Application Technique
Safety Function: Safety Mat Stop
Products: Guardmaster Dual-input Safety Relay, 440F Safety Mats with E-stop Safety Rating: CAT. 3, PLd to EN ISO 13849-1: 2008
2
Safety Function: Safety Mat Stop
Important User Information Read this document and the documents listed in the additional resources section about installation, configuration, and operation of this equipment before you install, configure, operate, or maintain this product. Users are required to familiarize themselves with installation and wiring instructions in addition to requirements of all applicable codes, laws, and standards. Activities including installation, adjustments, putting into service, use, assembly, disassembly, and maintenance are required to be carried out by suitably trained personnel in accordance with applicable code of practice. If this equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be impaired. In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the use or application of this equipment. The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and requirements associated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or liability for actual use based on the examples and diagrams. No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or software described in this manual. Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation, Inc., is prohibited. Throughout this manual, when necessary, we use notes to make you aware of safety considerations. WARNING: Identifies information about practices or circumstances that can cause an explosion in a hazardous environment, which may lead to personal injury or death, property damage, or economic loss. ATTENTION: Identifies information about practices or circumstances that can lead to personal injury or death, property damage, or economic loss. Attentions help you identify a hazard, avoid a hazard, and recognize the consequence.
IMPORTANT
Identifies information that is critical for successful application and understanding of the product.
Labels may also be on or inside the equipment to provide specific precautions. SHOCK HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that dangerous voltage may be present. BURN HAZARD: Labels may be on or inside the equipment, for example, a drive or motor, to alert people that surfaces may reach dangerous temperatures.
ARC FLASH HAZARD: Labels may be on or inside the equipment, for example, a motor control center, to alert people to potential Arc Flash. Arc Flash will cause severe injury or death. Wear proper Personal Protective Equipment (PPE). Follow ALL Regulatory requirements for safe work practices and for Personal Protective Equipment (PPE). Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
Safety Function: Safety Mat Stop
3
General Safety Information Contact Rockwell Automation to find out more about our safety risk assessment services.
IMPORTANT
This application example is for advanced users and assumes that you are trained and experienced in safety system requirements. ATTENTION: Perform a risk assessment to make sure all task and hazard combinations have been identified and addressed. The risk assessment can require additional circuitry to reduce the risk to a tolerable level. Safety circuits must take into consideration safety distance calculations, which are not part of the scope of this document.
Table of Contents Important User Information ....................................................................................... 2 General Safety Information ....................................................................................... 3 Introduction ............................................................................................................... 3 Safety Function Realization: Risk Assessment ......................................................... 4 Safety Mat Safety Function ....................................................................................... 4 Safety Function Requirements .................................................................................. 4 Functional Safety Description ................................................................................... 5 Bill of Material ........................................................................................................... 6 Setup and Wiring ...................................................................................................... 6 Installation................................................................................................................. 7 Safety Distance Calculation ...................................................................................... 8 Configuration ............................................................................................................ 9 Calculation of the Performance Level...................................................................... 10 Verification and Validation Plan............................................................................... 16 Additional Resources .............................................................................................. 22
Introduction This safety function application technique explains how to wire and configure a Guardmaster® dual-input safety relay (GSR DI) to monitor a pair of 440F safety mats and an E-stop. When someone steps on the safety mat, presses the E-stop, or a fault is detected in the monitoring circuit, the GSR DI de-energizes the final control devices, in this case, a pair of 100S safety contactors. E-stops are required in most applications. Safety systems requiring both a sensing device, like a safety mat, and E-stop combination are common. The dual-input relay makes this easy to implement in a single safety-relay.
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
4
Safety Function: Safety Mat Stop
Safety Function Realization: Risk Assessment The required Performance Level (PLr) is the result of a risk assessment and refers to the amount of the risk reduction to be carried out by the safety-related parts of the control system. Part of the risk reduction process is to determine the safety functions of the machine. In this application, the PLr by the risk assessment is Category 3, Performance Level d (CAT. 3, PLd), for each safety function. A safety system that achieves CAT. 3, PLd, or higher, can be considered control reliable. Each safety product has its own rating and can be combined to create a safety function that meets or exceeds the PLr.
