How it Works
Rockwell Automation
Loading...
PowerFlex 755T
User Manual
270 pgs7.8 Mb0
User Manual
102 pgs3.82 Mb0
Table of contents
Loading...

Rockwell Automation PowerFlex 755, PowerFlex 755T User Manual

PowerFlex 755/755T Integrated Safety Functions Option Module
Catalog Number 20-750-S4
User Manual
Original Instructions
PowerFlex 755/755T Integrated Safety Functions Option Module User Manual
Read this document and the documents listed in the additional resources section about installation, configuration, and operation of this equipment before you install, configure, operate, or maintain this product. Users are required to familiarize themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws, and standards.
Activities including installation, adjustments, putting into service, use, assembly, disassembly, and maintenance are required to be carried out by suitably trained personnel in accordance with applicable code of practice.
If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be impaired.
In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the use or application of this equipment.
The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or liability for actual use based on the examples and diagrams.
No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or software described in this manual.
Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation, Inc., is prohibited.
Throughout this manual, when necessary, we use notes to make you aware of safety considerations.
WA RN I NG : Identifies information about practices or circumstances that can cause an explosion in a hazardous environment, which may lead to personal injury or death, property damage, or economic loss.
ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property damage, or economic loss. Attentions help you identify a hazard, avoid a hazard, and recognize the consequence.
IMPORTANT Identifies information that is critical for successful application and understanding of the product.
Labels may also be on or inside the equipment to provide specific precautions.
SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous voltage may be present.
BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may reach dangerous temperatures.
ARC FLASH HAZARD: Labels may be on or inside the equipment, for example, a motor control center, to alert people to potential Arc Flash. Arc Flash will cause severe injury or death. Wear proper Personal Protective Equipment (PPE). Follow ALL Regulatory requirements for safe work practices and for Personal Protective Equipment (PPE).
2 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
About Safe Stop and Safe Monitor Functions

