Automation, Software und Informationstechnologie

Similar documents
Test reports for the determination of B 10d values for emergency stop switches of families 800F, 800H, 800T and D7 of Rockwell Automation

Automation, Functional Safety. Assessment of the Point Guard Analog Input Safety Modules 1734-IE4S and 1734-IE4SXT Rockwell Automation, USA

Certification Report of the ST3000 Pressure Transmitter

Failure Modes, Effects and Diagnostic Analysis. PR electronics A/S Rønde Denmark

Failure Modes, Effects and Diagnostic Analysis

Certification Report of the ST 3000 Pressure Transmitter with HART 6

FMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

Operating Guide Safe Torque Off

Safety Speed Monitoring

Measurement of Safety Integrity of E/E/PES according to IEC61508

The agri-motive safety performance integrity level Or how do you call it?

PPA Michaël GROSSI - FSCE PR electronics

IEC Functional Safety Assessment

User s Manual. YTA110, YTA310, YTA320, and YTA710 Temperature Transmitters. Manual Change No

Technical Report Proven In Use SITRANS P500

Overfill Prevention Control Unit with Ground Verification & Vehicle Identification Options. TÜVRheinland

FMEDA Report. Failure Modes, Effects and Diagnostic Analysis. KFD0-CS-Ex*.54* and KFD0-CS-Ex*.56* Project: X7300

Functional Safety: What It Is, Why It s Important And How to Comply

CONFIRMATION of Product Conformity (QAL1)

We reserve all rights in this document and in the information contained therein. Reproduction, use or disclosure to third parties without express

Operating Guide Safe Torque Off

Operating Manual MS220DA

Report Nr

SAFETY RELAY APPLICATION

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, Minnesota USA

FUNCTIONAL SAFETY CERTIFICATE

Functional Safety of Machinery: EN ISO Stewart Robinson. Overview of the presentation. References. TÜV SÜD Product Service

Guidelines. Safety Integrity Level - SIL - Valves and valve actuators. February Valves

FUNCTIONAL SAFETY OF ELECTRICAL INSTALLATIONS IN INDUSTRIAL PLANTS BY OTTO WALCH

Mechanics issn Transport issue 1, 2009 Communications article 0342

Siemens Process Automation End-user Summit- 2011

Operating instructions Safety-monitoring module SRB 302X3. 1 About this document

Failure Modes, Effects and Diagnostic Analysis

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511

SIL Safety Guide Series MS Single-Acting Spring-Return Hydraulic Linear Actuators

SAFEMASTER PRO. The configurable safety system versatile and extendable. Our experience. Your safety.


67 th Canadian Chemical Engineering Conference EDMONTON, AB OCTOBER 22-25, 2017

FUNCTIONAL SAFETY: A PRACTICAL APPROACH FOR END-USERS AND SYSTEM INTEGRATORS

Failure Modes, Effects and Diagnostic Analysis

New Developments in the IEC61511 Edition 2

Failure Modes, Effects and Diagnostic Analysis

Safety Manual. XNXTM Universal Transmitter. Fault Diagnostic Time Interval Proof Test Proof Testing Procedure

Functional Safety of Machinery Presented by Greg Richards Manufacturing in America 02/22-23/2017

CERTIFICATE. EN tested QAL 1 certified TUV approved Annual inspection. The certificate is valid until: 19July2017. Köln, 17 August2012

SITRANS. Temperature transmitter Functional safety for SITRANS TW. Introduction. General safety instructions 2. Device-specific safety instructions

Safety Manual. XNX TM Universal Transmitter. Table of Contents SIL 2 Certificates Overview Safety Parameters

Functional Safety & Power Drive Systems

SAFETY MANUAL. Electrochemical Gas Detector GT3000 Series Includes Transmitter (GTX) with H 2 S or O 2 Sensor Module (GTS)

Pressure Transmitter cerabar S PMC 731/631 cerabar S PMP 731/635 with ma output signal

Hands On: Introduction to Safety Workshop Presented by Robert Jones Manufacturing in America March 14-15, 2018

Functional safety according to IEC / IEC Important user information. Major changes in IEC nd Edition

Safety Function: Single-beam Area Access Control (AAC)

Operating Manual MS220KA and MSR220KA

Operating instructions Safety-monitoring module SRB 302X3. 1. About this document. Content

Differential Pressure Transmitter deltabar S PMD 230/235 deltabar S FMD 230/630/633 with ma output signal

/ sicam SICAM Safety Full functionality for safety-critical applications Answers for infrastructure and cities.