From: Risk Assessment (ISO 12100)
1. Identification of safety functions
2. Specification of characteristics of each function
3. Determination of required PL (PLr) for each safety function
To: Realization and PL Evaluation
Safety Mat Safety Function In this safety project, we use two safety mats and one E-stop. The safety project described in this application has three safety functions: •
Safety-related stop initiation by stepping on a safety mat
•
An emergency stop initiated by actuation of an E-stop button
This system executes a Stop Category 0 stop. Power is removed and hazardous motion coasts to a stop.
Safety Function Requirements A safety mat provides no physical barrier between personnel and hazardous motion. Safety mats must extend a sufficient distance away from the hazardous motion such that a person cannot reach the hazard before hazardous motion has stopped. In this application, two 1000 mm x 1800 mm (39.4 in. x 70.9 in.) safety mats are placed side-by-side, creating a single 2000 mm x 1800 mm (78.8 in. x 70.9 in.) monitored area to be sure of an adequate distance. The distance is called the safety distance and is addressed later in this application technique.
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
Safety Function: Safety Mat Stop
5
A person stepping on a safety mat causes the Guardmaster dual-input safety relay (GSR DI) to stop hazardous motion by removing power to the motor. The first safety mat is installed farthest from the hazardous motion and is stepped on more often than the second safety mat, which is closest to the hazardous motion. The system cannot be reset while a person is on the safety mat. Once the person has moved off the safety mats, pressing and releasing the Reset button resets the GSR DI, closing its safety contacts. Pressing the Start button provides power to the motor and hazardous motion begins. Pressing the E-stop button stops hazardous motion by removing power to the motor. Releasing the E-stop button does not restart hazardous motion. Once the E-stop is released, and any other faults are cleared, pressing and releasing the Reset button resets the GSR DI. Pressing the Start button provides power to the motor and hazardous motion continues. Faults at the safety mat, the E-stop, wiring, or the GSR DI are detected before the next safety demand. The Start/Stop button allows an operator to start and stop the motor for normal, production purposes without involving any action by the safety system. A safety mat or E-stop demand always stops hazardous motion and interrupts the start/stop function. The safety system described in this application technique is capable of connecting and interrupting power to motors rated up to 9 A, 600V AC. When the safety system is reset, the hazardous motion does not resume until a secondary action occurs—the Start/Stop button in the circuit is pressed.
IMPORTANT
The safety contactors are switched each time the Start/Stop button is pressed, whether to restart after a safety demand or for standard production purposes.
For purposes of this application technique, the safety functions stop the system once an hour, 24 hours a day, 365 days a year, for a total of 8760 times a year, per safety function. The safety functions in this application technique each meet or exceed the requirements for Category 3, Performance Level d (CAT. 3, PLd), per EN ISO 13849-1 and control reliable operation per ANSI B11.19.
Functional Safety Description Stepping on the safety mat stops and prevents the hazardous motion from restarting until the person moves off the safety mat, the Guardmaster dual-input safety relay (GSR DI) is reset, and the Start button is pressed. Similarly, pressing the E-stop button stops and prevents hazardous motion from restarting until the E-stop is released, the GSR DI is reset, and the Start button is pressed.
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
6
Safety Function: Safety Mat Stop
Bill of Material This application uses these products. Cat. No.