Table of Contents

Preface
Summary of Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Terminology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Product Firmware and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Chapter 1
What Is the Integrated Safety Functions Option Module? . . . . . . . . 15
Compatible Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Compatible Safety Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Safety Application Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Safety Certification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Important Safety Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Stop Category Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Performance Level and Safety Integrity Level (SIL) CL3 . . . . . . 19
Proof Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
PFD and PFH Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
PFD and PFH Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Safety Data for Safe Torque Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Safety Data for Safe Feedback. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Safety Data for Safety I/O. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Spurious Trip Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Safety Reaction Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Considerations for Safety Ratings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Encoder Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Supported Encoders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Encoder Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
General Encoder Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Digital AqB Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Sine/Cosine and Hiperface Diagnostics . . . . . . . . . . . . . . . . . . . . . 27
Contact Information If Safety Option Failure Occurs . . . . . . . . . . . . 28
Chapter 2
Installation Remove Power to the System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Access the Control Pod . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Set the SAFETY and Hardware ENABLE Jumpers . . . . . . . . . . . . . . 31
Install the Safety Option Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Feedback Installation Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
I/O Wiring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Power Supply Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 3
Table of Contents
Chapter 3
Safety I/O Safety Inputs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Safety Input Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Latch Input Error Operation in Single Channel Mode. . . . . . . . 39
Single Channel Safety Input Status Data . . . . . . . . . . . . . . . . . . . . 40
Dual-channel Safety Input Operation . . . . . . . . . . . . . . . . . . . . . . . 41
Equivalent Dual-channel Input Operation. . . . . . . . . . . . . . . . . . . 42
Complementary Dual-channel Input Operation . . . . . . . . . . . . . 43
Standard Input Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Safety Input Safety Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Safety Input Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Determining Safety Input Alarm Type . . . . . . . . . . . . . . . . . . . . . . 48
Safety Input Alarm Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Input Delays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Use With PowerFlex 750-Series ATEX Option Module . . . . . . 50
Safety Outputs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Safety Output with Test Pulse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Single-channel Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Latch Output Error Operation in Single Channel Mode . . . . . . 52
Dual-channel Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Latch Output Error Operation in Dual Channel Mode . . . . . . . 53
Safety Output Safety Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Commanding Safety and Test Outputs. . . . . . . . . . . . . . . . . . . . . . 57
Safety Output Alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Determining Safety Output Alarm Type . . . . . . . . . . . . . . . . . . . . 59
Safety Output Alarm Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Test Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Standard Output Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Test Output Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Power Supply Output. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Test Output Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Test Output Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Test Output Ready . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Chapter 4
Drive-based Safe Stop Functions
4 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Safety Output Assembly Safe Stop Function Tags. . . . . . . . . . . . . . . . 65
Safety Input Assembly Safe Stop Function Tags. . . . . . . . . . . . . . . . . . 66
Safety Function in Response to Connection Event . . . . . . . . . . . . . . . 68
Connection Loss Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Connection Idle Action. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Safe Torque Off Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Safe Torque Off Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Safe Torque Off Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Safe Torque Off Delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Safe Torque Off Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Safe Torque Off Stopping Action and Source . . . . . . . . . . . . . . . . 74
Controller-based Safety Functions
Table of Contents
STO Safety Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Safe Stop 1 Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Safe Stop 1 Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Safe Stop 1 Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Safe Stop 1 Stopping Action and Source . . . . . . . . . . . . . . . . . . . . . 78
Timed Safe Stop 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Monitored Safe Stop 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
SS1 Safety Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Safe Brake Control Function. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Safe Brake Control Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Safe Brake Control Reset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Safe Brake Control Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Safe Brake Control Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
SBC Safety Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Connecting a Safety Brake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Chapter 5
Drive Safety Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Before Adding the Safety Instructions . . . . . . . . . . . . . . . . . . . . . . . 95
Drive Safety Instruction Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Pass-through Data Using Standard I/O Mode . . . . . . . . . . . . . . . . . . . 96
Pass-through Data Using Integrated Motion . . . . . . . . . . . . . . . . . . . . 98
SFX Instruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
SFX Instruction Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Standard I/O Mode – Configuration, Programming, and Operation
Chapter 6
Safety Assembly Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Configure Safety in the Logix Designer Application. . . . . . . . . . . . . 104
Add a PowerFlex 755 Drive/755T Drive Product to the
Safety Controller Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Add an Option Module to a PowerFlex 755 Drive. . . . . . . . . . . 106
Using a 20-750-ENETR Dual-port EtherNet/IP Option
Module with a 20-750-S4 Option Module. . . . . . . . . . . . . . . . . . 124
Safety Configuration Signature and Ownership . . . . . . . . . . . . . 126
Reset Ownership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Safety Tags in Standard Routines . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Standard Tags in Safety Routines (tag mapping). . . . . . . . . . . . . 126
Standard and Safety Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Safety Function Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Pass-through Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Falling Edge Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Understand Integrated Safety Drive Replacement. . . . . . . . . . . . . . . 130
Replace an Integrated Safety Drive in a GuardLogix System . . 130 PowerFlex 755 IO Mode Using SFX, SS1, and SLS Instructions. . 133
Studio 5000 Logix Designer Application Configuration . . . . . 133
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 5
Table of Contents
Integrated Motion – Configuration, Programming, and Operation
Programming Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Chapter 7
Safety Assembly Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Configure the Integrated Safety Function Option Module in
the Logix Designer Application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Add a PowerFlex 755 Drive to the Controller Project. . . . . . . . 144
Understand Module Properties Categories . . . . . . . . . . . . . . . . . . . . . 145
Module Properties>General Category. . . . . . . . . . . . . . . . . . . . . . 146
Module Properties>Connection and Safety Categories . . . . . . 149
Motion Safety>Actions Category . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Motion Safety>Primary Feedback Category . . . . . . . . . . . . . . . . 153
Motion Safety>Secondary Feedback Category . . . . . . . . . . . . . . 155
Motion Safety>Scaling Category. . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Motion Safety>Discrepancy Checking Category . . . . . . . . . . . . 157
Motion Safety>STO Category. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Motion Safety>SS1 Category. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Motion Safety>SBC Category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Motion Safety>Input Configuration Category. . . . . . . . . . . . . . 161
Motion Safety>Test Output Category . . . . . . . . . . . . . . . . . . . . . 162
Motion Safety>Output Configuration Category . . . . . . . . . . . . 163
Axis Properties > Actions > Safety Actions . . . . . . . . . . . . . . . . . 164
Module Properties > Associated Axes Motor and Load
Feedback Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Generate the Safety Network Number (SNN) . . . . . . . . . . . . . . 166
Safety Configuration Signature and Ownership . . . . . . . . . . . . . 167
Reset Ownership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Replace an Integrated Safety Drive in a GuardLogix System . . 168
Motion Direct Commands in Motion Control Systems. . . . . . 169
Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Motion and Safety Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Motion Safety Instances. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Safety Function Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Safe Monitor Network Communication. . . . . . . . . . . . . . . . . . . . 179
Explicit Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Application Example - Using SFX, SS1, and SLS Instructions
with Integrated Motion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Studio 5000 Logix Designer Application Configuration . . . . . 185
Programming Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Chapter 8
Monitoring and Troubleshooting
6 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Monitor Status Using Status Indicators . . . . . . . . . . . . . . . . . . . . . . . . 195
Module Status Indicator (DS1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Network Status Indicator (DS2). . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Motion Output Status Indicator (DS3) . . . . . . . . . . . . . . . . . . . . 197
Safety Fault Indicator (DS4). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Table of Contents
Safety Fault Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Understand Safety Faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Safety Supervisor State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Safety Core Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Safe Torque Off Fault. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Safe Stop 1 Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Safe Brake Control Fault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
SS2, SOS, SLS, SLP, and SDI Faults. . . . . . . . . . . . . . . . . . . . . . . . 202
Safety Feedback Faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Safety Fault Reset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Monitor Status with a HIM or Software . . . . . . . . . . . . . . . . . . . . . . . 205
Fault Messages on HIM, Drive Module, and Connected
Components Workbench Software . . . . . . . . . . . . . . . . . . . . . . . . 205
Monitor Status Using Integrated Motion . . . . . . . . . . . . . . . . . . . . . . 210
Out-of-Box State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Recognize Out-of-Box State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Restore the Drive to Out-of-Box State. . . . . . . . . . . . . . . . . . . . . . 214
Safety Function Validation Checklist
Specifications, Certifications, and CE Conformity
Appendix A
Safe Stop 1 (SS1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Safe Stop 2 (SS2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Safe Operating Speed (SOS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Safely-limited Speed (SLS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Safely-limited Position (SLP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Safe Direction (SDI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Safe Feedback Interface (SFX). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Safe Brake Control (SBC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Appendix B
Integrated Safety Functions Option Module Specifications . . . . . . 233
Electrical Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Environmental Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
CE Conformity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Machinery Directive (2006/42/EC) . . . . . . . . . . . . . . . . . . . . . . . 236
EMC Directive (2014/30/EU) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Waste Electrical and Electronic Equipment (WEEE) . . . . . . . . 237
Safety I/O Assemblies and Safety Attributes
Appendix C
Safety Assembly Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Safety Feedback Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Safe Stop Function Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Explicit Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Example: Read SS1 Fault Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 7
Table of Contents
Appendix D
Parameter Data Parameters and Settings in a Linear List . . . . . . . . . . . . . . . . . . . . . . . . 253
Device Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Host Config Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Index
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
8 Rockwell Automation Publication 750-UM005C-EN-P - February 2021

Preface

This user manual explains how to use PowerFlex® 755 drives and PowerFlex 755T drive products in safety applications up to safety integrity level 3 (SIL 3), performance level e (PLe), category 4.
This user manual is intended for people that design, install, configure, or troubleshoot safety applications that use the Integrated Safety Functions option module (catalog number 20-750-S4).
This user manual covers using network safety with drives in Standard I/O mode and Integrated Motion mode. All chapters apply to both modes with the following exceptions:
Chapter 6 using Integrated Motion mode.
Chapter 7 you are using Standard I/O mode.
IMPORTANT You must have a basic understanding of electrical circuitry and familiarity
is specific to Standard I/O mode and can be skipped if you are
is specific to Integrated Motion mode and can be skipped if
with PowerFlex 755 drives and PowerFlex 755T drive products. You must also be trained and experienced in the creation, operation, and maintenance of safety systems.