Report to the Certificate

CERTIFICATE of Product Conformity (QAL1 )

CERTIFICATE of Product Conformity (QAL1 )

Rosemount Functional Safety Manual. Manual Supplement , Rev AF March 2015

Procedure for the Approval of New Fire Detection and Alarm Technologies

New requirements for IEC best practice compliance

Project planning (original) EN. Functional safety. Inverter i550-cabinet kw

FUNCTIONAL SAFETY CERTIFICATE. BG Break Glass Unit

CERTIFICATE. about Product Conformity {QAL 1) Number of Certificate: _02

INTERNATIONAL STANDARD

Pressure Transmitter cerabar M PMC 41/45 cerabar M PMP 41/45/46/48 with Output Signal ma/hart

CERTIFICATE of Product Conformity (QAL1)

Original operating instructions Safety switch with guard locking AC901S AC902S

SensaGuard TM Integrated Latch Installation Instructions

EN50438 TEST REPORT SUMMARY. Requirements for the connection of micro-generators in parallel with public low-voltage distribution networks

Installation and Operating manual. SI-Safety Module. Unidrive M. Part: Issue: 4

Installation and Operating manual. SI-Safety Module. Unidrive M. Part: Issue: 1.

Introduction. Additional information. Additional instructions for IEC compliant devices. Measurement made easy

CERTIFICATE of Product Conformity (QAL1 )

SAFETY MANUAL. PointWatch Eclipse Infrared Hydrocarbon Gas Detector Safety Certified Model PIRECL

Assessment of the Safety Integrity of Electrical Protection Systems in the Petrochemical Industry

HAWK Measurement Systems Pty. Ltd. Centurion CGR Series Safety Manual

_03 / 28 July 2015

Failure Modes, Effects and Diagnostic Analysis

Certificate: _01 / 19 August 2011

Session Four Functional safety: the next edition of IEC Mirek Generowicz Engineering Manager, I&E Systems Pty Ltd

Functional Safety: the Next Edition of IEC 61511

SAFETY MANUAL. Multispectrum IR Flame Detector X3301

Certificate: _01 / 22 March 2013

Safety in the process industry

Failure Modes, Effects and Diagnostic Analysis

CERTIFICATE of Product Conformity (QAL1 )

100 & 120 Series Pressure and Temperature Switches Safety Manual

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, MN USA

Soliphant M with electronic insert FEM52

FUNCTIONAL SAFETY INCREMENTAL ENCODERS MASTERING SPEED CONTROL

Australian Standard. Functional safety Safety instrumented systems for the process industry sector

Deltapilot S FMB70. Functional Safety Manual. Level and Pressure Measurement with Output Signal ma

CERTIFICATE of Product Conformity (QAL1 )

Cerabar S PMC71, PMP71, PMP75

Proservo NMS5- / NMS7-

Transcription:

Automation, Software und Informationstechnologie Report on the type approval of the Adjustable Frequency AC Drives PowerFlex 753 and 755 of Rockwell Automation Inc. Bericht-Nr.: 968/EZ 334.00/08 Datum: 2008-12-08 Bericht-Nr.: 968/EZ 334.00/08 Seite 1 von 9

Report on the type approval of the Adjustable Frequency AC Drives PowerFlex 753 and 755 of Rockwell Automation Inc. Report-No.: 968/EZ 334.00/08 Date: 2008-12-08 Pages: 9 Test object: Adjustable Frequency AC Drive PowerFlex 753 and 755 Frames 2-7, 400V- 480V Customer: Manufacturer: Rockwell Automation 6400 West Enterprise Drive USA-Mequon, WI 53092 United States of America Rockwell Automation 6400 West Enterprise Drive USA-Mequon, WI 53092 United States of America Order-No./Date: Test Institute: Department: Email dlstewart@ra.rockwell.com 3061225 (TRNA number) dated 2007-05-31 3061218 (TRNA number) dated 2007-06-11 TUV36669 ((TRNA number) dated 2008-06-11 TÜV Rheinland Industrie Service GmbH Automation, Software and Information Technology (ASI) Am Grauen Stein 51105 Köln Germany Automation, Software and Information Technology (ASI) TÜV-Offer-No./Date: 968/32/07 dated 2007-02-05 TÜV-Order-No./Date: 9027938 dated 2004-04-20 9760428 dated 2007-06-11 9760481 dated 2007-06-12 9994548 dated 2008-06-11 Inspector: Test location: Dipl.-Ing. Thomas Steffens see Test Institute Test duration: October 2007 to November 2008 The test results are exclusively related to the test samples. This report must not be copied in an abridged version without the written permission of the Test Institute. Bericht-Nr.: 968/EZ 334.00/08 Seite 2 von 9

