Operating Guide Safe Torque Off

Similar documents
Operating Guide Safe Torque Off

Operating Instructions VLT PTC Thermistor Card MCB 112

SAFETY RELAY APPLICATION

Installation Instructions NEMA-3R Cover Kit for D1h D2h VLT FC Series FC 102, FC 103, FC 202, and FC Description. 1.

Operating Manual MS220DA

Safety Function: Single-beam Area Access Control (AAC)

SITRANS. Temperature transmitter Functional safety for SITRANS TW. Introduction. General safety instructions 2. Device-specific safety instructions

Functional Safety of Machinery Presented by Greg Richards Manufacturing in America 02/22-23/2017

Operating instructions Safety-monitoring module SRB 302X3. 1 About this document

Operating instructions Safety-monitoring module SRB 302X3. 1. About this document. Content

Operating Manual MS220KA and MSR220KA

SensaGuard TM Integrated Latch Installation Instructions

ISIS SAFETY SYSTEM Installation guide

Functional Safety of Machinery: EN ISO Stewart Robinson. Overview of the presentation. References. TÜV SÜD Product Service

Functional Safety: What It Is, Why It s Important And How to Comply


Functional Safety Manual June pointek CLS500/LC500

We reserve all rights in this document and in the information contained therein. Reproduction, use or disclosure to third parties without express

MACHINERY SAFEBOOK 5. Safety related control systems for machinery. Principles, standards and implementation. (Revision 5 of the Safebook series)

Functional Safety & Power Drive Systems

Functional Safety Manual Oil Leak Detector NAR300 System

Original operating instructions Safety switch with guard locking AC901S AC902S

Proservo NMS5- / NMS7-

Magnetically Coded Non-contact Switch (MC2)

Introduction to machine safety

BES M30EP-PFC12F-S04G-D12 BES Q40ZU-PFC15B-S04G-D12 BES Q40ZU-PFC20F-S04G-D12 Inductive Safety Sensors User's Manual

Original operating instructions Photoelectric safety sensors (safety light curtain / safety light grid) Protected area width (range) 0...

Automation, Software und Informationstechnologie

Flopurge TS. Operation Manual

Project planning (original) EN. Functional safety. Inverter i550-cabinet kw

To Whom it May Concern;

SAFEMASTER PRO. The configurable safety system versatile and extendable. Our experience. Your safety.

Overfill Prevention Control Unit with Ground Verification & Vehicle Identification Options. TÜVRheinland

ASIsafe Solution PROFIsafe

PROTECT SRB 200EXi-1A

SIL Safety Guide Series MS Single-Acting Spring-Return Hydraulic Linear Actuators

Overload Relay EMT6 Overload monitoring system for machines operating in the EEx e area

Flostop TS D7E and A8E. Operation Manual

/ / 2018

Functional safety manual Liquiphant M/S with FEL57 and Nivotester FTL325P

Digital EPIC 2 Safety manual

Safety in the process industry

Safety Control Modules for Emergency Stop Circuits FF-SRS5988 FF-SRS5935 FF-SRS5925 FF-SRS5934 FF-SRS5924 TYPICAL APPLICATIONS APPROVALS DIMENSIONS

FUNCTIONAL SAFETY OF ELECTRICAL INSTALLATIONS IN INDUSTRIAL PLANTS BY OTTO WALCH

Easy Implementation of the European Machinery Directive

United Electric Controls One Series Safety Transmitter Safety Manual

Guidelines. Safety Integrity Level - SIL - Valves and valve actuators. February Valves

Original instructions Sense7-series Non-contact coded safety switch

Introduction to machine safety

Installation and Operating manual. SI-Safety Module. Unidrive M. Part: Issue: 1.

SAFETY INTERFACES SAFETY INTERFACES AND RELAYS

Safety. Detection. Control. SAFETY INTERFACES. Safety Interfaces and Relays. Product catalogue. Issue 1

FMEDA Report. Failure Modes, Effects and Diagnostic Analysis. KFD0-CS-Ex*.54* and KFD0-CS-Ex*.56* Project: X7300

One giant leap for safety: AZM400.

Yaskawa Electric America Training Café

SAFETY SERVICE RISK EVALUATION

Functional Safety of Machines and Systems Convenient Implementation of the European Machinery Directive

Report to the Certificate

Basics of Safety Applications

The agri-motive safety performance integrity level Or how do you call it?

The Next Generation Machine Protection System

100 & 120 Series Pressure and Temperature Switches Safety Manual

Measurement of Safety Integrity of E/E/PES according to IEC61508

panasonic.net/id/pidsx/global Lights up when conditions are normal (and at incipient liquid leak detection) Use as a warning Sensor

SAFETY MANUAL. Multispectrum IR Flame Detector X3301

Technical Paper. Functional Safety Update IEC Edition 2 Standards Update

IE Code IE Competency Title Credit OAC Ref.

GRUNDFOS INSTRUCTIONS LCD 108. Installation and operating instructions

SAFETY MANUAL. Electrochemical Gas Detector GT3000 Series Includes Transmitter (GTX) with H 2 S or O 2 Sensor Module (GTS)

½ Monitored Pneumatic Valve Patented Technology

Danfoss gas detection unit Type GD Heavy Duty

Differential Pressure Transmitter deltabar S PMD 230/235 deltabar S FMD 230/630/633 with ma output signal

WaterFurnace FX10 Application Guide Reversible Chiller

Rosemount Functional Safety Manual. Manual Supplement , Rev AF March 2015

GESTRA Steam Systems NRS English. Installation Instructions Level Switch NRS 1-51

First of all, what is a safety-related

Operating instructions V-ZUG-Home

MANUAL Overflow sensor NVF-104/34-PF

SAFETY MANUAL. Intelligent Sensors for H 2 S Gas Applications

Pressure Transmitter cerabar S PMC 731/631 cerabar S PMP 731/635 with ma output signal

ABOUT THIS DOCUMENT AND THE DOCUMENT STRUCTURE WE USE

Basics of Safety Applications

SAFETY MANUAL. X2200 UV, X9800 IR, X5200 UVIR SIL 2 Certified Flame Detectors

General terms and conditions... F-7 General precautions... P panasonic.net/id/pidsx/global. Use as a warning. Sensor. Emergency stop.

