Schneider Electric TM5 Original instructions
Modicon TM5
EIO0000000889 09/2020
Modicon TM5
Safety Logic Controller SLC100/200 FS
Hardware Guide
Original instructions
09/2020
EIO0000000889.08
www.schneider-electric.com
The information provided in this documentation contains general descriptions and/or technical
characteristics of the performance of the products contained herein. This documentation is not
intended as a substitute for and is not to be used for determining suitability or reliability of these
products for specific user applications. It is the duty of any such user or integrator to perform the
appropriate and complete risk analysis, evaluation and testing of the products with respect to the
relevant specific application or use thereof. Neither Schneider Electric nor any of its affiliates or
subsidiaries shall be responsible or liable for misuse of the information contained herein. If you
have any suggestions for improvements or amendments or have found errors in this publication,
please notify us.
You agree not to reproduce, other than for your own personal, noncommercial use, all or part of
this document on any medium whatsoever without permission of Schneider Electric, given in
writing. You also agree not to establish any hypertext links to this document or its content.
Schneider Electric does not grant any right or license for the personal and noncommercial use of
the document or its content, except for a non-exclusive license to consult it on an "as is" basis, at
your own risk. All other rights are reserved.
All pertinent state, regional, and local safety regulations must be observed when installing and
using this product. For reasons of safety and to help ensure compliance with documented system
data, only the manufacturer should perform repairs to components.
When devices are used for applications with technical safety requirements, the relevant
instructions must be followed.
Failure to use Schneider Electric software or approved software with our hardware products may
result in injury, harm, or improper operating results.
Failure to observe this information can result in injury or equipment damage.
© 2020 Schneider Electric. All rights reserved.
2 EIO0000000889 09/2020
Table of Contents
Safety Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
About the Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 1 Functional Safety Information. . . . . . . . . . . . . . . . . . . . . 13
IEC 61508 and Safety Integrity Level (SIL) . . . . . . . . . . . . . . . . . . . . .
Functional Safety Certification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 2 TM5CSLC100FS and TM5CSLC200FS . . . . . . . . . . . . . 21
General Information on Safety Logic Controllers. . . . . . . . . . . . . . . . .
Safety Logic Controller Presentation. . . . . . . . . . . . . . . . . . . . . . . . . .
Safety Logic Controller Characteristics . . . . . . . . . . . . . . . . . . . . . . . .
Safety Logic Controller Memory Key. . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 3 Operating and Connection Elements . . . . . . . . . . . . . . . 35
Safety Logic Controller Description . . . . . . . . . . . . . . . . . . . . . . . . . . .
Logic Processor LED Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Logic Processor Selection Switch and Confirmation Button . . . . . . . .
Safety Terminal Block Presentation . . . . . . . . . . . . . . . . . . . . . . . . . .
Integrated Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Sercos III Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14
15
19
22
23
25
28
36
38
42
44
47
49
55
57
EIO0000000889 09/2020 3
4 EIO0000000889 09/2020
Safety Information
Important Information
NOTICE
Read these instructions carefully, and look at the equipment to become familiar with the device
before trying to install, operate, service, or maintain it. The following special messages may appear
throughout this documentation or on the equipment to warn of potential hazards or to call attention
to information that clarifies or simplifies a procedure.
EIO0000000889 09/2020 5
PLEASE NOTE
Electrical equipment should be installed, operated, serviced, and maintained only by qualified
personnel. No responsibility is assumed by Schneider Electric for any consequences arising out of
the use of this material.
A qualified person is one who has skills and knowledge related to the construction and operation
of electrical equipment and its installation, and has received safety training to recognize and avoid
the hazards involved.
QUALIFICATION OF PERSONNEL
Only appropriately trained persons who are familiar with and understand the contents of this
manual and all other pertinent product documentation are authorized to work on and with this
product.
The qualified person must be able to detect possible hazards that may arise from parameterization,
modifying parameter values and generally from mechanical, electrical, or electronic equipment.
The qualified person must be familiar with the standards, provisions, and regulations for the
prevention of industrial accidents, which they must observe when designing and implementing the
system.
INTENDED USE
The products described or affected by this document, together with software, accessories, and
options, are programmable logic controllers (referred to herein as “logic controllers”), intended for
industrial use according to the instructions, directions, examples, and safety information contained
in the present document and other supporting documentation.
The product may only be used in compliance with all applicable safety regulations and directives,
the specified requirements, and the technical data.
