Safety I/O
The Integrated Safety Functions option module provides four safety inputs and two safety outputs. Table 5 provides PFDavg and PFH values to add for safety functions that use this Safety I/O.
Table 5 - PFD or PFH to Add When Safety Functions Use Safety I/O
Attribute |
Single Channel Safety I/O |
Dual Channel Safety I/O |
|
|
|
PFD (average) |
3.35E-4 |
2.49E-4 |
|
|
|
PFH (1/hour) |
3.83E-9 |
2.84E-9 |
|
|
|
SIL |
2 |
3 |
|
|
|
PL |
d |
e |
|
|
|
Category |
2 |
4 |
|
|
|
MTTFD years |
1064.9 (high) |
1998.0 (high) |
|
|
|
22 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
Chapter 1
Table 5 - PFD or PFH to Add When Safety Functions Use Safety I/O
Attribute |
Single Channel Safety I/O |
Dual Channel Safety I/O |
|
|
|
|
|
DCavg% |
96.4% (high) |
94.2% (high) |
|
|
|
|
|
HFT |
0 (1oo1) |
1 (1oo2) |
|
|
|
|
|
Mission time |
20 years |
20 years |
|
|
|
|
|
|
|
||
IMPORTANT |
Single channel safety I/O is only certified for use in functional safety |
||
|
applications with process safety times greater than or equal to 300 ms; or |
||
|
applications with demand rates less than or equal to 1 demand per 30 |
||
|
seconds. |
|
|
|
|
||
|
|
||
IMPORTANT |
If single channel safety I/O is used, pulse testing (external pulse testing for |
||
|
safety inputs, pulse testing for safety outputs) MUST be enabled on the |
||
|
single channel I/O points. |
|
|
|
|
|
|
Spurious Trip Rate
Safety Reaction Time
Table 6 shows the Spurious Trip Rate (STR) and Mean Time to Failure Spurious (MTTF Spurious) values for the Integrated Safety Functions option module, calculated according to the ISA TR-84 method.
Table 6 - STR and MTTF Spurious Values
Attribute |
Value |
|
|
Spurious Trip Rate |
3.00E-6 |
|
|
MTTFSpurious (years) |
37.0 |
|
|
The safety reaction time is the length of time from a safety-related event as input to the system until the system is in the safe state. Table 7 shows the safety reaction time from an input signal condition that triggers a safe stop, to the initiation of the configured Stop Type. For details on how to calculate system reaction times with GuardLogix controllers, see the GuardLogix Controller Systems Safety Reference Manuals listed in the Additional Resources on page 13.
Table 7 - Safety Reaction Time
Drive Family |
Network STO Reaction Time, Max |
|
|
|
|
PowerFlex 755 drives (firmware revision 13 or later), Frames 1…10 |
|
|
PowerFlex 755TL low harmonic drives, Frames 7…15 |
15 ms |
|
PowerFlex 755TR regenerative drives, Frames 7…15 |
||
|
||
PowerFlex 755TM, Frames 8…15 |
|
|
|
|
|
PowerFlex 755TL low harmonic drives, Frames 5 and 6 |
26 ms |
|
|
|
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
23 |
Chapter 1
IMPORTANT An input signal condition that is present for less than the reaction time may not result in the safety function being performed. Repeated requests of the safety function for less than the reaction time can result in a spurious detection of a fault.
IMPORTANT In network STO Mode, the safety reaction time in Table 7 does not include the connection reaction time limit. See the GuardLogix Controller Systems Safety Reference Manuals, listed in the Additional Resources on page 13, for
details.
Considerations for Safety Ratings
Encoder Considerations
The achievable safety rating of an application that uses the Integrated Safety Functions option module that is installed in PowerFlex 755/755T drive products is dependent upon many factors, drive options, and the type of motor.
A safety rating up to and including SIL 3, PLe, and Category 4 can be achieved.
This section describes factors to consider when using an encoder with the Integrated Safety Functions option module.
Supported Encoders
Table 8 describes the supported encoder types based on the feedback card that is used and the physical terminal it is connected to. You must determine the safety capability of a system based on the supported encoder types and the encoder diagnostics that are described in this chapter.
Table 8 - Supported Feedback Cards and Encoder Types
Feedback Option |
Primary Channel |
|
Secondary Channel |
|
Achievable System Safety Rating |
|
|
|
|
|
|||
Encoder Type |
Encoder Motion Axis |
Encoder Type |
Encoder Motion Axis |
|||
|
|
|||||
|
|
|
|
|
|
|
20-750-UFB-1 |
Sine/Cosine |
|
Not Used |
Not Used |
SIL 2/PL d with safety rated encoder |
|
|
|
|
|
|||
Motor Feedback |
Digital AqB |
Load Feedback |
SIL 3/PL e |
|||
|
|
|||||
|
|
|
|
|
||
20-750-DENC-1 |
Digital AqB |
Not Used |
Not Used |
SIL 2/PL d with safety rated encoder |
||
|
||||||
|
|
|
|
|||
|
Digital AqB |
Load Feedback |
SIL 3/PL e |
|||
|
|
|
||||
|
|
|
|
|
|
Encoder Diagnostics
Depending on the encoder type, the module performs several diagnostic tests on encoder signals to detect faults in the encoder. You must determine if the combination of the selected encoder device type and the diagnostics that are described in this chapter will satisfy the required safety function rating. The use of non-safety, standard encoders my require further analysis and assessment activties.