FP120-Z1 Power supply kit A (70 W) Technical Manual

LZR -I30. max. detection range of 30 ft x 30 ft LASER SCANNERS FOR INDUSTRIAL DOORS LZR-I Page 1 of 12

Instructions for the fan motor control system, SILVER C

SIPART. Electropneumatic positioner Functional safety for SIPART PS2. Introduction. General safety instructions 2. Device-specific safety instructions

AquaSaver DISPOSER CONTROL CENTER Installation Manual. Model AS-101K

INTERNATIONAL STANDARD

SACE PR021/K SIGNALLING UNIT

½ Monitored Pneumatic Valves On Series Ported Manifold

FUNCTIONAL SAFETY INCREMENTAL ENCODERS MASTERING SPEED CONTROL

USER GUIDE. DRENA 2 - User Manual ELECTRICAL PANEL FOR 2 MOTORS - WASTE WATER -

IEC61511 Standard Overview

LZR -I100/ -I110. LASER SCANNERS for industrial doors. User s Guide for product version 0600 and more

Speed and Frequency Seite 1 von 7

SAFETY MANUAL. PointWatch Eclipse Infrared Hydrocarbon Gas Detector Safety Certified Model PIRECL

Operating manual GTL 369 GTL 369M GTL 389 GTL 389M. Temperature probe. Please keep the manual for future use.

D-TECT 3 IP. GJD260 IP Motion Detector

Transcription:

ENGINEERING TOMORROW Operating Guide Safe Torque Off VLT Frequency Converters vlt-drives.danfoss.com

Contents Operating Guide Contents 1 Introduction 2 1.1 Purpose of the Manual 2 1.2 Additional Resources 2 1.3 Functional Overview 2 1.4 Approvals and Certifications 2 1.5 Symbols, Abbreviations, and Conventions 3 2 Safety 4 2.1 Safety Symbols 4 2.2 Qualified Personnel 4 2.3 Safety Precautions 4 3 Installation 6 3.1 Safety Instructions 6 3.2 STO Installation 6 3.3 Installation in Combination with VLT PTC Thermistor Card MCB 112 7 4 Commissioning 8 4.1 Safety Instructions 8 4.2 Activation of STO 8 4.3 Parameter Settings for STO in Combination with VLT PTC Thermistor Card MCB 112 8 4.4 Automatic/Manual Restart Behavior 8 4.5 STO Commissioning Test 8 4.6 System Configuration Security 9 4.7 Service and Maintenance 9 5 Application Examples 10 5.1 SISTEMA Data 10 5.2 Emergency Stop of Frequency Converter with Safe Torque Off - Category 1, PL c, SIL 1 10 5.3 Emergency Stop of Frequency Converter with Safe Torque Off Using Safety Relay - Category 3, PL d, SIL 2 11 5.4 Emergency Stop of Frequency Converter with Safe Torque Off, Safety Relay and Output Contactor - Category 4, PL e, SIL 3 12 5.5 Emergency Stop of Multiple Frequency Converters - Category 3, PL d, SIL 2 13 6 STO Technical Data 15 Index 16 MG37D602 Danfoss A/S 11/2018 All rights reserved. 1

Introduction Safe Torque Off 1 1 Introduction 1.1 Purpose of the Manual This manual provides information for use of Danfoss VLT frequency converters in functional safety applications. The manual includes information about functional safety standards, Danfoss VLT frequency converter Safe Torque Off (STO) function, the related installation and commissioning, and service and maintenance for STO. VLT is a registered trademark. 1.2 Additional Resources This manual is targeted at users already familiar with the VLT frequency converters. It is intended as a supplement to the manuals and instructions available for download at drives.danfoss.com/knowledge-center/technical-documentation/. Read the instructions shipped with the frequency converter and/or frequency converter option before installing the unit, and observe the instructions for safe installation. 1.3 Functional Overview 1.3.1 Introduction The Safe Torque Off (STO) function is a component in a safety control system. STO prevents the unit from generating the power required to rotate the motor. NOTICE Select and apply the components in the safety control system appropriately to achieve the desired level of operational safety. Before integrating and using STO in an installation, carry out a thorough risk analysis on the installation to determine whether the STO functionality and safety levels are appropriate and sufficient. The VLT frequency converter is available with: Safe Torque Off (STO), as defined by EN IEC 61800-5-2. Stop Category 0, as defined in EN 60204-1. The frequency converter integrates the STO functionality via control terminal 37. 1.3.2 Products Covered and Identification The STO function is available for the following types of frequency converters: VLT HVAC Drive FC 102 VLT Refrigeration Drive FC 103 VLT AQUA Drive FC 202 VLT AutomationDrive FC 301 enclosure size A1 VLT AutomationDrive FC 302 VLT Decentral Drive FCD 302 VLT Parallel Drive Modules Identification Confirm that the frequency converter is configured with STO function by checking the unit typecode on the nameplate (see Table 1.1). Product VLT HVAC Drive FC 102 VLT Refrigeration Drive FC 103 VLT AQUA Drive FC 202 VLT AutomationDrive FC 301 enclosure size A1 VLT AutomationDrive FC 302 VLT Decentral Drive FCD 302 VLT Parallel Drive Modules Table 1.1 Typecode Identification Typecode T or U at digit 18 of the typecode T at digit 18 of the typecode T or U at digit 18 of the typecode T at digit 18 of the typecode X, B, or R at digit 18 of the typecode X, B, or R at digit 18 of the typecode T or U at digit 18 of the typecode 1.4 Approvals and Certifications The VLT frequency converter with STO functionality is designed and approved suitable for the requirements of: Category 3 in EN ISO 13849-1. Performance Level "d" in EN ISO 13849-1. SIL 2 in IEC 61508 and EN 61800-5-2. SILCL 2 in EN 62061. More approvals and certifications are available. Contact a local Danfoss partner. 2 Danfoss A/S 11/2018 All rights reserved. MG37D602