Contents Page 1. Scope 4 2. Standards forming the basis for the requirements 4 3. Test object 4 3.1 Identification of the test object 4 3.2 Documents 5 3.3 Test sample, test set-up 5 4. Tests and test results 5 4.1 General 5 4.2 Description and judgement of the safety structure 5 4.3 Results of the functional and safety analyses 7 4.4 Determination of the Safety parameters 7 4.5 Judgement of the measures for the fault avoidance 8 4.6 Electrical safety 8 4.7 Environmental tests 8 4.8 EMC/EMI contemplation 8 5. Summary 9 Bericht-Nr.: 968/EZ 334.00/08 Seite 3 von 9

1. Scope This report documents the type approval of the Adjustable Frequency AC Drive PowerFlex 753 and 755 of Rockwell Automation Inc. On this way the comprehensible proof shall be established, that the devices under test meet the functional and safety related requirements of the product specification and fulfils the requirements up to PL e and category 3 according to EN ISO 13849-1 as well as SIL 3 according to IEC 61508/ EN 62061 / EN 61800-5-2 for the integrated safety function Safe Torque OFF (STO). 2. Standards forming the basis for the requirements [N1] EN ISO 13849-1: 2008 Safety of machinery - Safety-related parts of control systems Part 1: General principles for design [N2] EN 60204-1: 2006 Safety of machinery - Electrical equipment of machines Part 1: General requirements [N3] EN 61800-5-1: 2007 Adjustable speed electrical power drive systems Part 5-1: Safety Requirements - Electrical, thermal and engery [N4] EN ISO 13850: 2006 Safety of machinery; Emergency stop, Principles for design [N5] EN 62061: 2005 Safety of machinery - Functional safety of safety-related electrical, electronic and programmable electronic control systems [N6] IEC 61508 Part 1-7: 2000 Functional safety of electrical/electronic/programmable electronic safety-related systems [N7] EN 61800-5-2: 2007 Adjustable speed electrical power drive systems Part 5-2: Safety requirements-functional [N8] EN 61800-3:2004 Adjustable speed electrical power drive systems - Part 3: EMC product standard including specific test methods 3. Test object 3.1 Identification of the test object All technical data of the devices under test can be found in the belonging instruction sheets and the below listed documents. The Adjustable Frequency AC Drive PowerFlex 753 and 755 are from the safety point of view technically identical. The only difference between PF753 and PF755 is control capabilities. The PF753 represents a subset of the function of the PF755. Therefore all testing was performed with the PF755. Bericht-Nr.: 968/EZ 334.00/08 Seite 4 von 9

3.2 Documents V&V-Plan, DE 1005-007 Validation and Verification Plan.doc, 2008-07-29, 4 pages Firmware Functional Verification Test, DE 1005-006 SafeOff Firmware Functional Verification.doc, 2008-07-29, 7 pages Fault Insert Test, DE 1005-005 Safe Torque Off Fault Insert.doc, 2008-07-31, 7 pages Functional Verification Test, DE 1005-004 Safe Torque Off Func Verif.doc, 2008-07-31, 7 pages Product Requirements Specification, PF753_755_SIL-3_Design_Spec revision RP Final 6.doc, 2008-05-14, 21 pages Rhino Spacings, Rhino Spacings 4.doc, 2008-02-10, 3 pages Schematic, FMEA1.pdf, 2008-03-28, 5 pages EMC Test report, No.:30781469.004-NBO dated 2008-10-31 LVD Report No. 30771465.004, dated 2008-11-10 Determination of safety parameters, STO_FMEA_V0p10_081027.xls Installation Instruction, preliminary 2008-11-04, 750-IN001A_11-04-08.pdf, 94 pages User Manual, preliminary 2008-10-06, 750-UM001A_10-06-08.pdf, 249 pages 3.3 Test sample, test set-up The judgment of the realized safety function Safe Torque Off has been carried out by means of an analysis of the provided documents and partly in common reviews together with the developer. All other mentioned tests, performed by Rockwell or by TRNA, were performed on representative models. The test sample will be kept by Rockwell Automation. 4. Tests and test results 4.1 General The measuring and test equipment, which has been used by the TÜV Rheinland Group in the tests described in the following, is subject to regular inspection and calibration. Only devices with valid calibration have been used. The devices used in the various tests are recorded in the inspector s documentation. All considerations concerning uncertainty of the measurements, so far applicable, are stated in the inspector s documentation, too. In cases where tests have been executed in an external test lab or in the test lab of the manufacturer and where the results of these tests have been used within the here documented approval, this has occurred after a positive assessment of the external test lab and the achieved test results in detail according to the Quality Management procedure QMA 3.310.05. 4.2 Description and judgement of the safety structure The adjustable frequency AC Drive PowerFlex 753 and 755 provides the safety function Safe Torque Off. The integrated safety function Safe Torque Off has to fulfil the requirements for Performance Level e (PL e) and safety category 3 according to EN ISO 13849-1 and SIL 3 according to IEC 61508, IEC 62061 and IEC 61800-5-2. As the safety function Safe Torque Off provides only a coast-to-stop capability, in application where coasting to a standstill may result in a hazard, additional protective measures, as mechanical brakes, are required. Bericht-Nr.: 968/EZ 334.00/08 Seite 5 von 9