Prior to using the product, you must perform a risk assessment in view of the planned application.
Based on the results, the appropriate safety-related measures must be implemented.
Since the product is used as a component in an overall machine or process, you must ensure the
safety of persons by means of the design of this overall system.
Operate the product only with the specified cables and accessories. Use only genuine accessories
and spare parts.
Any use other than the use explicitly permitted is prohibited and can result in unanticipated
hazards.
6 EIO0000000889 09/2020
About the Book
At a Glance
Document Scope
This manual describes the Safety Logic Controllers SLC100 Sercos III (TM5CSLC100FS) and
SLC200 Sercos III (TM5CSLC200FS). These controllers help you to achieve the safety
requirements codified in the IEC 61508 standard. The present document also provides part
descriptions, specifications and wiring diagrams.
Schneider Electric takes no responsibility for the solutions adopted by you or any customer
concerning the circuits, the electrical schematics, and the chosen configuration parameters of the
application. The implemented circuits and electrical diagrams and the choice of the system
configuration parameter values, including those of TM5CSLC100FS and TM5CSLC200FS, are
fully under your control and responsibility.
Validity Note
This document has been updated for the release of EcoStruxure
The technical characteristics of the devices described in the present document also appear online.
To access the information online, go to the Schneider Electric home page at
The characteristics that are described in the present document should be the same as those
characteristics that appear online. In line with our policy of constant improvement, we may revise
content over time to improve clarity and accuracy. If you see a difference between the document
and online information, use the online information as your reference.
TM
Machine Expert V1.2.5.
www.se.com
.
Related Documents
Document title Reference
Modicon TM5/TM7 I/O Safety Modules Hardware
Guide
PacDrive TM5 / TM7 Safety Flexible System, System
Planning and Installation Guide
Modicon M262 Logic/Motion Controller, Programming
Guide
EIO0000000889 09/2020 7
EIO0000000861 (ENG)
EIO0000000862 (GER)
EIO0000001064 (ENG)
EIO0000001066 (GER)
EIO0000003651 (ENG)
EIO0000003652 (FRE)
EIO0000003653 (GER)
EIO0000003654 (SPA)
EIO0000003655 (ITA)
EIO0000003656 (CHS)
EIO0000003657 (POR)
EIO0000003658 (TUR)
Document title Reference
How to Configure the Firewall for PacDrive LMC
Controllers, User Guide
EcoStruxure Machine Expert, CommonToolbox,
Library Guide
You can download these technical publications and other technical information from our website
www.schneider-electric.com/en/download
at
Product Related Information
HAZARD OF ELECTRIC SHOCK, EXPLOSION OR ARC FLASH
Disconnect all power from all equipment including connected devices prior to removing any
covers or doors, or installing or removing any accessories, hardware, cables, or wires except
under the specific conditions specified in the appropriate hardware guide for this equipment.
Always use a properly rated voltage sensing device to confirm the power is off where and when
indicated.
Replace and secure all covers, accessories, hardware, cables, and wires and confirm that a
proper ground connection exists before applying power to the unit.
Use only the specified voltage when operating this equipment and any associated products.
Failure to follow these instructions will result in death or serious injury.
EIO0000004198 (ENG)
EIO0000004199 (GER)
EIO0000004219 (ENG)
.
DANGER
DANGER
POTENTIAL FOR EXPLOSION
Only use this equipment in non-hazardous locations, or in locations that comply with Class I,
Division 2, Groups A, B, C and D.
Do not substitute components which would impair compliance to Class I, Division 2.
Do not connect or disconnect equipment unless power has been removed or the location is
known to be non-hazardous.
Do not use the USB port(s), if so equipped, unless the location is known to be non-hazardous.
Failure to follow these instructions will result in death or serious injury.
8 EIO0000000889 09/2020
WARNING
LOSS OF CONTROL
The designer of any control scheme must consider the potential failure modes of control paths
and, for certain critical control functions, provide a means to achieve a safe state during and
after a path failure. Examples of critical control functions are emergency stop and overtravel
stop, power outage and restart.
Separate or redundant control paths must be provided for critical control functions.
System control paths may include communication links. Consideration must be given to the
implications of unanticipated transmission delays or failures of the link.
Observe all accident prevention regulations and local safety guidelines.
