Siemens SINUMERIK Series, SINUMERIK 828D, SINAMICS S120 Function Manual

SINUMERIK

SINUMERIK 828D, SINAMICS S120 Safety Integrated

Valid for: CNC software Version 4.7 SP2

Preface

Function Manual

Safety instructions

Overview of Safety Integrated functions

Commissioning - drive-based

Commissioning - TM54F

Commissioning - acceptance tests

Commissioning - application example

Diagnostics

System Features

Standards and specifications

Appendix

10/2015

6FC5397-3EP40-5BA3

Legal information Warning notice system

This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger.

DANGER

indicates that death or severe personal injury will result if proper precautions are not taken.

WARNING

indicates that death or severe personal injury may result if proper precautions are not taken.

CAUTION

indicates that minor personal injury can result if proper precautions are not taken.

NOTICE indicates that property damage can result if proper precautions are not taken.

If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage.

Qualified Personnel

The product/system described in this documentation may be operated only by personnel qualified for the specific task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems.

Proper use of Siemens products

Note the following:

WARNING

Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be complied with. The information in the relevant documentation must be observed.

Trademarks

All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.

Disclaimer of Liability

We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions.

Siemens AG Division Digital Factory Postfach 48 48 90026 NÜRNBERG GERMANY

Order number: 6FC5397-3EP40-5BA3 Ⓟ 11/2015 Subject to change

Preface

SINUMERIK documentation

The SINUMERIK documentation is organized in the following categories:

● General documentation

● User documentation

● Manufacturer/service documentation

Additional information

You can find information on the following topics under the link (

motioncontrol/docu):

● Ordering documentation/overview of documentation

● Additional links to download documents

● Using documentation online (find and search in manuals/information)

Please send any questions about the technical documentation (e.g. suggestions for improvement, corrections) to the following address: (mailto:docu.motioncontrol@siemens.com)

My Documentation Manager (MDM)

Under the following link you will find information to individually compile OEM-specific machine documentation based on the Siemens content: MDM (www.siemens.com/mdm)

Training

For information about the range of training courses, refer under:

● SITRAIN (www.siemens.com/sitrain) - training courses from Siemens for automation products, systems and solutions

● SinuTrain (www.siemens.com/sinutrain) - training software for SINUMERIK

www.siemens.com/

FAQs

You can find Frequently Asked Questions in the Service&Support pages under Product Support (www.siemens.com/automation/service&support).

Safety Integrated Function Manual, 10/2015, 6FC5397-3EP40-5BA3 3

Preface

SINUMERIK

Target group

Benefits

Standard version

You can find information on SINUMERIK under the following link: (

sinumerik)

Project engineers, technologists (of the machine manufacturers), commissioning engineers (for systems or machines), and programmers.

The function manual describes the functions so that the target group knows them and can select them. It provides the target group with the information required to implement the functions.

Planning and configuration phase, implementation phase, setup and commissioning phase.

This documentation only describes the functionality of the standard version. Extensions or changes made by the machine manufacturer are documented by the machine manufacturer.

Other functions not described in this documentation might be executable in the control. This does not, however, represent an obligation to supply such functions with a new control or when servicing.

www.siemens.com/

Further, for the sake of simplicity, this documentation does not contain all detailed information about all types of the product and cannot cover every conceivable case of installation, operation or maintenance.

Technical Support

Country-specific telephone numbers for technical support are provided in the Internet under "Contact" (www.siemens.com/automation/service&support).

EC Declaration of Conformity

The EC declaration of conformity for the EMC directive can be found in the Internet (www.siemens.com/automation/service&support).

There, as search term, enter the number 15257461 or contact your local Siemens office.

Safety Integrated

4 Function Manual, 10/2015, 6FC5397-3EP40-5BA3

Preface.........................................................................................................................................................3

1 Safety instructions........................................................................................................................................9

1.1 Fundamental safety instructions..............................................................................................9

1.1.1 General safety instructions.......................................................................................................9

1.1.2 Handling electrostatic sensitive devices (ESD)......................................................................12

1.1.3 Industrial security...................................................................................................................13

1.1.4 Residual risks of power drive systems...................................................................................13

1.2 Safety Integrated safety instructions......................................................................................16

1.3 Probability of failure of the safety functions............................................................................19

1.4 Residual risk...........................................................................................................................20

2 Overview of Safety Integrated functions.....................................................................................................23

2.1 Supported functions...............................................................................................................24

2.2 Safety Integrated Basic Functions.........................................................................................27

2.2.1 Safe Torque Off (STO)...........................................................................................................27

2.2.2 Safe Stop 1 (SS1)..................................................................................................................28

2.2.3 Safe Brake Control (SBC)......................................................................................................29

2.3 Safety Integrated Extended Functions...................................................................................30

2.3.1 Safe Torque Off (STO)...........................................................................................................30

2.3.2 Safe Stop 1 (SS1)..................................................................................................................30

2.3.3 Safe Brake Control (SBC)......................................................................................................32

2.3.4 Safe Operating Stop (SOS)....................................................................................................33

2.3.5 Safe Stop 2 (SS2)..................................................................................................................34