The safety structure of the safety function consists of a dual channel structure. Both independent safety inputs are used for disabling the logical control signals for the output IGBTs that are responsible for motor rotation and torque. All necessary signals to turn the output IGBTs on or off are routed through a buffer line driver. The first safety input is used for switching off the power supply of the driver and of the pull-up resistor of the PWM signal lines. The second safety input is used to disable this driver. A diagnostic processor is used for monitoring the input signals for plausibility. A fault detection takes place by demand of the safety function. A monitoring of the concurrency of the signals is not realized. In case of a detected fault, the diagnostic processor turn off both safety circuits and prevents a release and the system remains in the safe torque off. Most of the faults can be detected on demand of the safety function but not all faults. By organizational measures or by the application it must be ensured that the safety function is requested at least once the year. Measures for fault detection are implemented in the diagnostic processor in order to ensure proper function of the processor. By means of these measures a few failure can be detected but not all. The measures are described in detail in the Product Requirements Specification. The firmware of the diagnostic processor has been developed according to the quality standards of Rockwell. For the realization of the safety function STO following boards are involved: - Control board with among others the Driver chip used to control the IGBT gate signals - Safe Torque Off option board - Back Plane as interface between the Control board and Safe Torque Off option board The Safe Torque Off option board can be used in two different slots of the drive. The other slot can be used by any other board (i.e encoder board).the safety signals as well the signals of the other none safety relevant option boards are routed through the Back Plane. Due to this it must be excluded that faults in the none safety relevant option boards do not cause a bridging of the safety signals. Hence the existing option boards have been analyzed in order to exclude this fault. For future boards the corresponding safety pins will not be fitted. For using the Safe Torque Off option board a jumper on the control board must be removed to prevent that the driver will be supplied by the control board. The necessity of removing this jumper for the operation of the Safe Torque Off option board must be described in the user manual. The jumper can only be reach by means of a tool. A fault message at the drive will be indicated, if the option board is installed and the jumper is not removed. The procedure how to remove the jumper is described in user manual. The STO option board is supplied by the drive mounted power supply with +24 VDC and +/- 12 VDC (PELV). With this described safety structure, the integrated safety function Safe Torque Off fulfils the requirements for safety category 3 and PL e according to EN ISO 13849-1 and can be used in application up to safety integrity level 3 according to IEC 61508, EN 62061 and EN 61800-5-2. Bericht-Nr.: 968/EZ 334.00/08 Seite 6 von 9

