Page 3
___________________ Safety Integrated Preface ___________________ Typicals and regulations General information about ___________________ SINAMICS Safety Integrated SINAMICS ___________________ System Features G130, G150, S120 Chassis, ___________________ S120 Cabinet Modules, S150 Supported functions Safety Integrated Safety Integrated Basic ___________________ Functions Function Manual Safety Integrated Extended ___________________ Functions ___________________...
Page 4
Note the following: WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems.
In case of questions, please contact us through the following hotline: Time zone Europe / Africa Phone +49 (0) 911 895 7222 +49 (0) 911 895 7223 Internet http://www.siemens.com/automation/support-request Time zone Americas Phone +1 423 262 2522 +1 423 262 2200 E-mail techsupport.sea@siemens.com...
Page 6
Preface Notation The following notation and abbreviations are used in this documentation: Notation for parameters (examples): ● p0918 Adjustable parameter 918 ● r1024 Display parameter 1024 ● p1070[1] Adjustable parameter 1070, index 1 ● p2098[1].3 Adjustable parameter 2098, index 1, bit 3 ●...
Page 7
Preface Safety notices DANGER SINAMICS devices and AC motors must only be commissioned by suitably qualified personnel. The personnel must take into account the information provided in the technical customer documentation for the product, and be familiar with and follow the specified danger and warning notices.
Page 8
Preface DANGER Five safety rules When carrying out any kind of work on electrical devices, the "five safety rules" according to EN 50110 must always be complied with: 1. Disconnect the system. 2. Protect against reconnection. 3. Make sure that the equipment is de-energized. 4.
Page 9
I DT LD Service for option K82 possess an approval. Possible plant-side reproductions by non-certified manufacturers do not possess this approval! An up-to-date list of authorized factories is available on request from your local Siemens office. Safety Integrated...
Page 10
Preface WARNING Unexpected start up of the drive If the function "Safe Torque Off" is deactivated, the drive can start up unexpectedly. This can result in death, serious personal injury or severe material damage. To demonstrate that the function "Safe Torque Off" is deactivated, the specified switches (e.g., "Safe Torque Off"...
Table of contents Preface ..............................5 Typicals and regulations .......................... 17 General information ........................17 1.1.1 Aims .............................17 1.1.2 Functional safety ..........................17 Safety of machinery in Europe.....................18 1.2.1 Machinery Directive ........................18 1.2.2 Harmonized European Standards ....................19 1.2.3 Standards for implementing safety-related controllers ..............21 1.2.4 EN ISO 13849-1 (previously EN 954-1)..................23 1.2.5...
Page 12
3.5.3 Response times for Safety Integrated Extended Functions without encoder ......50 Residual risk..........................51 Supported functions..........................53 Content of this chapter ........................ 53 SINAMICS G130 ......................... 54 4.2.1 Basic functions ..........................54 4.2.2 Extended Functions ........................54 SINAMICS G150 ......................... 55 4.3.1...
Page 13
Simultaneity and tolerance time of the two monitoring channels..........143 7.3.1.3 Bit pattern test ..........................144 7.3.2 Control of "STO" and "SS1" for SINAMICS G130 ..............145 7.3.3 Control of "STO" and "SS1" for SINAMICS G150 ..............151 7.3.4 Control of "STO" and "SS1" for SINAMICS S120 Chassis ............157 7.3.5...
Page 14
Table of contents 7.5.2 Enabling of the control via PROFIsafe..................181 7.5.3 Structure of telegram 30......................182 7.5.3.1 Structure of telegram 30 (Basic Functions)................182 7.5.3.2 Structure of telegram 30 (Extended Functions) ................ 184 Commissioning ............................187 General information about commissioning safety functions ............. 187 Safety Integrated firmware versions ..................
Page 15
Table of contents 10.2.1 Content of the complete acceptance test ..................248 10.2.2 Content of the partial acceptance test ..................250 10.2.3 Test scope for specific measures ....................253 10.3 Safety logbook ...........................254 Acceptance report........................255 10.4 10.4.1 Plant description - Documentation part 1...................255 10.4.2 Description of safety functions - documentation part 2..............257 10.4.2.1 Function table..........................257...
Page 16
Table of contents Safety Integrated Function Manual, 05/2010, A5E03264275A...
Typicals and regulations General information 1.1.1 Aims Manufacturers and operating companies of equipment, machines, and products are responsible for ensuring the required level of safety. This means that plants, machines, and other equipment must be designed to be as safe as possible in accordance with the current state of the art.
Typicals and regulations 1.2 Safety of machinery in Europe To ensure the functional safety of a machine or plant, the safety-related parts of the protection and control devices must function correctly. In addition, the systems must behave in such a way that either the plant remains in a safe state or it is brought into a safe state if a fault occurs.
Typicals and regulations 1.2 Safety of machinery in Europe 1.2.2 Harmonized European Standards The two Typicals Organizations CEN (Comité Européen de Normalisation) and CENELEC (Comité Européen de Normalisation Électrotechnique), mandated by the EU Commission, drew-up harmonized European Typicals in order to precisely specify the requirements of the EC directives for a specific product.
Page 20
Typicals and regulations 1.2 Safety of machinery in Europe Type C Typicals/product Typicals C Typicals are product-specific Typicals (e.g. for machine tools, woodworking machines, elevators, packaging machines, printing machines, etc.). Product Typicals contain machine- specific requirements. The requirements can, under certain circumstances, deviate from the basic and group Typicals.
Typicals and regulations 1.2 Safety of machinery in Europe 1.2.3 Standards for implementing safety-related controllers If the functional safety of a machine depends on various control functions, the controller must be implemented in such a way that the probability of the safety functions failing is sufficiently minimized.
Page 22
Typicals and regulations 1.2 Safety of machinery in Europe Systems for executing safety-related control EN ISO 13849-1 EN 62061 functions Non-electrical (e.g. hydraulic, pneumatic) Not covered Electromechanical (e.g. relay and/or basic Restricted to the designated All architectures and max. up to electronics) architectures (see comment 1) SIL 3...
Typicals and regulations 1.2 Safety of machinery in Europe 1.2.4 EN ISO 13849-1 (previously EN 954-1) A qualitative analysis (to EN 954-1) is not sufficient for modern controllers due to their technology. Among other things, EN 954-1 does not take into account time behavior (e.g. test interval and/or cyclic test, lifetime).
Page 24
Typicals and regulations 1.2 Safety of machinery in Europe 1.2.5 EN 62061 EN 62061 (identical to IEC 62061) is a sector-specific standard subordinate to IEC/EN 61508. It describes the implementation of safety-related electrical machine control systems and considers the complete lifecycle, from the conceptual phase to decommissioning. The standard is based on the quantitative and qualitative analyses of safety functions, whereby it systematically applies a top-down approach to implementing complex control systems (known as "functional decomposition").
Page 25
Typicals and regulations 1.2 Safety of machinery in Europe The user has the following options when setting up a safety-related controller: ● Use devices and sub-systems that already comply with EN ISO 13849-1, IEC/EN 61508, or IEC/EN 62061. The standard provides information specifying how qualified devices can be integrated when safety functions are implemented.
Typicals and regulations 1.2 Safety of machinery in Europe 1.2.6 Series of standards EN 61508 (VDE 0803) This series of Typicals describes the current state of the art. EN 61508 is not harmonized in line with any EU directive. which means that an automatic presumption of conformity for fulfilling the protective requirements of a directive is not implied.
Typicals and regulations 1.2 Safety of machinery in Europe 1.2.7 Risk analysis/assessment Risks are intrinsic in machines due to their design and functionality. For this reason, the Machinery Directive requires that a risk assessment be performed for each machine and, if necessary, the level of risk reduced until the residual risk is less than the tolerable risk.
Page 28
Typicals and regulations 1.2 Safety of machinery in Europe Figure 1-2 Iterative process to achieve the required level of safety to ISO 14121-1 Risks must be reduced by designing and implementing the machine accordingly (e.g. by means of controllers or protective measures suitable for the safety-related functions). If the protective measures involve the use of interlocking or control functions, these must be designed in accordance with EN ISO 13849-1.
Typicals and regulations 1.2 Safety of machinery in Europe 1.2.8 Risk reduction Risk reduction measures for a machine can be implemented by means of safety-related control functions in addition to structural measures. To implement these control functions, special requirements, graded according to the magnitude of the risk, must be taken into account.
Typicals and regulations 1.3 Machine safety in the USA Machine safety in the USA A key difference between the USA and Europe in the legal requirements regarding safety at work is, that in the USA, no legislation exists regarding machinery safety that is applicable in all of the states and that defines the responsibility of the manufacturer/supplier.
Typicals and regulations 1.3 Machine safety in the USA 1.3.2 NRTL listing To protect employees, all electrical equipment used in the USA must be certified for the planned application by a "Nationally Recognized Testing Laboratory" (NRTL) certified by the OSHA. NRTLs are authorized to certify equipment and material by means of listing, labeling, or similar.
Typicals and regulations 1.4 Machine safety in Japan 1.3.4 ANSI B11 ANSI B11 Typicals are joint Typicals developed by associations such as the Association for Manufacturing Technology (AMT) and the Robotic Industries Association (RIA). The hazards of a machine are evaluated by means of a risk analysis/assessment. Risk analysis is an important requirement in accordance with NFPA 79, ANSI/RIA 15.06, ANSI B11.TR-3 and SEMI S10 (semiconductors).
Typicals and regulations 1.6 Other safety-related issues Other safety-related issues 1.6.1 Information sheets issued by the Employer's Liability Insurance Association Safety-related measures to be implemented cannot always be derived from directives, standards, or regulations. In this case, supplementary information and explanations are required.
Page 34
Typicals and regulations 1.6 Other safety-related issues Safety Integrated Function Manual, 05/2010, A5E03264275A...
General information about SINAMICS Safety Integrated Safety Integrated Functions All of the Safety Integrated functions available under SINAMICS are listed in this chapter. SINAMICS makes a distinction between Safety Integrated Basic Functions and Safety Integrated Extended Functions. The safety functions listed conform to Safety Integrity Level (SIL) 2 to DIN EN 61508, to Category 3 to DIN EN ISO 13849-1 and to Performance Level (PL) d to DIN EN ISO 13849-1.
General information about SINAMICS Safety Integrated 2.2 Preconditions for Safety Integrated Basic Functions ● Safety Integrated Extended Functions These functions require an additional safety license: – Safe Torque Off (STO) STO is a safety function that prevents the drive from restarting unexpectedly, in accordance with EN 60204-1, Section 5.4.
General information about SINAMICS Safety Integrated 2.3 Preconditions for Safety Integrated Extended Functions Preconditions for Safety Integrated Extended Functions The following prerequisites apply for operation of the Safety Integrated Extended Functions: ● A license is required to use the Safety Integrated Extended Functions. If the options (F01 to F05 or K01 to K05) are ordered, the license is already enabled on the memory card.
Page 38
General information about SINAMICS Safety Integrated 2.4 Controlling the Safety Integrated functions NOTICE PROFIsafe or TM54F Using a Control Unit, control is possible either via PROFIsafe or TM54F. Mixed operation is not permissible. When asynchronous motors or synchronous motors without encoders are used, not all Safety Integrated Extended Functions can be used.
General information about SINAMICS Safety Integrated 2.5 Parameter, Checksum, Version, Password Parameter, Checksum, Version, Password Properties of Safety Integrated parameters The following applies to Safety Integrated parameters: ● The safety parameters are kept separate for each monitoring channel. ● During startup, checksum calculations (Cyclic Redundancy Check, CRC) are performed on the safety parameter data and checked.
