10 Safe Torque Off Safety Function
10.1 Application
The DM2020 system's safety function, Safe Torque Off (STO), has been designed with an integrated
redundant circuit in the control board.
It is considered misuse to use the STO function outside of the instructions provided in this guide.
10.2 Installation Risk Assessment
The safety functional requirements of a DM2020 drive depend on the application and should be
considered during the evaluation of the overall risk of the installation. If the drive manufacturer is also
liable for the operated equipment, the designer of the installation is responsible for the risk
assessment, and the specification of requirements for levels of functional integrity and safety
integrity levels (SIL) of the drive according to CEI EN 62061: 2005 +A1:2013 +A2:2015 and/or
performance levels (PL) according to UNI EN ISO 13849-1: 2016.
The following table, identical to Table 4 of the UNI EN ISO 13849-1: 2016, shows the relationship
between performance levels (PL) and safety integrity levels (SIL).
PL
SIL (IEC 61508-1)
operational mode
high/continuous
a No match
b 1
c 1
d 2
e 3
Relationship
Between
Performance
Levels
(PL)
and
Safety
Integrity
Levels
(SIL)
Because SIL 4 level refers to catastrophic events, it does not cover the risks relating
to machinery. The risk assessment presented by the machine must be carried out in
accordance with Directive 2006/42 / EC, referring to UNI EN ISO 12100: 2010 and
must contain the safety circuit configuration relating to the entire machine by taking
into account all components of the integrated safety system, including the drive.
Also, refer to Risk Assessment on page 24.
10.3 Safe Torque Off Function
The Safe Torque Off safety function of the DM2020 has been validated according to the level of
safety integrity SIL 3 as defined in the product standard CEI EN 61800-5-2: 2008 showing that:
l The probability of dangerous failure per hour (PFHd) is 9 x 10
-10
hours-1 (see the tables in the
following subsections).
The validation of the function and the relative STO circuit involve the use of two distinct types of
monitoring: the first consists of a normally closed electric contact (referred to as "Hardware
Feedback"), the second is identified by a binary type digital signal (referred to as "Software
Feedback") defined by the standard IEC 61800-7-201, CIA 402, Object 60FD (digital inputs), bit 3.
Also, compliance with UNI EN ISO 13849-1: 2016 has been verified using the PFHd calculated by
reference to CEI EN 61800-5-2: 2008. According to this standard, STO complies with performance
level (PL) "e" (see the tables in the next subsection).
PN: L-MAM2-E-201
Moog Casella DM2020 Installation and Startup Guide
10.1 Application
To Next Page
Loading...
Need help?
General