Description
Quantity
440F-M2036BYNN
Safety mat – yellow 1000 mm x 1800 mm (39.4 in. x 70.9 in.), 2-4.5 m (15 ft) 2-wire cables, exit out B corners, no trim, no controller
2
440F-T3210
Standard, aluminum perimeter trim, 2 m (6.6 ft), square end
4
440F-T3012
External corner perimeter trim
4
440F-T3220
Active uniting trim – 2 m (6.6 ft) length
1
800F-1YP8
800F 1-hole enclosure E-stop station, plastic, PG, twist-to-release 60 mm (2.4 in.), non-illuminated, 1 N.O. contact, 2 N.C. contacts
1
400R-D22R2
Guardmaster dual-input safety relay, 2-dual channel universal inputs, 1 N.C. contact, solid-state auxiliary outputs
1
800FP-R611PX10
800F reset, round plastic, type 4/4 x /13, IP66, blue, R, plastic latch mount, 1 N.O. contact, 0 N.C. contacts, standard, standard pack (quantity 1)
1
800FP-U2E4F3PX11
800F 2-position momentary multi-function – red plastic, type 4/4 x /13, IP65, position A – red exterior push button, position C – green flush push button, plastic latch mount, 1 N.O. contact, 1 N.C. contact, standard, standard pack (quantity 1)
1
100S-C23EJ14BC
MCS 100S-C safety contractor, 23 A, 24V DC with electrical coil, bifurcated contact
2
Setup and Wiring The safety mats have two separated, internal conductive plates, with each plate representing a separate channel. S11 and S21 are run through a separate plate to S42 and S32, respectively. When someone steps on a safety mat, the two internal conductive plates are pressed together, creating a cross-fault between the two channels. The Guardmaster dual-input safety relay (GSR DI) responds by opening its two safety outputs. This removes 24V DC from the coils of the two safety contactors whose contacts open, removing power to the motor. The motor coasts to a stop (Stop Category 0). The safety mat rebounds when the person steps off the safety mat, separating the two internal conductive plates. Safety mats are electro-mechanical devices and, as such, have no diagnostic capabilities of their own. All diagnostics are provided by the GSR DI. A remote possibility exists that the two plates do not make proper contact when the safety mat is stepped on. To address this possibility, fault exclusion (FE) is included in the following performance level calculations. Most electro-mechanical devices have a possibility of a mechanical failure and require the inclusion of this FE in their performance level calculations.
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
Safety Function: Safety Mat Stop
7
The E-stop is also an electro-mechanical device. Each N.C. contact represents a separate channel. S11 and S21 are run through the two N.C. contacts of the E-stop to inputs S12 and S22, respectively. When the E-stop is pressed and released, these channels are interrupted. The GSR DI reacts by turning off its safety contacts, removing power from the 100S contactor coils, removing 24V DC from the coils of the two 100S contactors whose contacts open, removing power to the motor. The motor coasts to a stop (Stop Category 0). A possibility exists that the single E-stop actuator fails to open the E-stop’s N.C. contacts; therefore, an FE is included in the E-stop performance level calculations although it is implemented differently than that for the safety mats. The GSR DI monitors the safety mat and the E-stop circuit for faults. Open circuit faults, shorts to 24V DC, shorts to GND, contact-weld fault, and channel-cross faults are detected. When a fault is detected, the relay responds by opening its mechanically-linked safety contacts, removing 24V DC power from the 100S contactor coils and thereby removing power to the motor. The motor coasts to a stop (Stop Category 0). Two N.C. contacts, one from each of the safety contactors, are connected in series, as part of the reset circuit. The GSR DI can be reset only if both safety contactors are in a properly de-energized state. If a safety contact weld closes, its mechanically-linked N.C. contacts remain open and the GSR DI cannot be reset. The GSR DI cannot be reset while the E-stop remains actuated or while a person remains on a safety mat. Once the E-stop has been released and/or the person moves off the safety mats, pressing and releasing the Reset button, a separate, deliberate action, closes the GSR DI safety contacts. The Reset button must be pressed for more than a quarter of a second and less than three seconds. Either a shorter press or a longer press is ignored. The Start button can then be pressed to continue hazardous motion. The GSR DI checks itself for internal faults, faults on its inputs and wiring, and monitors the safety contactors, via the contactors N.C. contacts, in the reset circuit. No single fault results in the safety system failing to perform its safety function. A single fault is detected before the next demand on the safety system. The system cannot be reset until the fault is corrected.