Page 40
General information about SINAMICS Safety Integrated 2.5 Parameter, Checksum, Version, Password Extended functions ● r9398[0...1] SI Motion actual checksum SI parameters (Motor Module) ● r9399[0...1] SI Motion setpoint checksum SI parameters (Motor Module) ● r9728[0...2] SI Motion actual checksum SI parameters ●...
Page 41
2. Recommission the drive unit and drives. 3. Recommission Safety Integrated. Or contact your regional Siemens office and ask for the password to be deleted (complete drive project must be made available). Overview of important parameters for "Password" (see SINAMICS List Manual) ●...
General information about SINAMICS Safety Integrated 2.6 DRIVE-CLiQ rules for Safety Integrated Functions DRIVE-CLiQ rules for Safety Integrated Functions Note For the Safety Integrated Functions (Basic and Extended Functions) the general DRIVE- CLiQ rules apply as a basic principle. These rules are provided in the chapter "Rules for wiring with DRIVE-CLiQ"...
Go into the Internet under: http://automation.siemens.com To subscribe to the newsletter, please proceed as follows: 1. Select the desired language for the webpage.
● Safety integrity level 2 (SIL 2) to IEC 61508. In addition, most of the SINAMICS safety functions have been certified by independent institutes. An up-to-date list of certified components is available on request from your local Siemens office. Safety Integrated Function Manual, 05/2010, A5E03264275A...
System Features 3.3 Safety instructions Safety instructions Note Additional safety information and residual risks not specified in this section are included in the relevant sections of this Function Manual. DANGER Safety Integrated can be used to minimize the level of risk associated with machines and plants.
Page 46
System Features 3.3 Safety instructions WARNING After hardware and/or software components have been modified or replaced, all protective equipment must be closed prior to system startup and drive activation. Personnel shall not be present within the danger zone. It may be necessary to carry out a partial or complete acceptance test or a simplified functional test (see chapter "Acceptance test") after having made certain changes or replacements.
System Features 3.4 Probability of failure of the safety functions (PFH value) NOTICE Changing the EDS with safe motion monitoring An encoder that is used for Safety Functions should not be switched over when a data set is switched over. The Safety Functions check the safety-relevant encoder data for changes when data sets are switched over.
System Features 3.5 Response times Response times 3.5.1 Response times Safety Integrated Basic Functions The Basic Functions are executed in the monitoring clock cycle (p9780). PROFIsafe telegrams are evaluated in the PROFIsafe scan cycle, which corresponds to twice the monitoring clock cycle (PROFIsafe scan cycle = 2 × r9780). Controlling Basic Functions via terminals on the Control Unit and Motor/Power Module The following table lists the response times from the control via terminals until the response actually occurs.
System Features 3.5 Response times 3.5.2 Response times, Safety Integrated Extended Functions with encoder Activation of Extended Functions with encoder via PROFIsafe The following table lists the response times from receiving the PROFIsafe telegram on the Control Unit up to initiating the response. Table 3- 3 Response times when controlling via PROFIsafe Function...
System Features 3.5 Response times 3.5.3 Response times for Safety Integrated Extended Functions without encoder Control of Extended Functions without encoder via PROFIsafe The following table lists the response times from receiving the PROFIsafe telegram on the Control Unit up to initiating the response. Table 3- 5 Response times when controlling via PROFIsafe Function...
System Features 3.6 Residual risk Residual risk The fault analysis enables the machine manufacturer to determine the residual risk at his machine with regard to the drive unit. The following residual risks are known: WARNING Due to the intrinsic potential of hardware faults, electrical systems are subject to additional residual risk, which can be expressed by means of the PFH value.
Page 52
System Features 3.6 Residual risk WARNING Within a single-encoder system: a) a single electrical fault in the encoder b) encoder shaft break, (or detachment of the encoder shaft coupling), or a loose encoder housing will cause a static state of the encoder signals (i.e.
Supported functions Content of this chapter In this chapter all Safety Integrated Functions for SINAMICS G130, G150, S120 Chassis, S120 Cabinet Modules and S150 are explained. See the overviews for the preconditions, the supported functions, and the control possibilities per converter...
Safe Stop 1 Safe Brake Control Activation possibilities Activation Control unit & terminal (power unit) PROFIsafe & terminal (power unit) 4.2.2 Extended Functions Use of the Safety Integrated Extended Functions is not possible with SINAMICS G130. Safety Integrated Function Manual, 05/2010, A5E03264275A...
Supported functions 4.3 SINAMICS G150 SINAMICS G150 4.3.1 Basic functions Preconditions The Safety Integrated Basic Functions are part of the standard scope of the drive and can be used without an additional license. Supported Safety Integrated Basic Functions Safety Function Abbreviation Safe Torque Off Safe Stop 1...
Supported functions 4.4 SINAMICS S120 Chassis SINAMICS S120 Chassis 4.4.1 Basic functions Preconditions The Safety Integrated Basic Functions are part of the standard scope of the drive and can be used without an additional license. Supported Safety Integrated Basic Functions Safety Function Abbreviation Safe Torque Off...
Supported functions 4.5 SINAMICS S120 Cabinet Modules SINAMICS S120 Cabinet Modules 4.5.1 Booksize format Motor Module 4.5.1.1 Basic functions Preconditions The Safety Integrated Basic Functions are part of the standard scope of the drive and can be used without an additional license. Supported Safety Integrated Basic Functions Safety Function Abbreviation...
Supported functions 4.5 SINAMICS S120 Cabinet Modules 4.5.2 Motor Module in chassis format 4.5.2.1 Basic functions Preconditions The Safety Integrated Basic Functions are part of the standard scope of the drive and can be used without an additional license. Supported Safety Integrated Basic Functions Safety Function Abbreviation Safe Torque Off...
Supported functions 4.6 SINAMICS S150 SINAMICS S150 4.6.1 Basic functions Preconditions The Safety Integrated Basic Functions are part of the standard scope of the drive and can be used without an additional license. Supported Safety Integrated Basic Functions Safety Function Abbreviation Safe Torque Off Safe Stop 1...
Safety Integrated Basic Functions Safe Torque Off (STO) General description In conjunction with a machine function or in the event of a fault, the "Safe Torque Off" (STO) function is used to safely disconnect the torque-generating energy feed to the motor. When the function is selected, the drive unit is in a "safe status".
Page 66
Safety Integrated Basic Functions 5.1 Safe Torque Off (STO) CAUTION If two power transistors simultaneously fail in the power unit (one in the upper and one in the lower bridge), then this can cause brief momentary movement. The maximum movement can be: Synchronous rotary motors: Max.
Page 67
Safety Integrated Basic Functions 5.1 Safe Torque Off (STO) Selecting/deselecting "Safe Torque Off" The following occurs when "Safe Torque Off" is selected: ● Each monitoring channel triggers safe pulse suppression via its switch-off signal path. ● A motor holding brake is applied (if connected and configured). If "Safe Torque Off"...
Page 68
Safety Integrated Basic Functions 5.1 Safe Torque Off (STO) Response time with the "Safe Torque Off" function For the response times when the function is selected/deselected via input terminals, see the table in chapter "System features", subchapter, "Response times". Example - chassis example Assumption: Safety monitoring clock cycle CU (r9780) = 16 ms and inputs/outputs sampling time (p0799) = 4 ms...
Safety Integrated Basic Functions 5.2 Safe Stop 1 (SS1, time controlled) Safe Stop 1 (SS1, time controlled) General description The "Safe Stop 1" (SS1, time controlled) function allows the drive to be stopped in accordance with EN 60204-1, stop category 1. The drive brakes with the OFF3 ramp (p1135) once "Safe Stop 1"...
Page 70
Safety Integrated Basic Functions 5.2 Safe Stop 1 (SS1, time controlled) Prerequisite The "Safe Torque Off" function must be enabled. In order that the drive can brake down to a standstill even when selected through one channel, the time in p9652/p9852 must be shorter than the sum of the parameters for the data cross-check (p9650/p9850 and p9658/p9858).
Safety Integrated Basic Functions 5.3 Safe Brake Control (SBC) Safe Brake Control (SBC) General description The "Safe Brake Control" function (SBC) is used to control holding brakes that function according to the quiescent current principle (e.g. motor holding brake). The command for releasing or applying the brake is transmitted to the Motor/Power Module via DRIVE-CLiQ.
Page 72
Safety Integrated Basic Functions 5.3 Safe Brake Control (SBC) Two-channel brake control Note Connecting the brake The brake cannot be directly applied at the motor module of the chassis design. The connection terminals are designed only for 24 V DC with 100 mA; additional hardware is necessary for higher currents and voltages.
Safety Integrated Basic Functions 5.4 Safety faults Safety faults The fault messages of the Safety Integrated Basic Functions are saved in the standard message buffer and can be read out from there. When faults associated with Safety Integrated Basic Functions occur, the following stop responses can be initiated: Table 5- 1 Stop responses for Safety Integrated Basic Functions...
Page 74
Safety Integrated Basic Functions 5.4 Safety faults Acknowledging the Safety faults Faults associated with Safety Integrated Basic Functions must be acknowledged as follows: 1. Remove the cause of the fault. 2. Deselect "Safe Torque Off" (STO). 3. Acknowledge the fault. If the Safety commissioning mode is exited when the Safety functions are switched off (p0010 = value not equal to 95 when p9601 = p9801 = 0), then all the Safety faults can be acknowledged.
Safety Integrated Basic Functions 5.5 Forced checking procedure Forced checking procedure Forced dormant error detection or test of the switch-off signal paths for Safety Integrated Basic Functions The forced dormant error detection function at the switch-off signal paths is used to detect software/hardware faults at both monitoring channels in time and is automated by means of activation/deactivation of the "Safe Torque Off"...
Safety Integrated Extended Functions Safety functions "with encoder" / "without encoder" For activation of the Safety Integrated Functions "with encoder" and "without encoder", set the parameters p9306 and p9506 (factory setting = 0). You can also make this setting by selecting "with encoder"...
Safety Integrated Extended Functions 6.2 Safety licenses for 1 to 5 axes CAUTION Safety Integrated Extended Functions "without encoder" must not be used if the motor, after it has been switched off, can still be accelerated by the mechanical elements of the connected machine component.
The required licenses can optionally be ordered with the CompactFlash Card. Retroactive licensing is executed on the Internet via the "WEB License Manager" by generating a license key: http://www.siemens.com/automation/license Note The process for generating a license key is described in detail in the SINAMICS S120 Function Manual, chapter, "Fundamentals of the drive system"...
Page 80
The required licenses can optionally be ordered with the converter cabinet. Retroactive licensing is executed on the Internet via the "WEB License Manager" by generating a license key: http://www.siemens.com/automation/license Note The process for generating a license key is described in detail in the SINAMICS S120 Function Manual, chapter, "Fundamentals of the drive system"...
Safety Integrated Extended Functions 6.3 Safe Torque Off (STO) Safe Torque Off (STO) In addition to the control options specified under Safety Integrated Basic Functions, "Safe Torque Off (STO) under Safety Integrated Extended Functions can also be activated via TM54F or PROFIsafe. Note Use of the "Safe Torque Off"...
Safety Integrated Extended Functions 6.4 Safe Stop 1 (SS1) Safe Stop 1 (SS1) 6.4.1 Safe Stop 1 with encoder (time and acceleration controlled) General description The "Safe Stop 1" (SS1) function with encoder monitors whether motor acceleration reaches impermissible levels during the SS1 time. The "Safe Stop 1"...
