Functional safety standards EN/IEC 62061 and EN/ISO 13849-1 ensure safety via electronic solutions, unlike traditional safety systems, which used electromechanical components to achieve safety. And while functional safety applies to a machine and its control system (not to individual components), the drive lies at the heart of the safety implementation.
In fact, functional safety specifies that monitoring of the machine or process must be “continuous and integral” — meaning that the drive doesn’t have to wait for a signal from the controller in order to detect a fault or hazardous condition.
The core objectives of functional safety are to bring the machine to a safe state (typically stopped) quickly and safely, and to prevent it from unexpectedly restarting. One of the main benefits of electronically-based functional safety is that the machine remains active but is monitored, so that a complete shutdown is avoided. This means that power is not disconnected from the drive, so the machine can be restarted much more quickly after issues have been resolved. Another benefit is longer life from the drive, since disconnecting and reconnecting power imposes increased wear on internal components.
The drive-based safety functions that enable functional safety are specified in EN/IEC 61800-5-2. This standard provides a guideline for appropriate design and verification of integrated safety functions within the drive, to ensure that the required safety performance is achieved.
It breaks the safety functions into the categories, including stopping functions, braking functions, and safe motion functions.
Functions for safe stopping
Safe Torque Off — STO: The most common, and most basic, drive-based safety function. It shuts off power to the motor, but power to the drive is not interrupted. STO is used for emergency stop situations and to prevent unexpected startup.
Safe Stop 1 — SS1: Uses a controlled ramp-down (deceleration) to safely stop the motor, and then activates the STO function. SS1 allows a system with high inertia to be brought to standstill very quickly.
Safe Stop 2 — SS2: Like SS1, this function uses a controlled deceleration to safely stop the motor, but once the motor is stopped, it activates the SOS function (rather than STO).
Safe Operating Stop — SOS: Monitors the stopped position of the motor, and also monitors for deviations from a specified range. It is an alternative to STO, but unlike STO, the motor doesn’t need to completely stop exerting torque. Instead, the drive remains in position control, holds its position, and is monitored to detect zero speed.
Functions for safe braking
Safe Brake Control — SBC: Safely controls an external holding brake, and is always activated in conjunction with STO. SBC is typically used when the drive is switched off and there’s a load affecting the motor, as is often the case with vertical equipment such as cranes and elevators.
Safe Brake Test — SBT: Automatically tests the brake to ensure it provides the required braking action.
Functions for safely monitoring motion
Safely Limited Speed — SLS: Prevents the motor from exceeding one or more specified speed limits.
If the speed limit is exceeded, the motor power is shut off by STO or SS1.
Safe Speed Monitor — SSM: Outputs signals when the motor speed is below the specified speed limit or when the motor fails to reach the specified speed.
Safe Direction — SDI: Monitors adherence to the specified direction of motion and activates SS1 in case of an error.
Safely Limited Position — SLP: Monitors the absolute position of the axis and prevents it from being exceeded.
Article images credit: Pilz GmbH & Co. KG. Feature image credit: Siemens AG