XPSUS
EIO0000003487 11/2020
XPSUS
Safety Module
Original instructions
11/2020
EIO0000003487.01
www.schneider-electric.com
The information provided in this documentation contains general descriptions and/or technical characteristics of the performance of the products contained herein. This documentation is not intended as a
substitute for and is not to be used for determining suitability or reliability of these products for specific user
applications. It is the duty of any such user or integrator to perform the appropriate and complete risk
analysis, evaluation and testing of the products with respect to the relevant specific application or use
thereof. Neither Schneider Electric nor any of its affiliates or subsidiaries shall be responsible or liable for
misuse of the information contained herein. If you have any suggestions for improvements or amendments
or have found errors in this publication, please notify us.
You agree not to reproduce, other than for your own personal, noncommercial use, all or part of this
document on any medium whatsoever without permission of Schneider Electric, given in writing. You also
agree not to establish any hypertext links to this document or its content. Schneider Electric does not grant
any right or license for the personal and noncommercial use of the document or its content, except for a
non-exclusive license to consult it on an "as is" basis, at your own risk. All other rights are reserved.
All pertinent state, regional, and local safety regulations must be observed when installing and using this
product. For reasons of safety and to help ensure compliance with documented system data, only the
manufacturer should perform repairs to components.
When devices are used for applications with technical safety requirements, the relevant instructions must
be followed.
Failure to use Schneider Electric software or approved software with our hardware products may result in
injury, harm, or improper operating results.
Failure to observe this information can result in injury or equipment damage.
© 2020 Schneider Electric. All rights reserved.
2 EIO0000003487 11/2020
Table of Contents
Safety Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
About the Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Device Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Front View and Side View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Nameplate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Type Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 2 Technical Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Environmental Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Mechanical Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Electrical Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Timing Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Functional Safety . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 3 Engineering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Electromagnetic Compatibility (EMC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Basic Principles of Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Safety-Related Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Synchronization of Safety-Related Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Dynamization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Signal Interlock Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 4 Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Prerequisites and Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Mechanical Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Electrical Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 5 Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Application Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Start Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 6 Configuration and Commissioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Commissioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 7 Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Diagnostics via LEDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Diagnostics via Status Output Z1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 8 Accessories, Service, Maintenance, and Disposal. . . . . . . . . . . . . . . . . . . 73
Accessories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Transportation, Storage, and Disposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Service Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12
13
14
15
18
20
21
23
24
28
29
32
34
35
36
38
39
40
44
56
62
63
66
69
74
75
76
77
79
EIO0000003487 11/2020 3
4 EIO0000003487 11/2020
Safety Information
Important Information
NOTICE
Read these instructions carefully, and look at the equipment to become familiar with the device before
trying to install, operate, service, or maintain it. The following special messages may appear throughout
this documentation or on the equipment to warn of potential hazards or to call attention to information that
clarifies or simplifies a procedure.
PLEASE NOTE
Electrical equipment should be installed, operated, serviced, and maintained only by qualified personnel.
No responsibility is assumed by Schneider Electric for any consequences arising out of the use of this
material.
A qualified person is one who has skills and knowledge related to the construction and operation of
electrical equipment and its installation, and has received safety training to recognize and avoid the
hazards involved.
QUALIFICATION OF PERSONNEL
Only appropriately trained persons who are familiar with and understand the contents of this manual and
all other pertinent product documentation as well as all documentation of all components and equipment
of the machine/process are authorized to work on and with this product.
The qualified person must be a certified expert in safety engineering.
The qualified person must be able to detect possible hazards that may arise from parameterization,
modifying configurations, settings, and wiring, and generally from mechanical, electrical, or electronic
equipment. The qualified person must be able to understand the effects that modifications to
configurations, settings, and wiring may have on the safety of the machine/process.
EIO0000003487 11/2020 5
INTENDED USE
The qualified person must be familiar with and understand the contents of the risk assessment as per ISO
12100-1 and/or any other equivalent assessment as well as all documents related to such risk assessment
or equivalent assessments for the machine/process.
The qualified person must be familiar with the standards, provisions, and regulations for the prevention of
industrial accidents, which they must observe when designing, implementing, and maintaining the
machine/process.
The qualified person must be thoroughly familiar with the safety-related applications and the non-safetyrelated applications used to operate the machine/process.
This product described in the present document is a safety module intended to perform safety-related
functions in a machine/process according to the present document, to the specified related documents,
and to all other documentation of the components and equipment of the machine/process.
The product may only be used in compliance with all applicable safety regulations and directives, the
specified requirements and the technical data.
Prior to using the product, you must perform a risk assessment as per ISO 12100-1 in view of the planned
application. Based on the results of the risk assessment, the appropriate safety-related measures must be
implemented.
Since the product is used as a component in an overall machine or process, you must ensure the safety
of persons by means of the design of this overall machine or process.
Operate the product only with the specified cables and accessories. Use only genuine accessories.
Any use other than the use explicitly permitted is prohibited and can result in hazards.
6 EIO0000003487 11/2020
At a Glance
Document Scope
Validity Note
Related Documents
About the Book
This manual describes technical characteristics, installation, commissioning, operation and maintenance
of the safety module XPSUS.
The present document is valid for the products listed in the type code
(see page 15)
For product compliance and environmental information (RoHS, REACH, PEP, EOLI, etc.), go to
www.schneider-electric.com/green-premium
.
The technical characteristics of the devices described in the present document also appear online. To
access the information online, go to the Schneider Electric home page
https://www.se.com/ww/en/download/
.
The characteristics that are described in the present document should be the same as those characteristics that appear online. In line with our policy of constant improvement, we may revise content over time
to improve clarity and accuracy. If you see a difference between the document and online information, use
the online information as your reference.
.
Title of documentation Reference number
XPSUS User Guide EIO0000003487 (ENG)
EIO0000003488 (FRE)
EIO0000003489 (GER)
EIO0000003490 (ITA)
EIO0000003491 (SPA)
EIO0000003494 (CHS)
XPSUS Instruction Sheet PHA71847 (ENG, FRE, GER,
ITA, SPA, CHS)
XPSUS Instruction Sheet PHA71849 (ENG, JAP, KOR,
POR, RUS, TUR)
XPSUEP User Guide EIO0000003509 (ENG)
EIO0000003510 (FRE)
EIO0000003511 (GER)
EIO0000003512 (ITA)
EIO0000003513 (SPA)
EIO0000003516 (CHS)
XPSUEP Instruction Sheet PHA71854 (ENG, FRE, GER,
ITA, SPA, CHS)
XPSUEP Instruction Sheet PHA71855 (ENG, JAP, KOR,
POR, RUS, TUR)
PreventaSupport Library Guide EIO0000003835 (ENG)
You can download these technical publications and other technical information from our website at
www.schneider-electric.com/en/download
.
EIO0000003487 11/2020 7
Product Related Information
HAZARD OF ELECTRIC SHOCK, EXPLOSION OR ARC FLASH
Disconnect all power from all equipment including connected devices prior to removing any covers or
doors, or installing or removing any accessories, hardware, cables, or wires except under the specific
conditions specified in the appropriate hardware guide for this equipment.
Always use a properly rated voltage sensing device to confirm the power is off where and when
indicated.
Where 24 Vdc or Vac is indicated, use PELV power supplies conforming to IEC 60204-1.
Replace and secure all covers, accessories, hardware, cables, and wires and confirm that a proper
ground connection exists before applying power to this equipment.
Use only the specified voltage when operating this equipment and any associated products.
Failure to follow these instructions will result in death or serious injury.
This equipment has been designed to operate outside of any hazardous location. Only install this
equipment in zones known to be free of a hazardous atmosphere.
POTENTIAL FOR EXPLOSION
Install and use this equipment in non-hazardous locations only.
Failure to follow these instructions will result in death or serious injury.
DANGER
DANGER
WARNING
LOSS OF CONTROL
The designer of any control scheme must consider the potential failure modes of control paths and,
for certain critical control functions, provide a means to achieve a safe state during and after a path
failure. Examples of critical control functions are emergency stop and overtravel stop, power outage
and restart.
Separate or redundant control paths must be provided for critical control functions.
System control paths may include communication links. Consideration must be given to the
implications of unanticipated transmission delays or failures of the link.
Observe all accident prevention regulations and local safety guidelines.
Each implementation of this equipment must be individually and thoroughly tested for proper operation
before being placed into service.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
1
For additional information, refer to NEMA ICS 1.1 (latest edition), "Safety Guidelines for the Application,
Installation, and Maintenance of Solid State Control" and to NEMA ICS 7.1 (latest edition), "Safety
Standards for Construction and Guide for Selection, Installation and Operation of Adjustable-Speed Drive
Systems" or their equivalent governing your particular location.
1
8 EIO0000003487 11/2020
INSUFFICIENT AND/OR INEFFECTIVE SAFETY-RELATED FUNCTIONS
Verify that a risk assessment as per ISO 12100 and/or other equivalent assessment has been
performed before this product is used.
Before performing any type of work on or with this product, fully read and understand all pertinent
manuals.
Verify that modifications do not compromise or reduce the Safety Integrity Level (SIL), Performance
Level (PL) and/or any other safety-related requirements and capabilities defined for your
machine/process.
After modifications of any type whatsoever, restart the machine/process and verify the correct
operation and effectiveness of all functions by performing comprehensive tests for all operating states,
the defined safe state, and all potential error situations.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
Terminology Derived from Standards
The technical terms, terminology, symbols and the corresponding descriptions in this manual, or that
appear in or on the products themselves, are generally derived from the terms or definitions of international
standards.
In the area of functional safety systems, drives and general automation, this may include, but is not limited
to, terms such as
,
message
dangerous
Among others, these standards include:
Standard Description
IEC 61131-2:2007 Programmable controllers, part 2: Equipment requirements and tests.
ISO 13849-1:2015 Safety of machinery: Safety related parts of control systems.
EN 61496-1:2013 Safety of machinery: Electro-sensitive protective equipment.
ISO 12100:2010 Safety of machinery - General principles for design - Risk assessment and risk
EN 60204-1:2006 Safety of machinery - Electrical equipment of machines - Part 1: General
ISO 14119:2013 Safety of machinery - Interlocking devices associated with guards - Principles
ISO 13850:2015 Safety of machinery - Emergency stop - Principles for design
IEC 62061:2015 Safety of machinery - Functional safety of safety-related electrical, electronic,
IEC 61508-1:2010 Functional safety of electrical/electronic/programmable electronic safety-
IEC 61508-2:2010 Functional safety of electrical/electronic/programmable electronic safety-
IEC 61508-3:2010 Functional safety of electrical/electronic/programmable electronic safety-
IEC 61784-3:2016 Industrial communication networks - Profiles - Part 3: Functional safety
2006/42/EC Machinery Directive
2014/30/EU Electromagnetic Compatibility Directive
2014/35/EU Low Voltage Directive
WARNING
safety, safety function, safe state, fault, fault reset, malfunction, failure, error, error
, etc.
