12
Functional safety
Safety conditions
Operating Instructions – MOVIMOT
®
flexible
351
12.3.3 Requirements on the external safety controller
A safety relay can be used as an alternative to a safety controller. The following re-
quirements apply analogously.
• The safety controller and all other safety-related subsystems must be approved for
at least the safety class that is required in the overall system for the respective ap-
plication-related drive safety function.
The following table shows an example of the required safety class of the safety
controller:
Application Safety controller requirements
Performance leveld according to
ENISO13849-1, SIL2 according to
EN62062
Performance leveld according to
ENISO13849-1
SIL2 according to EN61508
Performance levele according to
ENISO13849-1, SIL3 according to
EN62061
Performance levele according to
ENISO13849-1, SIL3 according to
EN61508
• The wiring of the safety controller must be suitable for the required safety class
(see manufacturer documentation). The STO input of the electronics cover can be
switched with 2poles (sourcing output, sourcing/sinking, or serial sourcing), or with
1pole (sourcing).
• The values specified for the safety controller must be strictly adhered to when
designing the circuit.
• Electro-sensitive protective equipment (such as light grid or scanner) according to
EN 61496‑1 and emergency stop buttons must not be directly connected to the
STO input. The connection must be made using safety relays, safety controllers
etc.
• To ensure protection against unintended restart in accordance with ENISO 14118,
the safe control system must be designed and connected in such a way that reset-
ting the command device alone does not lead to a restart. A restart may only be
carried out after a manual reset of the safety circuit.
• If no fault exclusion is used for the STO wiring according to ENISO 13849‑2 or
DINEN 61800‑5‑2, the external safety device must detect the following faults in
the STO wiring within 20s depending on the connection type:
– 2-pole sourcing output:
Short circuit of 24V at F_STO_P1 or F_STO_P2 (Stuck-at 1)
Crossfault between F_STO_P1 and F_STO_P2
– 2-pole sourcing/sinking:
Short circuit of 24V at F_STO_P1 (Stuck-at 1)
Short circuit of 0V at F_STO_M (Stuck-at 0)
– 2-pole serial sourcing:
Fault exclusion is mandatory
– 1-pole sourcing output:
Short circuit of 24V at F_STO_P (Stuck-at 1)
2-pole sourcing output:
• Test pulses can be used when the device is switched on or off.
– The test pulses on both sourcing channels must be switched with a time delay.
However, additional switch-off test pulses may occur simultaneously.
29129451/EN – 12/2019
To Next Page
Loading...
Need help?
General
