NHP SAFETY REFERENCE GUIDE

Similar documents
Application Technique. Safety Function: Safety Camera with E-stop

NHP SAFETY REFERENCE GUIDE

Application Technique. Safety Function: SensaGuard Non-contact Interlock Switch

NHP SAFETY REFERENCE GUIDE

NHP SAFETY REFERENCE GUIDE

NHP SAFETY REFERENCE GUIDE

Safety Function: Safety Camera

NHP SAFETY REFERENCE GUIDE

NHP SAFETY REFERENCE GUIDE

NHP SAFETY REFERENCE GUIDE

Application Technique. Safety Function: Safe Limited Speed and Safe Maximum Speed

NHP SAFETY REFERENCE GUIDE

NHP SAFETY REFERENCE GUIDE

Application Technique. Products: Guardmaster 440C-CR30 Configurable Safety Relay, PowerFlex 755 Drive. Safety Rating: CAT. 3, PLe to ISO : 2008

NHP SAFETY REFERENCE GUIDE

Safety Function: Door Locking and Monitoring Products: TLS3-GD2 GuardLogix Controller POINT Guard Safety I/O Modules

GuardLogix: Safety Gate Application with SensaGuard Switch

Specifications. Functional Safety Data Note: For up-to-date information, visit Certifications.

Using GuardShield Light Curtains (Safe 4, Micro 400, or 440L), with ArmorBlock Guard I/O and SmartGuard Controller

GuardLogix: Dual Zone Gate Protection with E-stop and Trojan Interlock Switch

SensaGuard. Description. Features. Benefits. Specifications

NHP SAFETY REFERENCE GUIDE

Using a Guard Locking Interlock Switch and Light Curtains with DeviceNet Guard I/O and a GuardLogix Controller

GuardLogix: TLS Guardlocking Application

Safety Function: Actuator Subsystems Stop Category 1 via the PowerFlex 525 and PowerFlex 527 Drives with Safe Torque-off

NHP SAFETY REFERENCE GUIDE

Using TLS3-GD2 Guardlocking Interlock with ArmorBlock Guard I/O and SmartGuard Controller

Application Technique. Products: Guardmaster 440C-CR30 Configurable Safety Relay, PowerFlex 525 AC Drive

Safety Function: Muting Products: Light Curtain RightSight Optical Sensors GuardLogix Controller

Using the Safety Distribution R Box

PowerFlex 70 Safe-Off Control EtherNet/IP Guard I/O Safety Module and GuardLogix Integrated Safety Controller

3-56. General 1-2-Opto-electronics 3-Interlock. Switches. Operator. Interface. Logic Power. Safety Switches Non-Contact Switches SensaGuard

DriveGuard. Safe-Off Option for PowerFlex 70 AC Drives. User Manual.

Teaching Color-Sensing Connected Components Building Block. Quick Start

Actuator Subsystems Stop Cat. 0 or 1 via an Integrated Safety Controller and PowerFlex 527 Drive with Hardwired Safe Torque Off Safety Function

Solar Combiner Enclosure

SensaGuard 18 mm Barrels

Differential Liquid/Gas Pressure Transmitter

PowerMonitor 5000 Unit Catalog Number Upgrade

Digital ac/dc (24V) Input Module

Color-Sensing Connected Components Building Block. Quick Start

PowerFlex 700H AC Drive Safe Torque Off Option

Installation Instructions

Installation Instructions

GuardLogix Controller to Kinetix 6000 Drive with Safe-Off using EtherNet/IP CompactBlock Guard I/O Module

PCI Expansion Slot Kit for 6181P (1500P) Series D Integrated Display Computer

Kinetix 6000 Axis Module and Shunt Module

Non-contact Machine Safeguarding with RFID Technology. LED offers diagnostics for switch status, margin alignment, and fault finding

PowerMonitor 1000 Unit Catalog Number Upgrade

SmartGuard 600 Controllers

Next Generation Guardmaster Safety Relay (GSR)

Installation Instructions

ControlLogix SIL2 System Configuration

InView Firmware Update

The Guardmaster 440C-CR30 Software Configurable Safety Relay Training Demo Lab. For Classroom Use Only!

