Fault Exclusion
An important concept within the category requirements of ISO 13849-1 is the probability of the occurrence of the failure,
which can be decreased using the "fault exclusion" method. This method assumes that the possibility of certain well-
defined failure(s) can be reduced to a point where the resulting fault(s) can be disregarded.
Fault exclusion is a tool a designer can use during the development of the safety-related part of the control system and
the risk assessment process. It allows the designer to eliminate the possibility of various failures and justify it through the
risk assessment process to meet the requirements of Categories 2, 3 or 4. See ISO 13849-1/-2 for further information.
Monitoring of Safety Devices
Requirements vary widely for the level of control reliability or safety category per ISO 13849-1 (EN954-1) in safety
applications. While Banner Engineering always recommends the highest level of safety in any application, it is the
responsibility of the user to safely install, operate and maintain each safety system and comply with all relevant laws and
regulations.
Although only two applications are listed, the Module can monitor a variety of devices as long as the input requirements
are complied with (see Electrical Installation and Specifications). The Safety Module does not have 500 ms simultaneity
between inputs and thus cannot be used for monitoring a two-hand control. In all cases, the safety performance (integrity)
must reduce the risk from identified hazards as determined by the machine's risk assessment.
WARNING: Emergency Stop Functions
Do not mute or bypass any Emergency Stop device. ANSI B11.19, ANSI NFPA79 and IEC/EN
60204-1 require that the Emergency Stop function remain active at all times.
Emergency Stop Push Buttons and Rope/Cable Pull Switches
The safety inputs can be interfaced with positive-opening switches to monitor an emergency-stop (E-stop) push button or
rope/cable pull. The switch must provide one or two contacts for safety which are closed when the switch is armed. Once
activated, the E-stop switch must open all its safety-rated contacts, and must require a deliberate action (such as twisting,
pulling, or unlocking) to return to the closed-contact, armed position. The switch must be a "positive-opening" (or direct-
opening) type, as described by IEC 60947-5-1.
Standards ANSI NFPA 79, ANSI B11.19,, IEC/EN60204-1, and ISO 13850 specify additional emergency stop switch device
requirements, including the following:
• Emergency-stop push buttons shall be located at each operator control station and at other operating stations
where emergency shutdown is required.
• Stop and emergency-stop push buttons shall be continuously operable and readily accessible from all control and
operating stations where located. Do not mute or bypass E-stop buttons or rope/cable pulls.
• Actuators of emergency-stop devices shall be colored red. The background immediately around the device actuator
shall be colored yellow (where possible). The actuator of a push-button-operated device shall be of the palm or
mushroom-head type.
• The emergency-stop actuator shall be a self-latching type.
In addition, for Rope/Cable Pull Installations Only:
• The wire rope should be easily visible and readily accessible along its entire length. Red markers or flags may be
fixed on the rope to increase its visibility.
• The rope or cable pull must provide constant tension and must have the capability to react to a force in any
direction.
• Mounting points, including support points, must be rigid.
• The rope should be free of friction at all supports. Pulleys are recommended.
• The switch must have a self-latching function that requires a manual reset after actuation
Some applications may have additional requirements; comply with all relevant regulations. See the device manufacturer
installation instructions for complete information (such as SSA-EB1..-.. p/n 162275, or RP-RM83F.. p/n 141245 data
sheets).
WARNING: Emergency Stop Functions
Do not mute or bypass any Emergency Stop device. ANSI B11.19, ANSI NFPA79 and IEC/EN
60204-1 require that the Emergency Stop function remain active at all times.
Interlocked Guards (Gates)
The safety inputs can be interfaced with positive-opening safety switches to monitor the position of an interlock guard or
gate. Each switch must provide electrically isolated contacts: at minimum, one normally closed (N.C.) contact from each
individually mounted switch. The contacts must be of "positive-opening" (direct-opening) design, as described by
ES-FA-9AA and ES-FA-11AA E-Stop Safety Module
P/N 60606 Rev. G www.bannerengineering.com - Tel: +1-763-544-3164 3
To Next Page
Loading...
Need help?
General