24 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
Chapter 1
General Encoder Diagnostics
The following encoder diagnostics are available for all supported encoder types:
•EncoderVoltageMonitoring(Configurable)
•Maximum Speed Limit (Configurable)
•Maximum Acceleration (Configurable)
•MaximumEncoderInputFrequency
•Dual Encoder Velocity and/or Position Discrepancy (Configurable)
IMPORTANT These diagnostics are based on the capability of the chosen encoder and its rated limits. They do not provide a safety-rated safety function.
Encoder Voltage Monitoring
The voltage monitoring diagnostic samples the voltage being supplied to the encoder to confirm that its level is within its configured range. If the voltage monitoring diagnostic detects a voltage that is out of the configured range, the safety feedback instance reports a voltage monitoring fault and causes the module to enter the safe state.
The following voltage monitoring ranges are supported:
•4.75…5.25V (Recommended setting when using 20-750-DENC-1 card with the 12V Jumper in the ‘Storage’ position)
•11.4…12.6V (Recommended setting when using 20-750-DENC-1 card with the 12V Jumper in the ‘Enabled’ position)
•7…12V (Recommended setting when using 20-750-UFB-1)
If a voltage range is not specified, then the voltage monitoring diagnostic is not performed.
Maximum Speed Limit
The maximum speed limit diagnostic detects when encoder speed is above a configured limit. If the speed of the encoder is greater than the configured max speed limit, an exceeded max speed fault is reported by the safety feedback instance. This causes the module to enter the safe state.
If the encoder being used specifies a maximum speed, set the maximum speed limit configuration value to this value or lower. If the limit is configured as 0, this diagnostic is not be performed.
Maximum Acceleration
The maximum acceleration diagnostic detects when encoder acceleration is above a configured limit. If the module detects that the acceleration of the
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
25 |
Chapter 1
encoder has exceeded the configured limit, a max acceleration fault is reported by the safety feedback instance. This causes the module to enter the safe state.
If the encoder being used specifies a maximum acceleration, set the maximum acceleration configuration value to this value or lower. If the maximum acceleration is configured as 0, this diagnostic is not performed.
Maximum Encoder Input Frequency
The maximum encoder input frequency diagnostic confirms that the safety feedback signals do not exceed the maximum frequency (encoder counts per second) supported by the module. This value is not configurable and has fixed values based on the encoder type. Table 9 shows the maximum frequency based on encoder type.
Table 9 - Maximum Frequency of Encoder Types
Encoder Type |
Max Frequency |
|
|
Digital AqB |
250 kHz |
|
|
Sine/Cosine and Hiperface |
163.8 kHz |
|
|
If the module detects an encoder input frequency above the limit, a max frequency fault is reported in the safety feedback instance and the module enters the safe state.
Dual Encoder Velocity and/or Position Discrepancy
The dual encoder velocity and position discrepancy diagnostic confirms that the position and/or velocity of the two encoders match within a configurable tolerance. The position and velocity discrepancy limits are individually configurable; setting the limit to a value of 0 disables the diagnostic check. If the module detects that the difference between the position and/or velocity of both encoders is outside the configured limit, a discrepancy error is reported in both safety feedback instances and the module enters the safe state. This diagnostic is only available when the module is configured in a dual feedback configuration.
26 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
Chapter 1
Digital AqB Diagnostics
The following diagnostic functions are implemented in the module to perform diagnostics for digital AqB encoders:
•Inverse Signal Monitoring
•Quadrature Error Detection
Inverse Signal Monitoring
The inverse signal monitoring diagnostic confirms that the inverted and noninverted signals are always at opposite signal levels. If the module detects a noninverted signal, a feedback signal lost fault is reported in the safety feedback instance and the module enters the safe state. This diagnostic is meant to detect encoder wiring errors, such as open, short, or short to power.
Quadrature Error Detection
The quadrature error detection confirms that the A and B signals from the digital AqB encoder do not change simultaneously. This diagnostic is also referred to as an exclusive bit check. If the module detects a quadrature error, the safety feedback instance reports a quadrature error fault and enters the safe state. A simultaneous change indicates an error with the encoder wiring or an issue with the encoder itself.