Introduction Operating Guide 1.4.1 Applied Standards and Compliance Use of STO on terminal 37 requires that the user fulfills all provisions for safety including relevant laws, regulations, and guidelines. The integrated STO function complies with the following standards: 1.5 Symbols, Abbreviations, and Conventions IEC/EN 60204-1: 2016 Stop category 0 uncontrolled stop IEC/EN 61508: 2010 SIL2 IEC/EC 61800-5-2: 2016 IEC/EN 62601: 2015 SIL CL2 EN ISO 13849-1: 2015 Category 3 PL d 1 1 Abbreviation Reference Description B10d Number of cycles until 10% of the components have a dangerous failure (for pneumatic and electromechanical components). Cat. EN ISO 13849-1 Category, level B, 1 4 CCF Common cause failure DC Diagnostic coverage divided into Low, Medium and High. FIT Failure in time: 1E-9/hour HFT EN IEC 61508 Hardware fault tolerance: HFT = n means that n+1 faults could cause a loss of the safety function. MTTFd EN ISO 13849-1 Mean time to failure - dangerous. Unit: Years are divided into Low, Medium and High. PFH EN IEC 61508 Probability of dangerous failures per hour. Consider this value if the safety device is operated in high demand or continuous mode of operation, where the frequency of demands for operation made on a safety-related system is greater than 1 per year. PFD EN IEC 61508 Average probability of failure on demand, value used for low demand operation. PL EN ISO 13849-1 Discrete level used to specify the ability of safety-related parts of control systems to perform a safety function under foreseeable conditions. Levels divided into a to e. PLr Required performance level (the required performance level for a particular safety function). SIL EN IEC 61508 Safety integrity level EN IEC 62061 STO EN IEC 61800-5-2 Safe Torque Off SS1 EN IEC 61800-5-2 Safe Stop 1 SRECS EN IEC 62061 Safety-related electrical control system SRP/CS EN ISO 13849-1 Safety-related parts of control systems PDS/SR EN IEC 61800-5-2 Power drive system (safety-related) Table 1.2 Abbreviations Related to Functional Safety Conventions Numbered lists indicate procedures. Bullet lists indicate other information and description of illustrations. Italicized text indicates: Cross-reference. Link. Parameter name. Footnote. Parameter group. Parameter option. Alarms/warnings. All dimensions in drawings are given in both metric and imperial units (in brackets), for example: mm (in). An asterisk (*) indicates the default setting of a parameter. MG37D602 Danfoss A/S 11/2018 All rights reserved. 3

Safety Safe Torque Off 2 2 Safety 2.1 Safety Symbols The following symbols are used in this guide: WARNING Indicates a potentially hazardous situation that could result in death or serious injury. CAUTION Indicates a potentially hazardous situation that could result in minor or moderate injury. It can also be used to alert against unsafe practices. NOTICE Indicates important information, including situations that can result in damage to equipment or property. 2.2 Qualified Personnel Only persons with proven skills are allowed to assemble, install, program, commission, maintain, and decommission the products. Persons with proven skills Are qualified electrical engineers, or persons who have received training from qualified electrical engineers and are suitably experienced to operate devices, systems, plant, and machinery in accordance with the general standards and guidelines for safety technology. Are familiar with the basic regulations concerning health and safety/accident prevention. Have read and understood the safety guidelines given in this manual and also the instructions given in the operating instructions of the frequency converter. Have a good knowledge of the generic and specialist standards applicable to the specific application. Users of power drive systems (safety-related) (PDS(SR)) are responsible for: Hazard and risk analysis of the application. Identifying safety functions required and allocating SIL or PLr to each of the functions. Other subsystems and the validity of signals and commands from them. Designing appropriate safety-related control systems (hardware, software, parameterization, and so on). Protective measures Only qualified and skilled personnel is allowed to install and commission safety engineering systems. Install the frequency converter in an IP54 cabinet as per IEC 60529 or in an equivalent environment. In special applications, a higher IP protection rating may be necessary. Ensure short-circuit protection of the cable between the safety option and the external safety device according to ISO 13849-2 table D.4. When external forces influence the motor axis (for example suspended loads), extra measures (for example a safety holding brake) are required to eliminate hazards. 2.3 Safety Precautions See the Safety chapter in the relevant operating instructions/guides for general safety precautions. CAUTION After installation of STO, perform a commissioning test as specified in chapter 4.5 STO Commissioning Test. A passed commissioning test is mandatory after first installation and after each change to the safety installation. WARNING RISK OF DEATH AND SERIOUS INJURY If external forces act on the motor, for example in case of vertical axis (suspended loads), and an unwanted movement, for example caused by gravity, could cause a hazard, the motor must be equipped with extra measures for fall protection. For example, install extra mechanical brakes. WARNING RISK OF DEATH AND SERIOUS INJURY STO (that is, removal of 24 V DC voltage supply to terminal 37) does not provide electrical safety. The STO function itself is not sufficient to implement the Emergency-Off function as defined by EN 60204-1. Emergency-Off requires measures of electrical isolation, for example by switching off mains via an additional contactor. 4 Danfoss A/S 11/2018 All rights reserved. MG37D602

