ABB ACS880-07 - Proof test interval; Decommissioning

To Next Page

To Previous Page

Proof test interval

After the operation of the safety function is validated at start-up, the operation of the safety

function must be ensured by periodic proof testing. In high demand mode of operation, the

maximum proof test interval is 20 years. In low demand mode of operation, the maximum

proof test interval is 1 year (high or low demand as defined in IEC 61508, IEC/EN 62061

and EN ISO 13849-1). Regardless of the mode of operation, it is a good practice to check

the operation of the safety function at least once a year by doing the start-up and acceptance

test of the safety function.

The person responsible for the design of the complete safety system should also note the

Recommendation of Use CNB/M/11.050 published by the European co-ordination of Notified

Bodies for Machinery concerning dual-channel safety-related systems with electromechanical

outputs:

• When the safety integrity requirement for the safety function is SIL 3 or PL e (cat. 3 or

4), the proof test for the function must be done at least every month.

• When the safety integrity requirement for the safety function is SIL 2 (HFT = 1) or PL d

(cat. 3), the proof test for the function must be done at least every 12 months.

This is a recommendation and depends on the required (not achieved) SIL/PL. For example,

contactors, breakers, safety relays, contactor relays, emergency stop buttons, switches,

etc. are typically safety devices which have electromechanical outputs. The STO circuit of

the drive does not have electromechanical outputs. Also, the FSO and FSE-31 modules do

not have electromechanical outputs.

Competence

The person who does the maintenance and proof test activities of the safety function must

be a competent person with expertise and knowledge of the safety function and functional

safety, as required by IEC 61508-1 clause 6.

Residual risk

The safety functions are used to reduce the recognized hazardous conditions. In spite of

this, it is not always possible to eliminate all potential hazards. Thus, the warnings for the

residual risks must be given to the operators.

Intentional misuse

The safety circuit is not designed to protect a machine against intentional misuse.

Decommissioning

When you decommission an emergency stop circuit or a drive, make sure that the safety

of the machine is maintained until the decommissioning is complete.

64 Maintenance

Other manuals for ABB ACS880-07