Safety Application Requirements

Create, record, and verify the safety signature as part of the required safety application development process. The safety controller creates the safety signature. The safety signature consists of an identification number, date, and time that uniquely identifies the safety portion of a project. This signature covers all safety logic, data, and safety I/O configuration.
For safety system requirements, including information on the safety network number (SNN), verifying the safety signature, and functional verification tests, see the safety controller documentation.

Important Safety Considerations

You are responsible for these system safety considerations:
  • Setup, safety rating, and validation of any sensors or actuators connected to the system.
  • Complete a system-level risk assessment, and reassess the system anytime a change is made.
  • Certification of the system to the desired safety Performance Level/Safety Integrity Level.
  • Project management and proof testing.
  • Programming the application software and the safety option module configurations in accordance with the information in this manual.
  • Access control to the system.
  • Analyze all configuration settings and choose the proper setting to achieve the required safety rating.
  • Validation and documentation of all safety functions used.
IMPORTANT: Only qualified, authorized personnel that are trained and experienced in functional safety can plan, implement, and apply functional safety systems.
ATTENTION:
When designing your system, consider how various personnel can interact with the machine. Additional safeguard devices can be required for your specific application.
ATTENTION:
In circumstances where external influences (for example, suspended loads that can fall) are present, additional measures (for example, mechanical brakes) can be necessary to help prevent any hazard.

Stop Category Definitions

Perform a risk assessment to select a stop category for each stop function:
  • Stop Category 0 is achieved with immediate removal of power to the machine actuators, which results in an uncontrolled coast-to-stop. An STO accomplishes a Stop Category 0 stop.
  • Stop Category 1 is achieved with a Ramp to Stop followed with immediate removal of power to the machine actuators. This can be achieved using SS1 with STO.
  • Stop Category 2 is a controlled stop with power left available to the machine actuators. This can be achieved using controller-based SS2 / SOS with the PowerFlex 755T drive products.
IMPORTANT: When designing the machine application, consider timing and distance for a coast-to-stop (Stop Category 0 or Safe Torque Off). For more information on stop categories and Safe Torque Off, see EN 60204-1 and EN/IEC 61800-5-2.

Performance Level and Safety Integrity Level (SIL) CL3

For safety-related control systems, Performance Level (PL), according to ISO 13849-1, and SIL levels, according to IEC 61508 and EN 62061, include a rating of the ability of the system to perform its safety functions. All safety-related components of the control system
See the ISO 13849-1, IEC 61508, and EN 62061 standards for complete information on requirements for PL and SIL determination.

Functional Proof Tests

IEC 61508 requires you to perform various proof tests of the equipment that is used in the system. Proof tests are performed at user-defined times. For example, proof tests can be once a year, once every 15 years, or whatever time frame is appropriate.
The safety option module has a useful life of 20 years, no proof test required. Other components of the system, such as safety I/O devices, sensors, and actuators can have different useful life times.
IMPORTANT: The time frame for the proof test interval depends on the specific application.

PFD
avg
 and PFH Definitions

Safety-related systems can be classified as operating in either a Low Demand mode, or in a High Demand/Continuous mode.
  • Low Demand mode: where the frequency of demands for operation, made on a safety related system, is no greater than one per year, or no greater than twice the proof test frequency.
  • High Demand/Continuous mode: where the frequency of demands for operation, made on a safety-related system, is greater than once per year, or greater than twice the proof test interval.
The SIL value for a low-demand safety-related system is directly related to order-of magnitude ranges of its average probability of failure to perform its safety function on demand or, simply, the probability of a dangerous failure on demand (PFD
avg
).
The SIL value for a High Demand/Continuous mode safety-related system is directly related to the average frequency of a dangerous failure (PFH) per hour.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal