This example depicts the prerequisites and wiring for an emergency stop that fulfills the requirements according to
IEC 60204-1:2016 stop category 1 (a controlled stop with power available to the machine actuators to achieve the stop and then removal of power when the stop is achieved)
ISO 13849-1:2015 PLe, Cat. 3
IEC 61508:2010 SIL3
IEC 61800-5-2:2017 SS1 (Safe stop 1)
When the Emergency Stop Device (such as a push button or a light curtain) signals the execution of an emergency stop, two redundant sets of contactors are triggered:
K1/K2 gives immediately the signal to the Master PLC/IPC Digital Input. When the Digital Input is logical 0, the Master PLC/IPC shall request “quick stop” via EtherCAT Controlword 0x6040.
K3/K4 are triggered after a configurable time delay. During the time delay, the machine can be gracefully controlled to a stop before the activation of the SOMANET Node STO-SBC function.
SOMANET Node Safety
Emergency stop device
Power supply (PELV)
It is necessary to use a momentary switch for Reset/Start function to fulfill the requirement regarding emergency stop “The reset of the emergency stop command shall not restart the machinery.”
For a PLe, SIL 3 system please regard the requirements for fault exclusion between the STO-SBC 1 and STO-SBC 2 signals.
Calculate the PFHd (high demand mode) or PFD (low demand mode) of the whole safety function with the values given by the device’s safety manual. Verify that the PFD/PFHdsafety function is sufficiently low for the desired safety level. You can find the values for SOMANET Circulo here.
Test and validate the safety functions before taking the system is put into operation.