Page 83
Safety Integrated Extended Functions 6.4 Safe Stop 1 (SS1) Functional features of "Safe Stop 1" with encoder ● The delay time starts after the function is selected. If SS1 is deselected again within this time, after the delay time has expired or after the shutdown speed has been undershot, the STO function is selected and then immediately deselected again.
Safety Integrated Extended Functions 6.4 Safe Stop 1 (SS1) Responses Speed limit violated (SBR): ● STOP A ● Safety message C01706/C30706 System errors: 1. STOP F with subsequent STOP B, followed by STOP A 2. Safety message C01711/C30711 Status for "Safe Stop 1" The status of the "Safe Stop 1"...
Page 85
Safety Integrated Extended Functions 6.4 Safe Stop 1 (SS1) Figure 6-2 Sequence for "Safe Stop 1" without encoder Braking ramp for "Safe Stop 1" without encoder p9581/p9381 and p9583/p9383 are used to set the steepness of the brake ramp. Parameters p9581/p9381 determine the reference speed and parameters p9583/p9383 define the monitoring period.
Safety Integrated Extended Functions 6.5 Safe Stop 2 (SS2) Safe Stop 2 (SS2) 6.5.1 General description Note The safety function "Safe Stop 2" (SS2) can only be used with an encoder. The "Safe Stop 2" (SS2) function is used to brake the motor safely along the OFF3 deceleration ramp (p1135) with subsequent transition to the SOS state (see "Safe Operating Stop") after the delay time expires (p9352/p9552).
Page 88
Safety Integrated Extended Functions 6.5 Safe Stop 2 (SS2) Note Activating SS2 may cause the device (PLC, motion controller) that governs the speed setpoint to interrupt the ramp function (by triggering OFF2). The device behaves in this way as a result of a fault reaction triggered by OFF3 activation. This fault reaction can be avoided by assigning appropriate parameters or appropriate wiring.
Safety Integrated Extended Functions 6.5 Safe Stop 2 (SS2) 6.5.2 EPOS and Safe Stop 2 Since the function SS2 – with its setpoint-independent braking – is not suitable for use with EPOS, the Safe Operating Stop (SOS) function can be used with delay. On selection of SOS, the EPOS function "intermediate stop"...
Safety Integrated Extended Functions 6.6 Safe Operating Stop (SOS) Safe Operating Stop (SOS) General description Note The "Safe Operating Stop" function is only available for operation with an encoder. This function serves for fail-safe monitoring of the standstill position of a drive. Personnel can enter the protected machine areas without having to shut down the machine as long as SOS is active.
Page 91
Safety Integrated Extended Functions 6.6 Safe Operating Stop (SOS) Functional features of "Safe Operating Stop" with encoder ● The drive remains in the closed-loop control mode. ● A programmable standstill tolerance window is available. ● STOP B is the stop response if the standstill tolerance window is violated Note The size of the tolerance window should be slightly above the standard standstill monitoring limit, otherwise the standard monitoring functions will no longer be effective.
Safety Integrated Extended Functions 6.7 Safely-Limited Speed (SLS) Safely-Limited Speed (SLS) 6.7.1 General description The Safely-Limited Speed (SLS) function is used to protect a drive against unintentionally high speeds in both directions of rotation. This is achieved by monitoring the current drive speed up to a speed limit.
Safety Integrated Extended Functions 6.7 Safely-Limited Speed (SLS) 6.7.2 Parking note Note When a drive object for which the "Safely Limited Speed" function with encoder is enabled is switched to "Park" mode, the Safety Integrated software responds by selecting STO without generating a separate message.
Safety Integrated Extended Functions 6.7 Safely-Limited Speed (SLS) As opposed to SLS limit parameters, this parameter specifies limits on the motor side instead of limits on the load side. ● r9733[0] = p9531[x] * p9533; x = selected SLS stage ●...
Page 95
Safety Integrated Extended Functions 6.7 Safely-Limited Speed (SLS) Configuring the limits ● Speed limits for SLS without encoder are configured in exactly the same way as described for SLS with an encoder. ● Only STOP A and STOP B may be configured as stop responses for "Safely-Limited Speed"...
Page 96
Safety Integrated Extended Functions 6.7 Safely-Limited Speed (SLS) Restart after OFF2 If the drive has been switched off via OFF2/STO, the following steps must be carried out before a restart can be performed: 1. scenario: ● State after switching on: SLS selected, STO selected, OFF2 active ●...
Safety Integrated Extended Functions 6.7 Safely-Limited Speed (SLS) 6.7.6 EPOS and Safely-Limited Speed If safe speed monitoring (SLS) will also be used at the same time as the EPOS positioning function, EPOS must be informed of the activated speed monitoring limit. Otherwise the speed monitoring limit can be violated by the EPOS setpoint input.
Safety Integrated Extended Functions 6.8 Safe Speed Monitor (SSM) Safe Speed Monitor (SSM) General description Note The "Safe Speed Monitor" function is only available for operation with an encoder. The "Safe Speed Monitor" function is used for reliably detecting when a velocity limit value has been undershot (p9346/p9546) (e.g.
Page 100
Safety Integrated Extended Functions 6.8 Safe Speed Monitor (SSM) The hysteresis for the SSM output signal is set in parameter p9347/p9547 "SI motion SSM speed hysteresis n_x". In other words the SSM output signal can take on either state "1" or state "0"...
Page 101
Safety Integrated Extended Functions 6.8 Safe Speed Monitor (SSM) Features ● Safe monitoring of the speed limit specified in p9346 and p9546 ● Parameterizable hysteresis via p9347 and p9547 ● Variable PT1 filter via p9345 and p9545 ● Fail-safe output signal ●...
Safety Integrated Extended Functions 6.9 Safe Acceleration Monitor (SBR) Safe Acceleration Monitor (SBR) General description Note The "Safe Acceleration Monitor" function is only available for operation with an encoder. The "Safe Acceleration Monitor" (SBR) function with encoder is used to safely monitor drive acceleration.
Page 103
Safety Integrated Extended Functions 6.9 Safe Acceleration Monitor (SBR) Calculating the SBR tolerance of the ACTUAL speed: ● The following applies when parameterizing the SBR tolerance: – The maximum speed increase after SS1 / SS2 is triggered is derived from the effective acceleration (a) and the duration of the acceleration phase.
Safety Integrated Extended Functions 6.10 Safe Brake Ramp (SBR) 6.10 Safe Brake Ramp (SBR) General description Note The "Safe Brake Ramp" (SBR) safety function can only be used without an encoder and should be used only with asynchronous motors. The Safe Brake Ramp (SBR) function provides a safe method for monitoring the brake ramp. The Safe Brake Ramp function is used to monitor braking when using the "SS1 without encoder"...
Page 105
Safety Integrated Extended Functions 6.10 Safe Brake Ramp (SBR) Signal profile for "Safe Brake Ramp" without encoder Figure 6-9 Safe Brake Ramp without encoder Safety Integrated Function Manual, 05/2010, A5E03264275A...
Page 106
Safety Integrated Extended Functions 6.10 Safe Brake Ramp (SBR) Brake ramp for "Safe Brake Ramp" without encoder p9581/p9381 (SI Motion braking ramp reference value, Control Unit/Motor Module) and p9583/p9383 (SI Motion brake ramp monitoring time, Control Unit/Motor Module) are used to set the steepness of the brake ramp.
Safety Integrated Extended Functions 6.11 Safety faults 6.11 Safety faults Stop responses Faults with Safety Integrated Extended Functions and violation of limits can trigger the following stop responses: Table 6- 2 Overview, stop responses Stop response Triggered ... Action Effect STOP A For all acknowledgeable Immediate pulse cancelation...
Page 108
Safety Integrated Extended Functions 6.11 Safety faults Note A delay time between STOP F and STOP B should only be set if an additional response is initiated during this time when the "Internal Event" (r9722.7) message signal is evaluated. Further, when using the delay time, a monitoring function should always be selected (e.g. SLS with a high limit speed) or the hysteresis of SSM should be configured.
Page 109
Safety Integrated Extended Functions 6.11 Safety faults Priorities of stop responses and Extended Functions Table 6- 4 Priorities of stop responses and Extended Functions Highest priority Lowest priority Stop response / STOP A STOP B STOP C STOP D STOP F Extended Function Highest STOP A / STO...
Page 110
Safety Integrated Extended Functions 6.11 Safety faults Examples for illustrating the information in the table 1. Safety function SS1 has just been selected. STOP A remains active; a STOP B operation that is currently in progress is not interrupted by this. Any remaining STOP C-F would be replaced by SS1.
Page 111
Safety Integrated Extended Functions 6.11 Safety faults Acknowledgement via PROFIsafe The higher-level controller sets the signal "Internal Event ACK" via the PROFIsafe telegram (STW bit 7) separately for each drive object. A falling edge in this signal sets the status "Internal Event"...
Safety Integrated Extended Functions 6.12 Message buffer 6.12 Message buffer In addition to the fault buffer for F... faults and the alarm buffer for A... alarms, (see SINAMICS S120 Commissioning Manual) a special message buffer for C... safety messages is available for Safety Integrated Extended Functions... The fault messages for the Safety Integrated Basic Functions are stored in the standard fault buffer (see chapter "Buffer for faults and alarms"...
Page 113
Safety Integrated Extended Functions 6.12 Message buffer When a safety message is present, the bit 2139.5 = 1 ("Safety message present") is set. The entry in the message buffer is delayed. For this reason, the message buffer should not be read until a change in the buffer (r9744) has been detected after "Safety message present"...
Safety Integrated Extended Functions 6.13 Reliable actual value acquisition with the encoder system 6.13 Reliable actual value acquisition with the encoder system Supported encoder systems The Safety Functions used to monitor motion (e.g. SS1, SS2, SOS, SLS and SSM) require reliable actual value acquisition.
Page 115
Safety Integrated Extended Functions 6.13 Reliable actual value acquisition with the encoder system Figure 6-11 Example for a single-encoder system Two-encoder system For a two-encoder system the safe actual values for a drive are provided by two separate encoders. The actual values are transferred to the Control Unit by means of fail-safe communication via DRIVE-CLiQ.
Page 116
The FMEA must be created by the machine manufacturer. Also certain motors with and without DRIVE-CLiQ connection can be used for Safety Integrated functions; see http://support.automation.siemens.com/WW/view/de/33512621 NOTICE Basic absolute encoders (e.g. ECI, EQI), which offer an EnDat interface with additional sin/cos tracks but operate according to an inductive measuring principle internally, are not permitted until their suitability for SINAMICS Safety Integrated has been determined.
Page 117
Safety Integrated Extended Functions 6.13 Reliable actual value acquisition with the encoder system Actual value synchronization Figure 6-13 Example diagram of actual value synchronization The mean value of the actual values of both encoders is calculated cyclically after actual value synchronization (p9301.3 = p9501.3 = 1) was activated. The maximum slip defined in p9349/p9549 is monitored within the crosswise comparison clock cycle (r9724).
Page 118
Safety Integrated Extended Functions 6.13 Reliable actual value acquisition with the encoder system Overview of important parameters ● p9301.3 SI Motion enable safety functions (Motor Module), enable actual value synchronization ● p9501.3 SI Motion enable safety functions (Control Unit), enable actual value synchronization ●...