2.3.6 Safely Limited Speed (SLS)...................................................................................................36

2.3.7 Safe Speed Monitor (SSM)....................................................................................................40

2.3.8 Safe Direction (SDI)...............................................................................................................42

2.3.9 Safely-Limited Position (SLP)................................................................................................44

2.3.10 Safe Brake Test (SBT)...........................................................................................................45

3 Commissioning - drive-based.....................................................................................................................47

3.1 Introduction............................................................................................................................47

3.2 Activating the commissioning mode.......................................................................................49

3.3 Canceling the commissioning mode......................................................................................51

3.4 Exit the commissioning mode................................................................................................52

3.5 Copying or confirming SI data................................................................................................54

3.6 Working with parameter lists..................................................................................................56

3.7 Safety overview......................................................................................................................57

3.7.1 Calling the overview and detailed views................................................................................57

3.7.2 Safety Integrated overview.....................................................................................................58

3.7.3 Safety Integrated overview - details.......................................................................................59

Safety Integrated Function Manual, 10/2015, 6FC5397-3EP40-5BA3 5

Table of contents

3.7.4 Safety Integrated overview - checksums...............................................................................60

3.8 Making the basic safety settings............................................................................................62

3.8.1 Calling the basic setting dialog...............................................................................................62

3.8.2 Options...................................................................................................................................64

3.8.3 Configuration..........................................................................................................................66

3.8.4 Encoder parameterization......................................................................................................67

3.8.5 Telegram configuration..........................................................................................................70

3.9 Safety Integrated functions....................................................................................................71

3.9.1 Calling function dialogs..........................................................................................................71

3.9.2 Safe Torque Off (STO)/Safe Stop 1 (SS1) - basis function....................................................72

3.9.3 Safe Torque Off (STO) - extended function...........................................................................73

3.9.4 Safe Brake Control (SBC)......................................................................................................75

3.9.5 Safe Stop 1 (SS1) Extended Function...................................................................................77

3.9.6 Safe Stop 2 (SS2)/Safe Operating Stop (SOS)......................................................................78

3.9.7 Safely Limited Speed (SLS)...................................................................................................80

3.9.8 Safe Speed Monitor (SSM)....................................................................................................81

3.9.9 Safe Acceleration Monitor (SAM)...........................................................................................83

3.9.10 Safe Direction (SDI)...............................................................................................................84

3.9.11 Safely Limited Position (SLP).................................................................................................85

3.9.12 Safe Brake Test (SBT)...........................................................................................................88

4 Commissioning - TM54F............................................................................................................................93

4.1 Introduction............................................................................................................................93

4.2 Activating the commissioning mode.......................................................................................95

4.3 Canceling the commissioning mode......................................................................................97

4.4 Exit the commissioning mode................................................................................................99

4.5 Configuring the TM54F........................................................................................................102

4.5.1 Calling the configuration range............................................................................................102

4.5.2 Configuration........................................................................................................................103

4.5.3 Inputs...................................................................................................................................105

4.5.4 Outputs.................................................................................................................................106

4.5.5 Drive groups.........................................................................................................................108

4.5.6 Working with parameter lists................................................................................................110

4.5.7 TM54F checksums...............................................................................................................111

5 Commissioning - acceptance tests...........................................................................................................113

5.1 Introduction..........................................................................................................................113

5.2 Content of the complete acceptance test.............................................................................115

5.3 Sequence of an acceptance test..........................................................................................119

5.3.1 Calling an acceptance test...................................................................................................119

5.3.2 Setting areas of the acceptance test....................................................................................120

5.3.3 Configuring and performing an acceptance test..................................................................126

6 Commissioning - application example......................................................................................................133

6.1 Planning...............................................................................................................................133

6.1.1 Creating a function table......................................................................................................133

6.1.2 From the function table to the logic diagram........................................................................134

6.2 Preconditions for commissioning.........................................................................................137

Safety Integrated

6 Function Manual, 10/2015, 6FC5397-3EP40-5BA3

Table of contents

6.3 Parameterizing the TM54F...................................................................................................139

6.3.1 Configuring the drive groups................................................................................................139

6.3.2 Connecting safe outputs......................................................................................................142

6.3.3 TM54F terminal description..................................................................................................144

6.4 Controlling with the SIRIUS 3SK or SIRIUS 3RK relay........................................................146

6.4.1 Controlling the TM54F with SIRIUS 3SK.............................................................................146

6.4.2 Control of the TM54F with SIRIUS 3RK...............................................................................151

6.5 Configuration of the SI functions for the drive......................................................................154

6.5.1 Activating Safety Integrated.................................................................................................154

6.5.2 Encoder parameterization....................................................................................................156

6.5.3 Setting parameters SLS1-4, SBC, SS1, SS2.......................................................................158

6.6 SINUMERIK 828D control system.......................................................................................160

6.6.1 SIC/SCC interface................................................................................................................160

7 Diagnostics...............................................................................................................................................161

7.1 Calling diagnostic views.......................................................................................................161

7.2 Safety Integrated diagnostics overview................................................................................163

7.3 Safety Integrated drives.......................................................................................................164

