IEC 61800-5-2:2007 pdf download – Adjustable speed electrical power drive systems – Part 5-2: Safety requirements – Functional
4 Designated safety functions
4.1 General
This clause describes functions of a PDS(SR) that may be designated as safety-related by the PDS(SR) supplier. The designated safety functions in this clause are not considered to form an exhaustive list. In some cases, further safety-related systems external to the PDS(SR) (for example a mechanical brake) may be necessary to maintain the safe condition when electrical power is removed.
The technical measures required to implement these functions depend on the SIL capability and the required probability of dangerous hardware failure, as indicated in the safety requirements specification.
The technical measures are described in Clause 6. Each safety function may require safe input and/or output signalling in order to accomplish necessary communication with (or activation of) other functions, subsystems or systems (which may or may not be safety-related). The integrity of the interfaces shall be included in the determination of the SIL of the associated safety function. Some of the safety functions perform monitoring tasks only, some perform a safety relevant control or other actions. Therefore, a distinction must be made between:
− the reaction on violation of limits (only relevant for monitoring functions): the reaction function when a violation of limits is detected during the correct operation of the safety function; and
− the fault reaction function: the reaction function when diagnostics detect a fault within the safety function. Both reaction functions shall take into account the possible safe states for the application. On selecting the appropriate reaction function, it has to be considered that parts of the PDS(SR) may not be functioning. Timing requirements for the actions required following detection of a fault are specified in the safety requirements specification (see 5.4.2).
The names of the safety functions include the words “safe” or “safely” to indicate that these functions may be used in a safety-related application on the grounds of a judgement (i.e. risk analysis) of that specific application, resulting in safety-relevant functions and their integrity to be performed by the PDS(SR).
4.2 Safety functions
4.2.1 Limit values Where a safety function relies on limit value(s) for any parameter(s), the maximum tolerance(s) for the limit value(s) shall be defined. NOTE Specification of any limit value should take into account possible exceeding of the limit value in case of violation of the limit. For example, specification of the position limit value(s) in 4.2.3.8 should take into account the maximum allowable overtravel distance(s). A particular safety function may have one or more specified limit values, which can be selected during operation.
4.2.2 Stopping functions
4.2.2.1 General A variety of stopping methods is available for every type of PDS. The control requirements for initiating the stopping sequence and maintaining a hold mode upon reaching standstill are application-specific. Separate manual operations and connections to control circuits may be necessary to achieve the desired performance of the stop functions. Any particular requirements for stopping performance should be specified by the installation designer. The following examples of stop functions are often used in practice.
4.2.2.2 Safe torque off (STO) Power, that can cause rotation (or motion in the case of a linear motor), is not applied to the motor. The PDS(SR) will not provide energy to the motor which can generate torque (or force in the case of a linear motor).
NOTE 1 This safety function corresponds to an uncontrolled stop in accordance with stop category 0 of IEC 60204-1 .
NOTE 2 This safety function may be used where power removal is required to prevent an unexpected start-up.
NOTE 3 In circumstances where external influences (for example, falling of suspended loads) are present, additional measures (for example, mechanical brakes) may be necessary to prevent any hazard.
NOTE 4 Electronic means and contactors are not adequate for protection against electric shock, and additional measures fo