Installation For detailed information on installing and wiring, refer to the product manuals listed in the Additional Resources. A safety mat provides no physical barrier between personnel and hazardous motion. The safety mat must be installed at a sufficient distance from the hazardous motion to be sure that a person walking toward the hazardous motion cannot reach the dangerous motion before it has stopped. This distance is referred to as the safety distance.
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
8
Safety Function: Safety Mat Stop
Safety Distance Calculation
IMPORTANT
The safety distance calculations in the application technique are only for illustration purposes. Actual stopping time vary according to the specifics of any actual application.
The safety distance (S) required varies from installation to installation and, therefore, must be calculated for each specific application. This application technique uses the formula taken from EN ISO 13856-1. S = (K * T) + C Symbol Value K
The standard approach speed of 1600 mm/s (63 in./s).
T
Stopping time In this case, the stopping time is the summation of the following:
C
•
Stopping time of the hazardous motion (Ts)
•
Response time of the safety relay
•
Response time of the safety contactors (Tc)
Distance a standard hand could possibly move toward the hazard before the safety mat is stepped on. 1200 mm (47.25 in.)
In this application technique example, these are the values: K
1600 mm/s (63 in./s) (taken from EN ISO 13856-1)
Ts
250 ms (measured by the user or from the machine maker documents in any actual application)
Tc
55 ms (40 ms [DI] + 15 ms [K1/K2]) taken from the product documentation)
C
1200 mm (47.25 in.) (taken from the product documentation)
S = (1600 * 0.305) + 1200 mm (47.25 in.) = 1688 mm (66.5 in.) The edge of the safety mat farthest from the hazardous motion must be mounted no closer than 1688 mm (66.5 in.) from the hazardous motion. In this application, two 1000 mm x 1800 mm (39.4 in. x 70.9 in.) safety mats are placed side-by-side, creating a single 2000 mm x 1800 mm (78.8 in. x 70.9 in.) monitored area to be sure of an adequate distance.
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
Safety Function: Safety Mat Stop Electrical Schematic
24V DC SUPPLY
24V DC COM
Status to PLC
E-stop
LOGIC
Status to PLC
White
White
White
Black
Black
Black
Reset Status to PLC
Start
Stop
Status to PLC Status to PLC
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
9
10
Safety Function: Safety Mat Stop
Configuration Follow these steps to sets the function of the device. 1. To start configuration/overwrite, with the power off, turn the rotary switch to position 0. The unit powers up. After the power-up test, the PWD status indicator flashes red.
2. To set the configuration, turn the rotary switch to position 2. LOGIC 2 = L12 or (IN1 and IN2)
LOGIC
LOGIC
The IN 1 LED status indicator blinks for the new setting. Position is set when the PWR status indicator is solid green. 3. Lock-in the configuration by cycling unit power. 4. Confirm the configuration before operation. 5. Record the unit setting in the white space on the face of the device.
Calculation of the Performance Level The required Performance Level (PLr) from the risk assessment for each safety function of this project is Performance Level d (PLd). When properly implemented, each safety mat safety function described here can achieve Category 3 (CAT. 3, PLd), according to EN ISO 13849-1: 2008, as calculated by using the SISTEMA software PL calculation tool. When properly configured, the E-stop safety function described here can achieve CAT. 3, PLe, according to EN ISO 13849-1: 2008, as calculated by using the SISTEMA software. Calculations are based on each safety function being operated once an hour, 24 hours a day, 365 days a year for a total of 8760 safety operations a year, per safety function. The SISTEMA project for this application example verifies that all three safety functions can achieve the required PLr or better.
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
Safety Function: Safety Mat Stop
11
The safety mat #1 safety function is represented below. INPUT
FAULT EXCLUSION (FE)
LOGIC
OUTPUT
100S K1 Safety Mat #1
Safety Mat #1 (FE)
GSR DI 100S K2
Safety Mat #1 Safety Function Input Subsystem
Safety Mat #1 Safety Function Fault Exclusion Subsystem
This addresses the remote possibility that the two plates do not make proper contact when a person steps on the safety mat.