7.3.1 Basic functions.....................................................................................................................164

7.3.2 Extended functions...............................................................................................................165

7.4 TM54F..................................................................................................................................167

7.4.1 Configuration........................................................................................................................167

7.4.2 Inputs...................................................................................................................................168

7.4.3 Outputs.................................................................................................................................169

7.4.4 Drive groups.........................................................................................................................171

7.5 Safety Integrated checksums...............................................................................................173

7.5.1 Safety Integrated checksum.................................................................................................173

7.5.2 Safety Integrated global checksums....................................................................................174

7.5.3 TM54F checksums...............................................................................................................175

7.5.4 Drive checksums..................................................................................................................177

7.6 Safety Integrated alarms......................................................................................................179

7.7 Acknowledging hardware replacement................................................................................180

8 System Features......................................................................................................................................183

8.1 Latest information.................................................................................................................183

8.2 Certifications........................................................................................................................185

9 Standards and specifications....................................................................................................................187

9.1 General................................................................................................................................187

9.2 Safety of machinery in Europe.............................................................................................189

9.2.1 Safety of machinery in Europe.............................................................................................189

9.2.2 Harmonized European Standards........................................................................................189

9.3 Machine safety in the USA...................................................................................................191

9.3.1 Machine safety in the USA...................................................................................................191

9.3.2 Minimum requirements of the OSHA...................................................................................191

9.3.3 NRTL listing..........................................................................................................................192

Safety Integrated Function Manual, 10/2015, 6FC5397-3EP40-5BA3 7

Table of contents

9.3.4 NFPA 79...............................................................................................................................192

9.3.5 ANSI B11.............................................................................................................................193

9.4 Machine safety in Japan......................................................................................................194

9.4.1 Machine safety in Japan......................................................................................................194

9.5 Equipment regulations.........................................................................................................195

9.5.1 Equipment regulations.........................................................................................................195

9.6 Other safety-related issues..................................................................................................196

9.6.1 Information sheets issued by the Employer's Liability Insurance Association......................196

9.6.2 Additional references...........................................................................................................196

A Appendix...................................................................................................................................................197

A.1 Abbreviations.......................................................................................................................197

A.2 Documentation overview SINUMERIK 828D.......................................................................200

Index.........................................................................................................................................................201

Safety Integrated

8 Function Manual, 10/2015, 6FC5397-3EP40-5BA3

Safety instructions

1.1 Fundamental safety instructions

1.1.1 General safety instructions

DANGER Danger to life due to live parts and other energy sources

Death or serious injury can result when live parts are touched.

● Only work on electrical devices when you are qualified for this job.

● Always observe the country-specific safety rules.

Generally, six steps apply when establishing safety:

1. Prepare for shutdown and notify all those who will be affected by the procedure.

2. Disconnect the machine from the supply.

– Switch off the machine. – Wait until the discharge time specified on the warning labels has elapsed. – Check that it really is in a no-voltage condition, from phase conductor to phase

conductor and phase conductor to protective conductor. – Check whether the existing auxiliary supply circuits are de-energized. – Ensure that the motors cannot move.

3. Identify all other dangerous energy sources, e.g. compressed air, hydraulic systems, or water.

4. Isolate or neutralize all hazardous energy sources by closing switches, grounding or shortcircuiting or closing valves, for example.

5. Secure the energy sources against switching on again.

6. Ensure that the correct machine is completely interlocked.

After you have completed the work, restore the operational readiness in the inverse sequence.

WARNING Danger to life through a hazardous voltage when connecting an unsuitable power supply

Touching live components can result in death or severe injury.

● Only use power supplies that provide SELV (Safety Extra Low Voltage) or PELV-

(Protective Extra Low Voltage) output voltages for all connections and terminals of the electronics modules.

Safety Integrated Function Manual, 10/2015, 6FC5397-3EP40-5BA3 9

Safety instructions

1.1 Fundamental safety instructions

WARNING Danger to life when live parts are touched on damaged devices

Improper handling of devices can cause damage.

For damaged devices, hazardous voltages can be present at the enclosure or at exposed components; if touched, this can result in death or severe injury.

● Ensure compliance with the limit values specified in the technical data during transport,

storage and operation.

● Do not use any damaged devices.

WARNING Danger to life through electric shock due to unconnected cable shields

Hazardous touch voltages can occur through capacitive cross-coupling due to unconnected cable shields.

● As a minimum, connect cable shields and the cores of cables that are not used at one end

at the grounded housing potential.

WARNING Danger to life due to electric shock when not grounded

For missing or incorrectly implemented protective conductor connection for devices with protection class I, high voltages can be present at open, exposed parts, which when touched, can result in death or severe injury.

● Ground the device in compliance with the applicable regulations.

WARNING Danger to life due to fire spreading if housing is inadequate

Fire and smoke development can cause severe personal injury or material damage.

● Install devices without a protective housing in a metal control cabinet (or protect the device

by another equivalent measure) in such a way that contact with fire is prevented.

● Ensure that smoke can only escape via controlled and monitored paths.