SECTION 16 LED DIAGNOSTIC FEATURES: EXPANSION UNITS: SCR-31P-i. SCR-73-i. SEU-31-i. SCR-31-42TD-i. SEU-31TD-i

Adapter Kit for PanelView 1200/1200e Touch Screen Terminal Cutout

CompactLogix Power Supplies Specifications

Installation Instructions

Kinetix 300 Memory Module Programmer

GV3000/SE General Purpose (Volts/Hertz) and Vector Duty AC Drive, HP, 230V AC

InView Communication Modules

SMARTSCAN INFORMATION

T4HD: Installation Supplement R8.1.13

EH-RIO IP67 Profibus-DP I/O modules

Copyright 2011 Rockwell Automation, Inc. All rights reserved. Next Generation Guardmaster Safety Relay Platform Overview

Original operating instructions Safety relay with relay outputs with and without delay G1502S / / 2016

Guard-Locking Proximity Inputs Safety Relay

Safety Light Curtains GuardShield Remote Teach

Bul. 440R Guardmaster Safety Relays (DI, DIS, SI, CI, EM, and EMD) Selection Guide

POINT Guard I/O Safety Modules

FSO Webnair FSO Safety Functions Module. ABB Group February 11, 2015 Slide 1

L01 - Effective Design Methods for Integrating Safety Using Logix Controllers. For Classroom Use Only!

Presence Sensing Safety Devices

Micro800 Programmable Controllers: Getting Started with Motion Control Using a Simulated Axis

Guardmaster Safety Relays DI, DIS, SI, CI, GLP, EM, And EMD

Allen-Bradley Motors

Tongue Switches Visit our website: Interlock. Switches. Safety Switches. Trojan 5 & 6. Specifications.

Options for ABB drives. User s manual Emergency stop, stop category 0 (option +Q951) for ACS880-07/17/37 drives

Original operating instructions Fail-safe inductive sensor GI711S / / 2010

Muting Applications with the MSR300 Table of Contents

POINT Guard I/O Safety Modules

Original operating instructions Safety relay with relay outputs G1501S / / 2016

Bidirectional (4-sensor, T-type) Muting With MSR42 Relay Connected Components Building Block

DeviceNet ArmorBlock Network Powered 16-input Module

ArmorPoint I/O Field Potential Distributor, Series A

Original operating instructions Fail-safe inductive sensor GF711S / / 2013

SequenceManager Controls

Bidirectional (2-sensor, T-type) Muting With Enable Using MSR42 Relay Connected Components Building Block

SafeC S to MSR127 Conversion

Guard I/O EtherNet/IP Safety Modules

Zener Barriers Bulletin 937Z

SIRIUS Safety Integrated. Modular safety system 3RK3

1. Introduction. 2. Design. Safety and Emergency Stop Circuit Design Standard. Safety and Emergency Stop Circuit Design Standard.

Safety. Detection. Control. MAGNUS RFID ENG - REV

Simple Package Measurement Connected Components Building Block. Quick Start

PowerFlex 750-Series Safe Torque Off Option Module

The SMART Non-contact Safety Sensor SRF With an innovative diagnostic system

1. Summary. 2. Contacts. Safety Controls Guidelines. Table of Contents

PROFIBUS 1732 ArmorBlock I/O, Series A

Transcription:

NHP SAFETY REFERENCE GUIDE GSR SAFETY FUNCTION DOCUMENTS SensaGuard Non-contact Interlock Switch with E-stop