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
12
Safety Function: Safety Mat Stop Safety Mat #1 Safety Function Logic Subsystem
Safety Mat #1 Safety Function Output Subsystem
Safety Mat #1 Safety Function Overall
The safety mat #2 safety function is represented below. INPUT
FAULT EXCLUSION (FE)
LOGIC
OUTPUT
100S K1 Safety Mat #2
Safety Mat #2 (FE)
GSR DI 100S K2
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
Safety Function: Safety Mat Stop
13
Safety Mat #2 Safety Function Input Subsystem
Safety Mat #2 Safety Function Fault Exclusion Subsystem
This addresses the remote possibility that the two plates do not make proper contact when a person steps on the safety mat.
Safety Mat #2 Safety Function Logic Subsystem
Safety Mat #2 Safety Function Output Subsystem
Safety Mat #2 Safety Function Overall
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
14
Safety Function: Safety Mat Stop The E-stop safety function is represented below. INPUT
LOGIC
OUTPUT
100S K1 E-stop FE Included
GSR DI 100S K2
E-stop Safety Function Input Subsystem
In this case, the fault exclusion (FE) is selected in the Mean Time to Failure, dangerous (MTTFd) section. E-stops are the most common safety input device. The typical, almost universal, possibility of mechanical failure is recognized and widely accepted. In this case, the FE is addressed in this manner; however, it could also have been entered as a separate subsystem as was performed for the safety mats. E-stop Safety Function Logic Subsystem
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
Safety Function: Safety Mat Stop
15
E-stop Safety Function Output Subsystem
E-stop Safety Function Overall
Because these are electro-mechanical devices, the safety mats and the safety contactors data includes the following: •
MTTFd
•
Diagnostic Coverage (DCavg)
•
CCF
Electro-mechanical devices’ functional safety evaluations include the following: •
How frequently they are operated
•
Whether they are effectively monitored for faults
•
Whether they are properly specified and installed
SISTEMA software calculates the MTTFd by using B10d data provided for the contactors along with the estimated frequency of use, entered during the creation of the SISTEMA project. The DCavg (90%) for the safety mats was based on the Guardmaster dual-input safety relay being configured to interpret a cross-channel wiring/shorting fault as a normal step on a safety mat, not as a fault and a no-channel welded-closed fault. An actual cross-channel wiring and/or short fault trips the relay, sending the system to a safe de-energized state. That system does not reset until the cross-channel fault is corrected. The DCavg (99%) for the E-stop was selected from the Input Device table of EN ISO 13849-1 Annex E, Cross Monitoring.
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
16
Safety Function: Safety Mat Stop
Verification and Validation Plan Verification and validation play important roles in the avoidance of faults throughout the safety system design and development process. EN ISO 13849-2 sets the requirements for verification and validation. The standard calls for a documented plan to confirm all of the safety functional requirements have been met. Verification is an analysis of the resulting safety control system. The Performance Level (PL) of the safety control system is calculated to confirm that the system meets the required Performance Level (PLr) specified. The SISTEMA software is typically used to perform the calculations and assist with satisfying the requirements of EN ISO 13849-1. Validation is a functional test of the safety control system to demonstrate that the system meets the specified requirements of the safety function. The safety control system is tested to confirm that all of the safety-related outputs respond appropriately to their corresponding safety-related inputs. The functional test includes normal operating conditions in addition to potential fault injection of failure modes. A checklist is typically used to document the validation of the safety control system. Prior to validating the Guardmaster Safety Relay (GSR) system, confirm that the Guardmaster safety relay has been wired and configured in accordance with the installation instructions.
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
Safety Function: Safety Mat Stop
17
Safety Mat and E-stop Safety Function Verification and Validation Checklist General Machinery Information General Machinery Information Machine Name/Model Number Machine Serial Number Customer Name Test Date Tester Name(s) Schematic Drawing Number Guardmaster Safety Relay Model Safety Wiring and Relay Configuration Verification Test Step
Verification
1
Visually inspect the safety relay circuit to verify that it is wired as documented in the schematics.