Safety Integrated

10 Function Manual, 10/2015, 6FC5397-3EP40-5BA3

Safety instructions

1.1 Fundamental safety instructions

WARNING

Danger to life through unexpected movement of machines when using mobile wireless devices or mobile phones

Using mobile wireless devices or mobile phones with a transmit power > 1 W closer than approx. 2 m to the components may cause the devices to malfunction, influence the functional safety of machines therefore putting people at risk or causing material damage.

● Switch the wireless devices or mobile phones off in the immediate vicinity of the components.

WARNING Danger to life due to fire if overheating occurs because of insufficient ventilation clearances

Inadequate ventilation clearances can cause overheating of components with subsequent fire and smoke. This can cause severe injury or even death. This can also result in increased downtime and reduced service lives for devices/systems.

● Ensure compliance with the specified minimum clearance as ventilation clearance for the

respective component.

WARNING Danger to life when safety functions are inactive

Safety functions that are inactive or that have not been adjusted accordingly can cause operational faults on machines that could lead to serious injury or death.

● Observe the information in the appropriate product documentation before commissioning.

● Carry out a safety inspection for functions relevant to safety on the entire system, including

all safety-related components.

● Ensure that the safety functions used in your drives and automation tasks are adjusted

and activated through appropriate parameterizing.

● Perform a function test.

● Only put your plant into live operation once you have guaranteed that the functions relevant

to safety are running correctly.

Note Important safety notices for Safety Integrated functions

If you want to use Safety Integrated functions, you must observe the safety notices in the Safety Integrated manuals.

Safety Integrated Function Manual, 10/2015, 6FC5397-3EP40-5BA3 11

Safety instructions

1.1 Fundamental safety instructions

WARNING

Danger to life or malfunctions of the machine as a result of incorrect or changed parameterization

As a result of incorrect or changed parameterization, machines can malfunction, which in turn can lead to injuries or death.

● Protect the parameterization (parameter assignments) against unauthorized access.

● Respond to possible malfunctions by applying suitable measures (e.g. EMERGENCY STOP or EMERGENCY OFF).

1.1.2 Handling electrostatic sensitive devices (ESD)

Electrostatic sensitive devices (ESD) are individual components, integrated circuits, modules or devices that may be damaged by either electric fields or electrostatic discharge.

NOTICE Damage through electric fields or electrostatic discharge

Electric fields or electrostatic discharge can cause malfunctions through damaged individual components, integrated circuits, modules or devices.

● Only pack, store, transport and send electronic components, modules or devices in their original packaging or in other suitable materials, e.g conductive foam rubber of aluminum foil.

● Only touch components, modules and devices when you are grounded by one of the following methods:

– Wearing an ESD wrist strap – Wearing ESD shoes or ESD grounding straps in ESD areas with conductive flooring

● Only place electronic components, modules or devices on conductive surfaces (table with ESD surface, conductive ESD foam, ESD packaging, ESD transport container).

Safety Integrated

12 Function Manual, 10/2015, 6FC5397-3EP40-5BA3

1.1.3 Industrial security

Note Industrial security

Siemens provides products and solutions with industrial security functions that support the secure operation of plants, solutions, machines, equipment and/or networks. They are important components in a holistic industrial security concept. With this in mind, Siemens’ products and solutions undergo continuous development. Siemens recommends strongly that you regularly check for product updates.

For the secure operation of Siemens products and solutions, it is necessary to take suitable preventive action (e.g. cell protection concept) and integrate each component into a holistic, state-of-the-art industrial security concept. Third-party products that may be in use should also be considered. For more information about industrial security, visit this address (http://

www.siemens.com/industrialsecurity).

To stay informed about product updates as they occur, sign up for a product-specific newsletter. For more information, visit this address (http://support.automation.siemens.com).

Safety instructions

1.1 Fundamental safety instructions

WARNING Danger as a result of unsafe operating states resulting from software manipulation

Software manipulation (e.g. by viruses, Trojan horses, malware, worms) can cause unsafe operating states to develop in your installation which can result in death, severe injuries and/ or material damage.

● Keep the software up to date.

You will find relevant information and newsletters at this address (http://

support.automation.siemens.com).

● Incorporate the automation and drive components into a holistic, state-of-the-art industrial

security concept for the installation or machine. You will find further information at this address (http://www.siemens.com/

industrialsecurity).

● Make sure that you include all installed products into the holistic industrial security concept.

1.1.4 Residual risks of power drive systems

The control and drive components of a drive system are approved for industrial and commercial use in industrial line supplies. Their use in public line supplies requires a different configuration and/or additional measures.

These components may only be operated in closed housings or in higher-level control cabinets with protective covers that are closed, and when all of the protective devices are used.

These components may only be handled by qualified and trained technical personnel who are knowledgeable and observe all of the safety instructions on the components and in the associated technical user documentation.