4.3 Results of the functional and safety analyses In a common review together with the developer the safety of design of the Hardware has been discussed and analysed. Base on the reviews a failure mode and effect analysis (FMEA) has been performed by Rockwell for providing the evidence that no single fault results in the loss of the safety function. The FMEA has been verified by the Test Institute by a theoretical analysis and selected parts have been tested by Rockwell supervised by an inspector of TÜV Rheinland. Following conditions have to be considered: Both safety inputs have to be used in parallel independent to each other. Due to the fact that a short circuit in the external wiring of the safety inputs will not be revealed by the system a fault exclusion according to DIN EN ISO 13849-2 has to be made. This is possible for example, when the cable is protected against external damage by cable ducting or armouring. The correct function of the safety function has to be verified periodically by requesting the safety function at least once a year. Additional measures must be foreseen, if external forces are effective on the motor axis, such as mechanical brakes. The requirements for the integrated safety function Safe Torque Off according to EN ISO 13849-1 category 3 and PL e and according to IEC 61508, EN 62061 and EN 61800-5-2 SIL 3 are fulfilled. All the required information for a safe use can be found in the user manual. 4.4 Determination of the Safety parameters The architecture of the safety circuit of the safety function Safe Torque Off is entirely redundant. Therefore the Hardware Fault Tolerance (HFT) is determined to 1. That means without the consideration of any diagnostic measures any single fault will not cause the system to fail to danger. The Common Cause factor β has been determined to 2 %. The system provides no online diagnostic. A diagnostic will be carried out on demand of the safety function. Due to the fact that the safety circuit is realized by discrete hardware, the system is considered as a low complex system (Type A System) according to IEC 61508. For the determination of the safety parameters PFD Av and PFH following assumptions have been made: The safe state is the de-energize state. The failure rates are constant over the whole time. The reference condition of the SN29500 are kept. The following results have been determined under an assumption of a proof test interval of 20 years: PFD Av 3.29-10 -5 PFH D = 1,36* 10-9 calculated according to IEC 62061 PFH 3.75-10 -10 1/h calculated according to IEC 61508 MTTF D =1952 years DC av = High Bericht-Nr.: 968/EZ 334.00/08 Seite 7 von 9

The details for the determination of the safety parameters are described in the document STO_FMEA_V0p10_2008-11-13TUV.xls. The safety function Safe Torque Off fulfils the safety parameters for the safety integrity level 3 according to IEC 61508 and PL e according to EN ISO 13849-1. 4.5 Judgement of the measures for the fault avoidance The developing of the integrated safety function of the PF753/PF755 has been carried out according to the requirements of IEC 61508. The required documents to the different phases of the life cycle have been produced and the relevant measures for fault avoidance according to IEC 61508 have been applied. These documents are present at the Test Institute. Furthermore the Quality Management System of Rockwell is certified according to ISO 9001 for design, manufacture, distribution and service of automation components and systems. The certificate is present at the Test Institute. The measures for the fault avoidance which have been carried out by Rockwell for the developing of the integrated safety function of the PF753/PF755 are sufficient to fulfil the requirements for SIL 3 according to the IEC 61508. 4.6 Electrical safety TÜV Rheinland of North America (TRNA) has performed the electrical safety certification according to EU Low Voltage Directive (LVD) and to EN 61800-5-1. The results are documented in the summary report-no.: 30771465.004 dated 2008-11-10 and confirm, that the PF753/PF755 fulfils requirements according to the EU Low Voltage Directive (LVD) and to EN 61800-5-1 for the above mentioned models. The results are accepted by the Test Institute. 4.7 Environmental tests The environmental tests according to EN 61800-5-1 have been carried out by TRNA. The results of these tests are documented in the summary report: 30771465.004 dated 2008-11- 10 and confirm, that the requirements according to EN 61800-5-1 are fulfilled. The results are accepted by the Test Institute. 4.8 EMC/EMI contemplation The results of the EMC tests are documented in the summary report-no.: 30781469.004- NBO and confirm, that the requirements for EMC conformity according to EN 61800-3 are fulfilled. Further increased levels according to EN 62061 have been applied. The results are accepted by the Test Institute. Bericht-Nr.: 968/EZ 334.00/08 Seite 8 von 9

5. Summary The type approval of the safety function Safe Torque Off within the adjustable frequency AC Drives PF753 and PF755, manufactured by Rockwell Automation, Inc., came to the result, that the requirements of the applicable standards, which are listed in clause 2, are met. Furthermore the inspection of the safety function Safe Torque Off of the adjustable frequency AC Drives PF753 and PF755 came to result that the safety function fulfils the requirements for safety category 3 and PL e according to EN ISO 13849-1 and Safety Integrity Level 3 according to IEC 61508, EN 62061 and EN 61800-5-2 under the following prerequisites: Both safety inputs have to be used in parallel independent to each other. Due to the fact that a short circuit in the external wiring of the safety inputs will not be revealed by the system, a fault exclusion according to DIN EN ISO 13849-2 has to be made. This is possible for example, when the cable is protected against external damage by cable ducting or armouring. The correct function of the safety function has to be verified periodically by requesting the safety function at least once a year. Additional measures must be foreseen, if external forces are effective on the motor axis, such as mechanical brakes. The above listed conditions and the user manuals must be considered. Cologne, 2008-12-08 TIS/ASI/Kst 968 stf-ta The expert Dipl.-Ing. Thomas Steffens Bericht-Nr.: 968/EZ 334.00/08 Seite 9 von 9

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback