Category 3 requirements according to iso 13849, Stop category definition, Description of operation – Rockwell Automation 2198-Hxxx Kinetix 5500 Servo Drives User Manual User Manual

158

Rockwell Automation Publication 2198-UM001D-EN-P - May 2014

Chapter 9

Kinetix 5500 Safe Torque-off - Hardwired Safety

Category 3 Requirements According to ISO 13849

Safety-related parts are designed with these attributes:

• A single fault in any of these parts does not lead to the loss of the safety

function.

• A single fault is detected whenever reasonably practicable.
• Accumulation of undetected faults can lead to the loss of the safety

function and a failure to remove motion producing power from the motor.

Stop Category Definition

Stop category 0 as defined in EN 60204 or Safe Torque Off as defined by EN
61800-5-2 is achieved with immediate removal of motion producing power to
the actuator.

Performance Level (PL) and Safety Integrity Level (SIL)

For safety-related control systems, Performance Level (PL), according to EN ISO
13849, and SIL levels, according to EN 61508 and EN 62061, include a rating of
the systems ability to perform its safety functions. All of the safety-related
components of the control system must be included in both a risk assessment and
the determination of the achieved levels.

Refer to the EN ISO 13849, EN 61508, and EN 62061 standards for complete
information on requirements for PL and SIL determination.

Description of Operation

The safe torque-off feature provides a method, with sufficiently low probability
of failure, to force the power-transistor control signals to a disabled state. When
disabled, or any time power is removed from the safety enable inputs, all of the
drive output-power transistors are released from the On-state. This results in a
condition where the drive is coasting (stop category 0). Disabling the power
transistor output does not provide mechanical isolation of the electrical output
that is required for some applications.

Under normal operation, the safe torque-off inputs are energized. If either of the
safety enable inputs are de-energized, then all of the output power transistors
turn off. The safe torque-off response time is less then 12 ms.

IMPORTANT

In the event of a malfunction, the most likely stop category is category 0. When
designing the machine application, timing and distance must be considered
for a coast to stop. For more information regarding stop categories, refer to
EN 60204-1.

ATTENTION: Permanent magnet motors can, in the event of two simultaneous
faults in the IGBT circuit, result in a rotation of up to 180 electrical degrees.