Application Note for “Usage of AC500 digital standard I/Os in functional safety applications up to PL c (ISO 13849-1)”, V1.0.0
Page 15/24
We reserve all rights in this document. Reproduction, use or disclosure to third parties without express authority is strictly forbidden. Ó 2015 ABB Ltd.
3.3 Functional description
- The motor stop is initiated by the actuation of “Off” switch S1 (Normally-closed
contact) which is connected to DC523 digital standard input channel. DC523
digital standard input channel is read by the Safety CPU SM560-S. The digital
safety output channel of the DX581-S safety I/O module is connected to SS1
terminal of the drive with safety option (this part is omitted in Figure 5 for sim-
plicity). DX581-S safety output channels are controlled from SM560-S Safety
CPU and can be deactivated if the safety reaction is requested through S1. The
drive with built-in safety option is responsible for safe braking.
- SM560-S Safety CPU, DX581-S digital safety I/O module and safety option of
the drive are all certified for SIL CL 3 (IEC 62061) and PL e (ISO 13849-1). In
this example, we will further analyse only Safety PLC (Input, Logic Processing
and Output) parts. The safety analysis of “Off” switch S1 and drive with safety
option is omitted for simplicity.
- A special measure “Cyclic test stimulus by dynamic change of the input signal”
for fault detection is implemented for digital standard input channel on DC523
module, as it is shown in Figure 5. This test signal is able to detect “Stuck-At-1”
errors on the path from digital standard input channel on DC523 module until
the signal is available on the Safety CPU SM560-S. Short-circuit on the input
channel of DC523 module against the ground is a safe error which leads to a
safe state. If needed in the given application (if more than one input channels
on DC523 module are used), cross-talk failures against other dynamic signals
for other input channels on DC523 or other input modules can be implemented
in the application program on SM560-S as well. For example, phase-shifted
pulses or pulses with different frequencies shall be used for selected channels
in the latter case and an additional supervision on SM560-S application program
shall be implemented (it is always application-specific).
- Fault exclusion for dynamic signal with the same frequency as one used on the
digital standard input channel of DC523 shall be performed for AC500 imple-
mentation part (all data transfer paths from DC523 till SM560-S Safety CPU).
DANGER
Fault exclusion for dynamic signal with the same frequency shall be
performed not only as part of wire cross-talk detection but also as a
part of standard (non-safe) signal state transfer from DC523 module
to the SM560-S Safety CPU through internal I/O bus, PM573 CPU
and then internal coupler bus communication to SM560-S Safety
CPU.
To Next Page
Loading...
Need help?
General