2
Visually inspect the safety relay’s configuration switch to verify that the settings are correct as documented.
Pass/Fail
Changes/Modifications
Normal Operation Verification - The safety system properly responds to all normal Start, Stop, Reset, Safety Mat, and E-stop inputs. Test Step
Verification
1
Confirm that there is nothing on a safety mat.
2
Confirm the E-Stops are released.
3
Confirm the motor is stopped.
4
Apply power to the safety system.
5
Confirm that the motor does not start on power up. Confirm that the PWR/Fault, IN1, and IN2 status indicators of the safety relay are green. Confirm that the OUT status indicator of the safety relay blinks green. Press and release the Reset button. The OUT status indicator of the safety relay turns steady green. The motor does not start. Press the drive Start button to start the motor. The safety contactors energize, the motor starts. Press the drive Stop button to stop the motor. The safety contactors de-energize. The motor coasts to a stop. The safety relay does not trip. Press the Start button to start the motor. While watching the hazardous motion, step on safety mat #1. The safety system trips. The IN1, IN2, and OUT status indicators turn off. The motor coasts to a stop.
6 7 8 9 10 11 12
Pass/Fail
Changes/Modifications
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
18
Safety Function: Safety Mat Stop Safety Mat and E-stop Safety Function Verification and Validation Checklist (continued)
Normal Operation Verification - The safety system properly responds to all normal Start, Stop, Reset, Safety Mat, and E-stop inputs. (continued) Test Step
Verification
Pass/Fail
Changes/Modifications
While you remain on the safety mat #1, the IN1, IN2, and OUT status indicators remain off. Press and release the Reset button. The OUT status indicator of the safety relay remains off. The motor does not start. Step off of the safety mat #1. The IN1 and IN2 status indicators turn on and remain on. The OUT status indicator blinks green. Press and release the Reset button. The OUT status indicator of the safety relay turns steady green. The motor does not start. Press the Start button to start the motor.
13
14 15 16
Repeat steps 1…16 for safety mat #2. Press the E-stop. The safety system trips. The IN1 and OUT status indicators turn off. The motor coasts to a stop. Leave the E-stop pressed. The IN1 status indicator remains off. Press and release the Reset button. The OUT status indicator of the safety relay remains off. The motor does not start. Release the E-stop. The IN1 status indicator turns on and remains on. The OUT status indicator blinks green. Press and release the Reset button. The OUT status indicator of the safety relay turns steady green. The motor does not start. Press the Start button to start the motor.
17 18 19
20 21 22
Abnormal Operation Validation - The safety relay system properly responds to all foreseeable faults with corresponding diagnostics. E-stop Input Tests – Guardmaster Dual-input Safety Relay Test Step 1
2 3 4 5 6
Verification and Validation
Pass/Fail
Changes/Modifications
While the motor is running, remove the E-stop input wire at terminal S12 of the safety relay. The safety relay immediately trips, de-energizing the safety contactors and the motor coasts to a stop. The IN1 and OUT status indicators turn off. Reconnect the wire to S12. The safety relay does not respond. Press and release the Reset button. The safety relay does not respond. Cycle the E-stop button. The IN1 status indicator is on and the OUT status indicator blinks. Press and release the Reset button. The OUT status indicator is steady on. Press the Start button. The safety contactors energize and the motor starts to run. While the motor is running, jump the E-stop input wire at terminal S11 to terminal S12 of the safety relay. The safety relay does not trip. Press the E-stop. The safety relay immediately trips. The IN1 and OUT status indicators turn off.
