Festo CAMC-G-S3 Manual page 131

2 Product description of safety module CAMC-G-S3
Description of the statuses of the "complete system"
– In the Initialisation 1 phase, basic system tests of the hardware and firmware are performed.
– Then, the parameter set is loaded from the flash memory of the module and is checked:
– The safety module checks whether there is a valid safe parameter set in the safety module. A
valid safe parameter set exists when all the individual parameters have been validated and the
whole parameter set has the identification "validated".
– It checks whether the safety module is in the delivery status. In the delivery status, all the indi­
vidual parameters are validated but the whole parameter set has the identification "not valid­
ated". In addition, the identifier "Delivery status" is set in the parameter set.
The basic unit can be commissioned and the motor run in the delivery status. The safety
module is pre-configured with the safety functions STO and SBC, which can be requested
via DIN40, thus offering minimum protection è Section 4.4.2 and 4.4.1.
– If not all the individual parameters have been validated or the whole parameter set has the identifi­
er "not validated", then the safety module switches to the "Service" status and waits for external
parameterisation.
The motor and the basic unit cannot be commissioned in the "Service" status. The safety
module has switched off all the safe outputs and also the internal control signals to en­
able the output stage and the holding brake.
– When parameterisation is ended, a second initialisation takes place.
– After this, communication is set up with the basic unit.
– If no errors have been found up to that point and the safety module has a valid, safe and fully-valid­
ated parameter set, then it switches to the "Operation" status, in which safety functions can be
requested and executed. In the "Operation" status, all the modules work according to their spe­
cified functionality.
– If system errors are detected, e.g. a defective position encoder, then the safety module switches to
the "System error" status, which can only be exited after elimination of the error and subsequent
error acknowledgement or a restart of the system.
Fig. 2.37 shows the status transitions of the safety module during "Operation".
– As long as no safety function has been requested, the "Ready for operation" status exists.
– If at least one safety function is requested, the safety module switches to the status "Safety func­
tion requested". Monitoring is already active but the safe status has not yet been reached, e.g.
because a speed ramp is being travelled.
– The status "Safe state reached" follows, monitoring is active and the drive is in the safe status.
– The status "Safety condition violated" is assumed if there is an error. It can only be exited via error
acknowledgment.
Festo – GDCP-CAMC-G-S3-EN – 1406NH – English 131