Table of Contents: Important User Information 45 General Safety Information 45 Introduction 46 Safety Function Realization: Risk Assessment 46 SensaGuard Switch Safety Function 46 Safety Function Requirements 46 Functional Safety Description 46 Bill of Material 46 Setup and Wiring 47 Configuration 49 Calculation of the Performance Level 53 Verification and Validation Plan 56 Additional Resources 57 NHP Safety Reference Guide > Safety Function Documents: GSR 6B-47

Important User Information Read this document and the documents listed in the additional resources section about installation, configuration, and operation of this equipment before you install, configure, operate, or maintain this product. Users are required to familiarize themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws, and standards. Activities including installation, adjustments, putting into service, use, assembly, disassembly, and maintenance are required to be carried out by suitably trained personnel in accordance with applicable code of practice. If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be impaired. In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the use or application of this equipment. The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or liability for actual use based on the examples and diagrams. No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or software described in this manual. Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation, Inc., is prohibited. Throughout this manual, when necessary, we use notes to make you aware of safety considerations. WARNING: Identifies information about practices or circumstances that can cause an explosion in a hazardous environment, which may lead to personal injury or death, property damage, or economic loss. ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property damage, or economic loss. Attentions help you identify a hazard, avoid a hazard, and recognize the consequence. Identifies information that is critical for successful application and understanding of the IMPORTANT product. Labels may also be on or inside the equipment to provide specific precautions. SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous voltage may be present. BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may reach dangerous temperatures. ARC FLASH HAZARD: Labels may be on or inside the equipment, for example, a motor control center, to alert people to potential Arc Flash. Arc Flash will cause severe injury or death. Wear proper Personal Protective Equipment (PPE). Follow ALL Regulatory requirements for safe work practices and for Personal Protective Equipment (PPE). General Safety Information Contact NHP to find out more about our safety risk assessment services. IMPORTANT WARNING: This application example is for advanced users and assumes that you are trained and experienced in safety system requirements. ATTENTION: Perform a risk assessment to make sure all task and hazard combinations have been identified and addressed. The risk assessment can require additional circuitry to reduce the risk to a tolerable level. Safety circuits must take into consideration safety distance calculations, which are not part of the scope of this document. NHP Safety Reference Guide > Safety Function Documents: GSR 6B-48