Safety Integrated Extended Functions 6.14 Forced dormant error detection ● r9713[0...3] SI Motion diagnostics position action value load side ● r9714[0...1] SI Motion diagnostics speed ● r9724 SI Motion crosswise comparison clock cycle ● r9730 SI Motion safe maximum velocity ●...
Page 120
Safety Integrated Extended Functions 6.14 Forced dormant error detection Note STO is triggered when a test stop is carried out for the Safety functions. STO should not be selected prior to selecting the test stop, and the axis should not be in operation. Forced dormant error detection F-DI/F-DO of TM54F through test stop An automatic test stop function is available for forced dormant error detection within the F- DIs/DOs test.
Page 121
Safety Integrated Extended Functions 6.14 Forced dormant error detection Figure 6-14 Example of the TM54F wiring Safety Integrated Function Manual, 05/2010, A5E03264275A...
Page 122
Safety Integrated Extended Functions 6.14 Forced dormant error detection The F-DIs must be registered for the test stop by means of p10041. CAUTION The F-DI states are frozen for the duration of the test (approx. 100 ms)! In order to be able to use the test stop function, the F-DOs being used must be interconnected in accordance with the connection example shown above and the forced feedback signals of the two relays must be connected to the corresponding digital input (DI 20 to DI 23).
Controlling the safety functions Overview of F-DI/F-DOs and of their structure The safety-oriented input and output terminals (F-DI and F-DO) act as an interface between the internal Safety Integrated functionality and the process. A dual-channel signal applied to an F-DI (Fail-safe Digital Input, safety-oriented digital input = safe input terminal pair) controls the active monitoring of the activation/deactivation of safety functions.
Performance Level (PL) d and IEC 61508 SIL2. In addition, most of the SINAMICS safety functions have been certified by independent institutes. An up-to-date list of certified components is available on request from your local Siemens office. Safety Integrated Function Manual, 05/2010, A5E03264275A...
Page 125
Controlling the safety functions 7.2 Control of "STO" and "SS1" via terminal module for option K82 Recommended application This option is used when: ● Activation will be executed optically isolated in a voltage range of 24 V – 230 V DC/AC. ●...
Page 126
Controlling the safety functions 7.2 Control of "STO" and "SS1" via terminal module for option K82 Customer interface –X41 Table 7- 1 Terminal strip -X41 Terminal Meaning Technical data -X41:1 Activation –K41: A1 Connection for activation element at channel 1 "+" -X41:2 Connected to -X41:1 -X41:3...
Page 127
Controlling the safety functions 7.2 Control of "STO" and "SS1" via terminal module for option K82 Load side: Operational voltage: max. 250 V DC/AC Rated operating currents: ● AC-15 (in accordance with IEC 60947-5-1): 24 - 230 V = 3 A ●...
Page 128
Controlling the safety functions 7.2 Control of "STO" and "SS1" via terminal module for option K82 Note For the following cabinet units (automatic synchronizers), the digital input DI6 of the Control Unit is also used: • For 3 AC 380 to 480 V: 6SL3710-2GE41-1AAx, 6SL3710-2GE41-4AAx, 6SL3710-2GE41-6AAx •...
Performance Level (PL) d and IEC 61508 SIL2. In addition, most of the SINAMICS safety functions have been certified by independent institutes. An up-to-date list of certified components is available on request from your local Siemens office. Safety Integrated Function Manual, 05/2010, A5E03264275A...
Page 130
Controlling the safety functions 7.2 Control of "STO" and "SS1" via terminal module for option K82 Recommended application This option is used when: ● Activation will be executed optically isolated in a voltage range of 24 V – 230 V DC/AC. ●...
Page 131
Controlling the safety functions 7.2 Control of "STO" and "SS1" via terminal module for option K82 Customer interface –X41 Table 7- 2 Terminal strip -X41 Terminal Meaning Technical data -X41:1 Activation –K41: A1 Connection for activation element at channel 1 "+" -X41:2 Connected to -X41:1 Connection for activation element at channel 1 "+",...
Page 132
Controlling the safety functions 7.2 Control of "STO" and "SS1" via terminal module for option K82 Load side: Operational voltage: max. 250 V DC/AC Rated operating currents: ● AC-15 (in accordance with IEC 60947-5-1): 24 - 230 V = 3 A ●...
Controlling the safety functions 7.2 Control of "STO" and "SS1" via terminal module for option K82 7.2.2.2 Use of the K82 option with Control Unit CU320-2 In conjunction with option K90 (CU320-2), terminal -X41:10 is already connected to digital input DI7 of the CU320-2 within the cabinet. In the double motor module, digital input DI6 is also wired on the CU320-2.
Performance Level (PL) d and IEC 61508 SIL2. In addition, most of the SINAMICS safety functions have been certified by independent institutes. An up-to-date list of certified components is available on request from your local Siemens office. Safety Integrated Function Manual, 05/2010, A5E03264275A...
Page 135
Controlling the safety functions 7.2 Control of "STO" and "SS1" via terminal module for option K82 Recommended application This option is used when: ● Activation will be executed optically isolated in a voltage range of 24 V – 230 V DC/AC. ●...
Page 136
Controlling the safety functions 7.2 Control of "STO" and "SS1" via terminal module for option K82 Customer interface –X41 Table 7- 3 Terminal strip -X41 Terminal Meaning Technical data -X41:1 Activation –K41: A1 Connection for activation element at channel 1 "+" -X41:2 Connected to -X41:1 -X41:3...
Page 137
Controlling the safety functions 7.2 Control of "STO" and "SS1" via terminal module for option K82 Load side: Operational voltage: max. 250 V DC/AC Rated operating currents: ● AC-15 (in accordance with IEC 60947-5-1): 24 - 230 V = 3 A ●...
Page 138
Controlling the safety functions 7.2 Control of "STO" and "SS1" via terminal module for option K82 Interconnection in groups When using a single activation element for multiple cabinet units, the following terminals have to be used on terminal strip -X41: ●...
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module 7.3.1 General information 7.3.1.1 Control signals by way of terminals on the Control Unit and Motor/Power Module Features ●...
Page 140
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Terminals for STO, SS1 (time-controlled), SBC The functions are separately selected/deselected for each drive using two terminals. 1. Switch-off signal path, Control Unit The desired input terminal is selected via BICO interconnection (BI: p9620[0]).
Page 141
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Grouping drives To ensure that the function works for more than one drive at the same time, the terminals for the corresponding drives must be grouped together as follows: 1.
Page 142
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Example: Terminal groups It must be possible to select/deselect "Safe Torque Off" separately for group 1 (drive 1 and 2) and group 2 (drive 3 and 4). For this purpose, the same grouping for "Safe Torque Off"...
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module 7.3.1.2 Simultaneity and tolerance time of the two monitoring channels Simultaneity and tolerance time of the two monitoring channels The "Safe Torque Off" function must be selected/deselected simultaneously in both monitoring channels using the input terminals and is only effective for the associated drive.
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module 7.3.1.3 Bit pattern test Bit pattern test of fail-safe outputs The converter normally responds immediately to signal changes in its fail-safe inputs. This is not desired in the following case: Several control modules test their fail-safe outputs using bit pattern tests (light/darkness tests) to identify faults due to either short circuiting or cross circuiting.
7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module 7.3.2 Control of "STO" and "SS1" for SINAMICS G130 Description The safety functions contained in the standard ("Safe Torque Off" and "Safe Stop 1") can be used with the power module.
Page 146
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Functional principle The first shutdown path for the integrated safety functions is activated via a digital input on the control unit; digital inputs DI0 to DI7 are available for this purpose. The second shutdown path for the integrated safety functions is activated via the terminals (- X41:1, -X42:2) on the Control Interface module of the Power Module.
Page 147
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Terminal strip –X122 on the CU320-2 control unit Table 7- 6 Terminal strip –X122 on the CU320-2 control unit Terminal Designation Technical data DI 0...
Page 148
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module NOTICE An open input is interpreted as "low". To enable the digital inputs (DI) to function, terminal M1 must be connected. This is achieved by: 1.
Page 149
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Terminal strip –X132 on the CU320-2 control unit Table 7- 7 Terminal strip –X132 on the CU320-2 control unit Terminal Designation Technical data DI 4...
Page 150
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module NOTICE An open input is interpreted as "low". To enable the digital inputs (DI) to function, terminal M2 must be connected. This is achieved by: 1.
Performance Level (PL) d and IEC 61508 SIL2. In addition, most of the SINAMICS safety functions have been certified by independent institutes. An up-to-date list of certified components is available on request from your local Siemens office. Recommended application This variant is used when: ●...
Page 152
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Functional principle The first shutdown path for the integrated safety functions is activated via a digital input on the control unit; digital inputs DI0 to DI7 are available for this purpose. The second shutdown path for the integrated safety functions is activated via the terminals (- X41:1, -X42:2) on the Control Interface module of the Power Module.
Page 153
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Terminal strip –X122 on the CU320-2 control unit Table 7- 9 Terminal strip –X122 on the CU320-2 control unit Terminal Designation Technical data DI 0...
Page 154
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module NOTICE An open input is interpreted as "low". To enable the digital inputs (DI) to function, terminal M1 must be connected. This is achieved by: 1.
Page 155
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Terminal strip –X132 on the CU320-2 control unit Table 7- 10 Terminal strip –X132 on the CU320-2 control unit Terminal Designation Technical data DI 4...
Page 156
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module NOTICE An open input is interpreted as "low". To enable the digital inputs (DI) to function, terminal M2 must be connected. This is achieved by: 1.
Performance Level (PL) d and IEC 61508 SIL2. In addition, most of the SINAMICS safety functions have been certified by independent institutes. An up-to-date list of certified components is available on request from your local Siemens office. Recommended application This variant is used when: ●...
Page 158
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Functional principle The first shutdown path for the integrated safety functions is activated via a digital input on the control unit; digital inputs DI0 to DI7 are available for this purpose. The second shutdown path for the integrated safety functions is activated via the terminals (- X41:1, -X42:2) on the Control Interface Module of the Power Module.
Page 159
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Terminal strip –X122 on the CU320-2 control unit Table 7- 12 Terminal strip –X122 on the CU320-2 control unit Terminal Designation Technical data DI 0...
Page 160
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module NOTICE An open input is interpreted as "low". To enable the digital inputs (DI) to function, terminal M1 must be connected. This is achieved by: 1.
Page 161
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Terminal strip –X132 on the CU320-2 control unit Table 7- 13 Terminal strip –X132 on the CU320-2 control unit Terminal Designation Technical data DI 4...
Page 162
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module NOTICE An open input is interpreted as "low". To enable the digital inputs (DI) to function, terminal M2 must be connected. This is achieved by: 1.
Performance Level (PL) d and IEC 61508 SIL2. In addition, most of the SINAMICS safety functions have been certified by independent institutes. An up-to-date list of certified components is available on request from your local Siemens office. Recommended application This variant is used when: ●...
Page 164
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Functional principle The first shutdown path for the integrated safety functions is activated via a digital input on the control unit; digital inputs DI0 to DI7 are available for this purpose. Chassis Motor Module ●...
Page 165
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Terminal strip –X122 on the CU320-2 control unit Table 7- 16 Terminal strip –X122 on the CU320-2 control unit Terminal Designation Technical data DI 0...
Page 166
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module NOTICE An open input is interpreted as "low". To enable the digital inputs (DI) to function, terminal M1 must be connected. This is achieved by: 1.
Page 167
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Terminal strip –X132 on the CU320-2 control unit Table 7- 17 Terminal strip –X132 on the CU320-2 control unit Terminal Designation Technical data DI 4...
