36 PACMotion VFD AC Variable Speed Drive User Guide GFK-3111A
Safe Torque Off
Safe Torque Off will be referred to as “STO” through the remainder of this section.
Responsibilities
The overall system designer is responsible for dening the requirements of the overall “Safety Control
System” within which the drive will be incorporated; furthermore the system designer is responsible for
ensuring that the complete system is risk assessed and that the “Safety control System” requirements have
been entirely met and that the function is fully veried, this must include conrmation testing of the “STO”
function before drive commissioning.
The system designer shall determine the possible risks and hazards within the system by carrying out a
thorough risk and hazard analysis, the outcome of the analysis should provide an estimate of the possible
hazards, furthermore determine the risk levels and identify any needs for risk reduction. The “STO” function
should be evaluated to ensure it can sufciently meet the risk level required.
What STO Provides
The purpose of the “STO” function is to provide a method of preventing the drive from creating torque in
the motor in the absence of the “STO” input signals (Terminal 12 with respect to Terminal 13), this allows
the drive to be incorporated into a complete safety control system where “STO” requirements need to be
fullled.
1
The “STO” function can typically eliminate the need for electro-mechanical contactors with cross-checking
auxiliary contacts as per normally required to provide safety functions.
2
The drive has the “STO” function built-in as standard and complies with the denition of “Safe torque off” as
dened by IEC 61800-5-2:2007.
The “STO” function also corresponds to an uncontrolled stop in accordance with category 0 (Emergency
Off), of IEC 60204-1. This means that the motor will coast to a stop when the “STO” function is activated, this
method of stopping should be conrmed as being acceptable to the system the motor is driving.
The “STO” function is recognised as a fail-safe method even in the case where the “STO” signal is absent
and a single fault within the drive has occurred, the drive has been proven in respect of this by meeting the
following safety standards:
Table 21: Safety Requirements Standards
SIL
(Safety Integrity
Level)
PFHD
(Probability of dangerous
failures per Hour)
SFF
(Safe failure fraction
%)
Lifetime
assumed
EN 61800-5-2 2 1.23E-09 1/h (0.12 % of SIL 2) 50 20 Yrs
PL
(Performance Level)
CCF (%)
(Common Cause Failure)
MTTFd Category
EN ISO 13849-1 PL d 1 4525a 3
SILCL
EN 62061 SILCL 2
NOTE The values achieved above maybe jeopardised if the drive is installed outside of the Environmental
limits detailed in section Environmental.
To Next Page
Loading...