Introduction This safety function application note explains how to wire and configure a Guardmaster dual-input safety relay (GSR DI) to monitor both an E-stop and SensaGuard switch. When a person opens the moveable door, or the E-stop is actuated, or a fault is detected in the monitoring circuit, the GSR DI relay de energizes the final control devices, in this case, a pair of 100S safety contactors. E-stops are required in most applications. Safety systems requiring both a sensing device, like a SensaGuard switch and an E-stop combination, are common. The GSR DI relay makes this easy to implement in a single safety relay. Safety Function Realization: Risk Assessment The required performance level is the result of a risk assessment and refers to the amount of the risk reduction to be carried out by the safety-related parts of the control system. Part of the risk reduction process is to determine the safety functions of the machine. In this application, the performance level required (PLr) by the risk assessment is Category 3, Performance Level d (CAT. 3, PLd), for each safety function. A safety system that achieves CAT. 3, PLd, or higher, can be considered control reliable. Each safety product has its own rating and can be combined to create a safety function that meets or exceeds the PLr. SensaGuard Switch Safety Function This application includes two safety functions: 1. Safety-related stop function initiated by the SensaGuard switch. 2. Emergency stop initiated by actuation of an emergency pushbutton. This system executes a Stop category 0 stop. Power is removed and motion coasts to a stop. Safety Function Requirements When the moveable door is opened, the SensaGuard switch sends a signal to the Guardmaster Safety Relay (GSR) to de-energize outputs, stopping the hazardous motion by removal of power to the motor. The system cannot be reset while the moveable door is open. Once the door is closed, and the Reset button is pressed and released (a separate action), hazardous motion resumes. Pressing the E stop button stops the hazardous motion by removal of power to the motor. Releasing the E-stop does not restart the hazardous motion. Pressing and releasing the Reset button after the E stop has been reset and all faults are cleared, results in the restoration of the hazardous motion. A fault at the SensaGuard switch, wiring, or safety relay is detected before the next safety demand. The safety system described in this application technique is capable of connecting and interrupting power to motors rated up to 9A, 600V AC. The safety functions in this application technique each meet or exceed the requirements for Category 3, Performance Level d (CAT. 3, PLd), per EN ISO 13849 1 and control reliable operation per ANSI B11.19. Functional Safety Description When the moveable door is opened, hazardous motion is stopped and prevented from restarting, and does not start until the moveable door is closed and the Reset button is pressed and released. When the E-stop is pressed, the hazardous motion is stopped and prevented from restarting, and does not start until the E-stop is released and the Reset button is pressed and released. Bill of Material This application uses these products. Catalog Number Description Qty 440N-Z21SS2HN SensaGuard switch, plastic, rectangular, 1 2 x PNP, 0.2 A, maximum safety output, 6 in. pigtail, 8-pin micro (m12), margin indication. 889D-F8AB-2 DC Micro (M12), female, straight, 1 8-pin, PVC Cable, yellow, unshielded, 24 AWG, IEC color-coded, no connector, 2 m (6.56 ft). 800FM-G611MX10 800F push button, metal, guarded, 1 blue, R, metal latch mount, 1 N.O. contact, 0 N.C. contact, standard d standard pack (qty. 1). 800F-1YP3 800F 1-hole enclosure, E-stop station, 1 plastic, PG, twist-to-release 40 mm, non-illuminated, 2 N.C. 440R-D22R2 Guardmaster safety relay, 2 dualchannel 1 universal inputs, 1 N.C. solid-state auxiliary output 100S-C09EJ23BC Modular Control System 100S-C safety contactor, 9 A, 24V DC 2 NHP Safety Reference Guide > Safety Function Documents: GSR 6B-49

Setup and Wiring For detailed information on installing and wiring, refer to the publications listed in the Additional Resources on the back cover. System Overview When the moveable door is opened, the SensaGuard switch turns off its two PNP Output Signal Switching Devices (OSSD), Safety A and Safety B. The safety relay responds by opening its two output relays. This removes 24V DC from the coils of the two safety contactors whose contacts open, removing power to the motor. The motor coasts to a stop (Stop Category 0). When the door is closed, the SensaGuard OSSDs, Safety A and Safety B, turn on. The SensaGuard switch monitors its internal circuitry and its OSSDs for faults. When a fault in the internal circuitry or an output is detected, the SensaGuard switch responds by turning off its OSSDs. The Guardmaster dual-input safety relay s (GSR Dl) pulse test outputs, S11 and S21, are run through the two N.C. contacts of the E-stop to inputs S12 and S22, respectively. When the E-stop is pressed and released, these circuits are interrupted. The GSR DI relay responds by turning, opening its safety contacts, removing power from the 100S contactor coils, and removing 24V DC from the coils of the two 100S contactors whose contacts open, thereby moving power to the motor. The motor coasts to a stop (Stop Category 0). The GSR Dl relay monitors the E-stop circuit for faults. Loose wires, shorts to 24V DC, shorts to GND, contacts failed closed, and cross faults, are detected. When a fault is detected, the GSR Dl relay responds by turning, opening its safety contacts, removing power from the 100S contactor coils, and removing 24V DC from the coils of the two 100S contactors whose contacts open, and thereby removing power to the motor. The motor coasts to a stop (Stop Category 0). Two N.C. contacts, one from each of the safety contactors, are connected as part of the reset circuit. The safety relay can be reset only if both safety contactors are in a proper de-energized state. The safety relay cannot be reset while the E-stop remains actuated or while the SensaGuard OSSDs are off. Once the E-stop has been released and/or the SensaGuard OSSDs turn on, the Reset button is pressed and released, (a separate, deliberate action), hazardous motion resumes. The Reset button must be pressed for more than a quarter second and less than three seconds. Both a shorter press and a longer press are ignored. The safety relay checks itself for internal faults, faults on its inputs and wiring, and monitors the safety contactors via the contactors N.C. contacts in the reset circuit. No single fault results in the safety system failing to perform its safety function. A single fault is detected before the next demand on the safety system. The system cannot be reset until the fault is corrected. Installation Refer to the installation instructions and user manuals listed in the Additional Resources on the back cover, for guidance on installing and maintaining the different parts of this system. The size of the openings must prevent the operator from reaching the hazard. Table O-10 in U.S. OHSA 1910.217 (f) (4), EN ISO 13854, Table D-1 of ANSI B11.19, Table 3 in CSA Z432, and AS4024.1, provide guidance on the appropriate distance a specific opening must be from the hazard. Radio Frequency Identification Non-Contact Interlock Switches Non-contact interlock switches based on Radio Frequency Identification (RFID) technology can provide a very high level of security against defeat by simple tools. This technology can also be used to provide devices with unique coding for applications where security is paramount. The use of RFID technology has many other important advantages. It is suitable for use with high integrity circuit architectures, such as Category 4, Performance Level e, or SIL 3. It can be incorporated into devices with fully-sealed IP69K enclosures manufactured from plastic or stainless steel. When RFID technology is used for coding, and inductive technology for sensing, a large sensing range and tolerance to misalignment can be achieved, typically 15 25 mm. This means that these devices can provide very stable and reliable service, combined with high levels of integrity and security, over a wide range of industrial safety applications. The Allen-Bradley Guardmaster SensaGuard switch interlocks use RFID technology. NHP Safety Reference Guide > Safety Function Documents: GSR 6B-50