Page 168
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module NOTICE An open input is interpreted as "low". To enable the digital inputs (DI) to function, terminal M2 must be connected. This is achieved by: 1.
Performance Level (PL) d and IEC 61508 SIL2. In addition, most of the SINAMICS safety functions have been certified by independent institutes. An up-to-date list of certified components is available on request from your local Siemens office. Recommended application This variant is used when: ●...
Page 170
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Functional principle The first shutdown path for the integrated safety functions is activated via a digital input on the control unit; digital inputs DI0 to DI7 are available for this purpose. The second shutdown path for the integrated safety functions is activated via the terminals (- X41:1, -X42:2) on the Control Interface Module of the Power Module.
Page 171
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Terminal strip –X122 on the CU320-2 control unit Table 7- 19 Terminal strip –X122 on the CU320-2 control unit Terminal Designation Technical data DI 0...
Page 172
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module NOTICE An open input is interpreted as "low". To enable the digital inputs (DI) to function, terminal M1 must be connected. This is achieved by: 1.
Page 173
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module Terminal strip –X132 on the CU320-2 control unit Table 7- 20 Terminal strip –X132 on the CU320-2 control unit Terminal Designation Technical data DI 4...
Page 174
Controlling the safety functions 7.3 Control of "STO" and "SS1" via terminals on the Control Unit and the Motor/Power Module NOTICE An open input is interpreted as "low". To enable the digital inputs (DI) to function, terminal M2 must be connected. This is achieved by: 1.
Controlling the safety functions 7.4 Control via TM54F / option K87 Control via TM54F / option K87 7.4.1 General information 7.4.1.1 TM54F design Terminal Module TM54F is a terminal expansion module for snap-on rail mounting in accordance with DIN EN 60715. The TM54F features fail-safe digital I/O for controlling the Safety Integrated Extended Functions.
Controlling the safety functions 7.4 Control via TM54F / option K87 Note You have the following options of acknowledging TM54F faults after troubleshooting: • POWER ON • Falling edge in signal "Internal Event ACK" with subsequent acknowledgement on the Control Unit. The signal states of the two digital inputs of the F-DI are frozen at logical 0 (safety function selected) when different signal states are present within a fail-safe F-DI of the TM54F, until a safe acknowledgment has been carried out by means of an F-DI via parameter p10006 (SI...
Page 177
Controlling the safety functions 7.4 Control via TM54F / option K87 The signal states at the two associated digital inputs (F-DI) must assume the same status configured in p10040 within the monitoring time set in p10002. In order to enable forced dormant error detection, connect the digital inputs of F-DI 0 ... 4 with the dynamic voltage supply L1+ and the digital inputs with F-DI 5 ...
Controlling the safety functions 7.4 Control via TM54F / option K87 Overview of important parameters ● p9651 SI STO/SBC/SS1 debounce time (Control Unit) ● p9851 SI STO/SBC/SS1 debounce time (Control Unit) ● p10002 SI discrepancy monitoring time ● p10017 SI digital inputs, debounce time ●...
Page 179
Controlling the safety functions 7.4 Control via TM54F / option K87 The following signals can be requested by means of p10039[0...3] for each drive group (index 0 corresponds with drive group 1 etc.): ● STO active (power removed) ● SS1 active ●...
Controlling the safety functions 7.4 Control via TM54F / option K87 Overview of important parameters ● p10039 SI Safe State signal selection ● p10042[0...5] SI F-DO 0 signal sources ● p10043[0...5] SI F-DO 1 signal sources ● p10044[0...5] SI F-DO 2 signal sources ●...
Controlling the safety functions 7.5 Control by way of PROFIsafe Control by way of PROFIsafe 7.5.1 Safety Integrated Functions As an alternative to controlling Safety Integrated Functions via terminals or TM54F, they can also be controlled via PROFIsafe. PROFIsafe telegram 30 is used for communication using PROFIBUS and PROFINET.
Controlling the safety functions 7.5 Control by way of PROFIsafe Safety Integrated Basic Functions via PROFIsafe and terminals Control of the Basic Functions via terminals on the Control Unit and on the Motor/Power Module (parameters p9601.0 = p9801.0 = 1) may be enabled in parallel. In this way, the STO and SS1 functions (time controlled) can be selected via PROFIsafe telegram 30 as well as in parallel via the onboard terminals of the Control Unit and Motor Module/Power Module.
Page 183
Controlling the safety functions 7.5 Control by way of PROFIsafe PROFIsafe status word (ZSW) S_ZSW1, PZD1 in telegram 30, input signals See function diagram [2840]. Table 7- 23 Description of the PROFIsafe status word (ZSW) Meaning Remarks STO active STO active STO not active SS1 active SS1 active...
Controlling the safety functions 7.5 Control by way of PROFIsafe 7.5.3.2 Structure of telegram 30 (Extended Functions) PROFIsafe control word (STW) S_STW1, PZD1 in telegram 30, output signals See function diagram [2840]. Table 7- 24 Description of the PROFIsafe STW Meaning Remarks Deselect STO...
Page 185
Controlling the safety functions 7.5 Control by way of PROFIsafe PROFIsafe status word (ZSW) S_ZSW1, PZD1 in telegram 30, input signals See function diagram [2840]. Table 7- 25 Description of the PROFIsafe status word (ZSW) Meaning Remarks STO active STO active STO not active SS1 active SS1 active...
Page 186
Controlling the safety functions 7.5 Control by way of PROFIsafe Safety Integrated Function Manual, 05/2010, A5E03264275A...
Commissioning General information about commissioning safety functions Commissioning notes Note The commissioning steps described here can be carried out via either STARTER or the advanced operator panel (AOP30). The SINAMICS Safety Integrated Functions, both the Basic and also Extended Functions, are drive-specific, i.
Page 188
The list of permissible safety firmware version combinations, which must be used as a reference during the test, can be found under "Product Support" at the following address: http://support.automation.siemens.com/WW/view/de/28554461 The testing procedure is described at the end of the chapter.
Commissioning 8.3 Commissioning of Safety Integrated functions Commissioning of Safety Integrated functions 8.3.1 Introduction The Safety functions are commissioned using the screen forms in the STARTER. You will find these functions for each drive under "Functions" -> "Safety Integrated". The password "0" is set by default. NOTICE For safety-related reasons, when using the STARTER commissioning tool from V4.1.5 and higher you can only set the safety-relevant parameters of the Control Unit offline.
Commissioning 8.3 Commissioning of Safety Integrated functions 8.3.3 Default settings for commissioning Safety Integrated functions without encoder Additional default settings are required before commissioning Safety functions without an encoder. Vector drive The ramp-function generator is automatically created if a vector drive is configured. Please continue to the ramp-function generator configuration.
Page 191
Commissioning 8.3 Commissioning of Safety Integrated functions 3. Clicking on the button with the ramp opens the following window: Figure 8-2 Ramp-function generator ramp 4. Here, enter the data to define the ramp-function generator ramp. 5. Then you must carry out the motor measurements: Start with static measurements and then take rotating measurements.
Commissioning 8.3 Commissioning of Safety Integrated functions 4. Click "Gear factor" and set the actual value tolerance (p9542) to a larger value (e.g. 10 mm/min or 10 rpm) and the number of motor revolutions to match the pole pair number (r0313).
Commissioning 8.3 Commissioning of Safety Integrated functions 8.3.5 Setting the sampling times Terminology The software functions installed in the system are executed cyclically at different sampling times (p0115, p0799, p4099). Safety functions are executed within the monitoring clock cycle (p9300/p9500) and TM54F is executed within the sampling time (p10000).
Page 194
Commissioning 8.3 Commissioning of Safety Integrated functions Note The Safety functions are carried out in the monitoring cycle (r9780/r9880 for Basic Functions or p9500/p9300 for Extended Functions). PROFIsafe telegrams are evaluated in the PROFIsafe scan cycle, which corresponds to twice the monitoring clock cycle. Overview of important parameters ●...
Commissioning 8.4 Commissioning of Safety Integrated Basic Functions Commissioning of Safety Integrated Basic Functions 8.4.1 Procedure for commissioning "STO", "SS1" and "SBC" To commission the "STO", "SS1" and "SBC" functions via terminals, carry out the following steps: Table 8- 1 Commissioning the "STO", "SS1"...
Page 196
Commissioning 8.4 Commissioning of Safety Integrated Basic Functions Parameter Description/comments Enable the "Safe brake control" function. p9602 = 1 Enable "SBC" on the Control Unit p9802 = 1 Enable "SBC" on the Motor/Power Module The parameters are not changed until safety commissioning mode has been exited •...
Page 197
Commissioning 8.4 Commissioning of Safety Integrated Basic Functions Parameter Description/comments Set F-DI changeover tolerance time. p9650 = "Value" F-DI changeover tolerance time on Control Unit p9850 = "Value" F-DI changeover tolerance time on the Motor/Power Module The parameters are not changed until safety commissioning mode has been exited •...
Page 198
Commissioning 8.4 Commissioning of Safety Integrated Basic Functions Parameter Description/comments Set the new Safety password. p9762 = "Value" Enter a new password. p9763 = "Value" Confirm the new password. The new password is not valid until it has been entered in p9762 and confirmed in •...
Commissioning 8.5 Commissioning TM54F by means of STARTER/SCOUT Commissioning TM54F by means of STARTER/SCOUT 8.5.1 Basic sequence of commissioning The following conditions must be met before you can configure the TM54F: ● Concluded initial commissioning of all drives Table 8- 2 Configuration sequence Step Execution...
Commissioning 8.5 Commissioning TM54F by means of STARTER/SCOUT 8.5.2 Configuration start screen Figure 8-4 Configuration start screen TM54F The following functions can be selected in the start screen: ● Configuration Opens the "Configuration" screen ● Inputs Opens the "Inputs" screen ●...
Page 201
Commissioning 8.5 Commissioning TM54F by means of STARTER/SCOUT ● Change/activate settings – Change settings You can select this button and enter the TM54F password in order to edit the configuration data. The button function changes to "Activate settings". – Activate settings This function activates your parameter settings and initiates calculation of the actual CRC and the corresponding transfer to the target CRC.
Commissioning 8.5 Commissioning TM54F by means of STARTER/SCOUT 8.5.3 TM54F configuration Configuration screen of TM54F for Safety Integrated Figure 8-5 TM54F configuration Functions of this screen: ● Assigning drive objects (p10010) Select a drive object to be assigned to a drive group. ●...
Commissioning 8.5 Commissioning TM54F by means of STARTER/SCOUT ● Safety sampling time (p10000) The Safety sampling time corresponds to the sampling time of TM54F. Note The Safety clock cycle (p10000) of the TM54F must be set so it is the same as the monitoring clock cycle in p9300/p9500 for all the drives controlled by the TM54F.
Page 204
Commissioning 8.5 Commissioning TM54F by means of STARTER/SCOUT Carrying out a test stop: Proceed as follows to parameterize the test stop: 1. Determine the appropriate test stop mode for the circuits used in your application (see diagrams in the following sections). 2.
Commissioning 8.5 Commissioning TM54F by means of STARTER/SCOUT 8.5.4.1 Test stop mode 1 Figure 8-6 F-DO circuit, test stop mode 1 Test step Comment Synchronization F-DIs 0 ... 4 Check at 0 V F-DIs 5 ... 9 Check at 0 V Test step Expected response, DIAG signal HIGH...