General principles for design.
Part 1: General requirements and tests.
reduction
requirements
for design and selection
and electronic programmable control systems
related systems: General requirements.
related systems: Requirements for electrical/electronic/programmable
electronic safety-related systems.
related systems: Software requirements.
fieldbuses - General rules and profile definitions.
In addition, terms used in the present document may tangentially be used as they are derived from other
standards such as:
Standard Description
IEC 60034 series Rotating electrical machines
IEC 61800 series Adjustable speed electrical power drive systems
EIO0000003487 11/2020 9
Standard Description
IEC 61158 series Digital data communications for measurement and control – Fieldbus for use in
industrial control systems
Finally, the term
zone of operation
is defined as it is for a
ISO 12100:2010
.
hazard zone
may be used in conjunction with the description of specific hazards, and
or
danger zone
in the
Machinery Directive (2006/42/EC
) and
10 EIO0000003487 11/2020
XPSUS
Introduction
EIO0000003487 11/2020
Introduc tion
Chapter 1
Introduction
What Is in This Chapter?
This chapter contains the following topics:
Device Overview 12
Front View and Side View 13
Nameplate 14
Type Code 15
Topic Page
EIO0000003487 11/2020 11
Introduction
Device Overview
Outline
The device is a safety module for interruption of safety-related electrical circuits.
The device provides application functions used to monitor signals from different types of sensors/devices.
Equipment with the following types of outputs can be connected to the safety-related inputs of the device:
NO, NC, C/O, for example, Emergency Stop push-buttons, guard door switches, coded magnetic
switches, enabling switches, two-hand control devices
PNP transistors, for example, magnetic switches, proximity switches
OSSD, for example, light curtains
The device is available in four different types: either spring terminals or screw terminals and either
24 Vac/Vdc supply voltage or 48 … 240 Vac/Vdc supply voltage.
Feature summary:
10 application functions
Configurable start function
2 safety-related inputs
2 safety-related relay outputs
1 non-safety-related status/diagnostics output
1 non-safety-related start input with 8 selectable start functions
Connector for connection of extension module XPSUEP to increase the number of safety-related
outputs by 6
12
EIO0000003487 11/2020
Front View and Side View
Front View and Side View
Introduction
1 Removable terminal blocks, top
2 Removable terminal blocks, bottom
3 LED indicators
4 Start function selector
5 Application function selector
6 Connector for optional output extension module XPSUEP (lateral)
7 Sealable transparent cover
EIO0000003487 11/2020 13
Introduction
Nameplate
Nameplate
The nameplate contains the following data:
1 Device type (refer to chapter Type Code
(seepage15)
)
2 Nominal voltage
3 Frequency range Vac supply
4 Input power
5 Maximum current of safety-related outputs with utilization category AC15 (250 Vac)
6 Maximum current of safety-related outputs with utilization category DC13 (24 Vdc)
7 Maximum total thermal current
8 Maximum Safety Integrity Level (SIL) as per IEC 61508-1:2010
9 Maximum Performance Level and Category as per ISO 13849-1:2015
10 Maximum response time to request at safety-related input
11 Permissible ambient temperature range during operation
12 IP degree of protection
13 Serial number
14 Product version (PV), release (RL), software version (SV)
15 Plant code and date of manufacture (example: PP-2019-W10 means plant code PP, year of
manufacture 2019, week of manufacture 10)
14
EIO0000003487 11/2020
Type Code
Type Code
Introduction
Item 1 2 3 4 5 6 7 8 9
Type code (example) X P S U S 1 2 A C
Item Meaning
1 ... 4 Product range
XPSU = Universal
5 Product version
S
6 Supply voltage
1 = 24 Vac/Vdc
3 = 48 … 240 Vac/Vdc
7 ... 8 Number of safety-related outputs
2A = 2 normally open relay contacts
9 Terminal type
C = Spring terminals, removable
P = Screw terminals, removable
If you have questions concerning the type code, contact your Schneider Electric service representative.
EIO0000003487 11/2020 15
Introduction
16
EIO0000003487 11/2020
XPSUS
Technical Data
EIO0000003487 11/2020
Technical Data
Chapter 2
Technical Data
What Is in This Chapter?
This chapter contains the following topics:
Environmental Conditions 18
Mechanical Characteristics 20
Electrical Characteristics 21
Timing Data 23
Data Functional Safety 24
Topic Page
EIO0000003487 11/2020 17
Technical Data
Environmental Conditions
Environmental Conditions For Storage
The device complies with class 1K5 as per IEC 60721-3-1:1997 (climatic conditions):
Characteristic Value
Ambient temperature -40 ... 70 °C (-40 ... 158 °F)
Rate of change of temperature 1 °C/min (1.8 °F/min)
Ambient humidity 10 ... 100 % relative humidity
The device complies with class 1M2 as per IEC 60721-3-1:1997 (mechanical conditions):
Characteristic Value
Vibration, sinusoidal, displacement amplitude
2...9Hz
Vibration, sinusoidal, acceleration amplitude
9 ... 200 Hz
Shock, shock response spectrum type L, peak
acceleration
Environmental Conditions For Transportation
The device complies with class 2K5H as per IEC 60721-3-2:1997 (climatic conditions):
1.5 mm
5m/s
40 m/s
2
2
Characteristic Value
Ambient temperature -25 ... 85 °C (-13 ... 185 °F)
Change of temperature, air/air -25 ... 30 °C (-13 ... 86 °F)
Ambient humidity 5 ... 95 % relative humidity, no condensation
The device complies with class 2M2 as per IEC 60721-3-2:1997 (mechanical conditions):
Characteristic Value
Vibration, sinusoidal, displacement amplitude
2...9Hz
Vibration, sinusoidal, acceleration amplitude
9 ... 200 Hz
Vibration, sinusoidal, acceleration amplitude
200 ... 500 Hz
Shock, shock response spectrum type I, peak
acceleration
Shock, shock response spectrum type II, peak
acceleration
Environmental Conditions For Operation
Characteristic Value
Maximum installation altitude above mean sea level 2000 m (6562 ft)
Installation required in control cabinet/enclosure with
degree of protection
3.5 mm
10 m/s
15 m/s
100 m/s
300 m/s
IP54
2
2
2
2
18
The device complies with class 3K5 and special class 3Z11 as per IEC 60721-3-3:2008 (climatic
conditions):
Characteristic Value
Ambient temperature -25 ... 55 °C (-13 ... 131 °F), no icing
Rate of change of temperature 0.5 °C/min (0.9 °F/min)
Ambient humidity 5 ... 95 % relative humidity, no condensation
EIO0000003487 11/2020
The device complies with class 3M4 as per IEC 60721-3-3:2008 (mechanical conditions):
Characteristic Value
Vibration, sinusoidal, displacement amplitude
3mm
2...9Hz
Vibration, sinusoidal, acceleration amplitude
10 m/s
2
9 ... 200 Hz
Shock, shock pulse shape: half-sine, peak
100 m/s
2
acceleration
The devices complies with the following vibration and shock values as per IEC 60947-1:
Characteristic Value
Vibration, sinusoidal, displacement amplitude
2...13Hz
Vibration, sinusoidal, acceleration amplitude
13.2 ... 100 Hz
Shock, shock pulse shape: half-sine, peak
acceleration
1mm
2
7m/s
150 m/s
2
Technical Data
EIO0000003487 11/2020 19
Technical Data
Mechanical Characteristics
Dimensions
Characteristic Value
Width 22.5 mm (0.89 in)
Height without terminals 99 mm (3.90 in)
Height with terminals 119 mm (4.70 in) 109 mm (4.30 in)
Depth 117 mm (4.61 in)
XPSUS•••C XPSUS•••P
Weight
Characteristic Value
Weight 0.2 kg (0.44 lbs)
Degree Of Protection
Characteristic Value
Housing IP40
Terminals IP20
Wire Cross Sections, Stripping Lengths, and Tightening Torques
Characteristic Value
Stripping length for spring terminals 12 mm (0.47 in)
Stripping length for screw terminals 7 ... 8 mm (0.28 ... 0.31 in)
Wire cross section, single wire without wire ferrule
Wire cross section, single wire with wire ferrule
Wire cross section, two wires without wire ferrule
Wire cross section, two wires with uninsulated wire
ferrule
Wire cross section, two wires with insulated wire
ferrule
Tightening torque for screw terminals 0.5 ... 0.6 N m (4.4 ... 5.3 lb in)
(1) Stranded or solid
(1)
0.2 ... 2.5 mm2 (AWG 24 ... 12)
0.25 ... 2.5 mm2 (AWG 24 ... 12)
(1)
0.2 ... 1.5 mm2 (AWG 24 ... 16)
0.25 ... 1 mm
0.5 ... 1.5 mm
2
(AWG 24 ... 18)
2
(AWG 20 ... 16)
20
EIO0000003487 11/2020
Electrical Characteristics
Supply
Characteristic Value
Supply voltage AC 24 Vac (-15 ... 10 %) 48 ... 240 Vac (-10 ... 10 %)
Supply voltage DC 24 Vdc (-20 ... 20 %) 48 ... 240 Vdc (-10 ... 10 %)
Nominal input power AC 5 VA (24 Vac) 8.5 VA (240 Vac)
Nominal input power DC 2 W (24 Vdc) 3 W (48 Vdc)
Frequency range AC 50 ... 60 Hz
Overvoltage category II
Pollution degree 2
Insulation voltage 300 V
Impulse withstand voltage 4 kV
Electromagnetic Compatibility (EMC)
Characteristic Value
Conducted and radiated emissions as per IEC CISPR 11 Group 1/class B Group 1/class A
Usage in environment as per IEC/UL 60947-1 Environment B Environment A
Technical Data
XPSUS1••• XPSUS3•••
XPSUS1••• XPSUS3•••
Common Reference Potential
Terminal B2 is provided to obtain a common reference potential for 24 Vdc signals.
Safety-Related Inputs
Characteristic Value
Number of inputs, positive supplied (each with 1 control
output DC+ (S11, S21) and 2 inputs CH+ (S12–S13, S22–
S23)), dual-channel
Output voltage at DC+ >15 Vdc
Input voltage at CH+ 0 ... 24 Vdc (+20 %)
Switching voltage for activation of CH+ >15 Vdc
Switching voltage for deactivation of CH+ <5 Vdc
Input current 5 mA
Maximum wire resistance 500 Ω
Start Input
Characteristic Value
Output voltage at DC+ >15 Vdc
Input voltage at CH+ 0 ... 24 Vdc (+20 %)
Switching voltage activate CH+ >15 Vdc
Switching voltage deactivate CH+ <5 Vdc
Input current 5 mA
Maximum wire resistance 500 Ω
2
Classification of Safety-Related Inputs and Start Input as per ZVEI CB24I
Representation and values as per identifying key, ZVEI CB24I:
Source/sink Interface type Additional measure Source/sink Interface type
Sink: A M Source: C0
EIO0000003487 11/2020 21
Technical Data
Interface type A: Sink
Parameter Minimum value Maximum value
Input current Ii (in the ON state) 3 mA 5 mA
Output voltage Ui 15 V 24 V (+20 %)
Additional measure M The inputs are not types as per
IEC 61131-2.
