WARNING
Loss of safety function with two-hand operation type IIIc
Can Cause Death, Serious Injury, or Property Damage.
With cycle times of > 30 ms, the synchronous actuation time can increase to up to 0.6 s for two-
hand operation type IIIc.
Set the cycle time to a maximum of 30 ms for two-hand operation type IIIc. This is the only way
to guarantee the synchronous actuation time of 0.5 s required by the standard.
3.7.3.9 Discrepancy monitoring
Discrepancy monitoring is a diagnostics function that monitors, in the case of sensors with two
contacts, whether dependence of the two contacts is correctly fullled. As a result, faults on one
contact of the sensor can be detected. For example, such faults can be a stuck contact or a short
circuit between the supplying test clock pulse and the return line from the sensor to the input.
In the case of sensors without discrepancy monitoring, this can mean that a two-channel
emergency stop circuit does not trip even though only one NC contact is faulty (secondary error).
In the case of the safety devices, discrepancy monitoring is set depending on the monitoring
function. In the case of some functions (protective door, protective door with tumbler and
universal monitoring), discrepancy monitoring can be deactivated, for example to ensure that
certain variants of protective doors with tumbler do not have to be opened after every unlocking.
If the discrepancy time is set to innite, any amount of time can elapse between closing of the
rst and the second contacts. However, a discrepancy fault is signaled if both contacts are closed
and only one contact is opened and then closed again.
3.7.3.10 Sequence monitoring
Sequence monitoring is a diagnostics function that monitors, in the case of sensors with more
than one contact, whether a change in the switching states takes place at the corresponding
contacts in the intended order. A simultaneous change of the switching state at more than one
contact is a sequence violation.
In the case of Safety devices, sequence monitoring can be set depending on the monitoring
function (e.g. protective door).
3.7.3.11 Startup testing
The sensor or protection equipment must be properly operated once after the supply voltage is
restored before the enables for the safety relay can be switched through. Startup testing ensures
that any errors in the sensors are detected (again), because safety relays lose their ability to store
errors at zero voltage. Unauthorized manipulation of the protection equipment can also be
detected through startup testing. The plant operator decides whether startup testing should be
performed (risk assessment). No general statements apply.
Overview
3.7 Safety systems - General information
SIRIUS 3RK3 Modular Safety System
Equipment Manual, 07/2020, NEB926253002000/RS-AC/006 57
To Next Page
Loading...
