Compliance With Safety Standards - Toshiba TOSVERT VF-AS1 Instruction Manual

Compliance with safety standards

9.3
The VFAS1 inverter has the "power removal" safety function that complies with safety standards.
To ensure safety performance, however, the mechanical system with which the VFAS1 inverter is used has to
adhere to such standards as a whole. The PWR input terminal on the control terminal board has power removal
safety function. When PWR is not connected to the 24V/PLC, the motor cannot be started. And if it is opened
between the 24V/PLC and PWR during driving the motor, it coasts to a stop.
To be more specific, in order for the system to satisfy the following safety standards, it needs to be configured, as
shown on the next page, with the power removal terminal of the VFAS1 inverter so that it will coast or decelerate to
a stop in the event of a failure.
To ensure that the motor coasts or decelerates to a stop if unusual event occurs, the power removal circuit is
designed with redundancy and it has a diagnosis circuit that determines whether the unusual event is at a
permissible level or not, in addition to a hardware circuit and software that cut off the operation signal if the unusual
event is judged impermissible. This safety function is certified by the certification organization "INERIS."
● The VFAS1 inverter meets the IEC/EN61508 SIL2 requirements.
(The term "SIL" is an acronym for "Safety Integrity Level," which is a safety performance scale.)
● The VFAS1 inverter falls under Category 3 of the safety standard EN954-1 for mechanical systems.
● The VFAS1 inverter supports the two stopping methods defined in IEC/EN61800-5-2.
One is "STO," which refers to "coast and stop," and the other is "ST1," which refers to "deceleration stop."
EN61508 is an international standard that defines safety performance required for systems provided with electric
and electronic programmable devices, and SIL2 applies to systems that are configured with dangerous failure rates
of as low as 10
see the following pages.
SIL
4
3
2
1
The European standard EN954-1, a basic safety standard for mechanical system, categorizes machines by degree of anger.
Placed in Category 3 are machines that are designed with redundancy so that a single failure will not cause a degradation in
their safety performance.For the relationship between each category and the safety function, see the table below.
Categories
B Selection of components that
conform to relevant
standards.
9
1 Selection of components and
basic safety principles.
2 Selection of components and
basic safety principles.
3 Structure of the safety
circuits.
4 Structure of the safety
circuits.
The three stopping methods described on the following pages were selected in accordance with IEC60204-1.
Stopping method 1 (Stop category 0): Stops the mechanical system by cutting off the power supply immediately.
Stopping method 2 (Stop category 1): First controls the mechanical system to stop it, and then cuts off the power supply.
Stopping method 3 (Stop category 2): First cut off the power supply, and then controls the mechanical system to stop it.
Mandatory
-6 -7
to 10 , as shown in the table below. For the relationship between SIL and inverter configuration,
<<Target for EIC/EN61508 safety performance scale>>
Heavy-duty operation mode or continuous operation mode (Hourly dangerous failure rate)
<<Categories relating to safety according to EN 954-1>>
Basic safety principle
For preventive maintenance, check at least once a year whether the power removal safety
function operates normally.
-9 -8
10 ~ 10
-8 -7
10 ~ 10
-7 -6
10 ~ 10
-6 -5
10 ~ 10
Control system requirements
Control in accordance with good
engineering practice.
Use of tried and tested components
and proven safety principles.
Cyclic testing. The test intervals
must be suited to the machine and
its applications.
A single fault must not cause loss of
the safety function.
This single fault must be detected if
reasonably practicable.
A single fault must not cause loss of
the safety function.
This fault must be detected at or
before the next demand on the
safety function.
An accumulation of faults must not
cause loss of the safety function.
Caution
I-6
E6581528
Behaviour in the event of a fault
Possible loss of safety function.
Possible loss of safety function,
but with less probability of this
than with B
Fault detected at each test.
Safety function ensured, except in
the event of an accumulation of
faults.
Safety function always ensured.