Safety category 3 requirements, Stop category definition, Description of operation – Rockwell Automation 2097-Vxxx Kinetix 350 Single-axis EtherNet/IP Servo Drive User Manual User Manual

102

Rockwell Automation Publication 2097-UM002C-EN-P - December 2013

Chapter 6 Kinetix 350 Drive Safe Torque-off Feature

Safety Category 3 Requirements

Safety-related parts are designed with these attributes:

• A single fault in any of these parts does not lead to the loss of the safety

function

• A single fault is detected whenever reasonably practicable
• Accumulation of undetected faults can lead to the loss of the safety

function.

Stop Category Definition

Stop category 0 is achieved with immediate removal of power to the actuator.

Performance Level and Safety Integrity Level (SIL) CL2

For safety-related control systems, Performance Level (PL), according to ISO
13849-1, and SIL levels, according to EN 61508 and EN 62061, include a rating
of the systems ability to perform its safety functions. All of the safety-related
components of the control system must be included in both a risk assessment and
the determination of the achieved levels.

Refer to the ISO 13849-1, EN 61508, and EN 62061 standards for complete
information on requirements for PL and SIL determination.

Description of Operation

The safe torque-off feature provides a method, with sufficiently low probability
of failure on demand, to force the power-transistor control signals to a disabled
state. When disabled, or any time power is removed from the safety enable inputs,
all of the drives output-power transistors are released from the ON state,
effectively removing motive power generated by the drive. This results in a
condition where the motor is in a coasting condition (stop category 0). Disabling
the power transistor output does not provide mechanical isolation of the
electrical output, which can be required for some applications.

Under normal drive operation, the safe torque-off switches are energized. If either
of the safety enable inputs are de-energized, the gate control circuit is disabled. To
meet ISO 13849-1 (PLd) both safety channels must be used and monitored.

IMPORTANT

In the event of drive or control failure, the most likely stop category is category
0. When designing the machine application, consider timing and distance for a
coast to stop. For more information regarding stop categories, refer to
EN 60204-1.

ATTENTION: Permanent magnet motors can, in the event of two simultaneous
faults in the IGBT circuit, result in a rotation of up to 180 electrical degrees.