TG is S•1 for S•2 and S•3
TG is Y1 for Y2
>15 Vdc
Refer to Dynamization of Safety-Related Inputs and Start Input
Safety-Related Outputs
Characteristic Value
Number of relay contacts, Normally Open, instantaneous 2
Maximum short circuit current IK 1 kA
Maximum continuous current, Normally Open relay
contacts
Maximum total thermal current ΣIth in free air up to 55°C
(131 °F) and for side-by-side mounting up to 35°C (95 °F)
Maximum total thermal current ΣIth for side-by-side
mounting at 55°C (131°F)
(see page 23)
6A
12 A
6A
Derating curve (derating starting at 35 °C (95 °F)):
for test pulse times.
Minimum current 10 mA
Minimum voltage 5 V
Utilization category as per UL 60947-5-1 B300 and R300
Utilization category as per IEC 60947-4-1 and IEC 609475-1)
Maximum current, normally open relay contacts AC1: 5 A
External fusing 10 A, category gG
Additional Non-Safety-Related Outputs
Characteristic Value
Number of semiconductor pulsed outputs 1
Output voltage 24 Vdc
Maximum current 20 mA
22
AC1: 250 V
AC15: 250 V
DC1: 24 V
DC13: 24 V
AC15: 3 A
DC1: 5 A
DC13: 3 A
EIO0000003487 11/2020
Timing Data
Maximum Response Times
Characteristic Value
Maximum response time to request at safety-related input 20 ms
Maximum response time after power outage AC 200 ms 80 ms
Maximum response time after power outage DC 120 ms 80 ms
Recovery Time
Characteristic Value
Recovery time after request at safety-related input 200 ms
Switch-On and Activation Delays
Characteristic Value
Switch on delay after power on and automatic start 2500 ms
Delay after activation of safety-related input or valid start
condition
Technical Data
XPSUS1••• XPSUS3•••
100 ms
Monitored Start
Characteristic Value
Waiting time 2500 ms
Minimum duration of start pulse for monitored start 80 ms
Dynamization of Safety-Related Inputs and Start Input
Characteristic Value
Test pulse duration (safety-related input must be activated
for longer than duration of test pulse)
Test pulse interval 500 ms
Maximum delay of test pulse 40 ms
Test pulse phase shift At least 70 ms
Debounce Time of Safety-Related Inputs
Characteristic Value
Debounce time, standard 2.5 ms
Debounce time, with OSSD 4 ms
Signal Interlock Monitoring Time
2ms
Characteristic Value
Signal interlock monitoring time 200 ms
Synchronization Times
The synchronization times for the synchronization of safety-related inputs depend on the application
function
EIO0000003487 11/2020 23
(see page 44)
.
Technical Data
Data Functional Safety
Data Functional Safety
Characteristic Value
Defined safe state Safety-related outputs are de-energized
Maximum Performance Level (PL), Category
(as per ISO 13849-1:2015)
Maximum Safety Integrity Level (SIL)
(as per IEC 61508-1:2010)
Safety Integrity Level Claim Limit (SILCL)
(as per IEC 62061:2005+AMD1:2012+AMD2:2015)
Type
(as per IEC 61508-2)
Hardware Fault Tolerance (HFT)
(as per IEC 61508 and IEC 62061)
Stop Category for Emergency Stops
(as per ISO 13850 and IEC 60204-1)
Lifetime in years at an ambient temperature of 55 °C
(131 °F)
Safe Failure Fraction (SFF)
(as per IEC 61508 and IEC 62061)
Probability of Dangerous Failure per hour (PFHD) in 1/h
(as per IEC 61508 and ISO 13849-1)
Mean Time To Dangerous Failure (MTTFd) in years
(high as per ISO 13849-1)
Average Diagnostic Coverage (DC
(high as per ISO 13849-1)
Maximum number of cycles over lifetime DC13, 24 Vdc 1 A: 1200000
avg
XPSUS1••• XPSUS3•••
Normally Open: open
PL e, Category 4
Actual PL and category depend on wiring and
configuration.
3
Actual SIL depends on wiring and configuration.
3
Actual SILCL depends on wiring and configuration.
B
1
0
20
>99 %
1.13 x 10
-9
1.61 x 10
-9
>30
)
≥99 %
DC13, 24 Vdc 3 A: 180000
AC1, 250 Vac 4 A: 180000
AC15, 250 Vac 1 A: 70000
AC15, 250 Vac 3 A: 39000
24
Electrical durability of the safety-related output relay contacts as per IEC 60947-5-1
1 Operating cycles
2 Rated current in A
EIO0000003487 11/2020
Electrical durability of the safety-related output relay contacts as per IEC 60947-5-1
1 Operating cycles
2 Rated current in A
Technical Data
Refer to chapter Timing Data
safety calculations.
(see page 23)
for additional technical data that may affect your functional
EIO0000003487 11/2020 25
Technical Data
26
EIO0000003487 11/2020
XPSUS
Engineering
EIO0000003487 11/2020
Engineering
Chapter 3
Engineering
What Is in This Chapter?
This chapter contains the following topics:
Electromagnetic Compatibility (EMC) 28
Basic Principles of Operation 29
Safety-Related Inputs 32
Synchronization of Safety-Related Inputs 34
Dynamization 35
Signal Interlock Monitoring 36
Topic Page
EIO0000003487 11/2020 27
Engineering
Electromagnetic Compatibility (EMC)
Conducted and Radiated Electromagnetic Emissions
Equipment of class A as per IEC CISPR 11 is not intended for use in residential environments and may not
provide adequate protection to radio reception in such environments.
INSUFFICIENT ELECTROMAGNETIC COMPATIBILITY
Verify compliance with all EMC regulations and requirements applicable in the country in which the
device is to be operated and with all EMC regulations and requirements applicable at the installation
site.
Do not install and operate devices of class A as per IEC CISPR 11 in residential environments.
Implement all required radio interference suppression measures and verify their effectiveness.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
According to IEC CISPR 11, device type XPSUS1••• is a group 1, class B device. Class B as per
IEC CISPR 11 corresponds to environment B as per IEC 60947-1.
According to IEC CISPR 11, device type XPSUS3••• is a group 1, class A device. Class A as per
IEC CISPR 11 corresponds to environment A as per IEC 60947-1.
WARNING
28
EIO0000003487 11/2020
Basic Principles of Operation
Introduction
The following sections provide basic information on the principles of operation of the device to assist you
in engineering your application function.
Operating States
The following graphic illustrates the operating states and state transitions of the device:
Engineering
State Transitions
Operating state Description In defined
safe state
Off / Configuration Configuration only possible in this operating state Yes
Initialization Self-tests Yes
Run: Outputs Deenergized Regular operation with safety-related function active Yes
Run: Outputs Energized Regular operation with safety-related function not active No
Error Error detected Yes
NOTE: See the chapter Data Functional Safety
State transition Condition
T1
T2
T3
T4
T5
Power on
Initialization successful
Switch on delay has passed
Start condition fulfilled (for example, automatic start or manual start with start
button pressed)
Safety-related inputs activated
For application functions with signal interlock monitoring: no signal interlock
condition
For application functions with synchronization: synchronization time
requirements met
Safety-related inputs deactivated (corresponds to triggering of the safety-
related function)
Error detected on
(see page 24)
for the defined safe state of the device.
EIO0000003487 11/2020 29
Engineering
State transition Condition
T6 Power off
NOTE: Refer to the Activation and Deactivation
and “deactivated” in the present document.
Example with Emergency Stop
The following example uses a machine with an Emergency Stop pushbutton, a start pushbutton for manual
start, and a motor to demonstrate the individual operating states and state transitions. The selected
application function is Monitoring of Emergency Stop Circuits. The selected start function is Manual Start.
The example assumes that the equipment is properly wired and configured.
After the device is powered on, it enters the operating state Initialization (T1).
If the initialization is successful, the device enters the operating state Run: Outputs Deenergized (T2).
If an error is detected, the device transitions to the operating state Error (T5).
On entering the operating state Run: Outputs Deenergized, the device verifies the state of the safety-
related inputs and of the start input. The motor is at a standstill.
If the start pushbutton is not pressed, the start input stays deactivated and the device remains in the
operating state Run: Outputs Deenergized. The motor is at a standstill.
Detailed information on the start functions and the timing can be found in the chapter Start Functions
(see page 56)
If the start pushbutton is pressed, the start input is activated, i.e. the start condition is fulfilled.
The state of the safety-related inputs determines whether the device transitions to the operating state
Run: Outputs Energized.
If the safety-related inputs are not activated (actuator of Emergency Stop pushbutton pushed down), the
device remains in the operating state Run: Outputs Deenergized. The motor remains at a standstill.
If the safety-related inputs are activated (actuator of Emergency Stop pushbutton pulled out), the device
transitions to the operating state Run: Outputs Energized (T3). The motor runs. This operating
corresponds to regular operation of the machine.
If an application function with synchronization
transition only occurs if the safety-related inputs are activated within the synchronization time.
In the operating state Run: Outputs Energized, the device monitors the state of the safety-related inputs.
If the actuator of the Emergency Stop pushbutton is pushed down (safety-related inputs deactivated),
the safety-related outputs are deactivated within the response time (transition T4 to operating state Run:
Outputs Deenergized). The device is again in the defined safe state. The motor is stopped.
This corresponds to the Emergency Stop condition of the machine.
To return to the operating state Run: Outputs Energized (T3), the start input and the safety-related
inputs need to be activated again (start button pressed and actuator of the Emergency Stop pushbutton
pulled out).
If an application function with signal interlock monitoring
occurs if there is no signal interlock condition.
If an application function with synchronization
transition only occurs if the safety-related inputs are activated within the synchronization time.
(see page 32)
for details on the use of the terms “activated”
.
(see page 34)
(see page 34)
of the safety-related inputs is used, this
(see page 36)
is used, this transition only
of the safety-related inputs is used, this
Timing Diagram for Example with Emergency Stop
The following timing diagram provides an overview of the example with Emergency Stop.
30
EIO0000003487 11/2020
Legend
Item Description
1
2
3
4
5
6
The first safety-related input (A) is activated (actuator of Emergency Stop button pulled out).
The device remains in the defined safe state.
The second safety-related input (B) is activated (second output contact of Emergency Stop
button).