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
Safety Function: Safety Mat Stop
19
Safety Mat and E-stop Safety Function Verification and Validation Checklist (continued) Abnormal Operation Validation - The safety relay system properly responds to all foreseeable faults with corresponding diagnostics. (continued) E-stop Input Tests – Guardmaster Dual-input Safety Relay (continued) Test Step 7 8
9 10 11
12 13
14
15 16
17
18 19
Verification and Validation
Pass/Fail
Changes/Modifications
Release the E-stop. Press and release the Reset button. The safety relay does not respond. Remove the jumper from S11 to S12. Press and release the E-stop. The IN1 status indicator is on and the OUT status indicator blinks. Press and release the Reset button. The OUT status indicator is steady. Press the Start button. The safety contactors energize and the motor starts to run. Repeat steps 1…8 to test E-Stop channel 2. Use S21 in place of S11 and S22 in place of S12. Briefly short the E-stop input wire at terminal S12 of the safety relay to 24V DC. The safety relay immediately trips. The PWR/Fault status indicator is steady red. All other status indicators are off. Press and release the Reset button. The safety relay does not respond. Cycle power to the safety relay. Confirm that the PWR/Fault, IN1, and IN2 status indicators of the safety relay are green. Confirm that the OUT status indicator blinks green. Press and release the Reset button. The OUT status indicator turns steady green. Briefly short the E-stop input wire at terminal S12 of the safety relay to 0V DC. The safety relay immediately trips. The PWR/Fault status indicator is steady red. All other status indicators are off. Press and release the Reset button. The safety relay does not respond. Cycle power to the safety relay. Confirm that the PWR/Fault, IN1, and IN2 status indicators of the safety relay are green. Confirm that the OUT status indicator blinks green. Press and release the Reset button. The OUT status indicator turns steady green. Briefly short the E-stop terminal S12 to terminal S22 of the safety relay. The safety relay immediately trips. The PWR/Fault status indicator is steady red. All other status indicators are off. Press and release the Reset button. The safety relay does not respond. Cycle power to the safety relay. Confirm that the PWR/Fault, IN1, and IN2 status indicators of the safety relay are green. Confirm that the OUT status indicator blinks green. Press and release the Reset button. The OUT status indicator turns steady green.
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
20
Safety Function: Safety Mat Stop Safety Mat and E-stop Safety Function Verification and Validation Checklist (continued) Abnormal Operation Validation - The safety relay system properly responds to all foreseeable faults with corresponding diagnostics. Safety Mat Input Tests - Guardmaster Dual-input Safety Relay
Test Step 1
2
3 4
5 6
7
8 9
10
Verification and Validation
Pass/Fail
Changes/Modifications
While the motor is running, remove the safety mat input wire at terminal S42 of the safety relay. The safety relay immediately trips, de-energizing the safety contactors and the motor coasts to a stop. The IN1, IN2, and OUT status indicators turn off. Reconnect the wire to S42. The safety relay does not respond. Cycle power to the safety relay. The PWR/Fault, IN1, and IN2 status indicators are on. The OUT status indicator blinks green. Press and release the Reset button. The OUT status indicator turns steady green. Press the Start button. The safety contactors energize and the motor starts to run. While the motor is running, briefly short the E-stop input wire at terminal S42 of the safety relay to 24V DC. The safety relay immediately trips, de-energizing the safety contactors and the motor coasts to a stop. The PWR/Fault status indicator turns steady red. The OUT status indicator is off. The IN1 and IN2 status indicators are on. Press and release the Reset button. The safety system does not respond. Cycle power to the safety relay. Confirm that the PWR/Fault, IN1, and IN2 status indicators of the safety relay are green. Confirm that the OUT status indicator blinks green. Press and release the Reset button. The OUT status indicator turns steady green. Briefly short the E-stop input wire at terminal S42 of the safety relay to 0V DC. The safety relay immediately trips, de-energizing the safety contactors. The motor coasts to a stop. The PWR/Fault status indicator is steady red. All other status indicators are off. Press and release the Reset button. The safety relay does not respond. Cycle power to the safety relay. Confirm that the PWR/Fault, IN1, and IN2 status indicators of the safety relay are green. Confirm that the OUT status indicator blinks green. Press and release the Reset button. The OUT status indicator turns steady green. Repeat steps 1…9 to test the safety mat #1 of channel 2. Use S32 in place of S42