Summary of Changes

Conventions

This user manual describes the safety requirements, including probability of dangerous failure on demand (PFD) and average frequency of a dangerous failure (PFH) per hour values and application verification information (see
PFD and PFH Data on page 21
This publication contains new and updated information as indicated in the following table.
Top ic Pa ge
Added attention statement regarding ambient temperature to Environmental Specifications in Appendix B.
This manual identifies parameter names by listing the parameter number first, followed by the name in brackets. For example, P7 [STO Fault Type].
Both the Host Config and Device Config parameters exist for this option module and the parameter numbers overlap. For example, there is a P3 [Device Config Identity State] and a P3 [Host Config Safety State]. Host Config parameters reside on the Host (that is, the drive) side of the option module and are specific to supporting the option module. Device Config parameters reside on the option module itself.
).
235
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 9
Preface
Throughout this manual, the PowerFlex 755/755T Integrated Safety Functions option module is also referred to as the Integrated Safety Functions option module.
Throughout this manual, the PowerFlex 755TL low harmonic drives, PowerFlex 755TR regenerative drives, PowerFlex 755TM drive systems are also referred to as PowerFlex 755T drive products.
The PowerFlex 755 drive is used for the examples in this manual.

Terminology

Ta b l e 1 defines the abbreviations that are used in this manual.
Table 1 - Abbreviations and Definitions
Abbreviation Full Term Definition
Timed SS1 Timed Safe Stop 1 Timed SS1 and Safe Stop 1 time-controlled (SS1-t) are synonymous. Both mean a safe stop where the
SS1-t Safe Stop 1 time-controlled
Monitored SS1 Monitored Safe Stop 1 Monitored SS1 and Safe Stop 1 ramp-monitored (SS1-r) are synonymous. Both mean a safe stop where
SS1-r Safe Stop 1 ramp-monitored
1oo2 One out of Two Refers to the behavioral design of a dual-channel safety system.
CAT Category
CL Claim Limit
CIP™ Common Industrial Protocol Protocol for industrial automation applications and trademarked by ODVA, Inc.
EN European Norm The offi cial European Standard.
ESD Emergency Shutdown Systems
ESPE Electro-sensitive Protective Equipment
HFT Hardware Fault Tolerance
HIM Human Interface Module A module that is used to configure a device.
IEC International Electrotechnical Commission
IGBT Insulated Gate Bi-polar Transistors Typical power switch that is used to control main c urrent.
ISO International Organization for Standardization
NC Normally Closed
NO Normally Open
OSSD Output Signal Switching Device
motor speed is decelerated to zero and o nce the maximum stop-time elapses, torque is removed from the motor.
• Safe Stop 1 time-controlled (SS1-t) is according to EN/IEC 61800-5-2.
the motor speed is reduced to standstill within deceleration limits and once standstill speed is reached or the maximum stop-time elapses, torque is removed from the motor.
• Safe Stop 1 ramp-monitored (SS1-r) is according to EN/IEC 61800-5-2.
Classification of the safety-related parts of a control system in respect of their resistance to faults and their subsequent behavior in the fault condition, and which is achieved by the structural arrangement of the parts, fault detection, and/or by their reliability (source ISO 13849-1).
The maximum SIL rating that can be claimed for a safety-related electrical control system subsystem in relation to architectural constraints and systematic safety integrity (source IEC 62061).
A system, usually independent of the main control system, which is designed to shut down an operating system safely.
An assembly of devices and/or components working together for protective tripping or presence­sensing purposes and includes as a minimum:
•A sensing device.
• Controlling/monitoring devices.
• Output signal-switching devices (OSSD).
The HFT equals n, where n+1 faults could cause the loss of the safet y function. An HFT of one means that two faults are required before safety is lost.
The International Electrotechnical Commission (IEC) is the organization that prepares and publishes international standards for all electrical, electronic, and related technologies.
The International Organization for Standardization is an international standard-setting body that is composed of representatives from various national standards organizations.
A set of contacts on a relay or switch that are closed when the relay is de-energized or the switch is de­activated.
A set of contacts on a relay or switch that are open when the relay is de-energized or the switch is de­activated.
The component of the electro-sensitive protective equipment (ESPE) connected to the control system of a machine. When the sensing device is actuated during normal operation, the device responds by going to the OFF-state.
10 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Preface
Table 1 - Abbreviations and Definitions (Continued)
Abbreviation Full Term Definition
PELV Protective Extra Low Voltage
PES Programmable Electronic Systems
PFD Probability of Dangerous Failure on Demand The average probability of a system to fail to perform its design function on demand.
PFH Average Frequency of a Dangerous Failure per hour The average frequency of a system to have a dangerous failure occur per hour.
PL Performance Level EN ISO 13849-1 safety rating
PM Permanent Magnet
SBC Safe Brake Control Controls safety discrete outputs that actuate a brake. Sets timing between brake and Safe Torque Off.
SDI Safe Direction
SELV Safety Ex tra Low Voltage Circuit
SFX Safety Feedback Interface
SIL Safety Integrity Level A measure of a products ability to lower the risk that a dangerous failure could occur.
SLP Safely-Limited Position Prevents the motor shaft from exceeding one or more specified position limits.
SLS Safely-Limited Speed
SNN Safety Network Number
SOS Safe Operating Stop
SS1-r Safe Stop 1 Ramp Monitored
SS1-t Safe Stop 1 Time Controlled
STO Safe Torque Off
An electrical system where the voltage cannot exceed ELV under normal conditions, and under single­fault conditions, except earth faults in other circuits.
System for control, protection, or monitoring based on one or more programmable electronic devices, including all elements of the system such as power supplies, sensors and other input devices, data highways and other communication paths, and actuators and other output devices.
In permanent magnet (PM) motors, magnets mounted on or embedded in the rotor, couple with the current-induced internal magnetic fields of the motor generated by electrical input to the stator.
Monitors position of a motor to detec t movement of more than a defined amount in the unintended direction.
A secondary circuit that is designed and protected so that, under normal and single fault conditions, its voltages do not exceed a safe value.
A GuardLogix® Drive Safety interface that scales feedback position into position units and feedback velocity into position units per time unit. Feedback Position and Velocity are read from a Safety Input assembly to an integrated Safe Speed drive.
Monitors the speed of a motor and sets the SLS Limit output if the speed exceeds the Active Limit input value.
Uniquely identifies a network across all networks in the safety system. You are responsible for assigning a unique number for each safety network or safety subnet within a system.
Prevents the motor from deviating more than a defined amount from the stopped position. The drive provides energy to the motor to enable it to resist ex ternal forces.
Safe stop where the motor speed is decelerated to zero and once the maximum stop-time elapses, torque is removed from the motor.
Safe Stop 1 ramp-monitored (SS1-r) is according to EN/IEC 61800-5-2 and is Stop Category 1, as defined in IEC 60204
Safe stop where the motor speed is reduced to standstill within deceleration limits and once standstill speed is reached or the maximum stop-time elapses, torque is removed from the motor.
Safe Stop 1 time-controlled (SS1-t) is according to EN/IEC 61800-5-2 and is Stop Category 1, as defined in IEC 60204
The Safe Torque Off (STO) function is used to help prevent unexpected motor rotation during an emergency while the drive remains connected to the power supply. When STO is activated, the torque power cannot reach the drive, which stops and prevents any motor shaft rotation.
Safe Torque Off (STO) is according to EN/IEC 61800-5-2 and is Stop Category 0 as defined in IEC 60204.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 11
Preface