If an application function with synchronization
output (A) is only activated if the second safety-related input (B) is activated within the
synchronization time.
The start button has not yet been pressed so the start condition is not yet fulfilled and the
device remains in the defined safe state.
The start button is pressed.
The start condition is fulfilled. See the chapter Start Functions
information on the start functions.
The safety-related output is activated within the activation delay time
If an application function with synchronization
the safety-related output is only activated if the two channels of the safety-related input have
been activated within the synchronization time.
The motor runs. The device is not in the defined safe state.
The start button is released.
The safety-related input B is deactivated (actuator of Emergency Stop button pushed).
The safety-related output is deactivated within the response time
The Emergency Stop is triggered. The device is in the defined safe state.
The safety-related input A is deactivated (by second output contact of Emergency Stop
button).
If an application function with signal interlock monitoring
related inputs must be deactivated within the signal interlock monitoring time (between (5)
and (6)).
(see page 34)
(see page 34)
(see page 36)
Engineering
is used, the first safety-related
(see page 56)
for detailed
(see page 23)
.
of two input channels is used,
(see page 23)
.
is used, both safety-
EIO0000003487 11/2020 31
Engineering
Safety-Related Inputs
Overview
WARNING
INSUFFICIENT AND/OR INEFFECTIVE SAFETY-RELATED FUNCTIONS
Only connect a sensor/device to a safety-related input that meets all requirements as per your risk
assessment and that complies with all regulations, standards, and process definitions applicable to your
machine/process.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
The following sections provide basic information on the safety-related inputs such as principle of activation
and deactivation as well as antivalent behavior. Refer to the chapters Electrical Characteristics
(see page 21)
General Information on Activation and Deactivation of Safety-Related Inputs
In the present document, “activation” of a safety-related input means that a safety-related input changes
its state so that the device can enter the operating state Run: Outputs Energized.
The term “deactivation” of a safety-related input means that a safety-related input changes its state so that
the device enters the operating state Run: Outputs Deenergized.
See Operating States
and Electrical Installation
(see page 29)
(see page 41)
for details on the state machine of the device.
for more details on the safety-related inputs.
Activation and Deactivation with Antivalent Behavior Between Two Input Channels of One Safety-Related Input
Depending on the selected application function, the input channels of the safety-related input are
configured for antivalent behavior. Antivalent is defined here as a normally open and a normally closed
contacts working in synchronization.
For example, for application function 5
normally open contact, whereas the signal for input channel S13 is provided by a normally closed contact.
One safety-related input with two input channels with antivalent behavior (magnetic switch with NO at S12
and NC at S13):
If the level at terminal S12 is logically 0 and the level at terminal S13 is logically 1, the safety-related input
is activated.
Timing diagram for one safety-related input with two input channels with antivalent behavior:
(see page 49)
, the signal for input channel S12 is provided by a
32
1 = Activation, transition to operating state Run: Outputs Energized
2 = Deactivation, transition to operating state Run: Outputs Deenergized (defined safe state)
EIO0000003487 11/2020
Truth table for one safety-related input with two input channels with antivalent behavior:
Engineering
Signal state at
S•2
0 1 Safety-related input channel activated, operating state Run: Outputs
1 0 Safety-related input channel deactivated, operating state Run: Outputs
Identical signal states are only permissible within the synchronization time
Signal state at
S•3
Activation State and Operating State
Energized
Deenergized
(see page 29)
(see page 34)
. Otherwise,
identical signal states trigger an alert.
The truth table applies to the wiring diagrams presented for the application functions.
If the magnetic switch in the wiring example above is used for guard monitoring, this means that the
magnetic switch is presented in the activated state and the guard is closed.
Consult the manual of the sensor/device you want to use for your application function for details on signal
state required for activation and deactivation as defined in the present document.
EIO0000003487 11/2020 33
Engineering
Synchronization of Safety-Related Inputs
Overview
The device can monitor synchronized behavior of the input channels of the safety-related inputs using
various synchronization mechanisms with different synchronization times. If the synchronized input
channels of the safety-related inputs are not activated within the synchronization time, the safety-related
output or outputs are not activated.
The synchronized terminals and the synchronized pairs of terminals of the safety-related inputs and the
corresponding synchronization times are listed for each individual application function
synchronization, including information on the sequences in which the synchronized input channels are
activated, if applicable.
Refer to the chapter Safety-Related Inputs
“activation” in the present document.
(see page 32)
(seepage44)
us ing
for additional information on the use of the term
34
EIO0000003487 11/2020
Dynamization
Dynamization of Inputs
Dynamization is used for cross circuit detection between two safety-related inputs or between one safetyrelated input and the Start input or a cross-circuit to an external power supply unit or to ground.
Dynamization is implemented by means of periodically generated test pulses at the control outputs of the
safety-related inputs S•1 and of the start input Y1.
Whether dynamization of the safety-related inputs is used depends on the selected application function
(see page 43)
The following diagram illustrates the dynamization principle and timing:
Engineering
.
The diagram presents the input channels S11-S12 and S21-S22. The remaining input channels S13 and
S23 use the same logic as the input channels illustrated.
The same logic applies to Y1 and Y2.
Designation Value Explanation
T
DDUR
T
DINT
T
DDEL
T
DPSHL
2 ms Duration of the test pulse. The duration of the test pulse is the
time between the start of the test pulse and the end of the test
pulse.
500 ms Interval between test pulses. This interval is the time between the
start of a test pulse and the start of the next test pulse at the same
control output.
40 ms Maximum delay of test pulse. This delay is the maximum time
between the start of the test pulse at the control output and the
associated input channel, that is, the maximum time during which
the input expects to “see” dynamization.
At least 70 ms Phase shift of test pulses. This time is the phase shift between
the test pulses at the control outputs of the safety-related inputs.
EIO0000003487 11/2020 35
Engineering
Signal Interlock Monitoring
Overview
Signal interlock is a monitoring function used to detect conditions in which one of the sensors/devices
cannot provide the expected input signal for the device, for example, as a result of contact welding.
The device expects “simultaneous” deactivation of the two safety-related inputs within the signal interlock
monitoring time of 200 ms.
If the two monitored safety-related inputs are not deactivated within 200 ms, this is a signal interlock
condition and the device triggers a signal interlock alert. The device remains in the defined safe state, i.e.,
there is no transition from operating state Run: Outputs Deenergized to operating state Run: Outputs
Energized (T3).
To exit the signal interlock condition, the two affected safety-related inputs must be deactivated for at least
one second. After that, the safety-related inputs can be activated again which activates the safety-related
outputs as well.
Signal interlock is available for certain of the application functions
Examples
The following figure illustrates a condition without signal interlock:
(seepage44)
the device provides.
Both safety-related inputs are deactivated within the signal interlock monitoring time of 200 ms. When they
are activated again, the safety-related outputs are also activated.
The following figure illustrates a condition with signal interlock:
The first safety-related input is deactivated which starts the signal interlock monitoring time of 200 ms. It is
then activated again before the second safety-related input is deactivated. This immediately triggers a
signal interlock alert even though the 200 ms have not yet elapsed.
The following figure illustrates a condition with signal interlock:
36
The first safety-related input is deactivated which starts the signal interlock monitoring time of 200 ms. The
second safety-related remains activated longer than 200 ms. This triggers a signal interlock alert 200 ms
after interlock monitoring has started.
EIO0000003487 11/2020
XPSUS
Installation
EIO0000003487 11/2020
Installat ion
Chapter 4
Installation
What Is in This Chapter?
This chapter contains the following topics:
Prerequisites and Requirements 38
Mechanical Installation 39
Electrical Installation 40
Topic Page
EIO0000003487 11/2020 37
Installation
Prerequisites and Requirements
Inspecting the Device
Damaged products may cause electric shock or unintended equipment operation.
ELECTRIC SHOCK OR UNINTENDED EQUIPMENT OPERATION
Do not use damaged products.
Keep foreign objects (such as chips, screws or wire clippings) from getting into the product.
Failure to follow these instructions will result in death or serious injury.
DANGER
Verify the product type by means of the type code
Control Cabinet/Enclosure
Install the device in a control cabinet or enclosure with degree of protection IP54 that is secured by a keyed
or tooled locking mechanism.
The ventilation of the control cabinet/enclosure must be sufficient to comply with the specified ambient
conditions for the device and the other components operated in the control cabinet/enclosure.
Label on Extension Module Connector
The connector for connection of the extension module XPSUEP is covered by a label. Do not remove the
label from the connector unless you want to connect the extension module XPSUEP.
INOPERABLE EQUIPMENT
Do not remove the protective label from the extension connector unless you are immediately attaching
an extension module.
Failure to follow these instructions can result in equipment damage.
(see page 15)
NOTICE
and the data printed on the device.
38
EIO0000003487 11/2020
Mechanical Installation
Mounting to DIN Rail
The device can be mounted to the following DIN rails as per IEC 60715:
35 x 15 mm (1.38 x 0.59 in)
35 x 7.5 mm (1.38 x 0.29 in)
Mounting procedure (left illustration)
Step Action
1 Slightly tilt the device and hook it onto the DIN rail.
2 Push the lower part of the device towards the DIN rail.
3 Snap in the DIN rail clip.
Installation
Screw-Mounting
Dismounting procedure (center illustration)
Step Action
1 Unlock the DIN rail clip using a screwdriver.
2 Pull the lower part of the device away from the DIN rail and lift the device towards the top to
remove it from the DIN rail.
Mounting procedure:
Step Action
1 Push the additional fastener into the grooves at the device.
2 Prepare the holes.
3 Screw the device to the mounting surface using the specified screws and a washer M4 as per
ISO 7093 for each screw.
EIO0000003487 11/2020 39
Installation
Electrical Installation
General Information
FIRE, ELECTRIC SHOCK OR ARC FLASH
Disconnect all power from all equipment of your machine/process prior to electrical installation of the
Confirm the absence of power using a properly rated voltage sensing device.
Place a "Do Not Turn On" or equivalent hazard label on all power switches and lock them in the non-
Failure to follow these instructions will result in death or serious injury.
Wiring of the device depends on the safety-related function to be implemented. Before wiring the device,
engineer the safety-related function, perform a risk assessment with regard to your machine/process, and
determine the suitability of the device as well as the connected equipment.
Refer to the Schneider Electric Safety Chain Solutions at
examples of wiring the device, including the safety-related outputs with feedback and the start input with
external start condition.
You can wire the device with the terminal blocks in the device or you can remove the terminal blocks. For
the latter, pull the terminal blocks out of the device, connect the individual terminals and push the terminal
blocks back into the device.
Use 75 °C (167 °F) copper conductors to wire the device.
device.
energized position.