Safety Operating Guide WARNING RISK OF ELECTRICAL SHOCK The STO function does NOT isolate mains voltage to the frequency converter or auxiliary circuits. Perform work on electrical parts of the frequency converter or the motor only after isolating the mains voltage supply and waiting for the discharge time to elapse, as specified in the Safety chapter in the relevant operating instructions/ guides. Failure to isolate the mains voltage supply from the unit and waiting the time specified could result in death or serious injury. Do not stop the frequency converter by using the STO function. If a running frequency converter is stopped by using the function, the unit trips and stops by coasting. If this limitation is not acceptable, for example because it causes danger, use the appropriate stopping mode to stop the frequency converter and machinery before using the STO function. Depending on the application, a mechanical brake may be required. STO is suitable for performing mechanical work on the frequency converter system or affected area of a machine only. It does not provide electrical safety. STO must not be used as a control for starting and/or stopping the frequency converter. CAUTION AUTOMATIC RESTART Automatic restart behavior is only allowed in 1 of the 2 situations: The unintended restart prevention is implemented by other parts of the STO installation. A presence in the dangerous zone can be physically excluded when STO is not activated. In particular, paragraph 6.3.3.2.5 of ISO 12100: 2010 must be observed. WARNING RISK OF DEATH AND SERIOUS INJURY The STO function can be used for asynchronous, synchronous, and permanent magnet motors. 2 faults can occur in the power semiconductor of the frequency converter. When using synchronous or permanent magnet motors, a residual rotation can result from the faults. The rotation can be calculated to angle = 360/ (number of poles). The application using synchronous or permanent magnet motors must take this residual rotation into consideration and ensure that it does not pose a safety risk. This situation is not relevant for asynchronous motors. NOTICE Perform a risk assessment for each stop function to determine the selection of a stop category in accordance with EN 60204-1: Stop Category 0 is achieved with immediate removal of power to the actuator, resulting in an uncontrolled coast to stop. STO according to EN 61800-5-2 accomplishes a Stop Category 0 stop. Stop Category 1 is achieved with power available to the machine actuators to achieve the stop. Power is removed from the actuators when the stop is achieved according to EN 61800-5-2 Safe Stop 1 (SS1). Stop Category 2 is a controlled stop with power available to the machine actuators. A holding position under power follows the stop. NOTICE When designing the machine application, timing and distance must be considered for a coast to stop (Stop Category 0 or STO). For more information regarding stop categories, refer to EN 60204-1. 2 2 MG37D602 Danfoss A/S 11/2018 All rights reserved. 5

Installation Safe Torque Off 3 Installation 3 3.1 Safety Instructions CAUTION ELECTRICAL HAZARD The operator or electrical installer is responsible for proper grounding and compliance with all applicable national and local safety regulations. 130BC393.11 See chapter 2 Safety and the relevant frequency converter operating instructions/guides. Also, always observe the instructions provided by the motor manufacturer. 3.2 STO Installation For motor connection, AC mains connection, and control wiring, follow the instructions for safe installation in the operating instructions/guides of the frequency converter. For installation with the Ex-certified VLT PTC Thermistor Card MCB 112, see chapter 3.3 Installation in Combination with VLT PTC Thermistor Card MCB 112. Enable the integrated STO as follows: 1. Remove the jumper wire between control terminals 37 and 12 or 13. Cutting or breaking the jumper is not sufficient to avoid shortcircuiting. (See jumper on Illustration 3.1) 130BA874.10 Illustration 3.2 Jumper between Terminals 13 (24 V) and 37 (FCD 302) 2. For example, connect an external safety monitoring relay via a NO safety function to terminal 37 (STO) and either terminal 12 or 13 (24 V DC). Connection and application examples can be found in chapter 5 Application Examples. 12/13 37 3. Complete wiring according to the instructions given in the operating instructions/guides of the frequency converter. Illustration 3.1 Jumper between Terminals 12/13 (24 V) and 37 (all Frequency Converters except of FCD 302) 6 Danfoss A/S 11/2018 All rights reserved. MG37D602