Safety Integrated Function Manual, 10/2015, 6FC5397-3EP40-5BA3 13

Safety instructions

1.1 Fundamental safety instructions

When assessing the machine's risk in accordance with the respective local regulations (e.g., EC Machinery Directive), the machine manufacturer must take into account the following residual risks emanating from the control and drive components of a drive system:

1. Unintentional movements of driven machine components during commissioning, operation, maintenance, and repairs caused by, for example,

– Hardware and/or software errors in the sensors, control system, actuators, and cables

and connections

– Response times of the control system and of the drive

– Operation and/or environmental conditions outside the specification

– Condensation/conductive contamination

– Parameterization, programming, cabling, and installation errors

– Use of wireless devices/mobile phones in the immediate vicinity of the control system

– External influences/damage

2. In the event of a fault, exceptionally high temperatures, including an open fire, as well as emissions of light, noise, particles, gases, etc. can occur inside and outside the inverter, e.g.:

– Component failure

– Software errors

– Operation and/or environmental conditions outside the specification

– External influences/damage

Inverters of the Open Type/IP20 degree of protection must be installed in a metal control cabinet (or protected by another equivalent measure) such that contact with fire inside and outside the inverter is not possible.

3. Hazardous shock voltages caused by, for example,

– Component failure

– Influence during electrostatic charging

– Induction of voltages in moving motors

– Operation and/or environmental conditions outside the specification

– Condensation/conductive contamination

– External influences/damage

4. Electrical, magnetic and electromagnetic fields generated in operation that can pose a risk to people with a pacemaker, implants or metal replacement joints, etc., if they are too close

5. Release of environmental pollutants or emissions as a result of improper operation of the system and/or failure to dispose of components safely and correctly

Safety Integrated

14 Function Manual, 10/2015, 6FC5397-3EP40-5BA3

Safety instructions

1.1 Fundamental safety instructions

Note

The components must be protected against conductive contamination (e.g. by installing them in a control cabinet with degree of protection IP54 according to IEC 60529 or NEMA 12).

Assuming that conductive contamination at the installation site can definitely be excluded, a lower degree of cabinet protection may be permitted.

For more information about residual risks of the components in a drive system, see the relevant sections in the technical user documentation.

Safety Integrated Function Manual, 10/2015, 6FC5397-3EP40-5BA3 15

Safety instructions

1.2 Safety Integrated safety instructions

Additional safety instructions and residual risks

Additional safety information and residual risks not specified in this section are included in the relevant sections of this Function Manual.

DANGER Risk minimization through Safety Integrated

Safety Integrated can be used to minimize the level of risk associated with machines and plants. However, safe operation of a system or machine based on Safety Integrated is only possible if the following preconditions are fully satisfied:

● The machine builder (OEM) precisely knows and observes this technical user

documentation - including the documented limitations, safety information and residual risks.

● The machine builder (OEM) carefully and professionally designs, constructs and

configures the system/machine. This must then be verified through careful and thorough acceptance tests by qualified personnel and the results documented.

● The machine builder (OEM) implements and validates all the measures required in

accordance with the system/machine risk analysis by means of the programmed and configured Safety Integrated functions or by other means.

The use of Safety Integrated does not replace the machine/plant risk assessment carried out by the machine manufacturer as required by the EC machinery directive. In addition to using Safety Integrated functions, further risk reduction measures must be implemented.

WARNING Danger to life as a result of inactive Safety Integrated functions while powering up

The Safety Integrated functions are only activated after the system has completely powered up. System startup is a critical operating state with increased risk. When accidents occur, this can result in death or severe injury.

● Stay completely away from any hazardous areas while the system powers up.

● For vertical axes, check that the drives are in a no-torque state.

WARNING Regulations from EN 60204-1

The Emergency Stop function must bring the machine to a standstill according to stop category 0 or 1 (STO or SS1). The machine must not restart automatically after EMERGENCY STOP. When individual safety functions (Extended Functions) are deactivated, an automatic restart is permitted under certain circumstances depending on the risk analysis (except when Emergency Stop is reset). An automatic start is permitted when a protective door is closed, for example.

Safety Integrated

16 Function Manual, 10/2015, 6FC5397-3EP40-5BA3

Safety instructions

1.2 Safety Integrated safety instructions

WARNING

Danger to life when the system powers up after hardware and/or software has been changed or replaced

After hardware and/or software components have been modified or replaced, it is only permissible for the system to run up and the drives to be activated with the protective devices closed. Changes to the system that have not been thoroughly tested can initiate undesirable functions. For persons in the hazardous area, this can result in death or severe injury.

● Carry out the following tests after a change or replacement (see ChapterAcceptance test (Page 113)):

– A complete acceptance test – A partial acceptance test – A simplified function test

● Before personnel may re-enter the hazardous area, the drives MUST be tested to ensure that they exhibit stable control behavior by briefly moving them in both the plus and minus directions (+/–).

● Ensure that nobody is in the hazardous area during the test.

● When switching on, carefully observe that Safety Integrated functions are only available and can only be selected after the system has completely powered up.

WARNING Danger to life when the drive coasts down for an STO or STOP A

The Category 0 stop function in accordance with EN 60204-1 (STO or STOP A acc. to Safety Integrated) means that the drives are not actively braked. They coast to a stop (this may take some time depending on the level of kinetic energy involved). In the case of a fault (malfunction), this can result in death or severe injury.

● Carefully take this response into account when designing the protective door interlocking

logic.