DANGER
https://www.se.com
for application-specific
Wire Cross Sections, Stripping Lengths, and Tightening Torques
Characteristic Value
Stripping length for spring terminals 12 mm (0.47 in)
Stripping length for screw terminals 7 ... 8 mm (0.28 ... 0.31 in)
Wire cross section, single wire without wire ferrule
Wire cross section, single wire with wire ferrule
Wire cross section, two wires without wire ferrule
Wire cross section, two wires with uninsulated wire
ferrule
Wire cross section, two wires with insulated wire
ferrule
Tightening torque for screw terminals 0.5 ... 0.6 N m (4.4 ... 5.3 lb in)
(1) Stranded or solid
Block Diagram and Terminals
The following drawings present the block diagram and the terminals with their designations in the
removable terminal blocks.
(1)
0.2 ... 2.5 mm2 (AWG 24 ... 12)
0.25 ... 2.5 mm2 (AWG 24 ... 12)
(1)
0.2 ... 1.5 mm2 (AWG 24 ... 16)
0.25 ... 1 mm
0.5 ... 1.5 mm
2
(AWG 24 ... 18)
2
(AWG 20 ... 16)
40
EIO0000003487 11/2020
Terminal Designation Explanation
A1, A2 Power supply
Y1 Control output (DC+) of start input
Y2 Input channel (CH+) of start input
S11, S21 Control outputs (DC+) of safety-related inputs
S12, S13, S22, S23 Input channels (CH+) of safety-related inputs
B2 Terminal for common reference potential for 24 Vdc
13, 14, 23, 24 Terminals of the safety-related outputs
Z1 Pulsed output for diagnostics
EXT Connector for output extension module XPSUEP
signals. The power supplies of the connected
equipment must have a common reference potential
to be connected to this terminal.
safety-related
(see page 69)
, not
Installation
Safety-Related Inputs
INSUFFICIENT AND/OR INEFFECTIVE SAFETY-RELATED FUNCTIONS
Only connect a sensor/device to a safety-related input that meets all requirements as per your risk
assessment and that complies with all regulations, standards, and process definitions applicable to your
machine/process.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
The device provides two safety-related inputs. Each safety-related input consists of one control output DC+
(terminals S11, S21) and two input channels CH+ (terminals S12–S13, S22–S23).
Each control output DC+ provides a nominal voltage of 24 Vdc to the connected sensor/device. It is also
used for dynamization
Respect the maximum wire resistance of 500 Ω when determining the cable length. The maximum wire
length between a safety-related input and a sensor/device is 30 m (98.43 ft) if the supply via the control
outputs (terminals S•1) of the safety-related inputs are not used.
Wire the terminals of the safety-related inputs according to the wiring diagram for the application function
(see page 44)
Safety-Related Outputs
The wiring of the safety-related outputs depends on the safety-related function to be implemented.
Install fuses with the rating specified in the chapter Electrical Characteristics
(see page 35)
to be implemented.
WARNING
.
(see page 22)
.
EIO0000003487 11/2020 41
Installation
Start Input
WARNING
UNINTENDED EQUIPMENT OPERATION
Do not use the Start function for safety-related purposes.
Use Monitored Start or Startup Test if unintended restart is a hazard according to your risk
assessment.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
The start input consists of one control output DC+ (terminal Y1) and one input channel CH+ (terminal Y2).
The control output provides a nominal voltage of 24 Vdc to the connected sensor/device. It is also used for
dynamization
The wiring of the start input depends on the start function
For automatic start, bridge terminals Y1 and Y2 or connect terminal Y2 to an external 24 Vdc power supply.
For manual start or monitored start and if the control output Y1 (DC+) is to be used:
Connect terminals Y1 and Y2 to the device providing the start signal, such as a push-button.
For manual start or monitored start and if the device providing the start signal is supplied externally:
Connect terminal Y2 to the device providing the start signal, such as a push-button or a logic controller.
Leave terminal Y1 unconnected.
The common reference potential is established via terminal B2.
Respect the maximum wire resistance of 500 Ω when determining the cable length. The maximum wire
length between the start input and a sensor/device is 30 m (98.43 ft) if the supply via the control output
(terminal Y1) of the start input is not used.
(see page 35)
.
(see page 56)
to be implemented.
Additional, Non-Safety-Related Output Z1
INCORRECT USE OF OUTPUT
Do not use the additional output Z1 for safety-related purposes.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
Connect the semiconductor pulsed output Z1 to a suitable input of the logic controller if you want to use
the diagnostics pattern the output provides.
The maximum wire length between the additional output Z1 and connected equipment is 30 m (98.43 ft)
The common reference potential is established via terminal B2.
Power Supply
Connect the terminals A1 and A2 to a power supply providing the supply voltage specified for the device
in the chapter Electrical Characteristics
Common Reference Potential
Terminal B2 is provided to obtain a common reference potential for 24 Vdc signals.
The power supplies of the connected equipment must have a common reference potential.
WARNING
(see page 21)
.
42
EIO0000003487 11/2020
XPSUS
Functions
EIO0000003487 11/2020
Functions
Chapter 5
Functions
What Is in This Chapter?
This chapter contains the following topics:
Application Functions 44
Start Functions 56
Topic Page
EIO0000003487 11/2020 43
Functions
Application Functions
Introduction
The following sections provide an overview of the available application functions and a detailed listing of
requirements and values of each of the application functions. The chapter Configuration
describes the configuration procedure by means of the selectors of the device.
Overview of Application Functions
(see page 62)
Typical applications Type of outputs of sensor/device providing
the input signal for application function
Monitoring of Emergency Stop circuits
as per ISO 13850 and IEC 60204-1,
stop category 0
Monitoring of guards as per
ISO 14119/14120 with electrical
switches
Monitoring of two-hand control devices,
type III A as per ISO 13851
Monitoring of two-hand control devices,
type III C as per ISO 13851
Monitoring of guards as per
ISO 14119/14120 with electrical
switches
Monitoring of guards as per
ISO 14119/14120 with coded magnetic
switches
Monitoring of proximity switches
Monitoring of three-position enabling
switches as per IEC 60947-5-8
Normally open, normally closed and/or
changeover outputs
Synchroni
zation
No Yes Position 1
Dynamizat
ion
Application
function
selector
(seepage45)
Yes Yes Position 2
(seepage46)
Yes Yes Position 3
(seepage47)
Yes Yes Position 4
(seepage48)
Yes Yes Position 5
(seepage49)
Yes Yes Position 6
(seepage50)
Monitoring of proximity switches Two PNP outputs No No Position 7
(seepage52)
Yes No Position 8
(seepage53)
Monitoring of electro-sensitive
protective equipment such as type 4
light curtains as per IEC 61496-1
Monitoring of RFID sensors
OSSD (Output Signal Switching Device)
outputs
No No Position 9
(seepage54)
Yes No Position 10
(seepage55)
44
EIO0000003487 11/2020
Application Function 1
Functions
Characteristic Value/Description
Typical applications Monitoring of Emergency Stop circuits as per
ISO 13850 and IEC 60204-1, stop category 0
Monitoring of guards as per ISO 14119/14120
with electrical switches
Type of outputs of sensor/device providing the input signal
for application function
S•• terminals to be connected S11-S12 and S21-S22 for sensor/device A
Dynamization Yes
Signal interlock monitoring Between terminals S12 and S22
Synchronization of safety-related inputs No
Normally open, normally closed and/or changeover
outputs
S11-S13 and S21-S23 for sensor/device B
Between terminals S13 and S23
Wiring of the inputs for Emergency Stop
Wiring of the inputs for guards
EIO0000003487 11/2020 45
Functions
Application Function 2
Characteristic Value/Description
Typical applications Monitoring of Emergency Stop circuits as per
ISO 13850 and IEC 60204-1, stop category 0
Monitoring of guards as per ISO 14119/14120
with electrical switches
Type of outputs of sensor/device providing the input signal
for application function
S•• terminals to be connected S11-S12 and S21-S22 for sensor/device A
Dynamization Yes
Signal interlock monitoring Between terminals S12 and S22
Normally open, normally closed and/or changeover
outputs
S11-S13 and S21-S23 for sensor/device B
Between terminals S13 and S23
Synchronization:
Synchronized terminals Synchronization time
S12 synchronized with S22 If S12 is activated before S22, S22 has to be activated
within 2 s.
If S22 is activated before S12, S12 has to be activated
within 4 s.
S13 synchronized with S23 If S13 is activated before S23, S23 has to be activated
within 2 s.
If S23 is activated before S13, S13 has to be activated
within 4 s.
Wiring of the inputs for Emergency Stop
46
Wiring of the inputs for guards
EIO0000003487 11/2020
Application Function 3
Functions
Characteristic Value/Description
Typical applications Monitoring of two-hand control devices,
type III A as per ISO 13851
Type of outputs of sensor/device providing the input signal
for application function
S•• terminals to be connected S11-S12 and S11-S13
Dynamization Yes
Signal interlock monitoring No
Normally open, normally closed and/or changeover
outputs
Signals at terminals S22 and S23 are not evaluated. Do
not connect these terminals.
This application function requires the start function selector to be set to positions 1 or 5, automatic start
without startup test. Refer to Start Functions
(see page 56)
for details.
Synchronization:
Synchronized terminals Synchronization time
S12 synchronized with S13 S12 and S13 have to be activated within 0.5 s.
Wiring of the inputs for two-hand control devices
EIO0000003487 11/2020 47
Functions
Application Function 4
Characteristic Value/Description
Typical applications Monitoring of two-hand control devices,
type III C as per ISO 13851
Type of outputs of sensor/device providing the input signal
for application function
S•• terminals to be connected S11-S12 and S11-S13, S21-S22 and S21-S23
Dynamization Yes
Signal interlock monitoring Between the pair of terminals S12-S13 and the pair of
Normally open, normally closed and/or changeover
outputs
terminals S22-S23
This application function requires the start function selector to be set to positions 1 or 5, automatic start
without startup test. Refer to Start Functions
(see page 56)
for details.
Synchronization:
Synchronized terminals Synchronization time
S12-S13 synchronized with S22-S23 S12-S13 and S22-S23 have to be activated within 0.5 s.
Wiring of the inputs for two-hand control devices
48
EIO0000003487 11/2020
Application Function 5
Functions
Characteristic Value/Description
Typical applications Monitoring of guards as per ISO 14119/14120
with electrical switches
Monitoring of guards as per ISO 14119/14120
with coded magnetic switches
Monitoring of proximity switches
Type of outputs of sensor/device providing the input signal
for application function
S•• terminals to be connected S11-S12 and S11-S13 for sensor/device A
Dynamization Yes
Signal interlock monitoring No
Normally open, normally closed and/or changeover
outputs
S21-S22 and S21-S23 for sensor/device B
Synchronization:
Synchronized terminals Synchronization time
S12 synchronized with S13 S12 and S13 have to be activated within 0.5 s.
