Using the safety functions

Timing diagrams

Timing diagram for STO-function without SBC

../../../../_images/timing_sto1.png

Timing diagram for STO-function with SBC-function

../../../../_images/timing_sto-sbc1.png

Truth table for digital inputs

Digital input STO-SBC 1 Digital input STO-SBC 2 Internal fault Feedback Output Safety Statusword Error entry
0 0 no 1 (closed) 1  
0 1 no 0 (open) 1 “SfeDilvd”
1 0 no 0 (open) 1 “SfeDilvd”
1 1 no 0 (open) 0  
X X yes 0 (open) 1 “SfeFault”

Diagnostic functions

Fault diagnostics

The safety node has two integrated diagnostic functions:

  • Comparing safety digital input statuses. The fault is activated after 100ms discrepancy of the STO-SBC inputs. In case a fault is detected, the servo drive will enter Fault state and indicate a fault “SfeDilvd” in the Error Report object.
  • During the activation of the STO-SBC function the servo drive verifies that the two channels of the module are internally operating correctly. In case an internal fault is detected, the servo drive will enter Fault state and indicate a fault “SfeFault” in the Error Report object.

Fault reaction

In case a fault has been detected, the drive will stay in fault state until manual reset has been given and the brake is closed.

Resetting diagnostic faults

To reset a fault condition, please:

  • request STO/SBC (for example by activating the emergency stop device) and
  • reset the fault

Attention

When the fault resetting was not successful, power cycle the servo drive and investigate the reason for the failure.

STO-SBC status register

The Safety Statusword indicates the current state of safety functions and Safety Digital Input Diagnostics shows the state of the Safety Module inputs.

Index Name Descriptions
0x6621 Safety Statusword

Subindex:

1 - Bit 1: STO status is the first bit of byte

2 - Bit 2: SBC status is the first bit of byte

STO/SBC status:

0: is not active

1: is active

0x2611 Safety Digital Input

Subindex:

1 - Input 1:

2 - Input 2:

Input 1/2:

0: Input is low

1: Input is high

Note

Using the SBC function while running the motor may damage the brake due to mechanical stress. During normal operation it is recommended to activate STO-SBC after the motor has come to a halt e.g. by introducing a delay with an external safety logic device such as a safety timer. This way an equivalent of SS1 with time monitoring is implemented.

Attention

The STO-function does not provide electrical isolation from the mains supply. If electrical changes need to be carried out on the system (e.g. modifying the motor cabling), the servo drive shall be completely isolated from mains supply with a mechanical switch.

Use cases

STO-SBC use cases are not limited to the cases presented in this section:

Emergency stop

  • The STO and SBC functions can be used for implementing the category 0 emergency stop function according to IEC 60204-1:2016.

  • Emergency stop function can be done

    • With an emergency stop switch connected directly to control the STO-SBC input signals
    • With an emergency stop relay + emergency stop switch.
    • With safety PLC + emergency stop switch.

Please read the section about the working principle of the Safety Module.

All cases above requires correct behaviour from the controlling PLC (can be a non-safety PLC). After resetting the emergency stop function, a separate and deliberate action must be used to restart the system.

Attention

IEC 60204-1:2016 requires “reset shall not initiate a restart” regarding emergency stop.

Prevention of unexpected start-up

STO and SBC function can be used when power removal is required to prevent an unexpected start-up according to ISO 14118. A lockable safety switch for activating the STO-SBC function is required.

The function “Prevention of unexpected start-up” can be used for system maintenance activities (e.g. Repairing/cleaning activities inside hazardous areas)