WARNING Danger to life as a result of a malfunction due to an acceptance test that has not been carried

out after changes to parameters have been made

Safety Integrated functions cannot detect parameter changes made by the machine builder (OEM). Incorrect parameter changes for SI functions can result in accidents leading to death or severe injury.

● After making a change to a parameter, always carry out an acceptance test and document

the values in an acceptance report.

● Only use the system or machine after the acceptance test has been successfully

completed.

Safety Integrated Function Manual, 10/2015, 6FC5397-3EP40-5BA3 17

Safety instructions

1.2 Safety Integrated safety instructions

WARNING

Danger to life as a result of different responses of the Safety Integrated functions when replacing a Motor Module or a motor

Motor Modules or the motor must be replaced with a device of the same type, as the parameter settings will otherwise lead to an incorrect response of the Safety Integrated functions. Functionality that has been modified can result in accidents leading to death or severe injury.

● Always replace a component by an identical component of precisely the same type.

● Recalibrate and carefully test the drive involved when replacing an encoder.

● Carefully test the functionality after replacement.

WARNING

Danger to life as a result of parameterized safety functions, which are only available to a restricted extent, when an internal or external fault occurs

If an internal or external fault occurs, none or only some of the parameterized safety functions are available during the STOP F response triggered by the fault. In the case of a fault (malfunction), this can result in death or severe injury.

● Carefully take this into account when parameterizing a delay time between STOP F and STOP B. This is especially true for vertical axes.

Safety Integrated

18 Function Manual, 10/2015, 6FC5397-3EP40-5BA3

1.3 Probability of failure of the safety functions

The probability of failure of safety functions must be specified in the form of a PFH value (Probability of Failure per Hour) according to IEC 61508, IEC 62061 and DIN EN ISO 13849-1. The PFH value of a safety function depends on the safety concept of the control system and the drive device, its hardware configuration and the PFH values of the components used to implement a safety function.

For the SINUMERIK 828 and the SINAMICS S120 drive device, PFH values are made available depending on the hardware configuration (number of drives, control type, number of encoders used). The various integrated safety functions are not differentiated.

● The PFH values of the individual safety components of SINUMERIK 828 and SINAMICS S120 are available in theInternet (https://support.industry.siemens.com/cs/

document/76254308?lc=en-WW).

● The PFH values of all safety components from Siemens are available in the Safety Evaluation Tool (http://www.industry.siemens.com/topics/global/en/safety-integrated/

machine-safety/safety-evaluation-tool/Pages/default.aspx).

Safety instructions

Safety Integrated Function Manual, 10/2015, 6FC5397-3EP40-5BA3 19

Safety instructions

1.4 Residual risk

The fault analysis enables machine manufacturers to determine the residual risk at their machine with regard to the drive unit. The following residual risks are known:

WARNING Danger to life as a result of hardware faults relating to the intrinsic principle: PFH value

Due to the intrinsic potential of hardware faults, electrical systems are subject to additional residual risk, which can be expressed by means of the PFH value.

● Take into account these residual risks when designing your machine and where necessary

apply suitable countermeasures.

WARNING Danger to life when a drive accelerates in an uncontrolled fashion

Faults in the absolute track (C-D track), cyclic interchange of the drive phases (V-W-U instead of U-V-W) and reversal of the control direction may cause acceleration of the drive. Category 1 and 2 stop functions according to EN 60204-1 (fault response functions Stop B to D according to Safety Integrated) that are provided are however not effective due to the fault.

● Category 0 stop function according to EN 60204-1 (fault response function Stop A

according to Safety Integrated) is not activated until the transition or delay time set in the parameter has expired. These faults are detected when SAM is selected (fault reaction functions STOP B/C) and stop function category 0 according to EN 60204-1 (fault reaction function STOP A according to Safety Integrated) is triggered as early as possible regardless of this delay. Electrical faults (defective components or similar) may also lead to the response stated above.

WARNING Danger to life when a drive moves when two power transistors simultaneously fail (breakdown

of depletion layer)

The simultaneous breakdown of depletion layer of 2 power transistors (one in the upper and the other offset in the lower inverter bridge) in the inverter may cause the drive to move briefly. This can result in accidents leading to death or severe injury.

● Take suitable measures to prevent unexpected drive movement, for example, by using a

brake equipped with safety monitoring (Safe Brake Control).

WARNING Danger to life as a result of brief, higher speeds when limit values are violated

Violation of limits may briefly lead to a speed higher than the speed setpoint, or the axis may pass the defined position to a certain extent, depending on the dynamic response of the drive and on parameter settings. When accidents occur, this can result in death or severe injury.

● Take into account this situation when designing your machine and where necessary apply

suitable countermeasures.

Safety Integrated

20 Function Manual, 10/2015, 6FC5397-3EP40-5BA3

Safety instructions

1.4 Residual risk

WARNING Residual risk for a single-encoder system

Within a single-encoder system:

a) A single electrical fault in the encoder

b) A break of the encoder shaft (or loose encoder shaft coupling), or a loose encoder housing will cause the encoder signals to remain static (that is, they no longer follow a movement while still returning a correct level), and prevent fault detection while the drive is in stop state (for example, drive in SOS state).