S22 synchronized with S23 S22 and S23 have to be activated within 0.5 s.
Wiring of the inputs for coded magnetic switches
EIO0000003487 11/2020 49
Functions
Application Function 6
Characteristic Value/Description
Typical applications Monitoring of three-position enabling switches
as per IEC 60947-5-8
Type of outputs of sensor/device providing the input signal
for application function
S•• terminals to be connected S11-S12, S11-S13 and S21-S23
Dynamization Yes
Signal interlock monitoring Between terminals S13 and S23
Normally open, normally closed and/or changeover
outputs
Signals at terminal S22 are not evaluated. Do not connect
this terminal.
This application function requires the start function selector to be set to positions 1 or 5, automatic start
without startup test. Refer to Start Functions
(see page 56)
for details.
Synchronization:
Synchronized terminals Synchronization time
S13 synchronized with S23 S13 and S23 have to be activated within 0.5 s.
Wiring of the inputs for three-position enabling switches
Operation of the contacts of a three-position enabling switch:
Black: Activated
White: Deactivated
1: From position 0 to position 2
2: From position 2 to position 0
Timing of a three-position enabling switch:
50
1: Power on and self test of three-position enabling switch terminated
2: Three-position enabling switch changes from position 0 to position 1
3: Three-position enabling switch changes from position 1 to position 2
4: Three-position enabling switch changes from position 2 to position 1
EIO0000003487 11/2020
5: Three-position enabling switch changes from position 1 to position 0
Functions
EIO0000003487 11/2020 51
Functions
Application Function 7
Characteristic Value/Description
Typical applications Monitoring of proximity switches
Type of outputs of sensor/device providing the input signal
for application function
S•• terminals to be connected S12-S13 for sensor/device A
Dynamization No
Signal interlock monitoring Between terminals S12 and S13
Synchronization of safety-related inputs No
Two PNP outputs
S22-S23 for sensor/device B
Between terminals S22 and S23
Wiring of the inputs for sensors/devices with two PNP outputs
52
EIO0000003487 11/2020
Application Function 8
Functions
Characteristic Value/Description
Typical applications Monitoring of proximity switches
Type of outputs of sensor/device providing the input signal
for application function
S•• terminals to be connected S12-S13 for sensor/device A
Dynamization No
Signal interlock monitoring Between terminals S12 and S13
Two PNP outputs
S22-S23 for sensor/device B
Between terminals S22 and S23
Synchronization:
Synchronized terminals Synchronization time
S12 synchronized with S13 S12 and S13 have to be activated within 0.5 s.
S22 synchronized with S23 S22 and S23 have to be activated within 0.5 s.
Wiring of the inputs for sensors/devices with two PNP outputs
EIO0000003487 11/2020 53
Functions
Application Function 9
Characteristic Value/Description
Typical applications Monitoring of electro-sensitive protective
equipment such as type 4 light curtains as per
IEC 61496-1
Monitoring of RFID sensors
Type of outputs of sensor/device providing the input signal
for application function
S•• terminals to be connected S12-S13 for sensor/device A
Dynamization No
Signal interlock monitoring Between terminals S12 and S13
Synchronization of safety-related inputs No
OSSD (Output Signal Switching Device) outputs
S22-S23 for sensor/device B
Between terminals S22 and S23
Wiring of the inputs for sensors/devices with OSSD outputs
54
EIO0000003487 11/2020
Application Function 10
Characteristic Value/Description
Typical applications Monitoring of electro-sensitive protective
Functions
equipment such as type 4 light curtains as per
IEC 61496-1
Monitoring of RFID sensors
Type of outputs of sensor/device providing the input signal
for application function
S•• terminals to be connected S12-S13 for sensor/device A
Dynamization No
Signal interlock monitoring Between terminals S12 and S13
OSSD (Output Signal Switching Device) outputs
S22-S23 for sensor/device B
Between terminals S22 and S23
Synchronization:
Synchronized terminals Synchronization time
S12 synchronized with S13 S12 and S13 have to be activated within 0.5 s.
S22 synchronized with S23 S22 and S23 have to be activated within 0.5 s.
Wiring of the inputs for sensors/devices with OSSD outputs
EIO0000003487 11/2020 55
Functions
Start Functions
Overview
WARNING
UNINTENDED EQUIPMENT OPERATION
Do not use the Start function for safety-related purposes.
Use Monitored Start or Startup Test if unintended restart is a hazard according to your risk
assessment.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
The device provides several start functions which are selected by means of the start function selector. The
start function determines the start behavior of the device after power-on and for a transition from the
operating state Run: Outputs Deenergized (defined safe state) to the operating state Run: Outputs
Energized.
The start behavior is configured using the following characteristics:
Type of start (automatic/manual start and monitored start)
With or without startup test
With or without dynamization
Refer to the chapter Electrical Installation
(see page 35)
(see page 42)
for additional information on wiring the start input.
Automatic Start
With automatic start, the start input is permanently active. This can be achieved by bridging the start input
or providing an external power supply. When the safety-related input is activated, the safety-related
outputs are activated within a maximum of 100 ms (activation delay).
The following timing diagram illustrates the automatic start:
1 Activation delay (100 ms): maximum time between activation of safety-related input and activation of safety-related
output
2 Response time (20 ms): maximum time between deactivation of safety-related input and deactivation of safety-
related output
3 Recovery time (200 ms): time that must pass before the safety-related input can be activated again
The timing diagram exemplifies the timing using one safety-related input and one safety-related output.
The same logic applies in the case of multiple safety-related inputs and/or safety-related outputs.
Manual Start
56
A manual start requires the start input to be activated. The safety-related outputs are activated after both
the start input and the safety-related inputs have been activated.
EIO0000003487 11/2020
Functions
The following timing diagram illustrates the manual start:
1 Activation delay (100 ms): maximum time between activation of start input and activation of safety-related output
2 Response time (20 ms): maximum time between deactivation of safety-related input and deactivation of safety-
related output
3 Recovery time (200 ms): time that must pass before the safety-related input can be activated again
The timing diagram exemplifies the timing using one safety-related input and one safety-related output.
The same logic applies in the case of multiple safety-related inputs and/or safety-related outputs.
The signal required for activation of the Start input can be provided, for example, via a push-button, or a
logic controller.
Monitored Start with Falling Edge
In the case of a monitored start with falling edge, the start input must be activated and remain active for a
duration of 80 ms. The safety-related outputs are activated with a falling edge of the start input if the safetyrelated inputs have been activated in the meantime.
1 Activation delay (100 ms): maximum time between deactivation of start input and activation of safety-related output
2 Response time (20 ms): maximum time between deactivation of safety-related input and deactivation of safety-
related output
3 Waiting time after power-on (2500 ms): time that must pass between power-on and activation of the start input
4 Minimum duration of start pulse (80 ms): time for which the start input must be activated before the falling edge at
the start input
The timing diagram exemplifies the timing using one safety-related input and one safety-related output.
The same logic applies in the case of multiple safety-related inputs and/or safety-related outputs.
The signal required for activation of the Start input can be provided, for example, via a push-button or a
logic controller.
Startup Test
The startup test is performed after the device is powered on. The startup test is typically used for
applications involving guard monitoring. The start input is permanently activated by, for example, bridging.
After power up, the safety-related inputs must be deactivated and activated before the safety-related
outputs are activated. This is achieved by, for example, opening and closing the guard.
EIO0000003487 11/2020 57
Functions
1 Activation delay (100 ms): time between activation of safety-related input and activation of safety-related output
2 Response time (20 ms): time between deactivation of safety-related input and deactivation of safety-related output
3 Recovery time (200 ms): time that must pass before the safety-related input can be activated again
The timing diagram exemplifies the timing using one safety-related input and one safety-related output.
The same logic applies in the case of multiple safety-related inputs and/or safety-related outputs.
After power up, the safety-related outputs are not activated before each of the safety-related inputs has
been deactivated and activated again, either concurrently or one after the other, regardless of sequence.
If the safety-related inputs are already inactive at startup (power cycle), the startup test is considered to
have been completed and the safety-related outputs are activated once the safety-related inputs have
been activated and the activation delay has passed. If the safety-related inputs are active at power up, they
must be deactivated and activated again for the startup test to complete.
Configuring the Start Function
The start function is configured by means of the start function selector.
Position of start function selector Configured start function
1
2
3
4
5
6
7
8
Manual/automatic start (depends on
sensor/device connected to start input)
Without startup test
With dynamization
Manual/automatic start (depends on
sensor/device connected to start input)
With startup test
With dynamization
Monitored start
Without startup test
With dynamization
Monitored start
With startup test
With dynamization
Manual/automatic start (depends on
sensor/device connected to start input)
Without startup test
Without dynamization
Manual/automatic start (depends on
sensor/device connected to start input)
With startup test
Without dynamization
Monitored start
Without startup test
Without dynamization
Monitored start
With startup test
Without dynamization
58
EIO0000003487 11/2020
Functions
A start function with dynamization is typically if the start input is connected to a start push-button. A start
function without dynamization is typically used if the start input is connected to a logic controller. Refer to
the chapter Dynamization
(see page 35)
for details.
EIO0000003487 11/2020 59
Functions
60
EIO0000003487 11/2020
XPSUS
Configuration and Commiss ioning
EIO0000003487 11/2020
Configuration and Commissioni ng
Chapter 6
Configuration and Commissioning
What Is in This Chapter?
This chapter contains the following topics:
Configuration 62
Commissioning 63
Topic Page
EIO0000003487 11/2020 61
Configuration and Commissioning
Configuration
Overview
The device detects certain technically incorrect configurations (for example, a configured start function
cannot be used with a configured application function). The device cannot detect unwanted configurations
(for example, automatic start has been configured, but a monitored start is required for your application as
a result of your risk assessment).
INEFFECTIVE SAFETY-RELATED FUNCTION AND/OR UNINTENDED EQUIPMENT OPERATION
Only modify the settings of the selectors of the device if you are fully aware of all effects of such
modifications.
Verify that the settings of the selectors match the intended safety-related function and the
corresponding wiring of the device.
Verify that modifications do not compromise or reduce the Safety Integrity Level (SIL), Performance
Level (PL), and/or any other safety-related requirements and capabilities defined for your
machine/process.
Commission the device before it is used for the first time and after each configuration according to the
instructions in the present manual and in compliance with all regulations, standards, and process
definitions applicable to your machine/process
Failure to follow these instructions can result in death, serious injury, or equipment damage.
WARNING
The device is configured by means of the application function selector and the start function selector.
The device must be installed and wired according to the requirements of the safety-related function to be
implemented before you can configure it.
Modifications to the positions of the selectors only become effective after power-up. Remove power from
the device before modifying the position of the selectors. If the positions of the selectors are modified while
power is applied to the device, the device detects a configuration error.