Sine/Cosine and Hiperface Diagnostics
The following diagnostic functions are implemented in the module to perform diagnostics on Hiperface and or Sine/Cosine type encoders:
•Sin2 + Cos2 Vector Length Monitoring
•Zero-crossing Detection
•Signal Offset (Sine/Cosine Encoder Type Only)
Sin 2+ Cos2 Vector Length Monitoring
The Sin2 + Cos2 vector length monitoring diagnostic confirms that the sine and cosine signals are sinusoidal and 90° apart. This diagnostic is meant to detect errors in the wiring of the encoder and problems within the encoder itself. Table 10 describes the tolerance of encoder output signal amplitudes for this diagnostic. Table 11 describes the phase tolerance of the diagnostic. If the module detects that the amplitude and or phase of the signals is out of range,
the safety feedback instance reports a Sin2 + Cos2 fault and the module is placed in the safe state.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
27 |
Chapter 1
Table 10 - Sin2 + Cos2 Vector Length Monitoring Amplitude Range
Max |
Min |
|
|
1.3 Vpp |
0.7 Vpp |
|
|
Table 11 - Sin2 + Cos2 Vector Length Monitoring Phase Tolerance
Tolerance
90º ± 20º
Zero-crossing Detection
The zero-crossing detection diagnostic confirms that the sine and cosine signals have a similar offset to ground. The offset tripping point is ± 50 mV. If the offset of the sine and cosine signals is greater than the tripping point, the zero-crossing detection diagnostic will fail, a signal lost fault is reported in the safety feedback instance, and the module is placed in the safe state.
Signal Offset
The signal offset diagnostic confirms that a Sine/Cosine type encoder is producing the proper offset on the Sine and Cosine signals. This diagnostic is not performed when the feedback device type is configured as Hiperface.
Table 12 describes the offset tolerance of the diagnostic. If the offset of the Sine and or Cosine signals are outside the tolerance range, the safety feedback instance reports a signal offset fault and the module is placed in the safe state.
Table 12 - Signal Offset Tolerance
Max |
Min |
|
|
3.0V |
2.0V |
|
|
Contact Information If Safety
Option Failure Occurs
If you experience a failure with any safety-certified device, contact your local Allen-Bradley distributor to request any of these actions:
•Return the device to Rockwell Automation so the failure is appropriately logged for the catalog number that is affected and a record is made of the failure.
•Request a failure analysis (if necessary) to determine the probable cause of the failure.
In case of malfunction or damage, no attempts at repair should be made. The option module should be returned to the manufacturer for repair. Do not dismantle the option module.
For more information about replacing drives, see Replace an Integrated Safety Drive in a GuardLogix System on page 130 and Replace an Integrated Safety Drive in a GuardLogix System on page 168.
28 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
Chapter 2
Installation
This chapter provides installation, jumper settings, and wiring for the Integrated Safety Functions option module.
Topic |
Page |
|
|
Remove Power to the System |
30 |
|
|
Access the Control Pod |
30 |
|
|
Set the SAFETY and Hardware ENABLE Jumpers |
31 |
|
|
Install the Safety Option Module |
32 |
|
|
I/O Wiring |
34 |
|
|
Cabling |
34 |
|
|
ATTENTION: The following information is a guide for proper installation. Rockwell Automation does not assume responsibility for the compliance or the noncompliance to any code, national, local, or otherwise for the proper installation of this equipment. A hazard of personal injury and/or equipment damage exists if codes are ignored during installation.
IMPORTANT Installation must be in accordance with the instructions in this user manual and the installation instructions for your drive.
Only qualified, authorized personnel that are trained and experienced in functional safety can plan, implement, and apply functional safety systems.
IMPORTANT During installation and maintenance, check your drive firmware release notes for known anomalies and verify that there are not safety-related anomalies.
The Integrated Safety Functions option module is intended to be part of the safety-related control system. Before installation, perform a risk assessment that compares the Integrated Safety Functions option module specifications and all foreseeable operational and environmental characteristics of the control system.
A safety analysis is required to determine how often to test the safety function for proper operation during the life of the machine.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
29 |
Chapter 2
Remove Power to the System Before performing any work on the drive, remove all power to the system.
ATTENTION:
•Electrical Shock Hazard. Verify that all sources of AC and DC power are deenergized and locked out or tagged out in accordance with the requirements of ANSI/NFPA 70E, Part II.
•To avoid an electric shock hazard, verify that the voltage on the bus capacitors has discharged before performing any work on the drive. Measure the DC bus voltage at the +DC and -DC terminals or test points. The voltage must be zero. For the location of the terminal block and test point sockets, see the manual for your drive:
•PowerFlex® 750-Series AC Drive Installation Instructions, publication 750-IN001
•PowerFlex 750-Series Products with TotalFORCE® Control Installation Instructions, publication 750-IN100
•PowerFlex 755TM IP00 Open Type Kits Installation Instructions, publication 750-IN101
•In Safe Torque Off mode, hazardous voltages may still be present at the motor. To avoid an electric shock hazard, disconnect power to the motor and verify that the voltage is zero before performing any work on the motor.
Access the Control Pod
The option module is installed in the drive control pod. Different drives have different ways to access the control pod. To access the control pod, follow these steps.
1.Remove the door or cover.
2.Loosen the retention screw on the HIM cradle.
3.Lift the cradle until the latch engages.
See the installation instructions for your drive for more information.
Figure 1 - Access the Control Pod.
Drives in Cabinet Enclosures
Panel-mounted Drives
30 |
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 |
Loading...