Generally, the drive is held by the active closed-loop control. Especially for drives with suspended load, from a closed-loop control perspective, it is conceivable that drives such as these move without this being detected.

The risk of an electrical fault in the encoder as described under a) is only present for few encoder types employing a specific principal of operation.

● All of the faults described above must be included in the risk analysis of the machine

manufacturer. Additional safety measures have to be taken for drives with suspended/ vertical or pulling loads - e.g. in order to exclude faults under a):

– Use of an encoder with analog signal generation – Use of a two-encoder system

● In order to exclude the fault described in b), for example:

– Perform an FMEA regarding encoder shaft breakage (or slip of the encoder shaft

coupling) as well as loose encoder housings and use a fault exclusion process according to IEC 61800-5-2, or

– Implementation of a two-encoder system (the encoders must not be mounted on the

same shaft).

Safety Integrated Function Manual, 10/2015, 6FC5397-3EP40-5BA3 21

Safety instructions

1.4 Residual risk

Safety Integrated

22 Function Manual, 10/2015, 6FC5397-3EP40-5BA3

Overview of Safety Integrated functions

This chapter should provide first-time users with a quick overview of the principle mode of operation of safety functions.

The entry into the description of the safety functions is based on the definition according to standard EN 61800-5-2 and some simple examples for using the function.

The description of the functions is simplified, as far as possible, to clearly show essential properties and setting options.

Safety Integrated Function Manual, 10/2015, 6FC5397-3EP40-5BA3 23

Overview of Safety Integrated functions

2.1 Supported functions

All of the Safety Integrated functions available under SINUMERIK 828D/SINAMICS S120 are listed in this chapter. A distinction is made between Safety Integrated basic functions and Safety Integrated extended functions.

The safety functions listed are in compliance with international safety requirements (see Chapter Certifications (Page 185)).

Safety Integrated

24 Function Manual, 10/2015, 6FC5397-3EP40-5BA3

Overview of Safety Integrated functions

2.1 Supported functions

The following Safety Integrated functions (SI functions) are available:

● Safety Integrated basic functions Safety Integrated basic functions are included as standard in the drive and can be used without requiring an additional license. They are always available. These functions do not require an encoder and/or do not place any special requirements on the encoder used.

– Safe Torque Off (STO)

Safe Torque Off is a safety function in accordance with EN‑ 60204‑1 that prevents the drive from restarting unexpectedly. STO prevents the supply of energy to the motor which can generate a torque and corresponds to Stop Category 0.

– Safe Stop 1 (SS1, time controlled)

Safe Stop 1 is based on the "Safe Torque Off" function. This means that a Category 1 stop in accordance with EN 60204-1 can be implemented.

– Safe Brake Control (SBC)

Safe Brake Control is used to safely control a holding brake.

● Safety Integrated extended functions These functions require an additional Safety license: Extended functions require a safetyrelevant encoder.

– Safe Torque Off (STO)

Safe Torque Off is a safety function that prevents the drive from restarting unexpectedly in accordance with EN‑ 60204‑1.

– Safe Stop 1 (SS1, time and acceleration controlled)

Safe Stop 1 is based on the "Safe Torque Off" function. This means that a Category 1 stop in accordance with EN 60204-1 can be implemented.

– Safe Brake Control (SBC)

Safe Brake Control is used to safely control a holding brake.

– Safe Operating Stop (SOS)

Safe Operating Stop is used to protect against unintentional movements. The drive is in closed-loop control mode and is not disconnected from the power supply.

– Safe Stop 2 (SS2)

Safe Stop 2 is used to safely brake the motor with a subsequent transition into the "Safe Operating Stop" state (SOS). This means that a Category 2 stop in accordance with EN 60204-1 can be implemented.

– Safely Limited Speed (SLS)

Safely Limited Speed ensures that the drive does not exceed a preset speed limit/ velocity.

– Safe Speed Monitor (SSM)

Safe Speed Monitor is used for safely identifying when a speed limit is fallen below in both directions of motion, e.g. to identify zero speed. A fail-safe output signal is available for further processing.

– Safe Acceleration Monitor (SAM)

Safe Acceleration Monitor (SAM) is used to safely monitor drive acceleration.

– Safe Direction (SDI)

Safe Direction is used to safely monitor the direction of motion.

– Safely Limited Position (SLP)

Safely Limited Position ensures that a freely definable traversing range is not left.

Safety Integrated Function Manual, 10/2015, 6FC5397-3EP40-5BA3 25

Overview of Safety Integrated functions

2.1 Supported functions

– Safe Brake Test (SBT)

The "Safe Brake Test" function (SBT) checks the required holding torque of a brake (operational or holding brake). This function is in conformance with SIL 1 according to IEC 61508 and to PLd/Cat. 2 according to EN ISO 13849‑1.

– Safety Control Channel (SCC)

Control information (S_STW1B and S_STW3B) can be transferred from the higher-level control system to the safety functions of the drive using the Safety Control Channel (SCC).