Go through the full commissioning procedure
selectors.
Configuration Procedure
Step Action
(see page 63)
1 Verify that the device has been wired according to the safety-related function to be configured.
2 Remove power if the device is not powered off.
If an extension module XPSUEP is connected, remove power from the extension module as
well.
3 Open the transparent cover of the device.
4 Set the application function selector to the required application function.
5 Set the start function selector to the required start function.
6 Commission the device according to the chapter Commissioning
after having modified the positions of the
(see page 63)
.
62
EIO0000003487 11/2020
Commissioning
Overview
INEFFECTIVE SAFETY-RELATED FUNCTION AND/OR UNINTENDED EQUIPMENT OPERATION
Commission the device before it is used for the first time and after each configuration.
Commission or recommission the machine/process pursuant to all regulations, standards, and
process definitions applicable to your machine/process.
Only start the machine/process if there are no persons or obstructions in the zone of operation.
Verify correct operation and effectiveness of all functions by performing comprehensive tests for all
operating states, the defined safe state, and all potential error situations.
Document all modifications and the results of the commissioning procedure in compliance with all
regulations, standards, and process definitions applicable to your machine/process.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
Commissioning Procedure
Step Action
Configuration and Commissioning
WARNING
1 Verify correct mechanical and electrical installation
2 Verify correct configuration
3 Verify that there are no persons or obstructions in the zone of operation.
4 Apply power and start the machine/process.
5 Perform comprehensive tests for all operating states, the defined safe state, and all potential
6 Close the transparent cover of the device and seal it with the enclosed sealing strip. Additional
7 Document all modifications and the results of the commissioning procedure.
application.
(see page 62)
If an extension module XPSUEP is connected, apply power to the extension module at the same
time as to the device.
error situations.
sealing strips are available as an accessory. Refer to the chapter Accessories
additional information.
according to the intended application.
(see page 37)
according to the intended
(see page 74)
fo r
EIO0000003487 11/2020 63
Configuration and Commissioning
64
EIO0000003487 11/2020
XPSUS
Diagnostics
EIO0000003487 11/2020
Diagnostics
Chapter 7
Diagnostics
INEFFECTIVE SAFETY-RELATED FUNCTION AND/OR UNINTENDED EQUIPMENT OPERATION
Only attempt to resolve alerts and errors detected by the device if you are fully familiar with the safetyrelated applications and the non-safety-related applications as well as the hardware used to operate your
machine/process.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
What Is in This Chapter?
This chapter contains the following topics:
Diagnostics via LEDs 66
Diagnostics via Status Output Z1 69
WARNING
Topic Page
EIO0000003487 11/2020 65
Diagnostics
Diagnostics via LEDs
Overview
The device features various LEDs
and detected errors.
Recommission the device
application function selector or the start function selector.
LED POWER
State Meaning
Off No power supply
Solid on Power supply on
LED STATE
This LED provides information on the state of the safety-related outputs.
State Meaning
Off Safety-related outputs deactivated
Solid on Safety-related outputs activated
(see page 13)
(see page 63)
that provide status information and information on alerts
if, during troubleshooting, you modify the position of the
LED START
LEDs S••
LED ERROR - Alerts
This LED provides information on the start condition. Refer to the chapter Start Function
(see page 56)
for
detailed information on the conditions and timing of the selected start function.
State Meaning
Off Start condition not fulfilled
Solid on Start condition fulfilled
Flashing Waiting for start condition to be fulfilled
These LEDs provide information on the state of the corresponding safety-related input terminal.
State Meaning
Off Safety-related input deactivated
Solid on Safety-related input activated
This LED flashes in conjunction with additional S•• LEDs to indicate alerts. In the case of an alert, the
device transitions to the defined safe state. Remove the cause of the alert to exit the defined safe state and
resume operation. Contact your Schneider Electric service representative if the condition persists.
66
EIO0000003487 11/2020
Diagnostics
State In conjunction with additional
Meaning Remedy
LEDs
Additional LEDs State of
additional LEDs
Flashing S•• and S•• Flashing
alternatively
Flashing S•• and S•• Flashing
synchronously
Synchronization time
exceeded.
Signal interlock condition
of two safety-related
inputs.
The two safety-related
inputs affected by the
signal interlock condition
must be deactivated for
at least 1 second before
the safety-related
outputs can be activated
again.
Flashing S•• and S•• Solid on The state of the safety-
related inputs is identical,
but the selected
application function
requires antivalent
behavior (for example,
normally open contact
and normally closed
contact).
Verify correct operation of the
sensors/devices providing the input
signal.
If synchronization is not required for
your application, use an equivalent
application function without
synchronization.
Ensure that both controls of the two-
hand control device are actuated
within the synchronization time if
you have selected the
corresponding application function.
Ensure that the enabling switch is
operated correctly if you have
selected the corresponding
application function.
Deactivate the two safety-related
inputs affected by the signal
interlock condition for at least
1 second.
Verify correct operation of the
contacts of the sensor/sdevices
providing the input signal.
Verify correct operation of the
sensors/devices providing the input
signal.
Verify correct wiring.
LED ERROR - Detected Errors
This LED lights solid in conjunction with additional LEDs to indicate detected errors. In the case of a
detected error, the device transitions to the defined safe state. You must remove the cause of the detected
error and perform a power cycle of the device to exit the defined safe state and resume operation. Contact
your Schneider Electric service representative if the condition persists.
State In conjunction with additional
Solid on STATE, START
Solid on STATE, START
Solid on POWER Flashing Power supply error
Solid on STATE Flashing Error detected at safety-
Solid on START Flashing Cross circuit detected at
LEDs
Additional LEDs State of
additional LEDs
Flashing
and S••
synchronously
Solid on Configuration error
and S••
Meaning Remedy
General error detected.
detected.
Verify correct wiring.
Verify that the positions of the
selectors are appropriate for the
application to be implemented.
detected.
Verify correct wiring.
Use a suitable power supply.
Perform a power cycle.
related output.
start input.
Verify correct wiring.
EIO0000003487 11/2020 67
Diagnostics
State In conjunction with additional
Meaning Remedy
LEDs
Additional LEDs State of
additional LEDs
Solid on STATE and
START
Flashing
synchronously
Error detected at safetyrelated output of
extension module.
Solid on S•• Flashing Cross circuit detected at
safety-related input (for
example, incorrect wiring
or application function
with dynamization
selected, but
dynamization not
supported by connected
sensor/device).
Solid on S•• and S•• Flashing
synchronously
Cross circuit detected at
safety-related inputs (for
example, incorrect wiring
or application function
with dynamization
selected, but
dynamization not
supported by connected
sensor/device).
Perform a power cycle.
Verify correct wiring.
Verify correct configuration.
Verify correct wiring.
Verify correct configuration.
68
EIO0000003487 11/2020
Diagnostics via Status Output Z1
Overview
INCORRECT USE OF OUTPUT
Do not use the additional output Z1 for safety-related purposes.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
The pulsed output Z1 provides diagnostics information in the form of a bit pattern. If the output Z1 is
connected to a logic controller, the PreventaSupport library can be used to evaluate the diagnostics
information. The library consists of the function blocks FB_PreventaDiag and FB_PreventaMain. The
function block FB_PreventaDiag converts the bit sequences into diagnostics codes for monitoring the
status of the device. The function block FB_PreventaMain uses the diagnostics codes as input to
perform calculations concerning, for example, maintenance tasks.
Refer to the PreventaSupport Library Guide
Diagnostics Codes
The device encodes diagnostics information into sequences of 10 bits with a total duration of 2 s (each bit
200 ms). The first four bits (0010) represent the beginning of a bit sequence. The next six bits contain the
diagnostics code itself.
The following table lists the bit sequences of the diagnostics codes, the description of the corresponding
status as well as correctives, if applicable.
WARNING
(see page 7)
for details.
Diagnostics
Bit sequence Description Correctives
0010101101 Supply voltage out of
tolerance.
0010000011 General error detected. Verify correct wiring.
0010000110 General error detected
in expansion module.
0010000111 Configuration error
detected. The position
of at least one of the
selectors has been
modified during
operation.
0010001100 Cross circuit detected
at input terminal S12.
0010001101 Cross circuit detected
at input terminal S13.
(1) Type of message: E = Error detected, A = Alert, S = Status information
Verify correct wiring.
Use a suitable power supply.
Perform a power cycle.
If the error persists, replace the device.
Verify correct wiring.
Perform a power cycle of the base safety module and
the connected extension module.
If the error persists, replace the extension module.
Verify that the position of the selectors is appropriate
for the application to be implemented.
Perform a power cycle.
If the error persists, replace the device.
Verify correct wiring.
Verify that the sensor/device providing the input signal
is suitable for cross circuit detection by means of
dynamization. If it is not, use an application function
without dynamization or a sensor/device suitable for
dynamization.
Verify correct operation of sensor/device providing the
input signal.
Perform a power cycle.
Verify correct wiring.
Verify that the sensor/device providing the input signal
is suitable for cross circuit detection by means of
dynamization. If it is not, use an application function
without dynamization or a sensor/device suitable for
dynamization.
Verify correct operation of sensor/device providing the
input signal.
Perform a power cycle.
Type
E
E
E
E
E
E
(1)
EIO0000003487 11/2020 69
Diagnostics
Bit sequence Description Correctives
0010001111 Cross circuit detected
at input terminal S22.
Verify correct wiring.
Verify that the sensor/device providing the input signal
is suitable for cross circuit detection by means of
dynamization. If it is not, use an application function
without dynamization or a sensor/device suitable for
dynamization.
Verify correct operation of sensor/device providing the
input signal.
Perform a power cycle.
0010001110 Cross circuit detected
at input terminal S23.
Verify correct wiring.
Verify that the sensor/device providing the input signal
is suitable for cross circuit detection by means of
dynamization. If it is not, use an application function
without dynamization or a sensor/device suitable for
dynamization.
Verify correct operation of sensor/device providing the
input signal.
Perform a power cycle.
0010110000 Cross circuit detected
at start input.
Verify correct wiring.
Verify that the device providing the input signal is
suitable for cross circuit detection by means of
dynamization. If it is not, use a start function without
dynamization or a device suitable for dynamization.
Verify correct operation of device providing the input
signal.
Perform a power cycle.
0010100110 Antivalence alert at
input S1•
Set the signal to the required state and retry.
Verify correct configuration
If the condition persists, verify correct wiring and
correct operation of the sensor/device providing the
input signal.
0010100000 Antivalence alert at
input S2•
Set the signal to the required state and retry.
Verify correct configuration
If the condition persists, verify correct wiring and
correct operation of the sensor/device providing the
input signal.
0010110011 Synchronization alert.
One of the
synchronized safetyrelated inputs is still
deactivated, but the
synchronization time
has already elapsed.