Each implementation of this equipment must be individually and thoroughly tested for proper
1
operation before being placed into service.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
1
For additional information, refer to NEMA ICS 1.1 (latest edition), "Safety Guidelines for the
Application, Installation, and Maintenance of Solid State Control" and to NEMA ICS 7.1 (latest
edition), "Safety Standards for Construction and Guide for Selection, Installation and Operation of
Adjustable-Speed Drive Systems" or their equivalent governing your particular location.
WARNING
UNINTENDED EQUIPMENT OPERATION
Only use software approved by Schneider Electric for use with this equipment.
Update your application program every time you change the physical hardware configuration.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
The Safety Logic Controller system is built to the following safety integrity levels: SIL 3 according
to EN/IEC 61508, SILcl 3 according to EN/IEC 62061, in accordance with the applicable
standards. However, the definitive SIL and PL of the application depends on the number of safety
components, their parameters, and the connections that are made, as per the risk analysis.
The module must be configured in accordance with the application-specific risk analysis and all the
applicable standards.
Pay particular attention in conforming to any safety information, different electrical requirements,
and normative standards that would apply to your adaptation.
EIO0000000889 09/2020 9
UNINTENDED EQUIPMENT OPERATION
Perform an in-depth risk analysis to determine the appropriate safety integrity level for your
specific application, based on all the applicable standards.
Do not exceed SIL 3 ratings in the application of this product.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
For reasons of Internet security, TCP/IP forwarding is disabled by default. Therefore, you must
manually enable TCP/IP forwarding. However, doing so may expose your network to possible
cyberattacks if you do not take additional measures to protect your enterprise. In addition, you may
be subject to laws and regulations concerning cybersecurity.
UNAUTHENTICATED ACCESS AND SUBSEQUENT NETWORK INTRUSION
Observe and respect any an all pertinent national, regional and local cybersecurity and/or
personal data laws and regulations when enabling TCP/IP forwarding on an industrial network.
Isolate your industrial network from other networks inside your company.
Protect any network against unintended access by using firewalls, VPN, or other, proven
security measures.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
Terminology Derived from Standards
The technical terms, terminology, symbols and the corresponding descriptions in this manual, or
that appear in or on the products themselves, are generally derived from the terms or definitions
of international standards.
In the area of functional safety systems, drives and general automation, this may include, but is not
limited to, terms such as
safety, safety function, safe state, fault, fault reset, malfunction, failure
error, error message, dangerous
Among others, these standards include:
WARNING
WARNING
,
, etc.
Standard Description
IEC 61131-2:2007 Programmable controllers, part 2: Equipment requirements and tests.
ISO 13849-1:2015 Safety of machinery: Safety related parts of control systems.
General principles for design.
EN 61496-1:2013 Safety of machinery: Electro-sensitive protective equipment.
Part 1: General requirements and tests.
ISO 12100:2010 Safety of machinery - General principles for design - Risk assessment and risk
10 EIO0000000889 09/2020
reduction
Standard Description
EN 60204-1:2006 Safety of machinery - Electrical equipment of machines - Part 1: General
ISO 14119:2013 Safety of machinery - Interlocking devices associated with guards - Principles
ISO 13850:2015 Safety of machinery - Emergency stop - Principles for design
IEC 62061:2015 Safety of machinery - Functional safety of safety-related electrical, electronic,
IEC 61508-1:2010 Functional safety of electrical/electronic/programmable electronic safety-
IEC 61508-2:2010 Functional safety of electrical/electronic/programmable electronic safety-
IEC 61508-3:2010 Functional safety of electrical/electronic/programmable electronic safety-
IEC 61784-3:2016 Industrial communication networks - Profiles - Part 3: Functional safety
2006/42/EC Machinery Directive
2014/30/EU Electromagnetic Compatibility Directive
2014/35/EU Low Voltage Directive
requirements
for design and selection
and electronic programmable control systems
related systems: General requirements.
related systems: Requirements for electrical/electronic/programmable
electronic safety-related systems.
related systems: Software requirements.
fieldbuses - General rules and profile definitions.
In addition, terms used in the present document may tangentially be used as they are derived from
other standards such as:
Standard Description
IEC 60034 series Rotating electrical machines
IEC 61800 series Adjustable speed electrical power drive systems
IEC 61158 series Digital data communications for measurement and control – Fieldbus for use in
industrial control systems
Finally, the term
hazards, and is defined as it is for a
2006/42/EC
(
zone of operation
) and
ISO 12100:2010
may be used in conjunction with the description of specific
hazard zone
or
danger zone
in the
Machinery Directive
.
