Safe Stop Of Automationdrive Fc - Danfoss FC 300 Design Manual

FC 300 Design Guide

3.12 Safe Stop of AutomationDrive FC 300

The AutomationDrive FC 302, and also the AutomationDrive FC 301 in A1 enclosure, can perform the safety function
Stop Category 0
61800-5-2) or (as defined in EN 60204-1).
AutomationDrive FC 301 A1 enclosure: When Safe Stop is included in the drive, position 18 of Type Code must be either T or U. If position 18 is B or X,
Safe Stop Terminal 37 is not included!
Example:
Type Code for FC 301 A1 with Safe Stop: FC-301PK75T4Z20H4TGCXXXSXXXXA0BXCXXXXD0
It is designed and approved suitable for the requirements of :
- Safety Category 3 in EN 954-1 (and ISO EN 13849-1)
- Performance Level "d" in ISO EN 13849-1
- SIL 2 Capability in IEC 61508 and EN 61800-5-2
- SILCL 2 in EN 61062
This functionality is called Safe Stop. Prior to integration and use of Safe Stop in an installation, a thorough risk analysis on the installation must be carried
out in order to determine whether the Safe Stop functionality and safety levels are appropriate and sufficient.
After installation of Safe Stop, a commissioning test as specified in section
be performed. A passed commissioning test is mandatory for fulfilment of Safety Cat. 3 (EN 954-1) / PL "d" (ISO 13849-1)
The following values are associated to the different types of safety levels:
Performance Level "d":
- MTTFD (Mean Time To Dangerous Failure): 24816 years
- DC (Diagnstic Coverage): 99,99%
- Category 3
SIL 2 Capability, SILCL 2:
- PFH (Probability of Dangerous failure per Hour) = 7e-10FIT = 7e-19/h
- SFF (Safe Failure Fraction) > 99%
- HFT (Hardware Fault Tolerance) = 0 (1oo1D architecture)
Abbreviations related to Functional Safety
Abbreviation Reference
Cat. EN 954-1
FIT
HFT IEC 61508
MTTFd EN ISO 13849-1
PFHd IEC 61508
PL EN ISO 13849-1
SFF IEC 61508
SIL IEC 61508
STO EN 61800-5-2
Description
Safety category, levels 1-4
Failure In Time: 1E-9 hours
Hardware Fault Tolerance: HFT = n means, that n+1 faults could cause a loss of the safety function
Mean Time To dangerous Failure: (The total number of life units) / (the number of dangerous,
undetected failures), during particular measurement interval under stated conditions
Probability of Dangerous Failures per Hour. This value shall be considered if the safety device is
operated in high demand (more often than once per year) or continuous mode of operation, where
the frequency of demands for operation made on a safety-related system is greater than one per
year or greater than twice the proof-test frequency.
Performance Level: Corresponds SIL, Levels a-e
Safe Failure Fraction [%] ; Percentage part of safe failures and dangerous detected failures of a
safety function or a subsystem related to all failures.
Safety Integrity Level
Safe Torque Off
MG.33.BC.02 - VLT ® is a registered Danfoss trademark
3 Introduction to AutomationDrive FC 300
Safe Torque Off
Safe Stop Commissioning Test of the Design Guide must
(As defined by IEC
3
51