Restore the original condition of the states of the
inputs and retry.
Verify correct operation of sensors/devices providing
the input signals.
Ensure that both controls of the two-hand control
device are actuated within the synchronization time if
you have selected the corresponding application
function.
0010100111 Synchronization alert.
Both synchronized
safety-related inputs
have been activated,
but not within the
synchronization time.
Restore the original condition of the states of the
inputs and retry.
Verify correct operation of sensors/devices providing
the input signals.
Ensure that both controls of the two-hand control
device are actuated within the synchronization time if
you have selected the corresponding application
function.
0010110111 Safety-related inputs
-S
deactivated, safetyrelated outputs
deactivated.
0010110101 Input S12 is expected
-S
to change its state. In
the case of a
configuration with
antivalent inputs,
inputs S12 and S13 are
expected to change
their states.
(1) Type of message: E = Error detected, A = Alert, S = Status information
Type
E
E
E
A
A
A
A
(1)
70
EIO0000003487 11/2020
Diagnostics
Bit sequence Description Correctives
0010110100 Input S13 is expected
-S
to change its state.
0010111100 Input S22 is expected
-S
to change its state. In
the case of a
configuration with
antivalent inputs,
inputs S22 and S23 are
expected to change
their states.
0010111101 Input S23 is expected
-S
to change its state.
0010101011 Waiting for startup test. - S
0010101010 Waiting for rising edge
-S
for automatic/manual
start or monitored start.
0010101110 Start input activated.
-S
Waiting for falling edge
for monitored start.
0010101111 Device in operating
-S
state Run:Outputs
Energized, safetyrelated outputs
activated.
(1) Type of message: E = Error detected, A = Alert, S = Status information
Type
(1)
EIO0000003487 11/2020 71
Diagnostics
72
EIO0000003487 11/2020
XPSUS
Accessories, Service, Maint enance, and Disposal
EIO0000003487 11/2020
Accessories, Service, Mainten ance, and Disposal
Chapter 8
Accessories, Service, Maintenance, and Disposal
What Is in This Chapter?
This chapter contains the following topics:
Accessories 74
Maintenance 75
Transportation, Storage, and Disposal 76
Service Addresses 77
Topic Page
EIO0000003487 11/2020 73
Accessories, Service, Maintenance, and Disposal
Accessories
Accessories
The following accessories are available for the device:
Description Commercial Reference
Coding bits
The coding bits are used if the terminal blocks are removed to help ensure
correct insertion of the terminal blocks into the device.
30 pieces per packaging unit
Sealing strips
The uniquely numbered sealing strips are used to seal the transparent front
cover of the device to help prevent unauthorized access to the configuration
selectors.
10 pieces per packaging unit
XPSEC
XPSES
74
EIO0000003487 11/2020
Maintenance
Service and Repairs
Maintenance Plan
Accessories, Service, Maintenance, and Disposal
The device contains no user-serviceable parts. Do not attempt to open, service, or repair the device.
Maintenance plan:
Ensure that a safety-related function implemented with the device is triggered at the minimum intervals
required by the regulations, standards, and process definitions applicable to your machine/process.
Inspect the wiring at regular intervals.
Tighten the threaded connections at regular intervals.
Verify that the device is not used beyond the specified lifetime
(see page 24)
.
To determine the end of the lifetime, add the specified lifetime to the date of manufacture indicated on
the nameplate
(see page 14)
of the device.
Example: If the date of manufacture indicated on the nameplate is 2019-W10, do not use the device
after week 10, 2039.
As a machine designer or system integrator, you must include this information in the maintenance plan for
your customer.
EIO0000003487 11/2020 75
Accessories, Service, Maintenance, and Disposal
Transportation, Storage, and Disposal
Transportation and Storage
Ensure that the environmental conditions
respected.
Disposal
Dispose of the product in accordance with all applicable regulations.
https://www.se.com/green-premium
Visit
per ISO 14025 such as:
EoLi (Product End-of-Life Instructions)
PEP (Product Environmental Profile)
(see page 18)
specified for transportation and storage are
for information and documents on environmental protection as
76
EIO0000003487 11/2020
Service Addresses
Schneider Electric Automation GmbH
Schneiderplatz 1
97828 Marktheidenfeld, Germany
Phone: +49 (0) 9391 / 606 - 0
Fax: +49 (0) 9391 / 606 - 4000
Email: info-marktheidenfeld@se.com
Additional Contact Addresses
See the homepage for additional contact addresses:
https://www.se.com
Accessories, Service, Maintenance, and Disposal
EIO0000003487 11/2020 77
Accessories, Service, Maintenance, and Disposal
78
EIO0000003487 11/2020
XPSUS
Index
EIO0000003487 11/2020
Index
A
accessories,
activation, safety-related inputs,
alerts,
antivalent behavior, safety-related inputs,
application functions
configuration,
application functions: see index entry functions,
automatic start,
B
block diagram,
C
Category,
commissioning,
configuration
application functions,
start functions,
cross circuit detection,
D
DCavg,
deactivation, safety-related inputs,
degree of protection,
diagnostics,
diagram, block,
dimensions,
dynamization,
74
32
66
32
62
56
40
24
63
62
58
35
24
32
20
66
40
20
35
44
ing of,
54, 55
manual start,
monitored start with falling edge, 57,
monitoring of electro-sensitive protective equipment (type 4 light curtains) as per IEC 61496-1,
56
57
54, 55
monitoring of Emergency Stop circuits as per
ISO 13850 and IEC 60204-1, stop category 0,
45
46
monitoring of guards as per ISO 14119/14120 with
coded magnetic switches,
monitoring of guards as per ISO 14119/14120 with
electrical switches,
monitoring of proximity switches, 49, 52,
monitoring of RFID sensors, 54,
monitoring of three-position enabling switches as
per IEC 60947-5-8,
monitoring of two-hand control devices, type III A
as per ISO 13851,
monitoring of two-hand control devices, type III C
as per ISO 13851,
overview application functions,
signal interlock monitoring,
start functions,
synchronization of safety-related inputs,
47
48
56
49
45, 46, 49
53
55
50
44
36
34
G
guards as per ISO 14119/14120 with coded magnetic
switches, monitoring of,
guards as per ISO 14119/14120 with electrical switches, monitoring of,
49
45, 46, 49
,
E
electrical characteristics,
electrical durability,
electro-sensitive protective equipment (type 4 light
curtains) as per IEC 61496-1, monitoring of,
electromagnetic compatibility,
EMC,
28
Emergency Stop circuits as per ISO 13850 and
IEC 60204-1, stop category 0, monitoring of,
environmental characteristics,
errors, detected,
example Emergency Stop
overview,
timing diagram,
66
30
21
24
54, 55
28
45, 46
18
30
F
functional safety data,
functions
automatic start,
configuration of application functions,
configuration of start function,
dynamization,
light curtains, type 4 as per IEC 61496-1, monitor-
24
56
62
58
35
H
HFT,
24
I
input, start
technical data,
wiring,
42
inputs, safety-related
technical data,
wiring,
41
installation, 38, 39,
control cabinet,
enclosure,
mechanical,
prerequisites,
21
21
40
38
38
39
38
L
L,
24
LEDs,
66
lifetime,
light curtains type 4 as per IEC 61496-1, monitoring
of,
24
54, 55
EIO0000003487 11/2020 79
Index
M
maintenance,
manual start,
mechanical characteristics,
monitored start with falling edge,
monitoring of electro-sensitive protective equipment
(type 4 light curtains) as per IEC 61496-1,
monitoring of Emergency Stop circuits as per
ISO 13850 and IEC 60204-1, stop category 0,
monitoring of guards as per ISO 14119/14120 with
coded magnetic switches,
monitoring of guards as per ISO 14119/14120 with
electrical switches,
monitoring of proximity switches, 49, 52,
monitoring of RFID sensors, 54,
monitoring of three-position enabling switches as per
IEC 60947-5-8,
monitoring of two-hand control devices, type III A as
per ISO 13851,
monitoring of two-hand control devices, type III C as
per ISO 13851,
mounting,
DIN rail,
screw mounting,
MTTFd,
75
56
20
57
54, 55
45, 46
49
45, 46, 49
53
55
50
47
48
39
39
39
24
N
nameplate,
14
O
operating cycles over lifetime ,
operating state transitions,
operating states,
operation, environmental characteristics,
output Z1
diagnostics,
technical data,
wiring,
outputs, safety-related
technical data,
wiring,
29
69
22
42
22
41
24
29
18
P
Performance Level,
PFHD,
24
power supply
technical data,
wiring,
42
proximity switches, monitoring of, 49, 52,
24
21
53
R
response times
technical data,
RFID sensors, monitoring of, 54,
23
55
S
safe state, defined,
Safety Integrity Level,
24
24
safety-related inputs
activation,
antivalent behavior,
deactivation,
dynamization,
signal interlock monitoring,
synchronization,
technical data,
wiring,
safety-related outputs
technical data,
wiring,
service addresses,
SFF,
24
signal interlock monitoring,
SIL,
24
SILCL,
start functions,
automatic start,
configuration,
dynamization,
manual start,
monitored start with falling edge, 57,
start input
technical data,
wiring,
startup test,
state machine,
state transitions,
status output Z1
diagnostics,
technical data,
wiring,
stop category,
storage, environmental characteristics,
stripping lengths,
supply
technical data,
wiring,
synchronization,
32
32
32
35
36
34
21
41
22
41
77
36
24
56
56
58
35
56
21
42
57
29
29
69
22
42
24
20
21
42
34
T
technical data
degree of protection,
dimensions,
electrical characteristics,
environmental characteristics,
functional safety data,
mechanical characteristics,
operation,
power supply,
response times,
safety-related inputs,
safety-related outputs,
start input,
status output Z1,
storage,
stripping lenghts,
supply,
tightening torques terminals,
timing data,
transportation,
weight,
wire cross sections,
20
18
21
18
21
23
20
20
21
18
24
20
21
23
21
22
22
20
20
18
20
57
18
80
EIO0000003487 11/2020
three-position enabling switches as per IEC 60947-58, monitoring of,
tightening torques terminals,
timing data,
transportation, environmental characteristics,
troubleshooting,
two-hand control devices, type III A as per ISO 13851,
monitoring of,
two-hand control devices, type III C as per ISO 13851,
monitoring of,
type code,
50
20
23
18
66
47
48
15
V
view
front view,
side view,
13
13
W
weight,
wire cross sections,
wiring,
20
20
40
output Z1,
power supply,
safety-related inputs,
safety-related outputs,
start input,
supply,
Z1,
42
42
42
42
42
41
41
Index
Z
Z1 status output
diagnostics,
technical data,
Z1, status output
42
wiring,
ZVEI CB24I,
21
69
22
EIO0000003487 11/2020 81
Loading...