The following items are indications for potential FQM faults and must be continuously
monitored by the safety PLC:
●
If based on the standard operational status of the fail safe unit (“FS ready” signal
and ESD high level input), the FS ready NO/FS failure NC outputs
change to “FS fault” signal.
●
If a service demand or diagnostic operation (PVST/FVST) was started from the
end position and if within the respective available SQ operating time, the end
position switch does not change its state.
●
If during automatic initialisation (start by applying ESD high level input) the
maximum initialisation time (2 minutes) is exceeded and if subsequently the
ESD high level (not requested) is still applied as well as the “FS fault” (fail safe
not ready) is signalled.
●
If ESD is demanded (ESD low level) and the safety end position is not reached
within the maximum defined fail safe operating time (typical operating time
–50 %/+100 %).
●
If based on the standard operation status of fail safe unit (“FS ready” and ESD
high level input), the “Safe OPENING/CLOSING” safety function is requested
(ESD low level input) and the FS ready NO output does not change to “FS
fault” within the provided reaction time (1 second).
Information
●
Reaction time for power supply interruption for respective configuration is up
to 10 seconds.
●
The “FS fault” signal will not automatically trip the ESD function.The signal in-
dicates that execution of the safety function cannot be guaranteed. Exceptions
are if the “FS fault” signal was caused by the constant force spring switch or a
fault within the toggle lever so that it can no longer lock the spring. In both cases,
the ESD function will be tripped in addition to the “FS fault” signal.
Even if the FS ready NO/FS failure NC outputs signal an “FS- fault”,
standard operation into the fail safe position by means of the electric actuator
or an ESD operation on demand of the ESD function at the ESD input of the
fail safe unit might still be possible.
●
If a fault is detected during one of the diagnostics performed by the operator,
the system must immediately be checked and if required the plant be operated
to a safe state.
4.8. Internal diagnostics of fail safe unit
The following internal diagnostic features are available within the fail safe unit:
●
Internal temperature monitoring, leading to the issue of “FS fault” signal in case
of deviation from internally permissible operational temperature.
●
Internal voltage monitoring of ESD input, leading to the issue of “FS fault” signal
in case of deviation from internally permissible level.
●
Internal monitoring of the constant force spring and further mechanical compon-
ents, leading to the issue of “FS fault” signal in case of deviation from the spe-
cifications defined as permissible.
●
During initialisation, “high” level is present at the ESD input and the “FS fault”
signal is active. An internal diagnostic function of the fail safe unit verifies
whether all conditions required for completion of the initialisation are met (in
particular: spring fully wound, toggle lever locked). Once these conditions are
met, the “FS fault” signal will be replaced by the “FS ready signal”.
Information
The “FS fault” signal will not automatically trip the ESD function.The signal indicates
that execution of the safety function cannot be guaranteed. Exceptions are if the “FS
fault” signal was caused by the constant force spring switch or a fault within the
toggle lever so that it can no longer lock the spring. In both cases, the ESD function
will be tripped in addition to the “FS fault” signal.
Even if the FS ready NO/FS failure NC outputs signal an “FS- fault”, standard
operation into the fail safe position by means of the electric actuator or an ESD
operation on demand of the ESD function at the ESD input of the fail safe unit might
still be possible.
15
with non safety-related actuators Safety instrumented system and safety functions
To Next Page
Loading...