Electrical Schematic Brown White Aux Contact Blue E-stop Reset SensaGuard Pink Power In 1 In 2 Out Logic LOGIC PULSE NHP Safety Reference Guide > Safety Function Documents: GSR 6B-51

Configuration Typical Wiring Diagrams Description Plastic Stainless Steel 3-Shield 8-pin Micro (M12) 8-Safety A+ 8-Safety A+ 4-Safety B+ 4-Safety B+ 8-pin Cordset 889D-F8AB- 1 or cable version Misalignment Curves 5-Safety A 7-Ground 6-Safety B Safety A Safety A Safety A+ Safety A+ Pink Safety B Safety B Safety B+ Safety B+ White Aux A Aux A Brown 24V DC+ 24V DC+ Blue Gnd Gnd Green NA Shield 1 Replace symbol with 2 (2 m), 5 (5 m), or 10 (10 m) for standard cable lengths. 5-Safety A 18 mm Stainless Steel Barrel 18 mm Plastic Barrel 7-Ground 6-Safety B Sensing Distance OFF Side Lobe Assured Sensing Distance OFF ON OFF Side Lobe Face to Face Distance - mm OFF Side Lobe Assured Sensing Distance ON OFF Side Lobe Misalignment Lateral Misalignment Tolerance mm (in) Maintain a minimum spacing of 4 mm (0.157 in.) if actuator and sensor face approaches laterally. This prevents false triggering due to the side lobe areas. NHP Safety Reference Guide > Safety Function Documents: GSR 6B-52

Misalignment Curves (cont) 30 mm Plastic Barrel Large Rectangular Flat Pack Face to Face Distance - mm OFF Side Lobe Assured Sensing Distance ON OFF Side Lobe Misalignment (mm) Assured Sensing Distance Side Lobes Side Lobes Sensing Distance (mm) Assured Make: 15 mm Assured OFF: 27 mm Lateral Misalignment Tolerance mm (in) Maintain a minimum spacing of 9 mm (0.35 in.) if actuator and sensor face approaches laterally. This prevents false triggering due to the side lobe areas. Minimum Distance Between Sensors 18 mm Actuator 18 mm Actuator 30 mm Actuator 50 mm 70 mm 100 mm Sensor 1 Sensor 2 Sensor 1 Sensor 2 Sensor 1 Sensor 2 Stainless Steel Barrel Plastic Barrel Plastic Barrel 200 mm NHP Safety Reference Guide > Safety Function Documents: GSR 6B-53