NOTE: The aforementioned standards may or may not apply to the specific products cited in the
present documentation. For more information concerning the individual standards applicable to the
products described herein, see the characteristics tables for those product references.
EIO0000000889 09/2020 11
12 EIO0000000889 09/2020
Modicon TM5
Functional Safety Informat ion
EIO0000000889 09/2020
Functional Safety Informat ion
Chapter 1
Functional Safety Information
What Is in This Chapter?
This chapter contains the following topics:
IEC 61508 and Safety Integrity Level (SIL) 14
Functional Safety Certification 15
Training 19
Topic Page
EIO0000000889 09/2020 13
Functional Safety Information
IEC 61508 and Safety Integrity Level (SIL)
Introduction
The TM5CSLC100FS and TM5CSLC200FS Safety Logic Controllers are part of a Safety-Related
System certified according to IEC 61508 by TÜV NORD.
IEC 61508 Description
The IEC 61508 is a technical standard concerning the functional safety of electrical, electronic or
programmable electronic safety-related systems.
A safety-related system is a system that is required to perform one or more specific functions to
ensure that risks are kept at or below an acceptable level. Such functions are defined as safety
functions.
A system is defined “functionally safe” when random, systematic, and common cause equipment
or machine failures do not lead to malfunctioning of the system and do not result in injury or death
of humans, spills to the environment, and loss of equipment and production.
Description of the Safety Integrity Level (SIL)
Safety-related functions are executed to help achieve and maintain the defined safe state of a
system. The IEC 61508 specifies four levels of safety performance for a safety-related function.
These are called Safety Integrity Levels (SIL), ranging from 1 (the lowest) to 4 (the highest). The
TM5CSLC100FS and TM5CSLC200FS Safety Logic Controllers are certified for use in SIL 3
applications in which the de-energized state is the defined safe state.
14
EIO0000000889 09/2020
Functional Safety Certification
Introduction
The TM5CSLC100FS and TM5CSLC200FS Safety Logic Controllers are certified
by TÜV NORD
for use in applications up to and including SIL 3 according to IEC 61508 and IEC 62061.
This certification verifies that the Safety Logic Controllers are compliant with the following
standards:
IEC 61508: Functional safety of electrical/electronic/programmable electronic safety-related
systems, Parts 1 to 4, 2010, up to SIL 3
ISO 13849-1: Safety of machinery - Safety-related parts of control systems - Part 1: General
principles for design, 2015, up to PL e (Category 4)
IEC 62061: Safety of machinery - Functional safety of safety-related electrical, electronic, and
programmable electronic control systems, 2005 (A1:2013), up to SILcl 3
NOTE: Using Safety Logic Controller equipment is a necessary but insufficient precondition for the
certification of a SIL 3 application. A SIL 3 application must also fulfill the requirements of the
IEC 61508, IEC 61511, IEC 61131-2, and other application standards.
Functional Safety Parameters
The Functional Safety parameters according to EN ISO 13849 are as follows:
Performance Level for
SDI (safety-related digital input) to SDO (safety-related digital output): up to PL e
SAI (safety-related analog input) to SAO (safety-related analog output): up to PL e
Category: up to 4
Functional Safety Information
Classification of the Schneider Electric Products
The Safety Logic Controllers are dedicated to perform safety-related functions. The Safety Logic
Controller system consist of the controller supporting the Sercos III fieldbus network. The controller
then interfaces with the Sercos III Bus Interface, TM5/TM7 Safety-Related I/O modules, and other
safety-related devices such as drives and third-party devices. However, it also supports other
modules, enabling you to add non-safety-related parts to your SIL 3 project.
Therefore, the Schneider Electric products must be distinguished into:
safety-related modules and
non-safety-related modules
In contrast to the safety-related modules, non-safety-related modules are not used to perform
safety-related functions. They are certified as non-interfering modules for use with the Safety Logic
Controller. A detected error in one of these modules does not interfere with the execution of the
safety-related functions.
