Forced Checking Procedure - Siemens SINUMERIK 840D sl Function Manual

Basics on the Safety Functions Integrated in the System/Drive

5.3 Forced checking procedure

5.3 Forced checking procedure
Forced checking procedure, general (extract from /6/)
"...A forced checking procedure must be carried out for all static (steady–stage)
signals and data. Within the required time (8 h), the state must change from a log-
ical 1 to a logical 0 – or vice versa. If the state remains static in a fault situation,
then this is detected at the latest as a result of this forced checking procedure and
the subsequent comparison.
A forced checking procedure must be used, e.g. for components that are required
to stop a process (e.g. contactors and power semiconductors) – the so–called
shutdown path and for the shutdown condition. Generally, it is not possible to test a
shutdown condition, e.g. violation of a limit value criterion, using other methods
such as e.g. crosswise data comparison, when the machine is in an acceptable
(good) condition. This also applies to errors along the entire shutdown path includ-
ing associated hardware and software and circuit–breakers.
By integrating a test stop every eight hours with a comparison and expected sta-
tus, faults can also be detected when the machine is in an acceptable (good) con-
dition...."
(Comment: Acceptable (good) condition means that there are no machine faults
that are apparent to the operator).
(Comment: For Safety Integrated, a forced checking procedure interval of one year
is permissible)
Forced checking procedure with Safety Integrated
The forced checking procedure is used to detect faults/errors in the software and
hardware of the two monitoring channels. In order to do this, the safety–related
parts in both channels must be processed at least once during a defined period in
all safety–related branches. Any faults/errors in the monitoring channel would
cause deviations and will be detected by the cross–wise data comparison.
For Safety Integrated, the forced checking procedure interval is max. 1 year. This
involves components from the SINUMERIK 840D sl/SINAMICS S120 system. Pos-
sible requirements relating to shorter forced checking procedure intervals of safe-
ty–related components (e.g. PROFIsafe I/O modules, sensors such as e.g. emer-
gency stop buttons, actuators such as e.g. brakes, etc.) are not influenced.
The forced checking procedure must be initiated by the user or integrated in the
process as an automatic procedure, e.g.:
S When the axes are stationary after the system has been powered–up
S When the protective door is opened
S In defined cycles (e.g. every 8 hours – a maximum of once every year is per-
missible).
S In the automatic mode, dependent on the time and event.
5-94
SINUMERIK 840D sl/SINAMICS S120 SINUMERIK Safety Integrated (FBSI sl) – 05.2008 Edition
© Siemens AG 2008 All Rights Reserved
05.08