Commissioning 8.5 Commissioning TM54F by means of STARTER/SCOUT 8.5.4.2 Test stop mode 2 Figure 8-7 F-DO circuit, test stop mode 2 Test step Comment Synchronization F-DIs 0 ... 4 Check at 0 V F-DIs 5 ... 9 Check at 0 V Test step Expected response, DI signal HIGH...
Commissioning 8.5 Commissioning TM54F by means of STARTER/SCOUT 8.5.4.3 Test stop mode 3 Figure 8-8 F-DO circuit, test stop mode 3 Test step Comment Synchronization F-DIs 0 ... 4 Check at 0 V F-DIs 5 ... 9 Check at 0 V Test step Expected response, DI signal HIGH...
Commissioning 8.5 Commissioning TM54F by means of STARTER/SCOUT 8.5.4.4 Test stop mode parameters Overview of important parameters ● p10000 SI sampling time ● p10001 SI wait time for test stop at DO 0 ... DO 3 ● p10003 SI forced dormant error detection timer ●...
Commissioning 8.5 Commissioning TM54F by means of STARTER/SCOUT 8.5.5 F-DI/F-DO configuration Inputs screen F-DI Figure 8-9 Inputs screen NC/NO contact (p10040) Terminal property F-DI 0-9 (p10040.0 = F-DI 0, ... p10040.9 = F-DI 9), only the property of the second (lower) digital input is set. Always connect an NC contact to digital input 1 (upper).
Page 210
Commissioning 8.5 Commissioning TM54F by means of STARTER/SCOUT Outputs screen F-DO Figure 8-10 Outputs screen Signal source for F-DO (p10042 - p10045) An AND element with 6 inputs is interconnected with each output terminal pair of an F-DO; the signal sources for the AND inputs can be selected: ●...
Commissioning 8.5 Commissioning TM54F by means of STARTER/SCOUT 8.5.6 Control interface of the drive group Figure 8-11 Screen, drive group Safety Integrated Function Manual, 05/2010, A5E03264275A...
Page 212
Commissioning 8.5 Commissioning TM54F by means of STARTER/SCOUT Functions of this screen: ● Selection of an F-DI for the STO, SS1, SS2, SOS and SLS functions and for SLS speed limits (bit coded) (p10022 to p10028). A separate screen is available for each drive group. An F-DI can be assigned several functions in several drive groups.
Commissioning 8.6 Procedure for configuring PROFIsafe communication Procedure for configuring PROFIsafe communication 8.6.1 Configuring PROFIsafe via PROFIBUS The next sections deal with a sample configuration of PROFIsafe communication between a SINAMICS S120 drive unit and higher-level SIMATIC F-CPU operating as PROFIBUS master.
Figure 8-12 Example of a PROFIsafe topology Configuring PROFIsafe communication (example based on a Siemens F-CPU) The next sections describe a configuration of PROFIsafe communication between a SIMATIC F-CPU and a drive unit. It is helpful to regularly save intermediate states.
Page 215
Commissioning 8.6 Procedure for configuring PROFIsafe communication Creating a safety master 1. Create an F-CPU, e.g. CPU 317F-2, and a drive, e.g. SINAMICS S120 with CU320-2, in accordance with the hardware installed in HW Config. To do this, start SIMATIC Manager and create a new project. Figure 8-13 Creating a new project 2.
Page 216
Commissioning 8.6 Procedure for configuring PROFIsafe communication 4. First create a mounting rail ((0)UR) under HW Config in the lefthand window: From the standard catalog under SIMATIC 300/RACK-300, drag the mounting rail to the upper lefthand field (the cursor has a "+" character). Figure 8-16 Creating a mounting rail Safety Integrated...
Page 217
Commissioning 8.6 Procedure for configuring PROFIsafe communication 5. Select a safety-capable CPU under SIMATIC 300/CPU 300: In this case, for example, drag CPU 317F-2, V2.6 into the RACK on slot 2 (highlighted). Figure 8-17 Creating an F host (master) Safety Integrated Function Manual, 05/2010, A5E03264275A...
Page 218
Commissioning 8.6 Procedure for configuring PROFIsafe communication 6. In the rack: The "Properties - PROFIBUS interface DP" window is opened by double- clicking on line X2. Under the tab "Parameter", click on "Properties..." in the interface field. Figure 8-18 Setting the PROFIBUS interface Safety Integrated Function Manual, 05/2010, A5E03264275A...
Page 219
Commissioning 8.6 Procedure for configuring PROFIsafe communication 7. Set the PROFIBUS interface under the "Parameter" tab, set the address, and with the "Properties..." button, set the network settings, the transmission rate (e.g. 12 Mbit/s), the profile (DP) and then acknowledge with "OK". This sets up the master. Figure 8-19 Setting the PROFIBUS profile Creating a safety slave (drive)
Page 220
2. Double-clicking on the drive symbol opens the properties of the DP slave (here: (7)SINAMICS S120). The telegrams for F communication are selected and displayed (e.g. Siemens telegram 105) under "Configuration". Select the PROFIsafe telegram 30 under the option column. As a result, the "PROFIsafe..." button at the center left is activated.
Page 221
Commissioning 8.6 Procedure for configuring PROFIsafe communication Figure 8-22 PROFIBUS DP slave properties 3. The F parameters important for F communication are set using the "PROFIsafe…" button. Figure 8-23 Setting the F parameters Safety Integrated Function Manual, 05/2010, A5E03264275A...
Page 222
Commissioning 8.6 Procedure for configuring PROFIsafe communication The PROFIsafe mode is selected using parameters F_CRC_Length and P_Par_Version. The PROFIsafe address is set using parameter F_Dest_Add. Selecting the PROFIsafe mode The two PROFIsafe modes V1.0 and V2.0 can be selected. ● In the "F parameter" window, first click on the value that is to be changed. ●...
Page 223
Commissioning 8.6 Procedure for configuring PROFIsafe communication 2. PROFIsafe monitoring time F_WD_Time: 10-65535 A valid current safety telegram must be received from the F-CPU within the monitoring time. The drive will otherwise switch to the safe state. The monitoring time should be of sufficient length to ensure not only that the communication functions tolerate telegram delays, but also that the fault response is triggered quickly enough if a fault occurs (e.g.
Commissioning 8.7 PROFIsafe via PROFINET PROFIsafe via PROFINET 8.7.1 Configuring PROFIsafe via PROFINET The next sections deal with a sample configuration of PROFIsafe communication between a SINAMICS S120 drive unit and a higher-level SIMATIC F-CPU operating as PROFINET master. HW Config can then be used to configure PROFIsafe telegram 30 (sub-module ID = 30) for the drive objects (abbreviation: DO).
Commissioning 8.7 PROFIsafe via PROFINET 8.7.3 Configuring PROFIsafe via PROFINET Configuring PROFIsafe communication using SINAMICS S120 as an example Configuring PROFIsafe via PROFINET is almost identical to configuring "PROFIsafe via PROFIBUS". The difference is that the SINAMICS drive unit and SIMATIC F-CPU are in the same PROFINET subnet instead of in the same PROFIBUS subnet.
Page 226
Commissioning 8.7 PROFIsafe via PROFINET Figure 8-25 Configuration of the PROFINET connection in HW Config 1. Open the context menu of the drive object and select the command "Object properties": The "Properties – drive object" window appears. Select the PROFIsafe telegram via PROFINET in this window.
Page 227
Commissioning 8.7 PROFIsafe via PROFINET Figure 8-26 Drive object option "PROFIsafe telegram" In the overview for the SINAMICS drive, a PROFIsafe slot that needs to be configured is displayed under "Drive object". Figure 8-27 Defining PROFIsafe for a drive Safety Integrated Function Manual, 05/2010, A5E03264275A...
Page 228
Commissioning 8.7 PROFIsafe via PROFINET 1. Under the drive module, select the "PROFIsafe" line and use the right-hand mouse key to call up the properties of the PROFIsafe slot. 2. Define the address area of the PROFIsafe telegram under the "Addresses" tab. The start address for inputs and output is identical.
Page 229
Commissioning 8.7 PROFIsafe via PROFINET Setting F parameters: The following range of values is valid for the the two last parameters of the list: PROFIsafe destination address F_Dest_Add: 1 to 65534 F_Dest_Add determines the PROFIsafe destination address of the drive object. Any value within the range is allowed, although it must be manually entered again in the Safety configuration of the drive in the SINAMICS drive unit.
Commissioning 8.8 PROFIsafe configuration with STARTER (Basic Functions) PROFIsafe configuration with STARTER (Basic Functions) The Safety Integrated Basic Functions can be commissioned using STARTER in three ways. 1. STO/SBC/SS1 only via terminals, 2. STO/SBC/SS1 only via PROFIsafe, 3. STO/SS1/SBC via PROFIsafe and terminals simultaneously. The STARTER screen forms for using the Safety Integrated Basic Functions using terminals, PROFIsafe or terminals and PROFIsafe are described together here.
Page 231
Commissioning 8.8 PROFIsafe configuration with STARTER (Basic Functions) Selecting using the pulldown menu: Figure 8-31 Safety_Integrated_Auswahl Depending on the selection, different setting screen forms open: Figure 8-32 STO/SBC/SS1 via terminals Safety Integrated Function Manual, 05/2010, A5E03264275A...
Page 232
Commissioning 8.8 PROFIsafe configuration with STARTER (Basic Functions) Figure 8-33 STO/SBC/SS1 via PROFIsafe Figure 8-34 STO/SBC/SS1 via PROFIsafe and terminal Safety Integrated Function Manual, 05/2010, A5E03264275A...
Commissioning 8.9 Commissioning a linear/rotary axis Activating PROFIsafe via the expert list In order to activate Safety Integrated Basic Functions via PROFIsafe, in the expert list, bit 3 of p9601 and p9801 must be set to "1" and bit 2 to "0". Bit 0 must be set to either "1" or "0", depending on whether the control via terminals is to be enabled in parallel via PROFIsafe or not.
Page 234
Commissioning 8.9 Commissioning a linear/rotary axis 4. It is only possible to change Safety parameters after entering the valid Safety password (parameter p9761 for the drives or p10061 for the TM54F). Figure 8-35 Safety Integrated commissioning of a linear/rotary axis 5.
Page 235
Commissioning 8.9 Commissioning a linear/rotary axis 7. The safety configuration screen of the drive opens. Figure 8-36 Safety configuration: Drive 8. For the drive, set the same Monitoring clock cycle (safety clock cycle) as for the TM54F (see "TM54F Configuration"). 9.
Commissioning 8.10 Modular machine concept Safety Integrated 8.10 Modular machine concept Safety Integrated The modular machine concept for Safety Integrated Basic Functions and Extended Functions provides support for commissioning modular machines. A complete machine, including all its available options, is created in a topology. Only those components that are actually implemented in the finished machine are later activated.
Commissioning 8.11 Information pertaining to component replacements 8.11 Information pertaining to component replacements Replacing a component from the perspective of Safety Integrated Note When replacing certain components (Motor/Power Modules when using a TM54F, Sensor Modules or motors with DRIVE-CLiQ interface), this process must be acknowledged to safeguard the communication connections to be renewed within the device.
Page 238
Commissioning 8.11 Information pertaining to component replacements 5. Carry out a POWER ON (power off/on) for all components. Note In this case, the system will not notify you with a flashing LED that a POWER ON is required. 6. Carry out an acceptance text and acceptance report according to Chapter "Acceptance test and acceptance report"...
Commissioning 8.12 Information pertaining to series commissioning 8.12 Information pertaining to series commissioning A commissioned project that has been uploaded to STARTER can be transferred to another drive unit keeping the existing safety parameter assignment. 1. Load the STARTER project into the drive unit. 2.