Installation Operating Guide 3.3 Installation in Combination with VLT PTC Thermistor Card MCB 112 NOTICE Combination of VLT PTC Thermistor Card MCB 112 and STO function is only available for VLT HVAC Drive FC 102, VLT AQUA Drive FC 202, VLT AutomationDrive FC 302, and VLT AutomationDrive FC 301 enclosure size A1. VLT PTC Thermistor Card MCB 112 uses terminal 37 as its safety-related switch-off channel. Ensure that the output X44/12 of MCB 112 is AND-ed with the safety-related sensor (for example, emergency stop button and safeguard switch) that activates STO. This means that the output to STO terminal 37 is HIGH (24 V) only if both the signal from MCB 112 output X44/12 and the signal from the safety-related sensor are HIGH. If at least 1 of the 2 signals is LOW, then the output to terminal 37 must be LOW too. Ensure that the safety device with AND-logic complies with the needed safety level. Short-circuit protects the connection from the output of the safety device with safe AND-logic to the STO terminal 37, see Illustration 3.3. Illustration 3.3 shows a restart input for the external safety device. This means that in this installation, parameter 5-19 Terminal 37 Safe Stop can be set to value [7] PTC 1 & Relay W or [8] PTC 1 & Relay A/W. Refer to VLT PTC Thermistor Card MCB 112 Operating Instructions for further details. 3 3 Hazardous Area Non-Hazardous Area PTC Thermistor Card MCB 112 130BA967.12 X44/ 1 2 3 4 5 6 7 8 9 10 1112 PTC Sensor Digital Input e.g. Par 5-15 Par. 5-19 Terminal 37 Safe Stop 12 13 18 19 27 29 32 33 20 37 DI DI Safe Stop Safe Input Safety Device SIL 2 Safe AND Input Safe Output Manual Restart Illustration 3.3 Combination of an STO Application and an MCB 112 Application MG37D602 Danfoss A/S 11/2018 All rights reserved. 7

Commissioning Safe Torque Off 4 Commissioning 4 4.1 Safety Instructions CAUTION ELECTRICAL HAZARD The operator or electrical installer is responsible for proper grounding and compliance with all applicable national and local safety regulations. See chapter 2 Safety and the relevant frequency converter operating instructions/guides. Also, always observe the instructions provided by the motor manufacturer. 4.2 Activation of STO The STO function is activated by removing the voltage at terminal 37 of the frequency converter. By connecting the frequency converter to external safety devices providing a safe delay, an installation for a Safe Stop 1 can be obtained. External safety devices must fulfill Cat./PL or SIL when connected to terminal 37. The STO function can be used for asynchronous, synchronous, and permanent magnet motors. When the STO function (terminal 37) is activated, the frequency converter issues an alarm, trips the unit, and coasts the motor to a stop. Manual restart is required. Use the STO function to stop the frequency converter in emergency stop situations. In normal operating mode when STO is not required, use the standard stop function instead. Ensure that requirements according to ISO 12100 paragraph 6.3.3.2.5 are fulfilled before using the automatic restart function. 4.3 Parameter Settings for STO in Combination with VLT PTC Thermistor Card MCB 112 When MCB 112 is connected, more selections are available for parameter 5-19 Terminal 37 Safe Stop ([4] PTC 1 Alarm to [9] PTC 1 & Relay W/A). Selections [1]* Safe Stop Alarm and [3] Safe Stop Warning are still available, but are for installations without MCB 112 or any external safety devices. If [1]* Safe Stop Alarm or [3] Safe Stop Warning are selected and MCB 112 is triggered, the frequency converter reacts with alarm 72, Dangerous Failure and coasts the motor safely, without automatic restart. Do not select [4] PTC 1 Alarm and [5] PTC 1 Warning when an external safety device is used. Only use those selections when only MCB 112 uses the STO. If selection [4] PTC 1 Alarm or [5] PTC 1 Warning is selected and the external safety device triggers STO, the frequency converter issues alarm 72, Dangerous Failure and coasts the motor safely, without automatic restart. Select [6] PTC 1 & Relay A to [9] PTC 1 & Relay W/A for the combination of external safety device and MCB 112. CAUTION AUTOMATIC RESTART Selections allow for automatic restart when the external safety device is de-activated. Before selecting [7] PTC 1 & Relay W or [8] PTC 1 & Relay A/W, ensure that: The unintended restart prevention is implemented by other parts of the STO installation, or A presence in the dangerous zone can be physically excluded when STO is not activated. In particular, paragraph 6.3.3.2.5 of ISO 12100:2010 must be observed. See VLT PTC Thermistor Card MCB 112 Operating Instructions for further information. 4.4 Automatic/Manual Restart Behavior The STO default state prevents unintended restarts (Restart Prevention Behavior). To terminate STO and resume normal operation: 1. Reapply 24 V DC supply to terminal 37. 2. Give a reset signal (via bus, digital I/O, or [Reset] key). Set the STO function to automatic restart by setting the value of parameter 5-19 Terminal 37 Safe Stop from default value [1]* Safe Stop Alarm to value [3] Safe Stop Warning. Automatic restart means that STO is terminated, and normal operation is resumed, when the 24 V DC is applied to terminal 37. No reset signal is required. 4.5 STO Commissioning Test After installation and before first operation, perform a commissioning test of the installation, using STO. Perform the test again after each modification of the installation or application involving the STO. 8 Danfoss A/S 11/2018 All rights reserved. MG37D602