– Safety Info Channel (SIC)

Status information of the Safety Integrated functionality of the drive (S_ZSW1B, S_ZSW2B, S_ZSW3B and S_V_LIMIT_B) can be transferred to the higher-level control system using the Safety Info Channel (SIC).

Safety Integrated

26 Function Manual, 10/2015, 6FC5397-3EP40-5BA3

2.2 Safety Integrated Basic Functions

Select STO

STO

0RWRUWRUTXHLVVZLWFKHGRII

6SHHG

'HVHOHFW672

)',

672

2.2.1 Safe Torque Off (STO)

Definition

Definition according to EN 61800-5-2:

"The STO function prevents energy from being supplied to the motor, which can generate a torque."

Overview of Safety Integrated functions

2.2 Safety Integrated Basic Functions

Examples of how the function can be used

● This function is always active after an Emergency Stop.

● If, in the setting-up mode with open protective door, the spindle is to be manually rotated.

How does STO function in detail?

The inverter detects the selection of STO using a fail-safe input. The inverter then safely switches off the torque of the connected motor.

Safety Integrated Function Manual, 10/2015, 6FC5397-3EP40-5BA3 27

STO

Select SS1

6SHHG

'HVHOHFW66

7HUPLQDOV

6DIH6WRSGHOD\

WLPH

672

Overview of Safety Integrated functions

2.2 Safety Integrated Basic Functions

2.2.2 Safe Stop 1 (SS1)

Definition

Definition according to EN 61800-5-2:

"The function SS1 brakes the motor and trips the function STO after a delay time."

Example of how the function can be used

● For an Emergency Stop, a drive must be braked as quickly as possible, and then transitioned into STO.

How does SS1 function in detail?

The drive decelerates once "Safe Stop 1" has been selected, and goes into the "Safe Torque Off" state once the delay time has expired.

Select SS1 As soon as the inverter detects the selection of SS1 via a terminal, the following happens:

● If, when selecting SS1 , the motor is already switched off, then until the SS1 delay time expires, there is no response. STO becomes active after the time expires.

28 Function Manual, 10/2015, 6FC5397-3EP40-5BA3

● If the motor is switched on when SS1 is selected, the inverter brakes the motor with the AUS3 ramp-down time. STO is automatically initiated after the time expires.

Safety Integrated

2.2.3 Safe Brake Control (SBC)

6SHHG

6HOHFW672

STO

SBC

7KHPRWRUWRUTXHLVVZLWFKHGRII

6%&VDIHW\FRQWUROVDEUDNH

6SHHG

'HVHOHFW672

)',

6726%&

Definition according to EN 61800-5-2:

"The SBC function supplies a safe output signal to control a holding brake."

Figure 2-1 Safe Brake Control (SBC)

Example of how the function can be used

● Two-channel safe control of a holding brake

Overview of Safety Integrated functions

2.2 Safety Integrated Basic Functions

How does SBC function in detail?

The inverter detects the selection of STO using a fail-safe input.

The inverter then safely switches off the torque of the connected motor.

SBC is (if configured) initiated together with STO. The Motor Module / Safe Brake Relay / Safe Brake Adapter then executes the action and safely controls the outputs for the brake.

Safety Integrated Function Manual, 10/2015, 6FC5397-3EP40-5BA3 29

STO

Select SS1

Overview of Safety Integrated functions

2.3 Safety Integrated Extended Functions

Precondition

A license is required to use the Safety Integrated Extended Functions.

Software option You require the following software option in order to use this function: "drive based SI-axis/spindle additional 1 axis/spindle".

Enter the associated license key via the operating software SINUMERIK Operate.

References

"SINUMERIK 828D Commissioning CNC", Commissioning Manual, Chapter "Checking and entering licenses"

2.3.1 Safe Torque Off (STO)

For the control options and the functionality for "Safe Torque Off" (STO), refer to chapter "Description of Safety Integrated Basic Functions (Page 27)".

2.3.2 Safe Stop 1 (SS1)

Definition

Definition according to EN 61800-5-2:

"The function SS1 brakes the motor, monitors the magnitude of the motor deceleration within specified limits, and after a delay time or if a speed threshold is exceeded, initiates the STO function."

30 Function Manual, 10/2015, 6FC5397-3EP40-5BA3

Safety Integrated

+ 174 hidden pages

Siemens SINUMERIK Series, SINUMERIK 828D, SINAMICS S120 Function Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Preface

Table of contents

Safety instructions

1.1 Fundamental safety instructions

1.1.1 General safety instructions

1.1.2 Handling electrostatic sensitive devices (ESD)

1.1.3 Industrial security

1.1.4 Residual risks of power drive systems

1.2 Safety Integrated safety instructions

1.3 Probability of failure of the safety functions

1.4 Residual risk

Overview of Safety Integrated functions

2.1 Supported functions

2.2.1 Safe Torque Off (STO)

2.2 Safety Integrated Basic Functions

2.2.2 Safe Stop 1 (SS1)

2.2.3 Safe Brake Control (SBC)

2.3 Safety Integrated Extended Functions

2.3.1 Safe Torque Off (STO)

2.3.2 Safe Stop 1 (SS1)