Product Firmware and Release Notes

Product firmware and release notes are available online within the Product Compatibility and Download Center.
1. From the Search bar on http://www.ab.com Downloads.
2. Search for your product.
, choose Compatibility and
3. On the search results page, find the firmware and release notes for your product. If no firmware/release notes are available, the module is still shipping with its original firmware release.
IMPORTANT Both standard connections to the drive and safety connections to the card
must be closed to update the Integrated Safety Functions Module.
See the Product Compatibility and Download Center Quick Start Guide, publication PCDC-QS001 firmware and release notes.
, for instructions on how to find and download
12 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Preface

Additional Resources

These documents contain additional information concerning related Rockwell Automation products.
Resource Description
PowerFlex 750-Series Products with TotalFORCE® Control Installation Instructions, publication 750-IN100
PowerFlex 755TM IP00 Open Type Kits Installation Instructions, publication
750-IN101
PowerFlex Drives with TotalFORCE Control Programming Manual, publication
750-PM100
PowerFlex 750-Series AC Drive Installation Instructions, publication
PowerFlex 750-Series AC Drives Programming Manual, publication
Enhanced PowerFlex 7-Class Human Interface Module (HIM) User Manual, publication
GuardLogix Safety Application Instruction Set Reference Manual, publication 1756-RM095
EtherNet/IP Network Devices User Manual, publication ENET-UM006
EtherNet/IP Device Level Ring Application Technique, publication ENET-AT007
System Design for Control of Electrical Noise Reference Manual, publication GMC-RM001
Safety Guidelines for the Application, Installation, and Maintenance of Solid-State Control, publication
GuardLogix 5580 and Compact GuardLogix 5380 Controller Systems Safety Reference, publication 1756-RM012
ControlLogix® 5580 Controllers User Manual, publication 1756-UM543 Provides information on how to use standard ControlLogix 5580 controllers.
CompactLogix™ 5380 Controllers User Manual, publication 5069-UM001 Provides information on how to use standard CompactLogix 5380 controllers.
Product Certification s website, ro k.auto/cer tificatio ns
20HIM-UM001
750-IN001
750-PM001
SGI-1.1
Provides the basic steps to install PowerFlex 755TL low harmonic drives, PowerFlex 755TR regenerative drives, and PowerFlex 755TM drive systems.
Provides instructions to install IP00 Open Type kits in user-supplied enclosures.
Provides detailed information on:
• I/O, control, and feedback options
• Parameters and programming
• Faults, alarms, and troubleshooting
Provides information on how to install the Safe Torque Off option module in PowerFlex 750­Series drive.
Provides information on how to mount, install, and configure PowerFlex 750-Series drives.
Provides information for using the 20-HIM-A6 HIM module to configure PowerFlex 750-Series drives and the Safe Torque Off option module.
Provides information that describes the GuardLogix Safety Application Instruction set.
Describes how to configure and use EtherNet/IP devices to communicate on the EtherNet/IP network.
Describes Device Level Ring (DLR) topologies, configuration considerations, and diagnostic methods.
Information, examples, and techniques that are designed to minimize system failures caused by electrical noise.
Describes important differences between solid-state control and hard wired electro mechanical devices.
Provides information on safety application requirements for GuardLogix 5580 and Compact GuardLogix 5380 controllers in Studio 5000 Logix Designer® applications.
Provides declarations of conformity, certificates, and other certification details.
You can view or download publications at rok.auto/literature
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 13
.
Preface
Notes:
14 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Chapter 1
About Safe Stop and Safe Monitor Functions
This chapter provides information on safety considerations for the Integrated Safety Functions option module.
Top ic Pa ge
What Is the Integrated Safety Functions Option Module? 15
Compatible D rives 17
Compatible Safety Controllers 17
Safety Application Requirements 18
Safety Certification 18
Proof Tests 20
PFD and PFH Definitions 20
PFD and PFH Data 21
Safety Reaction Time 23
Contact Information If Safety Option Failure Occurs 28

What Is the Integrated Safety Functions Option Module?

The Integrated Safety Functions option module provides a networked STO (Safe Torque Off) function via an EtherNet/IP® network. It is also equipped for Integrated (drive-based) Timed SS1, Monitored SS1, and Safe Brake Control, which operate in the drive and are activated through the network safety connection.
The Integrated Safety Functions option module also supports select controller­based EN/IEC 61800-5-2 safety functions operating in GuardLogix® 5580 or Compact GuardLogix 5380 controllers that use the EtherNet/IP network to communicate with the safety I/O. This support includes the new safety function instructions that are provided on the Drive Safety tab in the Logix Designer application.
The Integrated Safety Functions option module includes these features:
• Is designed to remove power from the gate firing circuits of the drive output power devices (IGBTs). With the power removed, the drive output power devices cannot turn on to generate AC power to the motor.
• Can be used in combination with other safety devices to satisfy the requirements of IEC 61508, EN/IEC 61800-5-2 SIL 3, ISO 13849-1 PLe, and Category 4 for Safe Torque Off (STO).
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 15
Chapter 1
When used for safe speed monitoring, the drive can be configured for single- or dual-feedback to achieve the following safety ratings:
• Single-feedback configurations using safety encoders provide up to SIL 2 PLd capability.
• Dual-feedback configurations provide up to SIL 3 PLe capability when discrepancy testing (either velocity, position, or both) is enabled. Safety functions that use position check have up to SIL 2 PLd capability. In this configuration, at least one encoder (the primary encoder) has to comply with SIL 2, PL d. The second encoder can be a standard encoder.
IMPORTANT The Integrated Safety Functions option module is suitable for performing
mechanical work on the drive train or affected area of a machine only. It does not provide electrical safety.
ATT EN TI ON : The Integrated Safety Functions option module does not remove dangerous voltages at the drive output. Before performing any electrical work on the drive or motor, turn off the input power to the drive, and follow all safety procedures. See Remove Power to the System
on
page 30 for more information.
IMPORTANT Multiple safety option modules in a single drive are not allowed. Only one of
these safety option modules can be installed in the drive:
• PowerFlex® 750-Series Safe Torque Off option module (catalog number 20-750-S)
• PowerFlex 750-Series Safe Speed Monitor option module (catalog number 20-750-S1)
• PowerFlex 755/755T Integrated Safety - Safe Torque Off option module (catalog number 20-750-S3)
• PowerFlex 755/755T Integrated Safety Functions option module (catalog number 20-750-S4)
ATTENTION: If two output IGBTs fail in the drive, when the Integrated Safety Functions option module has controlled the drive outputs to the Off state, the drive can provide stored energy for up to 180° of rotation in a 2-pole motor before torque production in the motor stops.
ATT EN TI ON : The STO function only disables motor torque. A mechanical force on the motor shaft such as suspended loads, back pressure in a pump or fan, can cause motor rotation.
IMPORTANT Do not use this option module as a control for starting or stopping the drive.
16 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Chapter 1

