Curtis 1239E - Page 157

To Next Page

To Previous Page

Return to TOC Curtis 1239E-1269E Manual, os 37.0 RevA – May 2021

APPENDIX B

pg. 153

To mitigate the hazards typically found in machine operations, EN13849 requires that safety functions

be dened; these must include all the input, logic, outputs, and power circuits that are involved in any

potentially hazardous operation. Two safety functions are dened for Curtis Enhanced AC Motor

Controllers: Uncommanded Powered Motion and Motor Braking Torque.

e Uncommanded Powered Motion safety function provides detection and safe shutdown in the

following circumstances: faulted throttle; improper sequence of forward/reverse switches, throttle,

and interlock; incorrect direction of travel; loss of speed control or limiting; uncommanded

movement; or movement at startup. e Braking Torque safety function provides detection and safe

shutdown in the event of the loss of braking torque or position/hill hold.

Curtis has analyzed each safety function and calculated its Mean Time To Dangerous Failure

(MTTFd) and Diagnostic Coverage (DC), and designed them against Common Cause Faults (CCF).

e safety-related performance of the Curtis 1239E/1269E is summarized as follows:

Safety Function Designated Architure MTTFd DC CCF PL

Uncommanded

Powered Motion

2 >40 yrs >90% Pass d

Motor Braking Torque 2 >16 yrs >90% Pass c

EN1175 specifies that traction and hydraulic electronic control systems must use Designated

Architecture 2 or greater. is design employs input, logic, and output circuits that are monitored

and tested by independent circuits and soware to ensure a high level of safety performance (up to

PL=d).

Mean Time To Dangerous Failure (MTTFd) is related to the expected reliability of the safety related

parts used in the controller. Only failures that can result in a dangerous situation are included in

the calculation.

Diagnostic Coverage (DC) is a measure of the eectiveness of the control system’s self-test and

monitoring measures to detect failures and provide a safe shutdown.

Common Cause Faults (CCF) are so named because some faults within a controller can aect

several systems. EN13849 provides a checklist of design techniques that should be followed to achieve

sucient mitigation of CCFs. e CCF value is a pass/fail criterion.

Performance Level (PL) categorizes the quality or eectiveness of a safety channel to reduce the

potential risk caused by dangerous faults within the system with “a” being the lowest and “e” being

the highest achievable performance.

Related product manuals