User Manual - Series B Instruction Manual
Table Of Contents
- Front Cover/Table of Contents
- General Description
- What Is the DriveGuard Safe Torque Off Option?
- Certifications and Compliance
- CE Certification
- Certified Equipment
- Important Safety Considerations
- Safe State
- Safety Category 3 / PL (d) Performance Definition
- Stop Category Definitions
- Performance Level and Safety Integrity Level (SIL) CL2
- PFD and PFH Definitions
- PFD and PFH Data
- Functional Proof Tests
- Contact Information if Safety Option Failure Occurs
- Installation and Wiring
- Pre-Installation Instructions
- EMC Considerations
- DriveGuard Safe Torque Off Option Installation
- Wiring
- Verify Operation
- Description of Operation
- PowerFlex 40P Safe Torque Off Operation
- PowerFlex 70 Safe Torque Off Operation
- Connection Examples
- Back Cover
6 Rockwell Automation Publication PFLEX-UM003B-EN-P - July 2012
General Description
Safe State
The DriveGuard Safe Torque Off option is intended for use in safety-related
applications where the de-energized state is the safe state. All of the examples
in the Description of Operation section are based on achieving the
de-energization as the safe state.
Safety Category 3 / PL (d) Performance Definition
To achieve Safety Category 3 / PL (d) according to EN ISO 13849-1, the
safety-related parts have to be designed such that:
• the safety-related parts of machine control systems and/or their protective
equipment, as well as their components, shall be designed, constructed,
selected, assembled, and combined in accordance with relevant standards
so that they can withstand expected conditions.
• well tried safety principles shall be applied.
• a single fault in any of its parts does not lead to a loss of safety function.
• some but not all faults will be detected.
• the accumulation of undetected faults can lead to loss of safety function.
• short circuits in the external wiring of the safety inputs is not one of the
faults that can be detected by the system, therefore, according to EN ISO
13849-2, these cables must be installed so as to be protected against
external damage by cable ducting or armor.
• whenever reasonably practical a single fault shall be detected at or before
the next demand of the safety function.
• the average diagnostic coverage of the safety-related parts of the control
system shall be low.
• the mean time to dangerous failure of each of the redundant channels
shall be low to high.
PFLEX-UM003.fm Page 6 Wednesday, July 18, 2012 8:26 AM