Commissioning Operating Guide NOTICE A successful commissioning test of the STO function is required after the initial installation, and after each subsequent change to the installation. To perform a commissioning test: Follow the instructions in chapter 4.5.1 Restart Prevention for STO Application for applications without automatic restart after a safe stop, or Follow the instructions in chapter 4.5.2 Automatic Restart of STO Application for applications with automatic restart after a safe stop. 4.5.1 Restart Prevention for STO Application Application where parameter 5-19 Terminal 37 Safe Stop is set to default value [1]* Safe Stop Alarm or combined STO and VLT PTC Thermistor MCB 112 where parameter 5-19 Terminal 37 Safe Stop is set to [6] PTC 1 & Relay A or [9] PTC 1 & Relay W/A): 1. Remove the 24 V DC voltage supply to terminal 37 using the interrupt device while the frequency converter drives the motor (that is mains supply is not interrupted). 2. Check that: 2a 2b 2c The motor coasts. The mechanical brake activates (if connected). If the local control panel (LCP) is mounted, it shows Alarm 68, Safe Stop. 3. Reapply 24 V DC to terminal 37. 4. Ensure that the motor remains in the coasted state, and the mechanical brake (if connected) remains activated. 5. Send reset signal (via bus, digital I/O, or [Reset] key). 6. Ensure that the motor becomes operational again. The commissioning test is successfully completed when all the given steps are passed. 4.5.2 Automatic Restart of STO Application Application where parameter 5-19 Terminal 37 Safe Stop is set to [3] Safe Stop Warning or combined Safe Torque Off and VLT PTC Thermistor MCB 112 where parameter 5-19 Terminal 37 Safe Stop is set to [7] PTC 1 & Relay W or [8] PTC 1 & Relay A/W): 1. Remove the 24 V DC voltage supply to terminal 37 by the interrupt device while the frequency converter drives the motor (that is mains supply is not interrupted). 2. Check that: 2a 2b 2c The motor coasts. The mechanical brake activates (if connected). If the local control panel (LCP) is mounted, it shows Warning 68, Safe Stop. 3. Reapply 24 V DC to terminal 37. 4. Ensure that the motor becomes operational again. The commissioning test is successfully completed when all the given steps are passed. NOTICE See the warning on the restart behavior in chapter 2.3 Safety Precautions. 4.6 System Configuration Security Security measures are the responsibility of the user. The frequency converter parameters can be password-protected. 4.7 Service and Maintenance It is required for PL d or SIL2 to conduct a functional test every 12 months to detect any failure or malfunction of the STO functionality. For lower PL or SIL, it is a recommendation. To conduct the functional test, perform the following steps (or a similar method suitable for the application): 1. Remove the 24 V DC voltage supply at terminal 37. 2. Check if the LCP shows Alarm 68, Safe Stop. 3. Verify that the frequency converter trips the unit. 4. Verify that the motor is coasting and comes to a complete stop. 5. Verify that the motor cannot be started. 6. Reconnect the 24 V DC voltage supply to terminal 37. 7. Verify that the motor is not started automatically and restarts only by giving a reset signal (via bus, digital I/O, or [Reset] key). 4 4 MG37D602 Danfoss A/S 11/2018 All rights reserved. 9

Application Examples Safe Torque Off 5 Application Examples 5 5.1 SISTEMA Data SISTEMA (Safety Integrity Software Tool for the Evaluation of Machine Applications) is a software utility that provides developers and testers of safety-related machine controls with comprehensive support in the evaluation of safety in the context of ISO 13849-1. Functional safety data are available from a data library for use with the SISTEMA calculation tool from the IFA (Institute for Occupational Safety and Health of the German Social Accident Insurance), and data for manual calculation. SISTEMA is available for download at www.danfoss.com/en/service-and-support/downloads/dds/ sistema-safety-integrity-software-tool/#overview. 5.2 Emergency Stop of Frequency Converter with Safe Torque Off - Category 1, PL c, SIL 1 Illustration 5.1 shows an emergency stop with Safe Torque Off - Category 1, PL c, SIL 1 application example. 1 +24 V 1 Emergency stop button 2 2 Short circuit protected cable (if not inside installation IP54 cabinet). See ISO 13849-2 Table D.4 for further information. 37 FC e30bg733.10 Design features The circuit can be used up to Category 1, PL c (ISO 13849-1) or SIL 1 (EN 62061 and IEC 61508). The Safe Torque Off (STO) function is activated via 1 NC positively operated switch contact (according to IEC 60947-1, IEC 60947-5-1, and IEC 60947-5-5). For PL c, the complete safety functions have to be calculated (MTTFd). Use basic safety principles. Device used for activation of Safe Torque Off (STO) must be suitable for the selected Category, PL or SIL. When implementing the emergency stop, pay attention to the following tips: Any non-safety related standards should be fulfilled for the application and its components. Application designer is responsible for selecting suitable components. The cable shown as bold in Illustration 5.1 has to be short circuit protected according to ISO 13849-2 table D.4. To fulfill PL c, the MTTFd and DC for the whole safety function has to be calculated. The B10d value of the emergency stop device shall be known. B10d value has to be high enough to fulfill MTTFd corresponding PL c. Implementation in SISTEMA using the Danfoss VLT library As an example, use the subsystem VLT AutomationDrive FC 302/FCD 302 Safe Torque Off (Terminal 37). No need to edit all the parameters which are set in the library. Illustration 5.1 Emergency Stop with Safe Torque Off - Category 1, PL c, SIL 1 SB emergency stop device SB FC 300 safe stop (terminal 37) e30bg734.10 from Danfoss VLT library Safety function If there is an emergency, the emergency stop device is activated. The frequency converter s Safe Torque Off (STO) function is activated. Following a stop or emergency stop command, the frequency converter is halted. Illustration 5.2 Safety-related Block Diagram 10 Danfoss A/S 11/2018 All rights reserved. MG37D602