Compatible Drives

The Integrated Safety Functions option module is compatible with these PowerFlex 755 drives and PowerFlex 755T drive products:
• PowerFlex 755 drives (v14.xxx or later)
• PowerFlex 755TL low harmonic drives (v4.xxx or later)
• PowerFlex 755TR regenerative drives (v4.xxx or later)
• PowerFlex 755TM common bus inverters (v4.xxx or later)
IMPORTANT The Integrated Safety Functions option module is not compatible with
PowerFlex 753 drives.
Integrated safety functions are controlled via the embedded Ethernet port on the drive only. The 20-750-ENETR can still be used, but only in conjunction with the embedded Ethernet port by being in Tap mode (safety messages must go through the embedded Ethernet port on drive).
The following Add-on Profiles (AOPs) are needed depending on the drive and type of control used:
Product Standard Control Integrated Motion
755 v5.03 (or later) v19.00.00 (or later)
755T v5.04 (or later) Future

Compatible Safety Controllers

A GuardLogix safety controller is required for use of the Integrated Safety Functions option module that is used in Network mode control (‘Safety’, ‘Standard and Safety’, or ‘Motion and Safety’ used for Connection type). The following GuardLogix controllers can be used:
Controller
GuardLogix 5580 safety controller v31 (or later)
Compact GuardLogix 5380 safety controller v31 (or later)
Studio 5000 Logix Designer® Application Version / Controller Firmware
IMPORTANT The Integrated Safety Functions option module is not supported by
GuardLogix 5570 and GuardLogix 5370 (or earlier) safety controllers.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 17
Chapter 1

Safety Application Requirements

Safety Certification

Create, record, and verify the safety signature as part of the required safety application development process. The safety controller creates the safety signature, which consists of an identification number, date, and time that uniquely identifies the safety portion of a project. This signature covers all safety logic, data, and safety I/O configuration.
If the Drive Safety Function Instructions are used in the safety application, special consideration must be taken to verify the application. See Appendix A for guidance on verifying the drive safety function instructions.
For safety system requirements, including information on the safety network number (SNN), verifying the safety signature, and functional verification tests, see the GuardLogix Controller Systems Safety Reference Manuals that are listed in the Additional Resources
The TÜV Rheinland group has approved the PowerFlex 755 Integrated Safety Functions option module (catalog number 20-750-S4) as suitable for use in integrated safety applications:
• Up to and including SIL 3 according to IEC 61508
• Up to and including SIL CL3 according to IEC 62061
• Up to and including PLe (Category 4) according to ISO 13849-1.
on page 13.
In these applications, the removal of motion-producing power is considered to be the safe state. All components in the system must be chosen and applied correctly to achieve the desired level of operator safeguarding.

Important Safety Considerations

You are responsible for these system safety considerations:
• Set-up, safety rating, and validation of any sensors or actuators connected to the system.
• Complete a system-level risk assessment, and reassess the system anytime a change is made.
• Certification of the system to the desired safety Performance Level/ Safety Integrity Level.
• Project management and proof testing.
• Programming the application software and the safety option module configurations in accordance with the information in this manual.
• Access control to the system.
• Analyze all configuration settings and choose the proper setting to achieve the required safety rating.
• Validation and documentation of all safety functions used.
IMPORTANT Only qualified, authorized personnel that are trained and experienced in
functional safety can plan, implement, and apply functional safety systems.
18 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Chapter 1
ATT EN TI ON : When designing your system, consider how various personnel
can interact with the machine. Additional safeguard devices can be required for your specific application.
ATT EN TI ON : In circumstances where external influences (for example, suspended loads that can fall) are present, additional measures (for example, mechanical brakes) can be necessary to help prevent any hazard.

Stop Category Definitions

There are three stop categories:
• Stop Category 0 is achieved with immediate removal of power to the machine actuators, which results in an uncontrolled coast-to-stop. An STO accomplishes a Stop Category 0 stop.
• Stop Category 1 is achieved with a Ramp to Stop followed with immediate removal of power to the machine actuators. This can be achieved using SS1 with STO.
• Stop Category 2 is a controlled stop with power left available to the machine actuators. This can be achieved using controller-based SS2 / SOS with the PowerFlex 755T drive products.
IMPORTANT When designing the machine application, consider timing and distance for a
coast-to-stop (Stop Category 0 or Safe Torque Off). For more information on stop categories and Safe Torque Off, see EN 60204-1 and EN/IEC 61800-5-2.