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
Safety Function: Safety Mat Stop Safety Mat and E-stop Safety Function Verification and Validation Checklist (continued) Safety Logic - Guardmaster Dual-input Safety Relay Tests Test Step 1
2
3
4 5
Test Step 1
2 3 4 5 6 7 8 9 10
11
Validation Pass/Fail While the system is running, turn the logic rotary switch on the safety relay from the proper 2 to 4. The motor keeps running. The PWR/Fault status indicator blinks red/green twice, then goes steady green for a moment and then repeats the cycle. Step on and off a safety mat. The system trips and the motor comes to a stop. The PWR/Fault status indicator blinks red/green twice, then goes steady green for a moment and then repeats the cycle. The OUT status indicator blinks, requesting a reset. Press and release the Reset button. The OUT status indicator turns steady green indicating that the safety relay has reset. The PWR/Fault status indicator blinks red/green twice, then goes steady green for a moment and then repeats the cycle. Press the Start button. The motor starts. The PWR/Fault status indicator blinks red/green twice, then goes steady green for a moment and then repeats the cycle. Set the rotary switch back to 2. After a moment, the PWR/Fault status indicator turns steady green. Safety Output - Contactor Tests
Changes/Modifications
Verification and Validation Power up the safety system. Confirm that there is nothing on the safety mats and that the E-stops are released. Press and release the Reset button to start/reset the safety relay. Press the Start button. The motor starts. While the motor is running, remove the wire from terminal S34 of the safety relay. The motor keeps running. Step on and off a safety mat. The system trips, stopping the motor. Press and release the Reset button. The safety relay does not reset. The OUT status indicator keep blinking green. Restore the connection to terminal S34. Press and release the Reset button. The safety relay resets and the OUT status indicator is steady green.
Changes/Modifications
Pass/Fail
Press the Start button. The motor starts. While the motor is running, remove the wire from terminal S34 of the safety relay. Connect S34 to the 24V DC COM. The motor keeps running. Step on and off a safety mat. The system trips, stopping the motor. Press and release the Reset button. The safety relay does not reset and the OUT status indicator keeps blinking green. Remove the connection to 24V DC COM. Restore the original connection to terminal S34. Press and release the Reset button. The safety relay resets and the OUT status indicator is steady green. Press the Start button. The motor starts.
Rockwell Automation Publication SAFETY-AT122A-EN-P – December 2013
21
22
Safety Function: Safety Mat Stop
Additional Resources These publications contain additional information concerning related products from Rockwell Automation. Resource
Description
Guardmaster Safety Relays Safety Applications and Wiring Diagrams, publication SAFETY-WD001
Provides information on the safety applications and wiring guides for the Guardmaster Safety Relays.
Next Generation Guardmaster Safety Relays, publication EUSAFE-BR009
Provides information on the functionality of the Guardmaster safety relays.
Guardmaster Safety Relay SI Installation Instructions, publication 440R-IN042
Provides guidance on installing and operation Guardmaster safety relays.
See the Knowledgebase Answer ID 548370 at http://rockwellautomation.custhelp.com
Provides guidance on troubleshooting a 440F safety mat.
Safety Products Catalog, publication S117-CA001
Provides an overview of products, product specifications, and application examples.
You can view or download publications at http://www.rockwellautomation.com/literature. To order paper copies of technical documentation, contact your local Allen-Bradley distributor or Rockwell Automation sales representative.
For more information on Safety Function Capabilities, visit: discover.rockwellautomation.com/safety Rockwell Automation, Allen-Bradley, Rockwell Software, Guardmaster, and LISTEN.THINK.SOLVE. are trademarks of Rockwell Automation, Inc. Trademarks not belonging to Rockwell Automation are property of their respective companies.
Publication SAFETY-AT122A-EN-P – December 2013
Copyright © 2013 Rockwell Automation, Inc. All rights reserved. Printed in U.S.A.