Application Examples Operating Guide 5.3 Emergency Stop of Frequency Converter with Safe Torque Off Using Safety Relay - Category 3, PL d, SIL 2 Illustration 5.3 shows an emergency stop with Safe Torque Off using safety relay - Category 3, PL d, SIL 2 application example. FC 12 3 e30bg775.10 1 When implementing the emergency stop, pay attention to the following tips: Any non-safety related standards should be fulfilled for the application and its components. Application designer is responsible for selecting suitable components. The cable shown as bold in Illustration 5.3 has to be short circuit protected according to ISO 13849-2 table D.4. To fulfill PL d, the MTTFd and DC for the whole safety function has to be calculated. This set-up can be used if a dual positive switching device is used. Depending on the safety relay, it is also possible to connect several activation devices to 1 Safe Torque Off (STO). 5 5 37 Implementation in SISTEMA using the Danfoss VLT library As an example, use the subsystem VLT AutomationDrive FC 302/FCD 302 Safe Torque Off (Terminal 37). No need to edit all the parameters which are set in the library. 4 2 SB emergency stop device SB safety relay SB FC 300 safe stop (terminal 37) from Danfoss VLT library e30bg776.10 1 Safety relay (Category 3, PL d, or SIL 2) 2 Emergency stop button 3 Reset button 4 Short circuit protected cable (if not inside installation IP54 cabinet). See ISO 13849-2 Table D.4 for further information. Illustration 5.4 Safety-related Block Diagram Illustration 5.3 Installation Example to Achieve a Stop Category 0 (EN 60204-1) with Safety Cat. 3/PL d (ISO 13849-1) or SIL 2 (EN 62061 and IEC 61508). Safety function If there is an emergency, the emergency stop device is activated. The frequency converter s Safe Torque Off (STO) function is activated. Following a stop or emergency stop command, the frequency converter is halted. Design features The circuit can be used up to Category 3, PL d (ISO 13849-1) or SIL 2 (EN 62061 and IEC 61508). For PL d, the complete safety functions have to be calculated (MTTFd). Use basic safety principles. Device used for activation of Safe Torque Off (STO) and safety relay must be suitable for the selected category PL and SIL. MG37D602 Danfoss A/S 11/2018 All rights reserved. 11

Application Examples Safe Torque Off 5 5.4 Emergency Stop of Frequency Converter with Safe Torque Off, Safety Relay and Output Contactor - Category 4, PL e, SIL 3 Illustration 5.5 shows an emergency stop of frequency converter with Safe Torque Off, safety relay and output contactor - Category 4, PL e, SIL 3 application example. K1 FC M 12 37 4 K1 +24 V 1 Safety relay (Category 4, PL e, SIL 3) 2 Emergency stop button 3 Reset button 4 Short circuit protected cable (if not inside installation IP54 cabinet). See ISO 13849-2 Table D.4 for further information. Illustration 5.5 Frequency Converter with Safe Torque Off, Safety Relay and Output Contactor - Category 4, PL e, SIL 3 K1 3 1 2 e30bg777.10 Design features The circuit can be used up to category 4 and PL e. For PL e, the complete safety functions have to be calculated (MTTFd). Use basic safety principles. Device used for activation of Safe Torque Off (STO) and safety relay must be suitable for the selected category, PL or SIL. When implementing the emergency stop, pay attention to the following tips: Any non-safety related standards should be fulfilled for the application and its components. Application designer is responsible for selecting suitable components. The cable shown as bold in Illustration 5.5 has to be short circuit protected according to ISO 13849-2 table D.4. To fulfill PL e, the MTTFd and DC for the whole safety function has to be calculated. This set-up can be used if a dual positive switching device is used. Implementation in SISTEMA using the Danfoss VLT library As an example, use the block VLT AutomationDrive FC 302 (Terminal 37). No need to edit all the parameters which are set in the library. SB emergency stop device SB monitoring safety relay: MSR 33 Illustration 5.6 Safety-related Block Diagram SB stopping devices CH channel 1 BL FC 300 safe stop (terminal 37) from Danfoss VLT library CH channel 2 BL output contactor: 100S-C e30bg778.10 Safety function If there is an emergency, the emergency stop device is activated. The frequency converter s Safe Torque Off (STO) function is activated. Following a stop or emergency stop command, the frequency converter is halted. Where the safety control system must be in accordance with PL e ISO 13849-1 or SIL 3 (EN 62061 and IEC 61508), it requires a 2 channel stop for the STO function. One channel can be implemented by the STO input on the frequency converter and the other by a contactor, which may be connected in either the frequency converter input or output power circuits. The contactor must be monitored through an auxiliary guided contact, shown as K1 in Illustration 5.5. 12 Danfoss A/S 11/2018 All rights reserved. MG37D602

Application Examples Operating Guide 5.5 Emergency Stop of Multiple Frequency Converters - Category 3, PL d, SIL 2 Illustration 5.7 shows an emergency stop of multiple frequency converters - Category 3, PL d, SIL 2 application example. FC FC FC 3 e30bg779.10 12 12 12 1 5 5 37 37 37 4 2 1 Safety relay (Category 3, PL d, or SIL 2) 2 Emergency stop button 3 Reset button 4 Short circuit protected cable (if not inside installation IP54 cabinet). See ISO 13849-2 Table D.4 for further information. Illustration 5.7 Emergency Stop of Multiple Frequency Converters - Category 3, PL d, SIL 2 Safety function If there is an emergency, the emergency stop device is activated. The frequency converter s Safe Torque Off (STO) function is activated. Following a stop or emergency stop command, the frequency converter is halted. The STO inputs may be connected directly together, if it is required to control multiple frequency converters from the same control line. Connecting inputs together increases the probability of a fault in the unsafe direction, since a fault in 1 frequency converter might result in all frequency converters becoming enabled. The probability of a fault is so low, at 1 x 10-10 per hour, that the resulting probability still meets the requirements for SIL2 for realistic numbers of frequency converters. It is recommended that no more than 20 inputs should be connected in parallel. NOTICE When using internal 24 V DC supply (terminal 12), the amount of parallel inputs (terminal 37) is limited to 3, otherwise, the available output power is exceeded. Design features The circuit can be used up to Category 3, PL d or SIL 2. For PL d, the complete safety functions have to be calculated (MTTFd). Use basic safety principles. Device used for activation of Safe Torque Off (STO) and safety relay must be suitable for the selected category, PL or SIL. MG37D602 Danfoss A/S 11/2018 All rights reserved. 13