Performance Level and Safety Integrity Level (SIL) CL3

For safety-related control systems, Performance Level (PL), according to ISO 13849-1, and SIL levels, according to IEC 61508 and EN 62061, include a rating of the ability of the system to perform its safety functions. All safety­related components of the control system must be included in both a risk assessment and the determination of the achieved levels.
See the ISO 13849-1, IEC 61508, and EN 62061 standards for complete information on requirements for PL and SIL determination.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 19
Chapter 1

Proof Tests

PFD and PFH Definitions

IEC 61508 requires you to perform various proof tests of the equipment that is used in the system. Proof tests are performed at user-defined times. For example, proof tests can be once a year, once every 15 years, or whatever time frame is appropriate.
The Integrated Safety Functions option module has a useful life of 20 years, no proof test required. Other components of the system, such as safety I/O devices, sensors, and actuators can have different useful life times.
IMPORTANT The time frame for the proof test interval depends on the specific
application.
Safety-related systems can be classified as operating in either a Low Demand mode, or in a High Demand/Continuous mode.
• Low Demand mode: where the frequency of demands for operation, made on a safety-related system, is no greater than one per year, or no greater than twice the proof-test frequency.
• High Demand/Continuous mode: where the frequency of demands for operation, made on a safety-related system, is greater than once per year, or greater than twice the proof test interval.
The SIL value for a low-demand safety-related system is directly related to order-of-magnitude ranges of its average probability of failure to perform its safety function on demand or, simply, average probability of dangerous failure on demand (PFD
The SIL value for a High Demand/Continuous mode safety-related system is directly related to the average frequency of a dangerous failure (PFH) per hour.
avg
).
20 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Chapter 1

PFD and PFH Data

These PFD
and PFH calculations are based on the equations from Part 6 of
avg
EN 61508 and show worst-case values.

Safety Data for Safe Torque Off

Ta b l e 2 , and Ta b l e 3 provide PFD
(STO) or Timed Safe Stop 1 functions. These values apply when Safety Instance is set to ‘Safe Stop Only – No Feedback’.
Table 2 - PFD and PFH for PowerFlex 755 Drives STO and Timed SS1
Attribute Frames 1…7 Frame 8 Frame 9 Frame 10
PFD
(average)
PFH (1/hour) 4.77E-10 2.09E-9 3.14E-9 4.19E-9
SIL 3 3 3 3
PL e e e e
Category 4 4 4 4
years 204.1 (high) 93.3 (high) 69.1 (high) 55.1 (high)
MTTF
D
% 97.5% (medium) 97.4% (high) 97.5% (high) 97.5% (high)
DC
avg
HFT 1 (1oo2) 1 (1oo2) 1 (1oo2) 1 (1oo2)
Mission time 20 years 20 years 20 years 20 years
4.08E-5 1.81E-4 2.73E-4 3.64E-4
and PFH values for the Safe Torque Off
avg
Table 3 - PFD and PFH for PowerFlex 755T Drive Products STO and Timed SS1
Attribute Frames 5 and 6 Frames 7 and 8 Frame 9 Frame 10 Frame 11 Frame 12 Frame 13 Frame 14 Frame 15
PFD
(average)
PFH (1/hour) 5.24E-10 2.96E-9 3.25E-9 3.55E-9 3.85E-9 4.15E-9 4.45E-9 5.05E-9 5.65E-9
SIL 333333333
PLeeeeeeeee
Category444444444
MTTF
D
% 97.4% (high) 97.0% (high) 97.0% (high) 97.0% (high) 97.0% (high) 96.9% (high) 96.9% (high) 96.9% (high) 96.9% (high)
DC
avg
HFT 1 (1oo2) 1 (1oo2) 1 (1oo2) 1 (1oo2) 1 (1oo2) 1 (1oo2) 1 (1oo2) 1 (1oo2) 1 (1oo2)
Mission time 20 years 20 years 20 years 20 years 20 years 20 years 20 years 20 years 20 years
4.49E-5 2.56E-4 2.82E-4 3.08E-4 3.34E-4 3.60E-4 3.86E-4 4.38E-4 4.9 0E-4
years 187.5 (high) 102.6 (high) 87.8 (high) 76.7 (high) 68.1 (high) 61.2 (high) 55.6 (high) 47 (high) 40.7 (high)

Safety Data for Safe Feedback

Ta b l e 4 provides PFD
from Ta b l e 2
or Ta b l e 3 for safety functions that require safe encoder feedback. Safety functions using safe encoder feedback include drive based Monitored Safe Stop 1 and controller-based safety functions SS1, SS2, SOS, SLS, SLP, and SDI.
and PFH values to add to the PFD
avg
and PFH values
avg
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 21
Chapter 1
In general, the PFD
Ta b l e 2
and Ta b l e 3 when Safety Instance is set to ‘Single Feedback
and PFH values from Ta b l e 4 should be added to
avg
Monitoring’ or ‘Dual Feedback Monitoring’.
When using Dual Feedback Monitoring, enable Discrepancy Testing.
Table 4 - PFD or PFH to Add When Safety Functions Use Safety Feedback
Attribute Single Encoder Feedback
PFD (average) 6.75E-4 4.32E-5
PFH (1/hour) 7.70E-9 4.93E-10
SIL 2 3
PL d e
Category 3 4
MTTFD years 1446.7 (high) 1427.7 (high)
DCavg% 90.0% (medium) 99.0% (high)
HFT 1 (1oo2) 1 (1oo2)
Mission time 20 years 20 years
(1) Dual channel values apply with discre pancy checking configured.
Dual Encoder
(1)
Feedback
The safe motion-monitoring option can be configured for single feedback or dual feedback to achieve the following safety rating:
• Single feedback configurations provide up to SIL 2 PLd capability.
• Dual-feedback configurations provide up to SIL 3 PLe capability when discrepancy testing (either velocity, position, or both) is enabled.
IMPORTANT Achievable safety rating depends on each system component. For Safe
Feedback, the safety rating of the selected encoders may limit the safety rating of the system.

Safety Data for Safety I/O

The Integrated Safety Functions option module provides four safety inputs and two safety outputs. Ta b l e 5
provides PFD
safety functions that use this Safety I/O.
Table 5 - PFD or PFH to Add When Safety Functions Use Safety I/O
Attribute Single Channel Safety I/O Dual Channel Safety I/O
PFD (average) 3.35E-4 2.49E-4
PFH (1/hour) 3.83E-9 2.84E-9
SIL 2 3
PL d e
Category 2 4
MTTFD years 1064.9 (high) 1998.0 (high)
and PFH values to add for
avg
22 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Chapter 1
Table 5 - PFD or PFH to Add When Safety Functions Use Safety I/O
Attribute Single Channel Safety I/O Dual Channel Safety I/O
DCavg% 96.4% (high) 94.2% (high)
HFT 0 (1oo1) 1 (1oo2)
Mission time 20 years 20 years
IMPORTANT Single channel safety I/O is only certified for use in functional safety
applications with process safety times greater than or equal to 300 ms; or applications with demand rates less than or equal to 1 demand per 30 seconds.
IMPORTANT If single channel safety I/O is used, pulse testing (external pulse testing for
safety inputs, pulse testing for safety outputs) MUST be enabled on the single channel I/O points.

Spurious Trip Rate

Safety Reaction Time

Ta b l e 6 shows the Spurious Trip Rate (STR) and Mean Time to Failure
Spurious (MTTF
) values for the Integrated Safety Functions option
Spurious
module, calculated according to the ISA TR-84 method.
Table 6 - STR and MTTF Spurious Values
Attribute Value
Spurious Trip Rate 3.00E-6
MTTFSpurious (years) 37.0
The safety reaction time is the length of time from a safety-related event as input to the system until the system is in the safe state. Ta b l e 7
shows the safety reaction time from an input signal condition that triggers a safe stop, to the initiation of the configured Stop Type. For details on how to calculate system reaction times with GuardLogix controllers, see the GuardLogix Controller Systems Safety Reference Manuals listed in the Additional Resources
on
page 13.
Table 7 - Safety Reaction Time
Drive Family Network STO Reaction Time, Max
PowerFlex 755 drives (firmware revision 13 or later), Frames 1…10 PowerFlex 755TL low harmonic drives, Frames 7…15 PowerFlex 755TR regenerative drives, Frames 7…15 PowerFlex 755TM, Frames 8…15
PowerFlex 755TL low harmonic drives, Frames 5 and 6 26 ms
15 ms
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 23
Chapter 1
IMPORTANT An input signal condition that is present for less than the reaction time may
not result in the safety function being performed. Repeated requests of the safety function for less than the reaction time can result in a spurious detection of a fault.

Considerations for Safety Ratings

Encoder Considerations

IMPORTANT In network STO Mode, the safety reaction time in Ta bl e 7
does not include the connection reaction time limit. See the GuardLogix Controller Systems Safety Reference Manuals, listed in the Additional Resources
on page 13, for
details.
The achievable safety rating of an application that uses the Integrated Safety Functions option module that is installed in PowerFlex 755/755T drive products is dependent upon many factors, drive options, and the type of motor.
A safety rating up to and including SIL 3, PLe, and Category 4 can be achieved.
This section describes factors to consider when using an encoder with the Integrated Safety Functions option module.

Supported Encoders

Ta b l e 8 describes the supported encoder types based on the feedback card that
is used and the physical terminal it is connected to. You must determine the safety capability of a system based on the supported encoder types and the encoder diagnostics that are described in this chapter.
Table 8 - Supported Feedback Cards and Encoder Types
Feedback Option
20-750-UFB-1 Sine/Cosine
20-750-DENC-1 Digital AqB
Primary Channel Secondary Channel
Encoder Type Encoder Motion Axis Encoder Type Encoder Motion Axis
Not Used Not Used SIL 2/PL d with safety rated encoder
Motor Feedback
Digital AqB Load Feedback SIL 3/PL e
Not Used Not Used SIL 2/PL d with safety rated encoder
Digital AqB Load Feedback SIL 3/PL e

Encoder Diagnostics

Depending on the encoder type, the module performs several diagnostic tests on encoder signals to detect faults in the encoder. You must determine if the combination of the selected encoder device type and the diagnostics that are described in this chapter will satisfy the required safety function rating. The use of non-safety, standard encoders my require further analysis and assessment activties.
24 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Achievable System Safety Rating
Chapter 1

General Encoder Diagnostics

The following encoder diagnostics are available for all supported encoder types:
•Encoder Voltage Monitoring (Configurable)
• Maximum Speed Limit (Configurable)
• Maximum Acceleration (Configurable)
•Maximum Encoder Input Frequency
• Dual Encoder Velocity and/or Position Discrepancy (Configurable)
IMPORTANT These diagnostics are based on the capability of the chosen encoder and its
rated limits. They do not provide a safety-rated safety function.
Encoder Voltage Monitoring
The voltage monitoring diagnostic samples the voltage being supplied to the encoder to confirm that its level is within its configured range. If the voltage monitoring diagnostic detects a voltage that is out of the configured range, the safety feedback instance reports a voltage monitoring fault and causes the module to enter the safe state.
The following voltage monitoring ranges are supported:
• 4.75…5.25V (Recommended setting when using 20-750-DENC-1 card with the 12V Jumper in the ‘Storage’ position)
• 11.4…12.6V (Recommended setting when using 20-750-DENC-1 card with the 12V Jumper in the ‘Enabled’ position)
• 7…12V (Recommended setting when using 20-750-UFB-1)
If a voltage range is not specified, then the voltage monitoring diagnostic is not performed.
Maximum Speed Limit
The maximum speed limit diagnostic detects when encoder speed is above a configured limit. If the speed of the encoder is greater than the configured max speed limit, an exceeded max speed fault is reported by the safety feedback instance. This causes the module to enter the safe state.
If the encoder being used specifies a maximum speed, set the maximum speed limit configuration value to this value or lower. If the limit is configured as 0, this diagnostic is not be performed.
Maximum Acceleration
The maximum acceleration diagnostic detects when encoder acceleration is above a configured limit. If the module detects that the acceleration of the
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 25
Chapter 1
encoder has exceeded the configured limit, a max acceleration fault is reported by the safety feedback instance. This causes the module to enter the safe state.
If the encoder being used specifies a maximum acceleration, set the maximum acceleration configuration value to this value or lower. If the maximum acceleration is configured as 0, this diagnostic is not performed.
Maximum Encoder Input Frequency
The maximum encoder input frequency diagnostic confirms that the safety feedback signals do not exceed the maximum frequency (encoder counts per second) supported by the module. This value is not configurable and has fixed values based on the encoder type. Ta b l e 9 on encoder type.
Table 9 - Maximum Frequency of Encoder Types
Encoder Type Max Frequency
Digital AqB 250 kHz
Sine/Cosine and Hiperface 163.8 kHz
shows the maximum frequency based
If the module detects an encoder input frequency above the limit, a max frequency fault is reported in the safety feedback instance and the module enters the safe state.
Dual Encoder Velocity and/or Position Discrepancy
The dual encoder velocity and position discrepancy diagnostic confirms that the position and/or velocity of the two encoders match within a configurable tolerance. The position and velocity discrepancy limits are individually configurable; setting the limit to a value of 0 disables the diagnostic check. If the module detects that the difference between the position and/or velocity of both encoders is outside the configured limit, a discrepancy error is reported in both safety feedback instances and the module enters the safe state. This diagnostic is only available when the module is configured in a dual feedback configuration.
26 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Chapter 1

Digital AqB Diagnostics

The following diagnostic functions are implemented in the module to perform diagnostics for digital AqB encoders:
• Inverse Signal Monitoring
• Quadrature Error Detection
Inverse Signal Monitoring
The inverse signal monitoring diagnostic confirms that the inverted and non­inverted signals are always at opposite signal levels. If the module detects a non­inverted signal, a feedback signal lost fault is reported in the safety feedback instance and the module enters the safe state. This diagnostic is meant to detect encoder wiring errors, such as open, short, or short to power.
Quadrature Error Detection
The quadrature error detection confirms that the A and B signals from the digital AqB encoder do not change simultaneously. This diagnostic is also referred to as an exclusive bit check. If the module detects a quadrature error, the safety feedback instance reports a quadrature error fault and enters the safe state. A simultaneous change indicates an error with the encoder wiring or an issue with the encoder itself.

Sine/Cosine and Hiperface Diagnostics

The following diagnostic functions are implemented in the module to perform diagnostics on Hiperface and or Sine/Cosine type encoders:
2
•Sin
+ Cos2 Vector Length Monitoring
• Zero-crossing Detection
• Signal Offset (Sine/Cosine Encoder Type Only)
Sin 2+ Cos2 Vector Length Monitoring
The Sin2 + Cos2 vector length monitoring diagnostic confirms that the sine and cosine signals are sinusoidal and 90° apart. This diagnostic is meant to detect errors in the wiring of the encoder and problems within the encoder itself. Ta b l e 1 0 this diagnostic. Ta b l e 1 1 module detects that the amplitude and or phase of the signals is out of range,
the safety feedback instance reports a Sin placed in the safe state.
describes the tolerance of encoder output signal amplitudes for
describes the phase tolerance of the diagnostic. If the
2
+ Cos2 fault and the module is
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 27
Chapter 1
Table 10 - Sin2 + Cos2 Vector Length Monitoring Amplitude Range
Max Min
1.3 Vpp 0.7 Vpp
Table 11 - Sin2 + Cos2 Vector Length Monitoring Phase Tolerance
Tol era nc e
90º ± 20º
Zero-crossing Detection
The zero-crossing detection diagnostic confirms that the sine and cosine signals have a similar offset to ground. The offset tripping point is ± 50 mV. If the offset of the sine and cosine signals is greater than the tripping point, the zero-crossing detection diagnostic will fail, a signal lost fault is reported in the safety feedback instance, and the module is placed in the safe state.

Contact Information If Safety Option Failure Occurs

Signal Offset
The signal offset diagnostic confirms that a Sine/Cosine type encoder is producing the proper offset on the Sine and Cosine signals. This diagnostic is not performed when the feedback device type is configured as Hiperface.
Ta b l e 1 2
and or Cosine signals are outside the tolerance range, the safety feedback instance reports a signal offset fault and the module is placed in the safe state.
Table 12 - Signal Offset Tolerance
Max Min
3.0V 2.0V
If you experience a failure with any safety-certified device, contact your local Allen-Bradley distributor to request any of these actions:
describes the offset tolerance of the diagnostic. If the offset of the Sine
• Return the device to Rockwell Automation so the failure is appropriately logged for the catalog number that is affected and a record is made of the failure.
• Request a failure analysis (if necessary) to determine the probable cause of the failure.
In case of malfunction or damage, no attempts at repair should be made. The option module should be returned to the manufacturer for repair. Do not dismantle the option module.
For more information about replacing drives, see Replace an Integrated Safety
Drive in a GuardLogix System on page 130 and Replace an Integrated Safety Drive in a GuardLogix System on page 168.
28 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Chapter 2
Installation
This chapter provides installation, jumper settings, and wiring for the Integrated Safety Functions option module.
Top ic Pa ge
Remove Power to the System 30
Access t he Control Pod 30
Set the SAFETY and Hardware ENABLE Jumpers 31
Install the Safety Option Module 32
I/O Wiring 34
Cabling 34
ATT EN TI ON : The following information is a guide for proper installation. Rockwell Automation does not assume responsibility for the compliance or the noncompliance to any code, national, local, or otherwise for the proper installation of this equipment. A hazard of personal injury and/or equipment damage exists if codes are ignored during installation.
IMPORTANT Installation must be in accordance with the instructions in this user manual
and the installation instructions for your drive. Only qualified, authorized personnel that are trained and experienced in
functional safety can plan, implement, and apply functional safety systems.
IMPORTANT During installation and maintenance, check your drive firmware release
notes for known anomalies and verify that there are not safety-related anomalies.
The Integrated Safety Functions option module is intended to be part of the safety-related control system. Before installation, perform a risk assessment that compares the Integrated Safety Functions option module specifications and all foreseeable operational and environmental characteristics of the control system.
A safety analysis is required to determine how often to test the safety function for proper operation during the life of the machine.
Rockwell Automation Publication 750-UM005C-EN-P - February 2021 29
Chapter 2
Panel-mo unted D rives
Drives in Cabinet Enclosures

Remove Power to the System

Before performing any work on the drive, remove all power to the system.
ATT EN TI ON :
• Electrical Shock Hazard. Verify that all sources of AC and DC power are de­energized and locked out or tagged out in accordance with the requirements of ANSI/NFPA 70E, Part II.
• To avoid an electric shock hazard, verify that the voltage on the bus capacitors has discharged before performing any work on the drive. Measure the DC bus voltage at the +DC and -DC terminals or test points. The voltage must be zero. For the location of the terminal block and test point sockets, see the manual for your drive:
• PowerFlex® 750-Series AC Drive Installation Instructions, publication
• PowerFlex 750-Series Products with TotalFORCE® Control Installation Instructions, publication 750-IN100
• PowerFlex 755TM IP00 Open Type Kits Installation Instructions, publication 750-IN101
• In Safe Torque Off mode, hazardous voltages may still be present at the motor. To avoid an electric shock hazard, disconnect power to the motor and verify that the voltage is zero before performing any work on the motor.
750-IN001

Access the Control Pod

The option module is installed in the drive control pod. Different drives have different ways to access the control pod. To access the control pod, follow these steps.
1. Remove the door or cover.
2. Loosen the retention screw on the HIM cradle.
3. Lift the cradle until the latch engages.
See the installation instructions for your drive for more information.
Figure 1 - Access the Control Pod.
30 Rockwell Automation Publication 750-UM005C-EN-P - February 2021
Loading...
+ 240 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use