Material Number Description Compare products ...
  • Website
  • Model Number
  • Serial number
Login
Logged in as UsernameLogout
Loading...
B&R Logo

Overview of safety functions

The following safety functions are integrated in ACOPOSmulti inverter modules with SafeMC, and the following safety levels can be achieved using them:

  • Safety function
    EN ISO 13849-1
    EN 61508 / EN 62061
    Safe encoder evaluation required?
    Safe Torque Off (STO)
    Pl e
    SIL 3
    No
    Safe Operation Stop (SOS)
    Pl d
    SIL 2
    Yes
    Safe Stop 1 (SS1)
    Pl e (time monitored) / Pl d
    SIL 3 (time monitored) / SIL 2
    no (time monitored) / yes
    Safe stop 2 (SS2)
    Pl d
    SIL 2
    Yes
    Safely Limited Speed (SLS)
    Pl d
    SIL 2
    Yes
    Safe Maximum Speed (SMS)
    Pl d
    SIL 2
    Yes
    Safe Direction (SDI)
    Pl d
    SIL 2
    Yes
    Safe Limited Increment (SLI)
    Pl d
    SIL 2
    Yes
    Safe Brake Control (SBC)
    Pl e
    SIL 3
    No

STO - Safe Torque Off
SafetyFunctions_STO

Safe Torque Off (STO) is the status when the drive motor is no longer supplied with power (i.e. free of torque and force). The power supply to the drive is safely cut off by safe activation of safe pulse disabling. The drive cannot generate any torque, and therefore any potentially dangerous movements.
STO is made available to SafeLOGIC as an integrated safety function and can therefore be requested directly via the network. This eliminates the need for external wiring.
The STO safety function is the basis of all other safety functions. It is the implementation of the bias current fail-safe and is applied every time an error occurs.
The STO safety function corresponds to stop category 0 in accordance to EN 602041/11.98 and fulfills the Safety Integrity Level 3 (SIL3) in accordance to EN 61508.

SOS - Safe Operating Stop
SafetyFunctions_SOS

Safe Operating Stop (SOS) is the state in which safe stopping of the drive is monitored. The drive is supplied with power and can therefore generate torque and force. All control functions between the electronic controller and the drive motor are active. The axis stop is monitored using a configurable stop tolerance window. Both the position as well as the speed are monitored. An EnDat 2.2 safety encoder is required to safely determine the speed and position. If the stop monitoring limits are violated, safe pulse disabling is activated and the drive switches to an error state which must be confirmed.

SS1 - Safe Stop 1
SafetyFunctions_SS1

During Safe Stop 1 (SS1), transition of a moving motor to standstill is monitored for safety. After decelerating, safe pulse disabling is activated and switches off the torque and power to the drive. Depending on the requirements for the safety function, either only the deceleration time or also the deceleration ramp can be monitored. If the monitoring limits are violated during deceleration, safe pulse disabling is activated immediately and an acknowledgeable error state is entered. An advantage of deceleration ramp monitoring is that, when an error occurs, the assumed remaining distance to standstill is reduced.
Safe Stop 1 (SS1) corresponds to stop category 1 in accordance with EN 60204-1/11.98 and fulfills SIL3 when time-based monitoring is used and SIL2 when speed-based monitoring is used in accordance with EN 61508.

SS2 - Safe Stop 2
SafetyFunctions_SS2

During Safe Stop 2 (SS2), transition of a moving motor to stop is monitored for safety. Then the drive must be maintained at standstill by the standard application. As with SOS, this stop is monitored by the SafeMC module according to the configured tolerance window.
As with SS1, depending on the requirements for the safety function, either only the deceleration time or also the deceleration ramp can be monitored. If there are violations during ramp monitoring or subsequent standstill monitoring, safe pulse disabling is activated immediately and an acknowledgeable error state is entered.
The Safe Stop 2 (SS2) corresponds to stop category 2 in accordance with EN 60204-1/11.98 and fulfills SIL2 in accordance with EN 61508

SLS - Safe Limited Speed
SafetyFunctions_SLS

With the SLS safety function, the drive is monitored to make sure the configurable limits for speed are not exceeded. Depending on the application, deceleration can also be monitored until the limit is reached. Depending on the requirements, monitoring of the deceleration ramp can be set to either only monitor the deceleration time or also the deceleration ramp. If a violation is detected during monitoring of the limits for speed, safe pulse disabling is activated immediately and an acknowledgeable error state is entered.
The SLS safety function fulfills SIL2 in accordance to EN 61508.

SMS - Safe Maximum Speed
The difference between SMS and SLS is that SMS cannot be actively initiated. It is either activated or deactivated by the configuration. When activated, the current speed is constantly monitored according to a defined limit. If the limit is exceeded, safe pulse disabling is activated immediately and an acknowledgeable error state is entered.

SDI – Safe Direction
SafetyFunctions_SDI

The SDI safety function monitors the defined direction of movement. If the interval is violated, safe pulse disabling is activated immediately and an acknowledgeable error state is entered. Either the positive or the negative direction can be monitored.
The safe direction function can be activated in parallel with other safety functions.
For example, SLS can be limited to a certain direction.

SLI - Safely Limited Interval
SafetyFunctions_SLI

With the SLI safety function, the movement is monitored for maintaining a defined number of increments.
The safe axis must be stopped when the function is activated. A position window is established, which is monitored safely. This position window depends on the configured safe interval.
If the interval is violated, safe pulse disabling is activated immediately and an acknowledgeable error state is entered.

SBC - Safe Brake Control

Safe Brake Control (SBC) sends a safe output signal to control an external brake. The SBC integrated safety function can be requested either explicitly via SafeLOGIC or when a module error occurs. Depending on the quality of the connected brake and its wiring, the function can fulfill SBC SIL3 in accordance to EN 61508.

Share
This site uses cookies to enable a better customer experience. By continuing to browse the site you are agreeing to our use of cookies. Please find more information about cookies in our Privacy Policy.