Page 240
Commissioning 8.12 Information pertaining to series commissioning Safety Integrated Function Manual, 05/2010, A5E03264275A...
Application examples Input/output interconnections for a safety switching device with TM54F TM54F: interconnecting F-DO with safe input on safety switching device Note These typical circuit diagrams are only valid for version B of TM54F devices. Figure 9-1 TM54F F-DO at equivalent/antivalent safe input on safety switching device (e.g.
Page 242
Application examples 9.1 Input/output interconnections for a safety switching device with TM54F TM54F: Interconnecting F-DI with a plus-minus switching output on a safety switching device WARNING In contrast to mechanical switching contacts (e.g. Emergency Stop switches), leakage currents can still flow in semiconductor switches such as those usually used at digital outputs even when they have been switched off.
Page 243
Application examples 9.1 Input/output interconnections for a safety switching device with TM54F Figure 9-2 TM54F F-DI at plus-minus switching safe output on safety switching device (e.g. safety PLC) TM54F: interconnecting F-DI with plus-plus switching output on safety switching device Figure 9-3 TM54F F-DI at plus-plus-switching safe output on a safety switching device (e.g.
If the pull-up resistor is higher than 1 kΩ, then the open-circuit detection no longer reliably functions and must be disabled. Application examples Application examples can be found at the following Siemens website: http://support.automation.siemens.com/WW/view/en/20810941/136000t Safety Integrated Function Manual, 05/2010, A5E03264275A...
Acceptance test and acceptance report 10.1 General information The acceptance test requirements (configuration check) for electrical drive safety functions emanate from DIN EN 61800-5-2, Chapter 7.1 Point f). The acceptance test "configuration check" is cited in this standard. ● Description of the application including a picture ●...
Comply with the information in the chapter "Procedures for initial commissioning". The acceptance report presented below is both an example and recommendation. An acceptance report template in electronic format is available at your local Siemens sales office. Necessity of an acceptance test For first commissioning of the Safety Integrated functionality on a machine, a "complete...
Page 247
Acceptance test and acceptance report 10.2 Acceptance test structure Information about the acceptance tests Note As far as possible, the acceptance tests are to be carried out at the maximum possible machine speed and acceleration rates to determine the maximum braking distances and braking times that can be expected.
Acceptance test and acceptance report 10.2 Acceptance test structure 10.2.1 Content of the complete acceptance test A) Documentation Documentation of the machine and of safety functions 1. Machine description (with overview) 2. Specification of the controller (if this exists) 3. Configuration diagram 4.
Page 249
Acceptance test and acceptance report 10.2 Acceptance test structure 4. Test of the SI function "Safe Stop 2" (SS2) – Only required when used in Extended Functions – This test is also required if you are not explicitly using SS2 but just one function for which STOP C occurs as a fault reaction.
Acceptance test and acceptance report 10.2 Acceptance test structure 10.2.2 Content of the partial acceptance test A) Documentation Documentation of the machine and of safety functions 1. Extending/changing the hardware data 2. Extending/changing the software data (specify version) 3. Extending/changing the configuration diagram 4.
Page 251
Acceptance test and acceptance report 10.2 Acceptance test structure 4. Test of the SI function "Safe Stop 2" (SS2) – Only required when used in Extended Functions – This test is also required if you are not explicitly using SS2 but just one function for which STOP C occurs as a fault reaction.
Page 252
Acceptance test and acceptance report 10.2 Acceptance test structure 1. General testing of actual value acquisition – After exchanging the component, initial activation and brief operation in both directions. WARNING During this process, all personnel must keep out of the danger area. 2.
Acceptance test and acceptance report 10.2 Acceptance test structure 10.2.3 Test scope for specific measures Scope of partial acceptance tests for specific measures Table 10- 1 Scope of partial acceptance tests for specific measures Measure A) Documentation B) Functional testing of C) Functional D) Functional E) Conclusion...
Acceptance test and acceptance report 10.3 Safety logbook 10.3 Safety logbook Description The "Safety Logbook" function is used to detect changes to safety parameters that affect the associated CRC sums. Cyclic redundancy checks are only generated when p9601/p9801 (SI enable, functions integrated in the drive CU/Motor Module) is > 0. Data changes are detected when the CRCs of the SI parameters change.
Acceptance test and acceptance report 10.4 Acceptance report 10.4 Acceptance report 10.4.1 Plant description - Documentation part 1 Table 10- 2 Machine description and overview diagram Designation Type Serial number Manufacturer End customer Electrical drives Other drives Overview diagram of machine Safety Integrated Function Manual, 05/2010, A5E03264275A...
Page 256
Acceptance test and acceptance report 10.4 Acceptance report Table 10- 3 Values of relevant parameters Versions of the firmware and of Safety Integrated Component DO number Firmware version SI version Parameters r0018 = r9590 = Control Unit r9770 = Note: Parameters can be found in the drive.
Acceptance test and acceptance report 10.4 Acceptance report 10.4.2 Description of safety functions - documentation part 2 Note This description of a system is for illustration purposes only. In each case, the actual settings for the system concerned will need to be modified as required. 10.4.2.1 Function table Table 10- 4...
Page 258
Acceptance test and acceptance report 10.4 Acceptance report Drive-specific Safety Parameter Note You need to fill out this table for each axis. Table 10- 6 Drive-specific data SI function Parameter Motor Modules / CU Motor Module value / CU value Enable safety functions p9301 / p9501 0000 bin...
Page 259
Acceptance test and acceptance report 10.4 Acceptance report SI function Parameter Motor Modules / CU Motor Module value / CU value Sensor Module node identifier p9328[0] 0000 hex p9328[1] 0000 hex p9328[2] 0000 hex p9328[3] 0000 hex p9328[4] 0000 hex p9328[5] 0000 hex p9328[6]...
Page 260
Acceptance test and acceptance report 10.4 Acceptance report SI function Parameter Motor Modules / CU Motor Module value / CU value Minimum current actual value p9388 / p9588 10.00 % acquisition without encoder Acceleration voltage tolerance p9389 / p9589 100.00 % Test stop signal source p9705 1:722:5...
Acceptance test and acceptance report 10.4 Acceptance report 10.4.2.3 Safety Parameter of the TM54F Table 10- 7 Parameter for control via the TM54F (excerpt) SI function Parameter Value Sampling time p10000 12.00 ms Wait time for test stop on DO p10001 500.00 ms Monitoring time discrepancy...
Page 262
Acceptance test and acceptance report 10.4 Acceptance report SI function Parameter Value SLS_Limit(2) input terminal p10028[0] p10028[1] p10028[2] p10028[3] Safe state signal selection p10039[0] 1 hex p10039[1] 1 hex p10039[2] 1 hex p10039[3] 1 hex F-DI input mode p10040 0 hex F-DI test enable p10041 0 hex...
Acceptance test and acceptance report 10.4 Acceptance report 10.4.2.4 Safety devices Protective door The protective door is unlocked by means of single-channel request key Protective door switch The protective door is equipped with a protective door switch. The protective door switch returns the dual-channel signal "Door closed and locked".
Acceptance test and acceptance report 10.5 Acceptance tests 10.5 Acceptance tests Note As far as possible, the acceptance tests are to be carried out at the maximum possible machine speed and acceleration rates to determine the maximum braking distances and braking times that can be expected.
Acceptance test and acceptance report 10.5 Acceptance tests 10.5.1 Acceptance tests – Basic Functions 10.5.1.1 Safe Torque Off (Basic Functions) Table 10- 8 "Safe Torque Off" function Description Status Note: The acceptance test must be individually conducted for each configured control. The control can be realized via terminals and/or via PROFIsafe.
Page 266
Acceptance test and acceptance report 10.5 Acceptance tests Description Status r9772.0 = r9772.1 = 0 (STO deselected and inactive – Control Unit) • r9872.0 = r9872.1 = 0 (STO deselected and inactive – Motor Module) • • r9773.0 = r9773.1 = 0 (STO deselected and inactive – drive) r9774.0 = r9774.1 = 0 (STO deselected and inactive - group);...
Acceptance test and acceptance report 10.5 Acceptance tests 10.5.1.2 Safe Stop 1 (Basic Functions) Table 10- 9 "Safe Stop 1" function Description Status Note: The acceptance test must be individually conducted for each configured control. The control can be realized via terminals and/or via PROFIsafe. Initial state Drive in "Ready"...
Page 268
Acceptance test and acceptance report 10.5 Acceptance tests Description Status r9774.5 = r9774.6 = 1 (SS1 selected and active - group); only relevant for grouping • STO is initiated after the SS1 delay time expires (p9652, p9852). No Safety faults and alarms (r0945[0...7], r2122[0...7]) •...
Acceptance test and acceptance report 10.5 Acceptance tests 10.5.1.3 Safe Brake Control (Basic Functions) Table 10- 10 "Safe Brake Control" function Description Status Note: The acceptance test must be individually conducted for each configured control. The control can be realized via terminals and/or via PROFIsafe. Initial state Drive in "Ready"...
Page 270
Acceptance test and acceptance report 10.5 Acceptance tests Description Status Acknowledge "switch-on inhibit" and run the drive. Check whether the correct drive is operational. The following is tested: The brake is connected properly • • The hardware is functioning properly The SBC is parameterized correctly •...
Acceptance test and acceptance report 10.5 Acceptance tests 10.5.2 Acceptance tests for Extended Functions (with encoder) 10.5.2.1 Acceptance test Safe Torque Off with encoder (Extended Functions) Table 10- 11 "Safe Torque Off" function Description Status Notes: The acceptance test must be individually conducted for each configured control. The control can be realized via TM54F or via PROFIsafe.
Page 272
Acceptance test and acceptance report 10.5 Acceptance tests Description Status r9720.0 = 1 (STO deselected) • r9722.0 = 0 (STO inactive) • • r0046.0 = 1 (drive in "switch-on inhibit" state) Acknowledge "switch-on inhibit" and run the drive. Ensure that the correct drive is running. The following is tested: Correct DRIVE-CLiQ wiring between Control Unit and Motor/Power Modules •...
Acceptance test and acceptance report 10.5 Acceptance tests 10.5.2.2 Acceptance test for Safe Stop 1, time and acceleration controlled Table 10- 12 "Safe Stop 1" function Description Status Note: The acceptance test must be individually conducted for each configured control. The control can be realized via TM54F or via PROFIsafe.
Page 274
Acceptance test and acceptance report 10.5 Acceptance tests Example Trace SS1 with encoder Figure 10-1 Example Trace SS1 with encoder Trace evaluation: ● SS1 function is selected (time axis 0 ms; see bit "deselection SS1") ● Response bit "SS1 active" is set (time axis approx 20 ms) ●...
Acceptance test and acceptance report 10.5 Acceptance tests 10.5.2.3 Acceptance test for Safe Brake Control with encoder (Extended Functions) Table 10- 13 "Safe Brake Control" function Description Status Note: The acceptance test must be individually conducted for each configured control. The control can be realized via TM54F or via PROFIsafe.
Page 276
Acceptance test and acceptance report 10.5 Acceptance tests Description Status Acknowledge "switch-on inhibit" and run the drive. Check whether the correct drive is operational. The following is tested: The brake is connected properly • • The hardware is functioning properly The SBC is parameterized correctly •...
Acceptance test and acceptance report 10.5 Acceptance tests 10.5.2.4 Acceptance test for Safe Stop 2 (SS2) Table 10- 14 "Safe Stop 2" function Description Status Note: The acceptance test must be individually performed for each configured control. Control may be via TM54F or PROFIsafe. Initial state Drive in "Ready"...