Application Examples Safe Torque Off When implementing the emergency stop, pay attention to the following tips: Any non-safety related standards should be fulfilled for the application and its components. Application designer is responsible for selecting suitable components. The cable shown as bold in Illustration 5.7 has to be short circuit protected according to ISO 13849-2 table D.4. To fulfill PL d, the MTTFd and DC for the whole safety function has to be calculated. This set-up can be used if a dual positive switching device is used. Depending on the safety relay, it is also possible to connect several activation devices to one Safe Torque Off. 5 Implementation in SISTEMA using the Danfoss VLT library As an example, use the subsystem VLT AutomationDrive FC 302/FCD 302 Safe Torque Off (Terminal 37). No need to edit all the parameters which are set in the library. The subsystem needs to be put into the safety function as often as number of frequency converters are present on the single STO line. SB emergency stop device SB safety relay SB FC300 safe stop (terminal 37) from Danfoss VLT library SB FC300 safe stop (terminal 37) from Danfoss VLT library SB FC300 safe stop (terminal 37) from Danfoss VLT library e30bg780.10 Illustration 5.8 Safety-related Block Diagram 14 Danfoss A/S 11/2018 All rights reserved. MG37D602

STO Technical Data Operating Guide 6 STO Technical Data NOTICE For technical specifications and operating conditions for the frequency converter, refer to the relevant operating instructions/guides of the frequency converter. NOTICE The STO signal must be SELV or PELV supplied. European directives Safety standards Safety function Safety performance Machinery Directive (2006/42/EC) EMC Directive (2014/30/EU) Low Voltage Directive (2014/35/EU) EN ISO 13849-1 EN IEC 62061 EN IEC 61800-5-2 EN 50011 EN 61000-6-3 EN 61800-3 EN 50178 EN 61800-5-1 Safety of Machinery EN ISO 13849-1, IEC 62061, IEC 60204-1 Functional Safety IEC 61508-1 to -7, IEC 61800-5-2 ISO 13849-1 Category Cat 3 Diagnostic Coverage Mean Time to Dangerous Failure Performance Level IEC 61508/IEC 62061 Safety Integrity Level Probability of Dangerous Failure per Hour Probability of Dangerous Failure on Demand Hardware Fault Tolerance Proof Test Interval T1 Mission time TM IEC 61800-5-2 IEC 60204-1 Safe Torque Off (STO) Stop Category 0 DC: 90% (Medium) MTTFd: 14000 years (High) PL d SIL 2, SIL CL2 PFH: 1E-10/h; 1E-8/h for specific variants1), 2) (High Demand Mode) PFD: 1E-10; 1E-4 for specific variants1), 2) (Low Demand Mode) HFT: 0 (1oo1) 20 Years 20 Years Reaction time Input to output response time Maximum 20 ms, 60 ms for specific variants1), 2) 6 6 Table 6.1 Technical Data 1) VLT HVAC Drive FC 102, VLT Refrigeration DriveFC 103, VLT AQUA Drive FC 202, and VLT AutomationDrive FC 301/FC 302 High Power Drives with enclosure size F: 400 V: 450/500 kw (600/650 hp) 800/1000 kw (1075/1350 hp) (High Overload/Normal Overload). 690 V: 630/710 kw (850/950 hp) 1800/2000 kw (2400/2700 hp) (High Overload/Normal Overload). 2) VLT Parallel Drive Modules: 400 V: 250/315 kw (350/450 hp) 800/1000 kw (1200/1350 hp) (High Overload/Normal Overload). 690 V: 315/400 kw (350/400 hp) 1000/1200 kw (1150/1350 hp) (High Overload/Normal Overload). MG37D602 Danfoss A/S 11/2018 All rights reserved. 15

Index Safe Torque Off Index A Abbreviations... 3 Activation... 8 Alarm... 8 Approvals... 2 Automatic restart... 8, 9 C Certifications... 2 Command... 4 Commissioning test... 9 Control system... 4 Conventions... 3 SIL CL2... 3 SIL2... 3 SISTEMA data... 10 Standards and compliance... 3 Switch-off channel... 7 Symbols... 3 T Technical data... 15 Termination... 8 Thermistor card... 7 U Unintended restart prevention... 8 E External safety devices... 8 I Identification... 2 Installation... 7 M Maintenance... 9 Mechanical brake... 9 O Output... 7 P Parameter settings... 8 Products covered... 2 Q Qualified personnel... 4 R Restart behavior... 8 Restart prevention... 8, 9 S Safety device... 7 Safety-guard switch... 7 Safety-related sensor... 7 Selections... 8 Signal... 4, 7 16 Danfoss A/S 11/2018 All rights reserved. MG37D602

Index Operating Guide MG37D602 Danfoss A/S 11/2018 All rights reserved. 17

Danfoss can accept no responsibility for possible errors in catalogues, brochures and other printed material. Danfoss reserves the right to alter its products without notice. This also applies to products already on order provided that such alterations can be made without subsequential changes being necessary in specifications already agreed. All trademarks in this material are property of the respective companies. Danfoss and the Danfoss logotype are trademarks of Danfoss A/S. All rights reserved. Danfoss A/S Ulsnaes 1 DK-6300 Graasten vlt-drives.danfoss.com 130R0544 MG37D602 11/2018 *MG37D602*

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback