11.03  2 General Information about Integrated Safety Systems 
  2.12  Error analysis 
 
© Siemens AG 2003 All Rights Reserved 
SINUMERIK 840D/SIMODRIVE 611 digital SINUMERIK Safety Integrated (FBSI) - Edition 11.03 
2-49 
 
Error control enables easy and cost-effective implementation of the 
requirements of Machinery Directive 98/37EC (MDIR column, Appendix 1). 
 
1.2.4
1)
  Stopping, normal stopping and stopping in an emergency 
1.2.5
1)
  Mode selector switch 
1.2.6
1)
 Power supply fault 
1.2.7
1)
 Control circuit fault 
1.3.6
1)
  Risks relating to variations in tool speeds 
1.3.7
1)
  Preventing risks relating to moving parts 
1.3.8
1)
  Selecting protective equipment against risks relating to moving parts 
1.4.2
1)
  Special requirements placed on isolating protective equipment 
1.4.3
1 )
  Special requirements placed on non-isolating protective equipment. 
 
Risk assessment enables the machine manufacturer to determine the residual 
risk for his machine with respect to the control. The following residual risks are 
defined: 
•  SI is not active until the control system and drive have completely run-up. 
SI cannot be activated if any one of the control or drive components is not 
powered-up. 
•  Faults in the absolute track (C-D track), cyclically interchanged phases of 
motor connections (V-W-U instead of U-V-W) and a reversal in the control 
direction can cause an increase in the spindle speed or axis motion. 
Category 1 and 2 Stop functions according to EN 60204-1 (defined as 
Stops B to E in Safety Integrated) that are provided are not effective due to 
the fault. Category 0 stop function according to EN 60204-1 (defined as 
Stop A in Safety Integrated) is not activated until the transition or delay 
time set via machine data has expired. When SBR is active, these errors 
are detected (STOP B/C) and the Category 0 stop function according to 
EN 60204-1 (STOP A in Safety Integrated system) is activated as early as 
possible irrespective of this delay (refer to Chapter 3.8, "Safe braking 
ramp").  
Electrical faults (defective components etc.) can also result in the response 
described above.  
• 
When incremental encoders are used, the functions "safe software limit 
switch" (SE) and "safe software cam" (SN) are not guaranteed until 
referencing has been successfully completed. 
•  When no user agreement has been given (refer to Chapter 2 "User 
agreement"), the safe software limit switches (SE) are not operative; the 
safe software cams (SN) are operative, but not safe as defined by Safety 
Integrated. 
•  The simultaneous failure of two power transistors (one in the upper and the 
other offset in the lower inverter bridge) in the inverter may cause the axis 
to move briefly.  
Example: Synchronous motor:  
 
  
 
1) 
Refer to: Appendix, References General /1/ 
 
Topics or Chapter 
headings of MDIR,  
Appendix 1 
Residual risk