Page 278
Acceptance test and acceptance report 10.5 Acceptance tests Example Trace SS2 Figure 10-2 Example Trace SS2 Trace evaluation: ● SS2 function is selected (time axis 0 ms; see bit "deselection SS2") ● Response bit "SS2 active" is set (time axis approx 20 ms) ●...
Acceptance test and acceptance report 10.5 Acceptance tests 10.5.2.5 Acceptance test for Safe Operating Stop (SOS) Table 10- 15 "Safe Operating Stop" function Description Status Note: The acceptance test must be individually conducted for each configured control. The control can be realized via TM54F or via PROFIsafe. Initial state Drive in "Ready"...
Page 280
Acceptance test and acceptance report 10.5 Acceptance tests Description Status r0046.0 = 1 (drive in "switch-on inhibit" state) • Acknowledge "switch-on inhibit" and run the drive Check the drive is moving • Example trace Figure 10-3 Example trace SOS Safety Integrated Function Manual, 05/2010, A5E03264275A...
Page 281
Acceptance test and acceptance report 10.5 Acceptance tests Trace evaluation: ● SOS function is activated (see bits "deselect SOS" and "SOS active") ● The drive starts moving (time axis approx -100 ms) ● Exiting the SOS tolerance window is recognized (time axis approx 0 ms) ●...
Acceptance test and acceptance report 10.5 Acceptance tests 10.5.2.6 Acceptance test for Safely-Limited Speed with encoder (Extended Functions) SLS with stop response "STOP A" Table 10- 16 Function "Safely Limited Speed with encoder" with STOP A Description Status Note: The acceptance test must be carried out separately for each configured control and each SLS speed limit used. Control may be via TM54F or PROFIsafe.
Page 283
Acceptance test and acceptance report 10.5 Acceptance tests Description Status Save/print the trace and add it to the acceptance report (refer to the example below) Deselect SLS and acknowledge Safety messages No Safety faults and alarms (r0945[0...7], r2122[0...7], r9747[0...7]) • r0046.0 = 1 (drive in "switch-on inhibit"...
Page 284
Acceptance test and acceptance report 10.5 Acceptance tests Trace evaluation: ● SLS function with SLS level 1 is active (see bits "deselection SLS", "selection SLS bit 0", "selection SLS bit 1" and "SLS active", "active SLS level bit 0" and "active SLS level bit 1") ●...
Page 285
Acceptance test and acceptance report 10.5 Acceptance tests SLS with stop response "STOP B" Table 10- 17 Function "Safely Limited Speed with encoder" with STOP B Description Status Note: The acceptance test must be carried out separately for each configured control and each SLS speed limit used. Control may be via TM54F or PROFIsafe.
Page 286
Acceptance test and acceptance report 10.5 Acceptance tests Description Status Save/print the trace and add it to the acceptance report (refer to the example below) Deselect SLS and acknowledge Safety messages No Safety faults and alarms (r0945[0...7], r2122[0...7], r9747[0...7]) • r0046.0 = 1 (drive in "switch-on inhibited"...
Page 287
Acceptance test and acceptance report 10.5 Acceptance tests Trace evaluation: ● SLS function with SLS level 2 is active (see bits "deselection SLS", "selection SLS bit 0", "selection SLS bit 1" and "SLS active", "active SLS level bit 0" and "active SLS level bit 1") ●...
Page 288
Acceptance test and acceptance report 10.5 Acceptance tests SLS with stop response "STOP C" Table 10- 18 Function "Safely Limited Speed with encoder" with STOP C Description Status Note: The acceptance test must be carried out separately for each configured control and each SLS speed limit used. Control may be via TM54F or PROFIsafe.
Page 289
Acceptance test and acceptance report 10.5 Acceptance tests Example trace SLS with STOP C Figure 10-6 Example trace: SLS with STOP C Trace evaluation: ● SLS function with SLS level 1 is active (see bits "deselection SLS", "selection SLS bit 0", "selection SLS bit 1"...
Page 290
Acceptance test and acceptance report 10.5 Acceptance tests SLS with stop response "STOP D" Table 10- 19 Function "Safely Limited Speed with encoder" with STOP D Description Status Note: The acceptance test must be carried out separately for each configured control and each SLS speed limit used. Control may be via TM54F or PROFIsafe.
Page 291
Acceptance test and acceptance report 10.5 Acceptance tests Description Status As a consequence of STOP D (selection SOS) the above-described responses will • be triggered if the drive is not stopped by the higher-level control on activation of STOP D Save/print the trace and add it to the acceptance report (refer to the example below) Deselect SLS and acknowledge Safety messages No Safety faults and alarms (r0945[0...7], r2122[0...7], r9747[0...7])
Page 292
Acceptance test and acceptance report 10.5 Acceptance tests Trace evaluation: ● SLS function with SLS level 2 is active (see bits "deselection SLS", "selection SLS bit 0", "selection SLS bit 1" and "SLS active", "active SLS level bit 0" and "active SLS level bit 1") ●...
Acceptance test and acceptance report 10.5 Acceptance tests 10.5.2.7 Acceptance test for Safe Speed Monitor (SSM) Table 10- 20 "Safe Speed Monitor" function Description Status Initial state Drive in "Ready" state (p0010 = 0) • Safety Integrated Extended Functions enabled (p9601.2 = 1) •...
Page 294
Acceptance test and acceptance report 10.5 Acceptance tests Example Trace SSM (with hysteresis) Figure 10-8 Example Trace SSM (with hysteresis) Trace evaluation: ● Drive is accelerated (time axis from approx. -300 ms) ● SSM limit value (p9546/p9346) is exceeded (time axis 0 ms) ●...
Acceptance test and acceptance report 10.5 Acceptance tests 10.5.3 Acceptance tests for Extended Functions (without encoder) 10.5.3.1 Acceptance test Safe Torque Off without encoder (Extended Functions) Table 10- 21 Function "Safe Torque Off without encoder" Description Status Notes: The acceptance test must be individually conducted for each configured control. The control can be realized via TM54F or via PROFIsafe.
Page 296
Acceptance test and acceptance report 10.5 Acceptance tests Description Status r9773.0 = r9773.1 = 0 (STO deselected and inactive – drive) • r9720.0 = 1 (STO deselected) • • r9722.0 = 0 (STO inactive) r0046.0 = 1 (drive in "switch-on inhibit" state) •...
Acceptance test and acceptance report 10.5 Acceptance tests 10.5.3.2 Acceptance test for Safe Stop 1 without encoder (Extended Functions) Table 10- 22 Function "Safe Stop 1 without encoder" Description Status Note: The acceptance test must be individually conducted for each configured control. The control can be realized via TM54F or via PROFIsafe.
Page 298
Acceptance test and acceptance report 10.5 Acceptance tests Figure 10-9 Example Trace SS1 without encoder Trace evaluation: ● SS1 function is selected (time axis 0 ms; see bit "deselection SS1") ● Response bit "SS1 active" is set (time axis approx 20 ms) ●...
Acceptance test and acceptance report 10.5 Acceptance tests 10.5.3.3 Acceptance test for Safe Brake Control without encoder (Extended Functions) Table 10- 23 Acceptance test "Safe Brake Control without encoder" Description Status Note: The acceptance test must be individually conducted for each configured control. The control can be realized via TM54F or via PROFIsafe.
Page 300
Acceptance test and acceptance report 10.5 Acceptance tests Description Status Acknowledge "switch-on inhibit" and run the drive. Check whether the correct drive is operational. The following is tested: The brake is connected properly • • The hardware is functioning properly The SBC is parameterized correctly •...
Acceptance test and acceptance report 10.5 Acceptance tests 10.5.3.4 Acceptance test for Safely Limited Speed without encoder (Extended Functions) SLS with stop response "STOP A" Table 10- 24 Function "Safely-Limited Speed without encoder" with "STOP A" Description Status Note: The acceptance test must be carried out separately for each configured control and each SLS speed limit used. Control may be via TM54F or PROFIsafe.
Page 302
Acceptance test and acceptance report 10.5 Acceptance tests Description Status Save/print the trace and add it to the acceptance report (refer to the example below) Deselect SLS and acknowledge Safety messages. No Safety faults and alarms (r0945[0...7], r2122[0...7], r9747[0...7]) • r0046.0 = 1 (drive in "switch-on inhibited"...
Page 303
Acceptance test and acceptance report 10.5 Acceptance tests Trace evaluation: ● SLS function with SLS level 1 is active (see bits "deselection SLS", "selection SLS bit 0", "selection SLS bit 1" and "SLS active", "active SLS level bit 0" and "active SLS level bit 1") ●...
Page 304
Acceptance test and acceptance report 10.5 Acceptance tests SLS with stop response "STOP B" Table 10- 25 Function "Safely-Limited Speed without encoder" with "STOP B" Description Status Note: The acceptance test must be carried out separately for each configured control and each SLS speed limit used. Control may be via TM54F or PROFIsafe.
Page 305
Acceptance test and acceptance report 10.5 Acceptance tests Description Status Save/print the trace and add it to the acceptance report (refer to the example below) Deselect SLS and acknowledge Safety messages No Safety faults and alarms (r0945[0 ... 7], r2122[0 ... 7], r9747[0 ... 7]) •...
Page 306
Acceptance test and acceptance report 10.5 Acceptance tests Trace evaluation: ● SLS function with SLS level 1 is active (see bits "deselection SLS", "selection SLS bit 0", "selection SLS bit 1" and "SLS active", "active SLS level bit 0" and "active SLS level bit 1") ●...
Acceptance test and acceptance report 10.6 Conclusion of the report 10.6 Conclusion of the report SI parameters Were the specified values checked? Control Unit Motor Module Checksums Basic Functions + Extended Functions Drive name Drive number SI reference checksum SI SI reference checksum SI parameters (Control Unit) parameters (Motor Module)
Page 308
Acceptance test and acceptance report 10.6 Conclusion of the report Safety logbook Functional Checksum for functional tracking of changes r9781[0] = Checksum for hardware dependent tracking of changes r9781[1] = Time stamp for functional tracking of changes r9782[0] = Time stamp for hardware dependent tracking of changes r9782[1] = These parameters can be found in the expert list of the Control Unit.
Index Acceptance test EDS, 47 SBC, 269 Encoder systems, 114 SBC with encoder, 275 Actual value synchronization, 117 SBC without encoder, 299 Encoder types, 116 SLS with STOP A, 282 Extended acknowledgment, 111 SLS with STOP B, 285 Extended Functions SLS with STOP C, 288 Deactivation/activation of DO, 236 SLS with STOP D, 290...
Page 310
Index Safe Operating Stop SOS, 90 Limit exceeded, 107 Safe Speed Monitor Linear axis SSM, 99 Commissioning, 233 Safe Stop 1 SS1, 69, 82 Time and acceleration controlled, 82 time controlled, 69 Message buffer, 112 Safe Stop 1 with encoder, 82 Modular machine concept, 236 Safe Stop 2 Motion monitoring functions...
Page 311
Index Acceptance test, 301 Change password, 201 SLS without encoder with STOP B Commissioning, 199 Acceptance test, 304 Two-channel brake control, 72 Two-encoder system, 115 Acceptance test, 279 Safe Operating Stop, 90 Delay time, 83 Safe Stop 1, 69 SS1 (time controlled) Acceptance test, 267 Safe Stop 1, 69 SS1 with encoder, time and acceleration controlled...