General Description Of Safety Function; Integrated Safety Function; Functional Safety; Classification The Safety Requirement - BONFIGLIOLI Agile Applications Manual

5 General Description of Safety Function

5.1 Integrated Safety Function

Electronic protection systems are integrated in the drive control system and perform safety functions in
order to minimize or eliminate hazards caused by functional errors of machines.
The integrated safety functions replace time-consuming and expensive installation of external safety
components.
The safety function can be requested or triggered by an error.
In hazard areas, setup work or work for elimination or errors may be required where the safety function
is not to be activated by isolating protection devices such as mains contactors or motor contactors.
Here, the additional safety function may be used. STO can be used as an alternative to mains or motor
contactors, which can be omitted dependent on the application.
The integrated safety functions reduce the risk of personal damage in hazard areas and reduce instal-
lation requirements.

5.2 Functional Safety

The safety function of the control system must be ensured for normal, trouble-free operating sates as
well as in the case of an error. As a result of this requirement:
 The safety function must be checked in case errors are present. Possible methods include:
fault tree analysis, FMEA, etc.) u. a.

5.3 Classification the safety requirement

The integrated safety function "Safe Torque Off" of the AGL frequency inverter meets the following
requirements according to EN 61800-5-2:
 up to safety integrity level SIL 2 according to DIN EN 61508 for STO
 up to performance level d according to EN 13849-1
 of category 3 according to EN ISO 13849-1
In the case of an error, thanks to the safety function STO, the frequency inverter does not supply energy
to the motor which would cause a revolution or torque (or a movement or force in the case of a linear
motor).
Characteristic for the classification mentioned above:
 If an error occurs, the safety function is maintained.
With a suitable external safety control device the function „Safe Stopp 1 (SS1 c)" according to EN 61800-
5-2 can be realized together with the AGL.
By using appropriate safety control devices, stop category 0 and stop category 1 according to EN 60204
can be achieved in the machine. For safety control devices, please refer to chapter 10.
Stop category 0: Stop by immediate disconnection of energy supply to the machine drive elements,
i.e. uncontrolled stop.
Stop category 1: Controlled stop, where energy is still being supplied to the drive elements of the
machine to perform the stopping operation. Energy supply is stopped only after the drive has come to
a standstill.
Note that the drive may not stop immediately but coast to a standstill. If no mechanical brake is installed,
or a defective brake may involve a risk, further protective measures (in example tumbler) are to be
taken.
03/18 AGL-STOV0-01SV0-06 17