Diagnostic 24V DC Power Supply 1606 -XL120D Actuator 1 Actuator 2 Actuator 3 Actuator 4 Actuator 5 Switch 1 Switch 2 Switch 3 Switch 4 Switch 5 Pink Brown Pink Brown Pink Brown Pink Brown Pink Brown White Recoverable Fault Actuator 1 is in sensing range Actuator 2 is in sensing range Switch 1 is functioning properly Switch 2 is functioning properly OSSDs are energized to 24V DC OSSDs are energized to 24V DC Green status indicator is ON Green status indicator is ON Actuator 3 is in sensing range Switch 3 has fault See table below status indicator is flashing Actuator 4 is in sensing range Actuator 5 is in sensing range. Switch 4 is functioning properly Switch 5 is functioning properly OSSDs Series inputs are 0V DC Series inputs are 0V DC are Off OSSDs are de-energized to 0V DC OSSDs are de-energized to 0V DC Green status indicator is flashing to Green status indicator is indicate series inputs are not 24V flashing to indicate series DC inputs are not 24V DC Status Indicators (per IEC 60073) State Status Troubleshooting Off Not Powered NA Not Safe, Output Off NA Green Safe, Output On NA Device Output Status Indicator Green Power-up Test Flashing 1 Hz Flash Recoverable Fault Flashing 4 Hz Flash Nonrecoverable Fault Amber Safe, output on, sensor is Flashing reaching maximum sensing distance Check 24V DC on safety + outputs (yellow and red wire) Recoverable Fault: Check that safety outputs are not shorted to GND, 24V DC or each other. Cycle power. Readjust the distance between the actuator and the sensor until output status is green. NHP Safety Reference Guide > Safety Function Documents: GSR 6B-54

Unit Response Time RT 24V DC Power +24 Supply 1606 Actuator 1 Sensor 1 White Actuator 2 Sensor 2 White Pink Actuator 3 Sensor 3 Pink White 440R-N23126 OFF Initial Conditions: All actuators are in sensing distance. Actuator 1 is moved out of sensing range. Sensor 2 drops the 24 volts (red and yellow) from Sensor 1 OSSD outputs. Green LED flashes. Sensor 3 drops the 24 volts (red and yellow) from Sensor 2 OSSD outputs. Green LED flashes. 0 ms 54 ms 72 ms 90 ms ON Actuator 1 is out of sensing range. Actuator 2 and 3 are in sensing range. Actuator 1 is moved into sensing range. Sensor 1 OSSD outputs are energized. Sensor 2 OSSD inputs (red and yellow) transition to 24V DC from Sensor 1 OSSD outputs. Sensor 2 OSSD outputs are energized. Sensor 3 OSSD inputs (red and yellow) transition to 24V DC from Sensor 2 OSSD outputs. Sensor 3 OSSD outputs are energized. 0 ms 360 ms 378 ms 396 ms The 440R-D22R2 safety relay (DI) must be configured LOGIC 2, (L12) OR (IN1 and IN2). LOGIC LOGIC Configure the safety relay for LOGIC 2 as per the installation instructions, publication 10000175129, ver. 00. NHP Safety Reference Guide > Safety Function Documents: GSR 6B-55

