PAM & SAM System User's Manual Part 3: Safety and ... - Kollmorgen

More documents

Recommendations

Info

PART 3 - SAFETY AND PROTECTIVE FUNCTIONS INTRODUCTION Controlled stop without removal of power (STOP 2): This is a controlled stop with power left available to the PDS. It corresponds to category 2 of IEC 60204-1. Emergency Stop: The Emergency Stop shall function as either an uncontrolled stop (STOP 0) or a controlled stop followed by removal of power (STOP 1). The choice of the stop function shall be determined by a risk assessment of the machine. It must satisfy the following conditions: - it shall override all other functions in all modes; - power to the motors shall be removed as quickly as possible without creating other hazards; - reset shall not initiate a restart. Power removal: Power removal requires the power supply to the motor to be interrupted safely. During power removal, it shall not be possible for the motor to generate a torque resulting in hazardous movements. Measures according to i.e. Safety Category 3 shall be taken for both electromechanical and electronic means of power removal. Electronic means shall have the same safety integrity as electromechanical means. STOP Suitable measures for power removal are for example, a line contactor between the power supply and the PDS, a motor contactor between the Drive and the motor, or safe pulse blocking of the Drive output semi-conductors. - Electronic means are not adequate for protection against electric shock. - Additional measures may need to be considered to prevent stored mechanical energy from creating a hazard. - If external power influences (i.e. falling of suspended loads) are present after power removal, additional measures (i.e. mechanical brakes) shall be provided to prevent any hazard. Prevention of unexpected start-up (Safe Standstill): In some types of operations, persons exposed to moving parts of a machine can be subjected to significant risks of injury by inadvertent start-up of the machine. The PDS shall be safeguarded by technical measures against a faulty, unexpected start-up. Restarting the PDS must require a positive action such as operation of a pushbutton. Category 3 (Type 3): the term “category 3” relates to standard ISO IEC 13849-1 (EN 954-1) "Safety of Machinery - Safety-related parts of control systems", Part 1: "General Principles for Design". It is also named " type 3" in IEC 61800-5 draft. The ISO IEC 13849-1 (EN 954-1) standard says: Safety-related parts shall be designed so that: - a single fault in any of these parts does not lead to the loss of the safety function - whenever reasonably practicable the single fault is detected The standard makes the following references to system behavior: - When the single fault occurs the safety function is always performed. - Some but not all faults will be detected - Accumulation of certain faults can lead to the loss of the safety function. The standard also says that principles to achieve safety are mainly characterised by structure, and requires the use of well-tried safety principles. PAM with SAM System Users Handbook P/n 9032 011 983, October 6, 2000 Page: 6
PART 3 - SAFETY AND PROTECTIVE FUNCTIONS IMPLEMENTATION Implementation General Circuit Configuration Figure 1 illustrates a general system/machine level circuit configuration designed to satisfy the requirement of IEC/EN Standard 60204-1 regarding starting and stopping of electrical equipment in industrial machinery. A PAM with SAM system with one SAM Supply and two SAM Drives is shown; however, the concepts illustrated in Figure 1 are applicable to systems with more axes. This implementation which utilizes the built-in SAM safety and protective functions, in combination with external components, satisfies the requirements for a “safe power removal process” and prevention of unexpected start-up. Figure 1 shows standard components (switches, relays, etc.) for the sake of explaining the functionality. Achieving safety category 3 at machine level usually requires the use of redundant, safety certified relays and switches in place of single standard components. Refer to Table 1 for a functional description of the components shown in Figure 1. The system in Figure 1 has been implemented with an electromechanical brake on axis 2. Axis 1 is equipped with short-circuit dynamic braking (via K 9 and R B ). K 9 is de-energized whenever the SAM Drive is not controlling the motor. In addition, axis 2 is shown with additional features (K 7 and others) providing a “safe power removal” and preventing unexpected start-up. A PLC performing overall machine control also inputs to the circuit. Fast DC Bus Discharge STOP If no Fast DC-bus Discharge means is used, hazardous and lethal voltages remain for 60 seconds after removing power. Should additional DC-bus Capacitors be used, then a Fast DC-bus Discharge circuit must be used in order to keep the discharge time within 60 seconds. It shall also be used if for any reason a shorter discharge time is required. PAM with SAM System Users Handbook Page: 7 P/n 9032 011 983, October 6, 2000
Page 1 and 2: PAM & SAM System User’s Manual Pa
Page 3 and 4: PART 3 - SAFETY AND PROTECTIVE FUNC
Page 5: PART 3 - SAFETY AND PROTECTIVE FUNC
Page 15: PART 3 - SAFETY AND PROTECTIVE FUNC

PAM & SAM System User's Manual Part 3: Safety and ... - Kollmorgen

Create successful ePaper yourself

Delete template?

Save as template?