EIO0000000889 09/2020 15
Functional Safety Information
Safety-Related Products of the Safety Logic Controller System
The Safety Logic Controller system is comprised of the following safety-related products:
Type Module Reference
Safety Logic Controller, SLC 100 Sercos III, 24 Vdc TM5CSLC100FS
Safety Logic Controller, SLC 200 Sercos III, 24 Vdc TM5CSLC200FS
Safety-related Module 2DI 24 Vdc Sink TM5SDI2DFS
Safety-related Module 4DI 24 Vdc Sink TM5SDI4DFS
Safety-related Module 20DI 24 Vdc Sink TM5SDI20DFS
Safety-related Module 2DO 24 Vdc, 0.5 A TM5SDO2TFS
Safety-related Module 2DO 24 Vdc, 2 A TM5SDO2TAFS
Safety-related Module 4DO 24 Vdc, 0.5 A TM5SDO4TFS
Safety-related Module 2DO TM5SDO2TRFS
Safety-related Module 4DO 24 Vdc, 2 A TM5SDO4TAFS
Safety-related Module 6DO 24 Vdc, 0.2 A TM5SDO6TBFS
Safety-related Module 2DI (2 test (pulse) outputs), 2DO 24 Vdc, 6 A TM5SDM4DTRFS
Safety-related Module 6DI, 2DO 24 Vdc TM5SDM8TBFS
Safety-related Module 2x2AI 4-20 mA 24 bits TM5SAI4AFS
Safety-related Module 2x2AI Thermocouple J/K/N/S/R/C/T TM5STI4ATCFS
Safety-related Counter Module DC1 7 kHz 24 Vdc Sink TM5SDC1FS
Safety-related Power Distribution Module PS 1DO 24 Vdc TM5SPS10FS
IP67 Block, 8 DI, 24 Vdc TM7SDI8DFS
IP67 Block, 8 DI, 4 DO, 2 A TM7SDM12DTFS
TM5 Bus Base for safety-related Electronic modules, safety coded, internal I/O
supply interconnected
Safety-related Terminal Block, 12-pin, safety coded TM5ACTB52FS
Memory Key, 8 MB
(1) A memory key is required for operation of the Safety Logic Controller, and is sold separately. For more
information concerning the role of the memory key in the Safety Logic Controller system, refer to Safety Logic
Controller Memory Key
(1)
(see page 28)
.
TM5ACBM3FS
TM5ACSLCM8FS
16
Only modules certified as safety-related modules are allowed to perform safety functions. Make
certain that neither inputs nor outputs of non-safety-related modules are used for safety-related
inputs or outputs.
EIO0000000889 09/2020
IMPROPERLY CONFIGURED SAFETY-RELATED SYSTEM
Use only safety-certified products for use in a safety-related system.
Use only Schneider Electric authorized products in a Safety Logic Controller system.
Failure to follow these instructions will result in death or serious injury.
NOTE: The Sercos III Bus Interface, required for communication with TM5 Safety-related modules,
is considered a non-interfering module and does not contribute nor detract from the safety function
of the controller. The safety layer part of the Sercos III communication is managed inside the
Safety-related modules and not in the Sercos III Bus Interface.
Available Bus Interface
The following Schneider Electric bus interface is available:
Module Type Module Reference
Sercos III Bus Interface TM5NS31
NOTE: The Sercos III Bus Interface, required for communication with the safety-related expansion
modules, is considered a non-interfering module and does not contribute nor detract from the
safety-related function of the controller. The safety layer part of the Sercos III communication is
managed inside the safety-related modules and not in the Sercos III Bus Interface.
For more information on safety-related product architectures, refer to TM5 / TM7 Safety-Related
System I/O Architecture
Installation Guide)
Functional Safety Information
DANGER
(see PacDrive TM5 / TM7 Safety Flexible System, System Planning and
.
DANGER
IMPROPER SAFETY-RELATED SYSTEM
Use only modules designated as safety-related modules to perform safety-related functions.
Make sure that neither inputs nor outputs of non-safety-related modules are used for safety-
related outputs.
Failure to follow these instructions will result in death or serious injury.
Probabilities of Failure
For SIL 3 applications, IEC 61508 defines the following probabilities of failure on demand (PFD)
and probabilities of failure per hour (PFH) depending on the mode of operation:
PFD ≥ 10
PFH ≥ 10
EIO0000000889 09/2020 17
-4
to < 10-3 for low demand mode of operation
-8
to < 10-7 for high demand mode of operation
Functional Safety Information
Defined Safe State and Life Span
For more information on the defined safe state of modules in the case of detected errors as well
as on the life span, refer to Defined Safe State and Life Span
Modules, Hardware Guide)
(see Modicon TM5/TM7, I/O Safety
.
18
EIO0000000889 09/2020
Loading...