Calculation of the Performance Level The Performance Level required (PLr) from the risk assessment is Category 3, Performance Level d (CAT. 3, PLd). When properly implemented, the safety functions described here can achieve Category 4, Performance Level e (CAT. 4, PLe), according to EN ISO 13849-1: 2008, as calculated by using the SISTEMA Software PL Calculation Tool. Calculations are based on each safety function being operated once an hour, 24 hours a day, 365 days a year, for a total of 8760 operations a year. The 100S contactors are used in both safety functions; therefore, their calculations are based on 17,520 operations per year. Overall Safety Product Performance Level The safety system includes two safety functions, a SensaGuard switch safety function and an E-stop safety function. The two safety functions can be represented in block diagrams. INPUT LOGIC OUTPUT 100S K1 SensaGuard GSR DI 100S K2 Sub System 1 Sub System 2 Sub System 3 NHP Safety Reference Guide > Safety Function Documents: GSR 6B-56

Calculation of the Performance Level (cont) Subsystems: SensaGuard switch, safety relay, and safety contactors safety functions modeled as shown below. The E-stop safety function is represented below. INPUT LOGIC OUTPUT E-stop 1 B1/E1 100S K1 GSR DI E-stop 1 B2/E2 100S K2 Sub System 1 Sub System 2 Sub System 3 Subsystems: E-stop, safety relay, and safety contactors safety functions modeled as shown below. NHP Safety Reference Guide > Safety Function Documents: GSR 6B-57

Calculation of the Performance Level (cont) Because these are electro-mechanical devices, the E-stop and safety contactors data includes: Mean Time to Failure, dangerous (MTTFd) Diagnostic Coverage (DCavg) Common Cause Failure (CCF) Electro-mechanical devices functional safety evaluations include: how frequently they are operated whether they are effectively monitored for faults whether they are properly specified and installed SISTEMA software calculates the MTTFd by using B10d data provided for the contactors along with the estimated frequency of use, entered during the creation of the SISTEMA project. The DCavg (99%) for the contactors is selected from the Output Device table of EN ISO 13849-1 Annex E, Direct Monitoring. The DCavg (99%) for the E-stop is selected from the Input Device table of EN ISO 13849-1 Annex E, Cross Monitoring. The CCF value is generated by using the scoring process outlined in Annex F of EN ISO 13849-1. The complete CCF scoring process must be performed when actually implementing an application. A minimum score of 65 points must be achieved. Verification and Validation Plan Verification and validation play important roles in the avoidance of faults throughout the safety system design and development process. EN ISO 13849-2 sets the requirements for verification and validation. The standard calls for a documented plan to confirm all of the safety functional requirements have been met. Verification is an analysis of the resulting safety control system. The Performance Level (PL) of the safety control system is calculated to confirm that the system meets the required Performance Level (PLr) specified. The SISTEMA software is typically used to perform the calculations and assist with satisfying the requirements of EN ISO 13849-1. Validation is a functional test of the safety control system to demonstrate that the system meets the specified requirements of the safety function. The safety control system is tested to confirm that all of the safety-related outputs respond appropriately to their corresponding safety-related inputs. The functional test includes normal operating conditions in addition to potential fault inject of failure modes. A checklist is typically used to document the validation of the safety control system. Prior to validating the Guardmaster Safety Relay (GSR) system, you must confirm that the GSR relay has been wired and configured in accordance with the installation instructions. NHP Safety Reference Guide > Safety Function Documents: GSR 6B-58

