Safety function

from Wikipedia, the free encyclopedia

Safety function is a term of functional safety .

Safety functions of drives

With regard to electrical drive systems, EN IEC 61800-5-2: 2007 defines the following safety functions, the content of which can also be transferred to pneumatic and hydraulic drives. For identification purposes, the English designations are also common in specialist circles in the German-speaking area.

STO (Safe Torque Off)

Corresponds to stop category 0 according to EN 60204. The power supply to the drive is interrupted immediately, the drive is shut down uncontrolled. The drive can no longer generate torque after being switched off. However, the drive can no longer generate any braking torque. The braking must be carried out by special measures such as a mechanical brake so that no undesired overrun or exceeding of end positions occurs. When external forces such as raised masses or spring forces act, the possible change in position with a torque-free drive must be prevented.

Typical applications are the STO safety function of converters, switch-off via power contactors or main switches with emergency stop function, torque separation with a coupling.

SS1 (Safe stop 1)

Corresponds to stop category 1 according to EN 60204. The drive is brought to a standstill in a controlled manner. The STO safety function is then activated. The safe stop can either not be monitored (STO is activated time-controlled, regardless of whether standstill has already been reached) or monitored (STO is only initiated after standstill). The reaction to external forces that act after activating the STO corresponds to that of the STO safety function.

This function is usually integrated in converters. Their effectiveness is essentially dependent on the correct design and configuration of the drive. Otherwise, if the braking times are too short or the braking torques are too high, the STO may be activated prematurely and this may lead to an overrun.

SS2 (Safe stop 2)

Corresponds to stop category 2 according to EN 60204. This means that SS2 must not be used for emergency stop functions. The drive is brought to a standstill in a controlled manner and remains in closed-loop control at a standstill. The standstill is safely monitored. In practice, due to the control fluctuations of the drive, a harmless small change in position around the setpoint is permitted. A reaction is initiated when the monitoring limits are exceeded (e.g. safety function STO). This function is usually integrated in converters and robot controls. The SS2 safety function has the advantage that the DC link is not discharged by converters and the drive is immediately ready for operation. This is advantageous, for example, when setting up with enabling mode.

SOS (Safe operation stop)

The drive monitors that a position is not left safely. The drive can move within a defined position window. When leaving the window, a suitable error reaction occurs, e.g. B. STO. Depending on the dimensioning of the monitoring window, standstill or remaining in a certain position range can be monitored.

SLS (Safely limited speed)

The drive monitors that a maximum speed is not exceeded. If the speed limit is exceeded, there is a suitable error reaction such as SS1, STO and engagement of a brake ... The function can be integrated in the converter or implemented via external speed monitoring devices.

SSM (Safe speed monitor)

The drive monitors that the speed does not fall below a minimum. If the speed limit is undershot, a higher-level safety control issues a suitable error response. It is possible to react to blocking of a drive with STO, to underspeed of a pump with switching on a reserve unit.

SSR (Safe speed range)

Combination of SLS and SSM.

SLP (Safe limited position)

The safety function monitors that the drive (and thus the element moved by the drive) does not exceed defined end positions. This safety function corresponds to a limit switch. In the beginning it was mainly used to limit the range of motion of robots, later also for converters for industrial use.

SP (safe position)

This safety function provides safe position data of the drive via a safe bus, which can be used in a suitable manner by a safety control (end position monitoring, position-dependent activation of safety functions ...)

SDI (Safe direction)

The drive is monitored to ensure that it only works in the enabled direction, e.g. B. that a shaft only rotates clockwise, a linear axis can open a danger point, but not close it. The function can be integrated in the converter or implemented via external monitoring.

SBC / SBT (Safe brake control, Safe brake test)

Both functions are usually used together. SBC controls one or more (external) brakes. This ensures that raised loads do not drop after an STO has been initiated, but are braked in good time. If the brake is worn, it can fail. The SBT safety function therefore tests the brake cyclically and / or before releasing the guard locking of a protective device with a defined torque. If the brake is detected to slip, a suitable error reaction is initiated (e.g. moving to a safe position, engaging a support). These functions are integrated in safe robot controls and converters.

Individual evidence