GSR Light Curtain Safety Function Verification and Validation Checklist GENERAL MACHINERY INFORMATION Machine Name / Model Number Machine Serial Number Customer Name Test Date Tester Name(s) Schematic Drawing Number Guardmaster Safety Relay Model Safety Wiring and Relay Configuration Verification Test Step Verification Pass/Fail Changes/Modifications Visually inspect the safety relay circuit to verify it is wired as documented in the schematics. Visually inspect the SensaGuard switch to verify it is configured as documented. Visually inspect the safety relay rotary switch settings to verify they are correct as documented. Normal Operation Verification The safety relay system properly responds to all normal Start, Stop, E stop and Reset Commands. Test Step Verification Pass/Fail Changes/Modifications Initiate a Start command. Both contactors energize for a normal machine run condition. Verify proper machine status indication and safety relay status indication. Initiate a Stop command. Both contactors de-energize for a normal machine Stop condition. Verify proper machine status indication and safety relay status indication. While the system is running, open the moveable door. Both contactors de-energize and open for a normal safe condition. Verify proper machine status indication and safety relay status indication. Repeat for all SensaGuard switches. While the system is stopped and the door opened, initiate a Start command. Both contactors remain de-energized and open for a normal safe condition. Verify proper machine status indication and safety relay status indication. Initiate a Reset command. Both contactors remain de-energized. Verify proper machine status indication and safety relay status indication. Abnormal Operation Validation - The safety relay system property responds to all foreseeable faults with corresponding diagnostics. SensaGuard Switch Input Tests Test Step Validation Pass/Fail Changes/Modifications While the system is running, remove the channel 1 wire from the safety relay. Both contactors de-energize. Verify proper machine status indication and safety relay status indication. Repeat for channel 2. While the system is running, short channel 1 of the safety relay to 24V DC. Both contactors de-energize. Verify proper machine status indication and safety relay status indication. Repeat for channel 2. While the system is running, short channel 1 of the safety relay to 0V DC. Both contactors de-energize. Verify proper machine status indication and safety relay status indication. Repeat for channel 2. While the system is running, short channels 1 and 2 of the safety relay. Both contactors de-energize. Verify proper machine status indication and safety relay status indication. GSR Logic Solver Tests Test Step Validation Pass/Fail Changes/Modifications While the system is running, remove the single wire safety connection between two adjoining safety relays in the system. All contactors de-energize. Verify proper machine status indication and safety relay status indication. Repeat for all safety connections. This test is not applicable for single relay circuits. While the system is running, turn the logic rotary switch on the safety relay. All contactors remain energized. Verify proper machine status indication and safety relay status indication. Repeat for all safety relays in the system. Safety Contactor Output Tests Test Step Validation Pass/Fail Changes/Modifications While the system is running, remove the contactor feedback from the safety relay. All contactors remain energized. Initiate a Stop command followed by a Reset command. The relay does not restart or reset. Verify proper machine status indication and safety relay status indication. NHP Safety Reference Guide > Safety Function Documents: GSR 6B-59

Additional Resources Refer to these publications for more information about related products from Rockwell Automation. Resource Guardmaster Safety Relay DI Installation Instructions, publication 10000175129 ver. 00 SensaGuard Rectangular Flat Pack Installation Instructions, publication 10000182958 ver. 00 Guardmaster Safety Relays Application and Wiring Diagrams, publication SAFETY WD001 Safety Products Catalog, publication S117 CA001A Description Provides information on installing, operating, and maintaining 440R-D22R2 safety relays. Provides information on installing, operating, and maintaining SensaGuard switches. Provides functions descriptions, guidance, and wiring for typical safety relays. Provides data and guidance concerning safety principals, standards, component data, and applications examples. You can view or download publications at http://www.rockwellautomation.com/literature. To order paper copies of technical documentation, contact your local Allen-Bradley distributor or Rockwell Automation sales representative. NHP Safety Reference Guide > Safety Function Documents: GSR 6B-60

Safety Function Document Disclaimer The information contained in this and any related publications is intended as a guide only. Every care has been taken to ensure that the information given is accurate at time of publication. Neither NHP nor any of the manufacturers portrayed in this and any related publications accept responsibility for any errors or omissions contained therein nor any misapplications resulting from such errors or omissions. Risk assessments should be conducted by authorized persons. The purchaser and installer are responsible for ensuring the safety system(s) incorporating these products complies with all current regulations and applicable standards. Products are subject to change without notice and may differ from any illustration(s) provided. All products offered for sale are subject to NHP standard Conditions of Sale, a copy of which is available on application. NHP Safety Reference Guide > Safety Function Documents: GSR 6B-61

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback